Goodwill not enough, Brandis to force ISPs
Attorney-General George Brandis is seeking tough new requirements for Australian telcos.
The Federal Government is planning to introduce new laws to force telcos and ISPs to hand over details of network changes and procurement plans, or risk civil penalties.
The Attorney-General's department has released details of its new regulations, which Senator Brandis claims are in the name of national security.
He says there are great risks associated with unauthorised access and interference with Australia's telecommunications networks, and his department wants to help prevent them.
In particular, the Government seems concerned about threats posed by suppliers of equipment and services located in foreign countries.
At the moment, government security agencies rely on telcos and ISPs to help them address potential security threats.
The departments now want the power of goodwill to be turned into the threat of penalty.
“The absence of clear obligations results in ad hoc, reactive and delayed approaches to address any potential concerns,” a statement from the Attorney-General’s Department (AGD) said.
“Rapid changes in market dynamics and technologies increases opacity – carrier/carriage service providers initially considered to present a low risk can suddenly present a high risk due to factors such as rapid expansion in market share or expansion of services.”
The Attorney-General says the telcos and ISPs tend to act in their company's best financial interest when designing networks and procuring goods and services, but this will soon stop.
The new reforms require telcos and ISPs to hand over all information on any network changes and procurement plans that the AGD decides could create espionage or sabotage vulnerabilities.
Such changes include outsourcing, offshoring equipment or services, procuring new equipment, and changes to the management of services.
The level of monitoring will depend on the size of the business and the importance of its infrastructure.
The draft bill puts the Secretary of AGD in the role of chief regulator, able to direct telcos and ISPs to comply with obligations and enforce civil penalties.
The Secretary will get advice from spy agency ASIO on risks, threats and vulnerabilities.
Any telco or ISP told to hand over information must comply or face civil penalties of around $250,000, the legislation states.
The draft bill also seeks to give the Secretary the ability to retain the information for as long as necessary.
The AGD estimates the ongoing costs of resourcing and administering the scheme will be about $1.6 million a year for the government, while the cost of industry compliance should be around $184,000 annually for each organisation.
John Stanton, CEO of the Communications Alliance, told reporters that it was better than the government’s earlier plan to recover $2 million annually in costs from the industry for the new legislation.
But, he added, the proposed regime only brings more red tape, compliance costs and levels of intrusion.
“Whether this is a proportionate response is a question that the parliament will need to consider in consultation with industry,” Stanton said.
“The government has indicated that the proposed legislation will not be used as a tool to prohibit specific equipment suppliers from operating in the Australian marketplace and this needs to be assured, given the potential competition impacts of such a move and the potential for overall network costs to be driven upward, to the detriment of industry and consumers.”