bendechrai/Altered Assistance and Access Bill text 2018

## Altered Assistance and Access Bill text 2018
Dear Minister

I write to express my concerns over the draft legislation titled 'The Assistance and Access Bill 2018', and outline these concerns below.

1. This Bill would harm cybersecurity

This Bill would require companies to provide information about how their systems work. It would allow more people physical access to networks. It would require organisations to test and install new functionality built by the government. These measures would undoubtedly introduce new threats and vulnerabilities into the systems that we all use each day.

2. This Bill would lead to an increase in government hacking

This Bill grants government officials power to both compel organisations to reveal information about their systems and to make changes to those systems. Combined with the government’s new ability to issue warrants to seize information directly from devices, this would empower Australian government agencies to develop and grow their hacking capacities without vital and necessary protections. Any government hacking must come with strong safeguards given the high risk of harm. While the orders issued under this authority must be reasonable and proportionate, there is nearly no limitation to ensure that the government would not use any vulnerabilities it uncovered around the world or share that information with its allies.

3. This Bill could create a backdoor into end-to-end encryption despite assurances to the contrary

Whilst the Bill does specifically prohibit the government from mandating a systemic weakness in an encrypted system, the term "systemic" is ambiguous. History has shown that ambiguity leads to misunderstandings and intentional exploitation, which will result in less trust in technologies deployed in Australia. When users become aware that the software they run is not just designed by the company behind it, but also vested interested in the government and intelligence agencies, any software updates will be regarded as potential backdoors, undermining faith in software updates, leading users not to update. That means more unpatched systems and overall harm to cybersecurity.

4. This Bill is a huge overreach into the fundamental workings of our digital world

As drafted, this Bill would authorise vast new powers to authorities with almost no understanding of the limitations, the implications, or oversight mechanisms. Encryption protocols are the backbone of the digital economy, facilitating every single transaction online. Strong encryption is essential to the modern Australian economy, and it would be a mistake to deliberately weaken it.

I urge the government to consider how this Bill, in its current draft form, could damage the way that I, and many other Australians, use digital communications on a daily basis. I am also concerned about the impact on my rights - particularly the right to privacy.

Thank you
	Dear Minister

	I write to express my concerns over the draft legislation titled 'The Assistance and Access Bill 2018', and outline these concerns below.

	1. This Bill would harm cybersecurity

	This Bill would require companies to provide information about how their systems work. It would allow more people physical access to networks. It would require organisations to test and install new functionality built by the government. These measures would undoubtedly introduce new threats and vulnerabilities into the systems that we all use each day.

	2. This Bill would lead to an increase in government hacking

	This Bill grants government officials power to both compel organisations to reveal information about their systems and to make changes to those systems. Combined with the government’s new ability to issue warrants to seize information directly from devices, this would empower Australian government agencies to develop and grow their hacking capacities without vital and necessary protections. Any government hacking must come with strong safeguards given the high risk of harm. While the orders issued under this authority must be reasonable and proportionate, there is nearly no limitation to ensure that the government would not use any vulnerabilities it uncovered around the world or share that information with its allies.

	3. This Bill could create a backdoor into end-to-end encryption despite assurances to the contrary

	Whilst the Bill does specifically prohibit the government from mandating a systemic weakness in an encrypted system, the term "systemic" is ambiguous. History has shown that ambiguity leads to misunderstandings and intentional exploitation, which will result in less trust in technologies deployed in Australia. When users become aware that the software they run is not just designed by the company behind it, but also vested interested in the government and intelligence agencies, any software updates will be regarded as potential backdoors, undermining faith in software updates, leading users not to update. That means more unpatched systems and overall harm to cybersecurity.

	4. This Bill is a huge overreach into the fundamental workings of our digital world

	As drafted, this Bill would authorise vast new powers to authorities with almost no understanding of the limitations, the implications, or oversight mechanisms. Encryption protocols are the backbone of the digital economy, facilitating every single transaction online. Strong encryption is essential to the modern Australian economy, and it would be a mistake to deliberately weaken it.

	I urge the government to consider how this Bill, in its current draft form, could damage the way that I, and many other Australians, use digital communications on a daily basis. I am also concerned about the impact on my rights - particularly the right to privacy.

	Thank you