A “double standard” has emerged in Australia’s technology regulations, with step-in powers for cyber spooks to take control of a company’s network similar to those at the heart of concerns that led to companies like Huawei being banned from 5G networks, the AIIA has warned.
In a speech to the Tech in Gov conference in Canberra, Australian Information Industry Association (AIIA) chief executive Simon Bush said the federal government needed to address the “uncoordinated and a tangled web” of rules and regulations, which he likened to “spaghetti”.
Under the Albanese government, technology policy had become more diffuse, with the Digital Transformation Agency recently losing its remaining responsibilities for cybersecurity and digital identity. Last week, the Department of Home Affairs gained ever further cybersecurity duties.
Mr Bush said Home Affairs had a natural propensity to layer additional regulation on the economy, highlighting the critical infrastructure legislation passed by the Morrison government with the support of Labor in 2021.
“Home Affairs sought controversial step-in and other strong intervention cyber powers… yet the enforcement agencies don’t have the ability and scale to actually do this – nor do they necessarily want to,” he said.
“It’s a case of policy intentions don’t meet reality, yet these new laws get passed by parliament under the cloak of national security, so no-one questions the principles and underlying merits of the laws themselves.”
The legislation – labelled as “highly problematic” by a group of international technology association, including the AIIA – grants the Australia Cyber Security Centre the ability to step in and take control of a company’s systems as a last resort if it is subject to a cyber-attack.
Mr Bush said the step-in powers were an overreach and had created a “double standard”, with the government banning Huawei from Australia’s 5G network years earlier for being subject to similar laws in China.
“Let me illustrate the double standard: Huawei was banned in Australia on the basis that the Chinese government could force the company to provide access and data because of their own step-in powers,” Mr Bush said on Wednesday.
“So how is this different to the Australian government having step-in powers to access private companies’ facilities and networks with domestic actions being approved in part by the Minister for Defence?
“This critical infrastructure regime was passed by Parliament just two years after the formal ban and no one saw the irony, double standard or was concerned around this overreach of government – again as we were told by the Home Affairs department this was a matter of national security.”
Similar fears of Chinese influence are now playing out with popular social media app TikTok. The government recently banned the app on government-issued devices and parliamentarians are now pushing to have the ban extended to some critical infrastructure operators.
Mr Bush said policy developed with industry in response to issues “as they emerge” was the ideal approach for government to take, and that it should follow its own guidelines and “regulate as a last resort not a first resort”.
He pointed to mechanisms like a Tech Regulators Forum, proposed by the ANU Tech Policy Design Centre, or a Council of Tech Regulators, to “ensure that the introduction of policy is streamlined and sequenced and that the left hand knows what the right is doing”.
Mr Bush also reiterated support for a dedicated “ministerial portfolio dedicated to considering the economy-wide effect of technology regulation as a whole” in the same week that government MPs downplayed the need for a digital economy minister in Parliament.
He said that with the responsibilities split between Industry minister Ed Husic and Finance minister Katy Gallagher, despite “mean[ing] well and work[ing] hard”, have “less authority and no remit to work outside these pillars and to act as whole-of-government and whole-of-economy”.
Recent moves by the government to create the Office of the Cyber Security Coordinator within Home Affairs is recognition of the need for improved coordination, which Mr Bush said is “simply a high-profile example of a wider emerging issue”.
