Division 7—Limitations317ZG Designated communications provider must not be req

1. Division 7—Limitations
2. 317ZG Designated communications provider must not be requested
3. or required to implement or build a systemic weakness or
4. systemic vulnerability etc.
5. (1) A technical assistance request, technical assistance notice or
6. technical capability notice must not have the effect of:
7. (a) requesting or requiring a designated communications
8. provider to implement or build a systemic weakness, or a
9. systemic vulnerability, into a form of electronic protection; or
10. (b) preventing a designated communications provider from
11. rectifying a systemic weakness, or a systemic vulnerability,
12. in a form of electronic protection.
13. (2) The reference in paragraph (1)(a) to implement or build a systemic
14. weakness, or a systemic vulnerability, into a form of electronic
15. protection includes a reference to implement or build a new
16. decryption capability in relation to a form of electronic protection.
17. (3) The reference in paragraph (1)(a) to implement or build a systemic
18. weakness, or a systemic vulnerability, into a form of electronic
19. protection includes a reference to one or more actions that would
20. 84
21. Telecommunications and Other Legislation Amendment (Assistance
22. and Access) Bill 2018
23. No.
24. , 2018
25. 317ZGANo.
26. Industry assistance Schedule 1
27. Amendments Part 1
28. render systemic methods of authentication or encryption less
29. effective.
30. (4) Subsections (2) and (3) are enacted for the avoidance of doubt.
31. (4A) In a case where a weakness is selectively introduced to one or more
32. target technologies that are connected with a particular person, the
33. reference in paragraph (1)(a) to implement or build a systemic
34. weakness into a form of electronic protection includes a reference
35. to any act or thing that will, or is likely to, jeopardise the security
36. of any information held by any other person.
37. (4B) In a case where a vulnerability is selectively introduced to one or
38. more target technologies that are connected with a particular
39. person, the reference in paragraph (1)(a) to implement or build a
40. systemic vulnerability into a form of electronic protection includes
41. a reference to any act or thing that will, or is likely to, jeopardise
42. the security of any information held by any other person.
43. (4C) For the purposes of subsections (4A) and (4B), an act or thing will,
44. or is likely to, jeopardise the security of information if the act or
45. thing creates a material risk that otherwise secure information can
46. be accessed by an unauthorised third party.
47. (5) A technical assistance request, technical assistance notice or
48. technical capability notice has no effect to the extent (if any) to
49. which it would have an effect covered by paragraph (1)(a) or (b).
50. Limits on technical capability notices
51. (1) If:
52. (a) a designated communications provider supplies a particular
53. kind of telecommunications service; and
54. (b) the service involves, or will involve, the use of a
55. telecommunications system;
56. a technical capability notice has no effect to the extent (if any) to
57. which it requires the provider to ensure that the kind of service, or
58. the system:
59. (c) has the capability to enable a communication passing over
60. the system to be intercepted in accordance with an
61. interception warrant; or
62. , 2018
63. Telecommunications and Other Legislation Amendment (Assistance
64. and Access) Bill 2018
65. 85
66. SchedulePart1 Industry assistance
67. 1 Amendments
68. (d) has the capability to transmit lawfully intercepted
69. information to the delivery points applicable in respect of that
70. kind of service; or
71. (e) has a delivery capability.
72. NoteNote1:
73. 2:
74. Part 5-3 of the Telecommunications (Interception and Access) Act
75. 1979 deals with interception capability.
76. Part 5-5 of the Telecommunications (Interception and Access) Act
77. 1979 deals with delivery capability.
78. (2) For the purposes of subsection (1), ensuring that a kind of service
79. or a system has a particular capability includes ensuring that the
80. capability is developed, installed and maintained.
81. (3) A technical capability notice has no effect to the extent (if any) to
82. which it requires a designated communications provider to keep, or
83. cause to be kept:
84. (a) information of a kind specified in or under section 187AA of
85. the Telecommunications (Interception and Access) Act 1979;
86. or
87. (b) documents containing information of that kind;
88. relating to any communication carried by means of a service to
89. which Part 5-1A of the Telecommunications (Interception and
90. Access) Act 1979 applies.
91. Note:
92. Part 5-1A of the Telecommunications (Interception and Access) Act
93. 1979 deals with data retention.
94. (4) A technical capability notice has no effect to the extent (if any) to
95. which it requires a designated communications provider to keep, or
96. cause to be kept, information that:
97. (a) states an address to which a communication was sent on the
98. internet, from a telecommunications device, using an internet
99. access service provided by the provider; and
100. (b) was obtained by the provider only as a result of providing the
101. service.
102. Note:
103. This subsection ensures that a technical capability notice cannot
104. require a designated communications provider to keep information
105. about subscribers’ web browsing history.
106. 86
107. Telecommunications and Other Legislation Amendment (Assistance
108. and Access) Bill 2018
109. No.
110. , 2018
111. Industry assistance Schedule 1
112. Amendments Part 1
113. (5) An expression used in this section and in Chapter 5 of the
114. Telecommunications (Interception and Access) Act 1979 has the
115. same meaning in this section as it has in that Chapter.