Mr Burgess said all TCNs had been done in co-operation with providers and had not involved the development of any backdoors that might create systemic weakness in networks or devices.
“Our experience is we’ve not had an issue – it’s been very collaborative so far,” he told a hearing into the laws. “I know that members of our society, depending on where you fall, will have a different view of what a ‘systemic weakness’ is.
“But that’s in my mind when I consider this because I have no intention of introducing something that breaks the internet, no intention of introducing something that actually means that whilst it gives me lawful access to target ‘a’, I’ve now put every Australians’ private communications at risk, because I would not do that.”
Mr Burgess said ASIO used the new encryption laws within 10 days of them coming into effect last year.
With over 95 per cent of ASIO’s most dangerous counter-terrorism targets using encrypted communications, Mr Burgess said the laws had helped significantly in gaining targeted access to specific encrypted data and it was done “in a co-operative way”.
The guarantee by the ASIO boss comes as calls grow from tech companies for more oversight of the encryption laws, including a requirement that security agencies must go before a senior judge before gaining access to encrypted messages.
The laws – which were hurried through federal Parliament at the end of 2018 – are being reviewed by the Independent National Security Legislation Monitor, James Renwick, who has already suggested that some of his recommendations would include a senior judicial officer being involved in ticking off on encryption requests.
In his opening remarks to the hearing, Dr Renwick said it might be preferable for law enforcement agencies to go before a senior judge or the security division of the Administrative Appeals Tribunal to access encrypted messages. Currently, “technical assistance notices” (TAN) – which require service providers to hand over encrypted data – can be approved by an agency head or their delegate.
“Unlike the underlying warrants or authorisations, TANs are not granted by an eligible
judge or independent tribunal member but are simply granted by the agency head or
their delegate, a departure from the normal course of an independent eligible judge or
tribunal member in relation to a coercive power affecting privacy,” he said.
Dr Renwick said nothing he had seen in his review of the encryption laws so far amounted to “mass surveillance” of Australians, and they had instead allowed for pre-existing powers to be used in a
more targeted or limited fashion.
But he said many of the submissions had raised concerns about the laws creating systemic “weaknesses” or “vulnerabilities” in networks and devices, suggesting the definitions of these terms in the laws needed to be improved.
Anthony is foreign affairs and national security correspondent for The Sydney Morning Herald and The Age.