A response to the Commonwealth Government's preliminary policy statement titled

Towards an Australian Strategy for the Information Economy

Submitted by Electronic Frontiers Australia Inc.
October 1998

Introduction

Electronic Frontiers Australia Inc. ("EFA") is a non-profit national organisation formed to protect and promote the civil liberties of users and operators of computer based communications systems. EFA was formed in January 1994 and incorporated under South Australian law in May 1994.

Our major goals are to advocate the amendment of laws and regulations in Australia and elsewhere (both current and proposed) which restrict free speech and unfettered access to information and to educate the community at large about the social, political, and civil liberties issues involved in the use of computer based communications systems.

EFA members come from all parts of Australia and from diverse backgrounds. They are Internet and BBS users and system operators, computer professionals, students, academics, lawyers and other people who have a common interest in preserving online freedoms and rights, and in computer mediated communication and online information services.

Electronic Frontiers Australia is not a subsidiary or affiliate of the USA's Electronic Frontier Foundation (EFF), although the two separate organisations share a number of goals. EFA is focused on issues directly affecting Australians, whereas EFF has a clear American focus. EFF's role in the establishment of EFA was solely that of an advisory ally. We continue to liaise with EFF, and many other online civil liberties organisations around the world, on issues of mutual interest and potential benefit. EFA is a founding member of the Global Internet Liberty Campaign (GILC).

EFA policy formulation, decision making and oversight of organisational activities are the responsibility of the EFA Board of Management. Board Members act in a voluntary capacity; they are not remunerated for time spent on EFA activities. The activities of EFA are funded through membership subscriptions, as well as donations contributed by people and organisations wishing to thereby assist EFA in the achievement of its goals and objectives.

Background

The Commonwealth government's policy paper, Towards an Australian Strategy for the Information Economy ("the Report"), prepared by the Ministerial Council for the Information Economy, is just that - a policy paper.

It presents little in the way of firm detail, making broad recommendations and stipulations concerning government policy. As such, EFA's response has been limited to a general commentary of three of the more important issues raised in the paper; namely

Absolute security

The Report correctly recognises the importance of information security in an Information Economy. More importantly, it recognises that ordinary Australians must have confidence in the new regime of electronic commerce if Australia is to reap the full benefits that it has to offer.

Specifically, the Report outlines as a Guiding Principle:

The role of the government is to show the way - as a user, supplier and purchaser of electronic services; to provide direction, education and encouragement to business and consumers; and to provide a legal and regulatory framework that ensures the information economy is safe, secure, certain and open. (p.8, emphasis added)

Furthermore, the Commonwealth government recognises and purports to support the role of the private sector in driving both the adoption of the Information Economy and the development of the technology and skills required to support it:

The private sector is driving - and will continue to drive - the advent of the information economy. It is the role of governments to provide an environment conducive to investment in new technology, to the formation and growth of new enterprises, and to the acquisition of information technology skills and knowledge. (p.7)

As a related Guiding Principle,

The government…supports the efforts of private sector organisations to guide the successful expansion of electronic commerce and to build confidence in its use. (p.8. emphasis added).

Frankly, EFA considers that the position portrayed in the Report bears little resemblance to the Commonwealth government's actually policies, or - at least - the current implementation of those policies.

In particular, we note the Commonwealth government's current position on the following issues:

Key Escrow

The current position on Key Escrow and related key recovery infrastructure remains vague, which operates as a damper to the confidence that must be established before electronic commerce can get off the ground.

While EFA acknowledges the arguments made by those in favour of unhindered access to "tactical intelligence" and evidence for the purposes of law enforcement and national security, we are concerned that an attempt will be made to extend the powers of law enforcement and security to intercept communications beyond that which is reasonably required.

In particular, we are concerned that Parliament - under the guise of taking steps to address new technological challenges - will provide greater powers to law enforcement and security agencies, while at the same time weakening administrative and judicial oversight of the interception process.

Any doubts that may arise in the minds of the business community, and the community as a whole, as to the integrity of their communications will only hinder the development of an Information Economy.

Encryption Export limitations

The current Australian cryptographic export controls are unnecessarily strict and operate to curtail the development of Australian cryptographic technology and skills.

Australia is a Member of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual Use Goods and Technologies. Most of Australia's current export control regime can be traced to our obligations under the Wassenaar Arrangement.

The general aim of the Wassenaar Arrangement is to regulate the transfer of conventional weapons (such as missiles) and "dual-use" technology; that is, technology that has both civilian and military applications. At present, the definition of "dual-use" technology is such that it includes cryptographic software and hardware.

EFA opposes the inclusion of cryptographic technologies within the scope of Wassenaar Arrangement regulation.

Although it claims not to impede legitimate civil use and development of cryptographic technology, there is little doubt that it does in fact impede such development and implementation.

EFA believes there is no sound basis for the continuation of export controls on cryptographic products. Furthermore, we believe that the current scope of the Wassenaar Arrangement may stultify the development of a stable, reliable and secure infrastructure for electronic commerce, which will in turn erode consumer privacy protection - and, in turn, confidence - in the Information Economy.

General Software Note exemptions

It would appear that the original signatories to the Wassenaar Arrangement appreciated the detriment that its scope might have in the development of secure civilian communications.

The General Software Note, a preamble to the Wassenaar Dual Use list of controlled technology, specifically exempts all mass-market and public domain software. This is defined to include all software "in the public domain", as well as software "[d]esigned for installation by the user without further substantial support by the supplier".

It is conceivable that a number of Australian-made cryptographic software products would fall within this exemption. However, Australia has not yet implemented this exception, and as such all cryptographic software must be licensed before it may be exported, despite the presence of the general exemption.

This failure on the part of the Commonwealth government operates not only to effectively exclude Australian companies from competing in what is predicted to be a very lucrative export market, but it also hampers the development of a domestic cryptography industry and curtails the enhancement of our cryptographic skill base.

E-Commerce Enabling Legislation

Electronic commerce may be a '90s business buzzword, but it has been around - both as a concept and a business model - for almost two decades.

Despite this fact, Australia is yet to implement comprehensive, national legislation to support the evolution of electronic commerce, and provide an appropriate framework within which all businesses - both large and small - can benefit from the tremendous cost savings and efficiencies that it has to offer.

Consider these questions:

How many Commonwealth government agencies currently accept lodgment of mandated paperwork electronically?

How many Commonwealth government agencies currently accept electronic payment?

How many Commonwealth government agencies provide businesses and the community as a whole with an effective electronic interface to their complete range of products and services?

The absence of enabling legislation has also created a vacuum in which Australian businesses are literally hamstrung in their attempts to develop workable electronic commerce business models.

Few banks presently allow merchants to accept credit card transactions over the Internet.

There are a number of unresolved issues concerning which party carries the risk of credit card fraud in an electronic commerce transaction.

There is as yet no standard for securing online payments nor universally accepted alternatives to traditional payment mechanisms.

It is quite difficult at this stage to ascertain the fiscal implications of the Commonwealth government's stance on cryptography, and its general lethargy concerning the implementation of workable electronic commerce legislation.

Certainly there is no doubt that secure cryptography will play a pivotal role in the development and adoption of electronic commerce. Communications security, as well as public confidence, is heavily reliant on the availability of open and demonstrably secure cryptographic technologies.

Despite this, the Australian government maintains the tenuous position of advocating the weakening of cryptography standards. In a business environment hedging closer to the wholesale embrace of globalisation, this is a somewhat risky gambit - one which may find Australia left behind in the race for developing and providing the infrastructure required for global businesses to do business globally.

Efforts to curtail the availability and development of export-quality cryptography will have a detrimental effect on our ability to stake a claim for our share of electronic commerce transactions, profits and benefits. Any doubt as to the harm the current position is having on business confidence within Australia should be dispelled when one surveys the lacklustre adoption of such initiatives as the Australia's first Certification Authority, KeyPost (operated by Australia Post).

Information access

In the Report, the Commonwealth envisages:

All Australians [having] unprecedented access to information and education, entertainment and culture, goods and services from around the country and the world; and have the skills and knowledge to access what they need online…(p.9)

To support this vision, the Report states (at p.11) that the government is "committed to ensuring that all Australians, including the disadvantaged and remote, have adequate, affordable access to online services".

EFA welcomes the government's commitment to providing each and every Australian with the means and opportunity to participate not only in the Information Economy, but also the Information Society.

However this commitment stands in stark contrast to the government's intention to restrict access to "objectionable" content.

EFA maintains its position of opposing censorship of the Internet by any level of Australian government.

EFA actively campaigns against laws that restrict the ability of a service provider to provide an uncensored service, which assign liability to ISPs for material accessed through their service, or which deny users access to information or the freedom to communicate.

In our submission to the Senate Select Committee on Information Technologies Self-Regulation in the Information and Communications Industries Inquiry (January 1998), we stated:

EFA takes the position that self-regulation is undesirable when it is taken to mean that industry organisations and users are forced to take responsibility for government censorship under the guise of self-regulation. EFA strongly supports the principle that content creators rather than carriage service providers should be responsible for online content, and that criminal culpability for such content should apply only to material that is globally and unequivocally recognised as illegal.

Our principal recommendation in that submission, which is equally applicable given the nature of the current Report, was:

That attempts at content regulation of the Internet be abandoned, on the basis that publication of globally-agreed illegal material can already be prosecuted under existing law, and that regulations concerning contentious material are inappropriate in a world where cultural differences cannot be easily reconciled.

In short, it is our submission that the government's expressed desire to regulate service and content providers fundamentally conflicts its stated objective of allowing "unprecedented access" to information.

EFA's submission to the Select Senate Committee can be viewed online at

http://www.efa.org.au/Publish/sscit.html

EFA is also concerned that the Commonwealth government appears to be leaning towards the broadcast model in terms of developing a regulatory framework for online content.

No doubt, as broadband technology becomes more widespread, consumers will be using a variety of access methods. These may include WebTV-style interfaces, as well as "datacasting" and related technology, which may or may not be bundled with traditional TV broadcasts.

However, despite this convergence, there remain fundamental differences between the passive, "push" nature of the traditional broadcast medium, and the interactive, "pull" nature of online services.

While there may be some blurring of this distinction in terms of streaming video and audio services, content of this nature is made available and delivered in such a fashion as to negate the application of traditional broadcast media policies and regulations. As such, EFA considers that it would be imprudent at this time to consider expanding the brief of Australia's broadcasting authorities to cover Internet regulation; specifically, content regulation.

Finally, EFA is also concerned about the apparent stalemate on the issue of the privatisation of Telstra. We acknowledge the manifold nature of the Telstra privatisation, and the need to reconcile the interests of a number of stakeholders.

However, any delay over the eventual finalisation of the privatisation issue will only act to undermine the Government's stated policy of ensuring equality of access to the Information Economy for all Australians.

For instance, there currently remains some doubt as to the appropriate role that Telstra should play in providing subsidised Internet access to those in regional or rural communities.

On the one hand, as a public company, Telstra's management should quite properly concern itself with competition and market issues, including deriving the greatest profits for its shareholders.

On the other hand, as a government instrument, it could be argued that Telstra owes a duty to ensure that no Australian is disadvantaged in terms of access to communication services due to their geographic location.

Certainly, in its present state of limbo - no longer a government instrument yet not quite a public company - a number of questions arise as to Telstra's proper role.

A good example of this confusion concerns the recent announcement by Telstra that it will cease providing certain PAPL (Permitted Attached Private Lines) services to many smaller ISPs.

PAPL is, essentially, a point-to-point voice grade link between to points on Telstra's domestic copper wire network. Data can travel across the PAPL link (at a distance of up to 3.5Km) at speeds of around 2Mb per second. PAPL links are currently used by most ISPs as a means of connecting to the nearest telephone exchange. (From the exchange, the ISPs can link to the faster fibre-optic services, which in turn are connected to Australia's Internet backbone).

At present, the service is quite cost effective for ISPs - approximately $2000 to install, and around $2000 per year to run. Many ISPs have developed their business and profit models around these cost levels.

However, Telstra's recent announcement that it will discontinue access to PAPL links will cause the operational costs of almost all ISPs to increase, perhaps by a factor of 10, as they are forced to use a more expensive service to maintain the same connectivity. This in turn will have detrimental effects on the ability of those ISPs to provide economical access to the Internet for many Australians.

Perhaps the most galling aspect of this recent development is that Telstra is not actually discontinuing the service - it still plans to allow select (non-ISP) clients access to the service.

Events such as these raise very real issues concerning the current Telstra near-monopoly of Internet infrastructure, and the very real conflict this position has with the Commonwealth government's public statement that it supports equality and equity of access to the Internet for all Australians.

Privacy Issues

Given the emphasis placed in the report upon ensuring the security of Australia's electronic commerce infrastructure, and the recognition that a concerted effort is required to nurture business and consumer confidence in electronic commerce, it is quite surprising that little attention was given in the report to the issue of online privacy; in particular, the privacy of consumer information.

Australian consumers already suffer from poor privacy protection, especially in light of the Commonwealth government's recent abandonment of its election promise to introduce the world's best privacy protection which, at the time, received widespread support from both consumers and businesses alike.

If the recent experience of the US Federal Trade Commission is any indication, it is likely that the powers of Australian authorities to prevent the inappropriate use of personal and financial information collected online will be sorely tested.

In addition to hampering consumer confidence in electronic commerce (a not insubstantial consideration), the Commonwealth government's failure to implement privacy safeguards may result in our exclusion from international trade with the European Union, as a result of the stipulations in the European Union Privacy Directive against trade with countries that lack adequate privacy protections.

That our exclusion is a very real prospect is evidenced by the intention of several state governments, including Victoria, New South Wales and Queensland, to introduce their own privacy legislation. Such a scenario makes a mockery of the call in the Report for a national electronic commerce legislative framework.

Online privacy, particularly consumer privacy, is a pivotal issue in an Information Economy and constitutes a cornerstone of any future Information Society. These issues deserve considerably more attention and respect than the lip service proffered in the Report.

EFA urges the Commonwealth Government to continue with its original policy of implementing a world standard privacy framework for the protection of its citizens and to ensure the development of a robust Information Economy.

Conclusion

It is not without a touch of irony that the Report lauds the Information Economy for its ability to relieve Australia from its long suffered "tyranny of distance".

Certainly, Australia's geographic location relative to the European and American markets has hampered the development of our export potential. Equally, our domestic geography has tempered our ability to reach the same economies of scale in certain industrial sectors - including telecommunications - available to our overseas competitors.

Yet, reading the Report it is difficult not to wonder whether we run the very real risk of swapping one form of isolation for another: an isolation borne of sub-standard encryption technology, the lack of a clear and equitable framework for the protection of recognised speech and privacy rights, and a failure to provide a clear declaration of the rights and obligations of service providers, content producers and users in the increasingly complex environment of electronic commerce.

Australia still has some way to go before it catches up with its more advanced neighbours. Governments at all levels need to take urgent steps to implement policies and initiatives that will open their services and resources to the online community. Financial reform is needed to ensure recognition of emerging digital payment mechanisms. Legal reform is required to provide a basis for the development of a jurisprudence capable of meeting the needs of the Information Economy and an Information Society. Political resistance to safe, secure and open cryptography must be reversed, in recognition of the pivotal role it will play not only in developing a stable, rich Information Economy, but also engendering trust within the community as a whole towards this new, often bewildering, socio-economic paradigm shift. And, finally, steps must be taken immediately to ensure that all Australians are provided with equitable access to this new realm of online commerce and society.