Mr MARTYN EVANS (12:46 PM) —As my colleague the shadow Attorney-General has indicated, the opposition is broadly in support of the Electronic Transactions Bill 1999 . It seeks to enable electronic commerce to have the same kind of sound legal footing that ordinary commerce has enjoyed under common and statute law in this country for well over 100 years now. As electronic commerce moves throughout the world, recent OECD and United States reports have indicated that we will be talking many hundreds of billions of dollars in a few short years time.

Clearly electronic commerce needs the same kind of statutory and common law footing for its undertakings as ordinary commercial transactions have had. This will guarantee that citizens can rightly have confidence in the way in which those transactions are undertaken and be certain that the legal system will stand behind them in disputes. Businesses can be sure that they have a solid basis to undertake the transactions with consumers. People will not be able to walk away from those transactions, and businesses can gain the productivity and efficiency benefits which electronic commerce promises. Without a sound legal footing, those efficiency and productivity gains will be very light indeed and very difficult to put into effect. It is the basis of law on which the system operates which guarantees that those efficiency gains offered by electronic communication, the Internet and e-commerce in general can be translated into real gains for business and consumers throughout the country.

This legislation represents a very good tentative and first step into the area of electronic commerce regulation by the government. It is unfortunate, as my colleague the shadow Attorney-General has said, that this did not come sooner. It is unfortunate that the government has not taken the opportunity to more aggressively pursue with their colleagues in the states a more national basis for this legislation. Nonetheless, that does not in any way counter the beneficial effect of this legislation. I certainly encourage the government to proceed further with it to see how a more national approach can be adopted.

The referral of powers by the states is one option, but a more aggressively pursued cooperative regime by the Commonwealth will be very important. It needs to take place very quickly because this, as honourable members opposite have said, is a rapidly evolving area and we do not want to wait too long. Also, as other speakers have indicated, we do not want to be too prescriptive about the technology which we are supporting in the law.

The legislation must be enabling but it must not be prescriptive or attempt to pick winners in the area of particular technologies. The market should be allowed to determine what it will support by way of digital signature verification, for example, and all those areas of technology which underlie electronic commerce transactions. The parliament should attempt to enable those areas. It should attempt to give legal and statutory underpinning to electronic commerce without attempting to determine which technologies will be the winning technologies in the years ahead. No doubt they will change many times over the next few years.

The parliament must move aggressively to secure people's rights and to ensure that dealing with the Commonwealth in an electronic form is even more convenient than dealing with the Commonwealth in person or by correspondence. That is an area in which the Commonwealth has a long way to go. I encourage the government to look further at ways in which it can be a market leader and a principal investor in this technology, ensuring that its own business affairs are conducted via the Internet so that people can ensure a sound domestic base is established for these transactions and business is encouraged to move because of market leadership by the Commonwealth.

The investment which the Commonwealth can make in these transactions will underpin investment by business. Again that is not in specific technologies, in terms of the legislation, but very much in terms of enabling those processes to occur and in being a leading investor in these technologies so that the public can gain confidence in them and so that business will have a sound domestic base on which to build its own investment in this area.

I would like to turn to areas of this debate which might appear at first sight to be more esoteric but which I think will underpin electronic commerce in the future and which we ignore at our peril. One of those is the encryption debate. Colleagues opposite have indicated the importance of encryption as an underlying means of securing electronic commerce, of securing privacy over the Internet, of securing the protection of data and of generally providing for public and business confidence in the integrity of these systems and the validation of identity by electronic means—something which it is not so easy to do. As the saying on the Internet goes, `On the Internet no-one knows you are a dog.' The reality is that over the Internet no-one knows either that you are Martyn Evans or Alan Cadman or whatever. So some method of evaluating people's identity, of confirming that the transaction is indeed taking place between the parties that they represent themselves to be, is also very important. Those things are all underpinned by encryption.

Encryption was once the sole preserve of secret agents and defence departments, and indeed was jealously guarded by those people and held tightly to their electronic chests so that they were the only ones who had this technology. And, indeed, in the fifties and sixties that was a valid assumption for government to make. It was important that government held those secrets as national security issues and preserved its own ability to undertake secret communications, but excluded the general public, and in particular criminals, terrorists and the like, from undertaking those kinds of secret communication.

However, the reality is that electronic commerce has turned this whole argument completely on its head and it is now fundamental that government encourages—indeed, almost mandates—the use of strong encryption in the community and in business, not only to ensure privacy but to ensure the invulnerability from attack by criminals, by terrorists, of private financial transactions, of our national information infrastructure, as the Americans call it, and of our telephone networks, electricity networks, even the water supply network and so on. All of these things are underpinned by electronic commerce and by computer systems. It is only through the use of encryption technology that they can all be properly safeguarded and protected and that public confidence in electronic commerce—which will be absolutely critical to the future building of electronic commerce in this country and throughout the world—can be sustained by strong encryption, as can the establishment of identity over the Internet.

Governments still tend to cling to those 1950s national security/secret agent agendas. This government has made some attempt to move out of that era but, unfortunately, like the government in the United States, it still clings to some of those old ideas. I hope, in a spirit of bipartisanship in putting this idea forward, that the government will seriously examine its commitment to open, strong encryption technology in this country, with a view to supporting that solidly. Instead of holding back as if from the edge of a precipice, it should step forward and admit that the technology is now essential to electronic commerce and important to the average citizen and to business, and can no longer be held back from open use in the community because of fears about national security, criminal activity and the like.

The reality is the whole debate has now been turned completely on its head. In order to protect citizens and business and government infrastructure from terrorists, criminals and others, it is essential that it is the good guys who now use the strong encryption technology, even if this will in some cases allow criminal elements to use that technology as well. The reality is that terrorists and criminals can buy strong encryption technology on the open market in the United States, they can download it from the Internet and they have access to it. We are excluding in some cases and we are failing to encourage the public to adopt this technology because of some lingering national security fears which are now very much outdated.

It is possible to use strong encryption in this country without too much restriction. If you want to put that on your own computer, you can do so. But if you want to export that technology you face interrogation by the government. If you want to ensure that you are able to use that technology in your own networks, you face real bureaucratic difficulties in importing this technology from the United States and implementing it on your own network for electronic mail security. For example, the parliament has recently sought to bring into this country a security certificate for 128-bit encryption technology to use on our own internal mail system in Parliament House. It took months to get that technology validated from the United States, and that only brings us to 128-bit encryption. The average Internet browser in this country used by ordinary citizens is only good for 40-bit encryption.

The technology we are proposing to use in Parliament House, which has taken much bureaucratic effort to get in place, is only 128-bit encryption. A few weeks ago, in the United States, scientists broke 512-bit encryption. It took them a fair bit of effort, they had to use a number of computers to do it, but the reality is that 512-bit public key encryption is now suspect. Yet we are encouraging the public to use 40-bit encryption and the parliament itself, after much effort, has only just proposed to move to 128-bit encryption. Clearly, we have a long way to go in this debate.

It is time the government said, `This whole thing is now completely different. We must insist on the public using very high levels of encryption, beyond 512-bit. The average person should be using 768-plus bits of encryption. For really sensitive material you would use much more. It is overkill, of course, but it does guarantee privacy, it does guarantee certainty of transactional identity and it does guarantee public confidence in the system. It secures our transactions against invasions by criminals.'

Some people will say and the law enforcement agencies will say, `This prevents us from listening in on other people's transactions. This prevents us listening to drug dealers who wish to exchange communications over the Internet on drug deals. This prevents us from deciphering and decrypting child pornography over the Internet.' If those people are serious, they can already use very strong public key encryption which they can download over the Internet. I downloaded, quite legally, pretty good privacy PGP encryption from Norway, where it is up on the Internet. Many other people in this country have done the same thing. That offers 2,000-bit encryption and is unbreakable, I would suggest, even by the National Security Agency of the US—but who can tell? It is certainly unbreakable in Australia.

The reality is that if you can download that in 20 minutes over the Internet, then if you are serious about child pornography or you are serious about drug trafficking you will have already done that and you will not have any problem in defeating the law enforcement agencies. So those people already have that technology. It is important that we now get the rest of the community using it so that they can be safe from the people who would threaten their transactions, who would threaten their privacy and who would threaten the very foundations of electronic commerce.

The fact that some people will continue to use that for criminal purposes should be made a serious offence. The use of cryptography to cover criminal transactions ought to be a serious offence in this country, because that would have put us on the correct basis for penalising the criminals while encouraging the public and business as a whole to use encryption technology for what it is meant to be used for. And the government should be behind that.

Law enforcement has been greatly assisted by technology in recent times—DNA fingerprinting, cameras in public places, the use of neural networks to track financial data transactions. In all those areas technology has delivered massive gains to law enforcement, and so it should—I am not against any of that at all. I think it is very important that law enforcement agencies stay on top of all of these new technologies and take maximum advantage from them. One technology offers a small degree of detriment to them. They should overlook that, see the greater good of electronic commerce in this country, take the other benefits which technology has delivered to them—DNA testing itself has delivered enormous benefits to law enforcement in this country and throughout the world—and live with the small problems, which they are already going to have to live with anyway, due to encryption technology. (Extension of time granted)

Obviously, one of the few ways we can address this sensibly in the modern climate is to enter into some treaties with countries like the US and Europe to ensure that we have reciprocal obligations and rights between our countries to allow encryption to flow between these countries and to allow export and development in the domestic market without restriction. I think the government should then proceed, having negotiated some international agreements in this regard, to review its domestic laws and to repeal some of the measures which we adopted here last year—for example, to force telecommunications companies and ISPs to decrypt on demand of the government any transmission which they have encrypted.

I debated with honourable members in this very place a year ago the government's legislation which mandates the decryption without reference to the consumer or the business of any encrypted message which an ISP or a telecommunications service provider has encrypted. That technology itself, once the public understands that measure, will severely undermine confidence in electronic commerce. The government should step back from that and criminalise the use of cryptography for criminal purposes but at the same time encourage and remove those laws which provide for the decryption of those messages because they will undermine public confidence. That is the reality of this, and there is no way of avoiding that outcome when the public know that their messages can be decrypted.

It is for that very same reason that mandatory key escrow systems will also not work. If the public know that either the government or some third party is holding decrypt keys for their messages, then they will not trust the security of those messages. Any attempt to use those mandatory key escrow technologies will also be unsuccessful in the long run. We might as well admit that now and make a virtue of the necessity and move forward on the legislation and the technology and gain the maximum advantage for Australian business.

The reality is that the United States is very rapidly moving in this direction. Having resisted it strongly for years, having declared the export of encryption technology be the same as the export of dangerous munitions, the United States a few days ago announced new policies on encryption technology which I think will rapidly lead to the removal of all restrictions on the export of escrow encryption from the United States, meaning that Australia's window of opportunity to capture this international market will be lost once the US moves into it. Instead of having only a toe in the water, so-to-speak, at this stage, the government should move forward much more aggressively in this area and in the area of electronic commerce to ensure that Australia's place in the world in this area can be well captured.

Earlier this year the government also put in place Internet censorship rules which I think will damage electronic commerce severely in the long run. Honourable members opposite congratulated themselves on saving Australian children from being exposed to unsavoury images and practices over the Internet because of their censorship regime. Of course we all support that kind of outcome, but the reality is that the government's legislation will go no way to achieving that outcome and it will seriously undermine some aspects of Australia's e-commerce. Again, we must review all of those laws which put roadblocks on the `electronic superhighway'—to quote the Vice-President of the United States—and ensure that Australia's place in pursuing electronic commerce can be a very strong one.

That is our role in this region. We have a very good telecommunications base. We have a strong legal base and very competent financial and other work force employees. We could adopt a very strong role in this if people had confidence in our legal system and in our technology, which they will only get if the government removes these kinds of restrictions from its legal base.

I strongly commend this legislation to the committee. I ask the government to review exactly the role that it is pursuing and, instead of adopting this more timid approach, to move forward more strongly to ensure Australia's place in the e-commerce world.

Debate (on motion by Mr Cadman) adjourned.

Main Committee adjourned at 1.06 p.m.