Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Joint Standing Committee on Trade and Investment Growth
10/05/2018
Australia's trade system and the digital economy

DALE, Ms Erin, Assistant Commissioner Border Management, Australian Border Force

GIBBON, Mr John, Acting First Assistant Secretary, Trade and Customs Division, Department of Home Affairs

HALL, Aled, Acting Assistant Secretary, Department of Home Affairs

SAWCZUK, Ms Christie, Acting Assistant Secretary, Trade Modernisation and Industry Engagement Branch, Department of Home Affairs

[09:25]

CHAIR: Welcome. These proceedings are public and are broadcast and recorded on Hansard. If you wish to have evidence heard in private, please let the committee know, and we'll consider your request. Although the committee does not require you to give evidence under oath, this hearing is a formal proceeding of parliament. Giving false or misleading evidence is a serious matter and may be regarded as contempt of parliament. I now invite you to make an opening statement.

Mr Gibbon : Thank you for inviting the Department of Home Affairs to appear at this committee hearing for the inquiry into the trade system and the digital economy. Home Affairs plays a critical role in Australia's international trading system in facilitating trade and ensuring our border security. As outlined in the Home Affairs submission to the inquiry, Home Affairs is leading the development of an agenda to transform and modernise trade that flows through Australia's international supply chain. This agenda aims to create a future international trade system for Australia that is seamless, digital, automated and user friendly. This system would be underpinned by a single window for international trade.

Over the next decade, Home Affairs is proposing a whole-of-government approach to modernise the trade process, ensuring that an international future is one where government has visibility of the end-to-end supply chains and access to real-time intelligence information and goods traded and the entities behind those transactions; that the majority of traders are trusted and interact in a secure and transparent supply chain; that intelligence and risk-assessment capabilities and revenue collection are improved by new and emerging technologies, such as blockchain, that would improve the veracity, validation and analysis of intelligence and trade data; and that border examination processes are integrated and automated. It would also be a system where Australia's international trade is enabled by a single-window one-touch point for all regulatory information and transactional requirements. Government agencies responsible for regulating international trade would operate under a more harmonised and aligned legislative and regulative framework, making them user friendly for industry and efficient for government, and commercial data holdings in government would seamlessly carry out all international trade regulatory and international trade end-to-end processes managed by government would be digitised and automated.

Over the coming months, Home Affairs will continue to consult with industry. Industry support, co-design and co-investment will be critical and will assist in building our international trading future. I welcome the committee's views on our submission.

CHAIR: In your submission you dealt with physical products imported in and out of Australia. What role does Home Affairs have in relation to digital trade? That's what we're concentrating on.

Mr Gibbon : I might hand to Christie to assist you with that answer.

Ms Sawczuk : Digital trade is the future of how goods will trade through and across our border. That's in terms of not only the tangible goods but also ecommerce, international mail and how the goods are actually transported. That's a key part of the future of the international trading system.

CHAIR: Digital trade and the blockchain: how's that catching on? It's been spoken about now for about 12 months or more. How's it proceeding?

Mr Gibbon : I'll hand you to our expert on technology matters—all things blockchain—and we hope to learn some things this morning as well.

Aled Hall : Blockchain is a technology, a tool, that is being investigated and adopted by industry globally. So we are researching, investigating and understanding how industry is leveraging blockchain to build or contribute to our trade modernisation agenda. It's still nascent; it's emerging. Have I addressed your question?

CHAIR: So if you haven't got blockchain you're still in the game?

Aled Hall : Yes, that is correct. It is emerging. We're not aware of any major production capabilities leveraging blockchain as a technology.

Mr HART: I'm particularly interested in the issue of cybersecurity, separate to the conversation that we had previously with Mr MacGibbon. Given the increasing reliance upon digital systems within your department and the facilitation of digital systems, is there a particular focus within your department on the threat of cyberterrorism—for example, express attacks not just on systems in a wide attack but in order to disrupt particular parts, for example, of digital trade?

Mr Gibbon : I think Mr MacGibbon, who is our cybersecurity expert, this morning outlined some of those issues. I'm not sure if there's anyone at the table who's expert in that regard. Aled?

Aled Hall : We are very conscious of our security obligations, and in the department we manage our systems—I'm trying to answer your question; what are you looking for, exactly?

Mr HART: My concern is that you're talking about moving your systems towards facilitation of digital trade, so that your systems are built around not just the potential for digital trade but the enabling of digital trade, in the sense of physical and digital products, but there are also the accoutrements associated with physical trade. That is, we heard, in a previous hearing, that some goods were rejected in the United States because a stamp was on the wrong way on the physical goods. Presumably, there would be a digital certificate which could accompany goods which would prevent that happening in a re-imagined trade environment. Given that potential for the underpinnings of physical and digital trade being digitally based, what focus have you had on the fact that there might be a specific attack on our ability to regulate trade at the border?

Aled Hall : Through a digital approach to managing trade, we are looking to ensure that all current information—and, in addition to that, extra information that may be captured through the supply chain—is registered in our system so that we can have greater confidence in the integrity and veracity of the information provided and, through that, better manage facilitation of trade. So we'll be looking to expand the amount of information that's captured through partnering with industry and ensuring that we apply appropriate processes—risk profiling—to ensure that goods are what they claim to be.

Mr HART: Does blockchain provide an opportunity, as a distributed ledger, for additional security—in other words, to create a resilient system which is not capable of being disrupted by terrorism?

Aled Hall : Blockchain is a tool. It gives you greater visibility of who entered data into the system. I will cover that with a simple statement: garbage in, garbage out. If somebody is intentionally trying to misrepresent the information, it will still go into or be captured in a blockchain. What blockchain does provide is a public ledger, a distributed ledger. All stakeholders in the ecosystem will have visibility of that information, where it's appropriate.

Senator COLBECK: It's effectively a verification system.

Aled Hall : Yes.

Mr KHALIL: Thanks everyone for coming in. I know how busy you all are, so it's much appreciated that you're here to talk to our committee. Just talk me through this. Obviously this is an expanding area, and, as we heard from Mr MacGibbon earlier, there are some crossovers with different parts of the machinery of government in how we address some of these threats and issues. As to Home Affairs now, what assets do you have or what kind of work do you do to assess threats? As goods come in, do you go through the computer systems? Talk me through how it actually works, practically.

Ms Dale : When goods come in, obviously the importer will need to lodge certain information through the form of a cargo report and declaration, impending arrival—a whole gamut of documents. That information goes into our system and is overlaid by our intelligence analysis, and all information provided is automated and risk-assessed, and anything of interest is flagged to the ABF officers. The ABF officers will then follow through as to what type of treatment would need to be applied to those containers or consignments or mail items or whatever it might be. That will range from X-ray to physical examination to running dogs across the parcels or containers. So there is various treatment. That is how the import process works.

Mr KHALIL: I know the challenge has always been, with trade, that you can't check every container and every thing. So that has always been the problem. Traditionally, they've got around it in various ways. As to your digital systems, it sounds like they're a bit more streamlined in that they run the flags up. That's through your intelligence and other information gathering—

Ms Dale : That's right.

Mr KHALIL: You go through the algorithm and you work out, 'We need to put some dogs onto this,' or, 'We might need a physical check of that container,' or whatever it might be—

Ms Dale : That's exactly right.

Mr KHALIL: Are the checks still at the same percentages of the total coming in?

Ms Dale : That varies. The information is fed into profiles or alerts or campaigns, as we call them. That is based on information received every day—previous detection; from which country and which supplier—so it's informed by a whole lot of factors. That—our profiles and alerts and how many we look at—changes from day to day because it's actually updated on a day-to-day basis.

Mr KHALIL: As to that system, one of the arguments made for Home Affairs—for consolidating different agencies within one portfolio—was to break down some silos. Are your digital systems, which you've described, getting input from all the different agencies across government and across all the different departments as well?

Ms Dale : That's exactly one of the biggest benefits of bringing that Home Affairs portfolio together. We have a whole lot of other information which is now able to be brought together to give us the indicators as to where we need to look at the border.

Mr KHALIL: So one particular intelligence agency may be able to provide you with some information that causes a bit of a flag?

Ms Dale : Yes, that's right.

Mr KHALIL: Is it a joint system or just a connected system? How does it work?

Aled Hall : Those activities are actually managed by our intelligence division. I can give you a brief answer. If you require more information, I'll need to reach back to them. Our intelligence division receives advice and information from other agencies and they create, generate and update profiles to take into account that information. So typically it is not system to system.

Ms Dale : Also we receive information not only from other government agencies but also we receive a lot of information from industry and our overseas counterparts. All of that goes into our risk assessment systems to provide those alerts to our frontline officers.

Mr KHALIL: Some of that data obviously would be quite valuable, potentially, in addressing future threats. So presumably, if there have been red flags raised on particular companies or exporters for importers or whatever—sorry; I am confusing my exports and imports. But if there are flags raised on particular businesses that are doing certain things, that is all kept so that you know that that's where it was coming from last time and you keep an eye on it?

Ms Dale : Yes, that's exactly right, and that is how our profiles and alerts are strengthened to look for anomalies.

Mr KHALIL: Where is the crossover? Mr MacGibbon was talking about how the Cyber Security Centre assisted businesses. He said that the majority of it was more of an educational type of process, to help them be better—it's preventive, if you like. Do you do something similar? Do you engage with industry in the sense of giving them tips to better protect themselves, or is that not part of your role?

Ms Dale : From an ABF perspective, we'll work very closely with industry around sharing information. I'll get Christie to extrapolate more around the single-window concept, but ideally where we want to get to is: how do we actually work hand in glove with industry? They perform some of the initial functions to give us the idea as to where suspected consignments or containers might be. That's one of the biggest pillars in the single window.

Mr Gibbon : I'll just add to that while Christie frames the answer to the single-window question. There's a program within Home Affairs called Border Watch, where we provide industry with information and risk indicators about what looks dodgy and what doesn't and all those sorts of things. There are Border Watch coordinators that go out to industry and actively engage on the basis of threats and risks and where they're likely to manifest at the border. In terms of the alerts and profiles we talked about before, that's one layer of our defence.

Generally what happens is that that will raise either a red flag on a thematic profile or an alert that something's not quite right, and our intelligence analysts will then draw in information from other databases from other agencies within the Home Affairs portfolio, outside the Home Affairs portfolio and also, if necessary, internationally to work up that target and then determine what the appropriate treatment is—whether to take it out before the border or at the border or let it run into the country and work out the syndicate.

Then that rolls into the investigative work that's undertaken. You then start to look for the syndicate analysis and all those sorts of things. So that sort of information might then trigger an investigation in which there would be joint agency resources brought together to analyse the syndicate—what their behaviours are, the methods they're using and where they're connected—and then formulate a strategy for treatment, for how they're dealt with.

Mr KHALIL: There's one more, Chair. Ms Sawczuk just wants to answer.

Ms Sawczuk : This is just to answer about the single-window concept and having one secure, single, digital data touchpoint where a trader can supply information—earlier information, more transparent information—that talks not just across the Home Affairs portfolio but more broadly across the 30-odd government agencies that have some type of regulatory touchpoint across border management. That's potentially, I guess, where we're heading in the future. The underlying theme for a lot of the discussion, while we're talking about the digital economy and modernising how trade flows through from a trade facilitation perspective, is that fundamentally that cannot happen unless we have supply chain security. So it's a double-sided coin. That's the other side of the coin which underlines the work that we're taking forward.

Mr KHALIL: My last question queries your work around cyberespionage. I asked the question of Mr MacGibbon earlier about this: if you see an incident which is a pretty serious breach from an external attacker or even internally, you go in there to help; you get access to some of the commercial sensitivity within that organisation that you're trying to help. Do you do similar things like that with respect to countering? For example, if it comes to your attention through all of your intelligence and information and all the agencies that there is a company that's been breached or there's something going on, do you engage with that company proactively and say, 'Hey, listen, this is what's happening in your system here; you've got to do something about it, or we've got to do something about it'? How does that work? Do they come to you sometimes and say, 'Look, we're in trouble; we've got a real incident here'?

Ms Dale : It happens both ways. Sometimes they come to us, but also we proactively engage with them. Often they can't share all the information with us because of privacy concerns, so you have to go through the avenues to see what information can be shared to assist in the process. But it actually works both ways. We reach out to them, and they also reach out to us. We work very closely with industry players, especially the big ones as well.

Mr KHALIL: I asked Mr MacGibbon a similar question around the access that you have to their systems in order to address certain threats and so on. Do you have protocols in place as part of that work in order not to retain, I guess, some of the commercially sensitive data and other data that you might have had access to in the course of both an investigative process and also potentially a treatment, as you call it?

Mr Gibbon : I'll have to come back with the answer to that question—unless, Aled, you've got some—

Aled Hall : Typically, from an ICT perspective, we're not engaged in that process of working with industry partners. That's more Mr MacGibbon's area. If we do collect data, it's done under the applicable legislative framework, so it includes privacy, the ABF Act et cetera. We have a very strict framework.

Mr KHALIL: Given that that is part of the investigative process or of a process that you've undertaken, the warrants and other things that you'd need to collect that information, you're already down the track—okay.

Mr Gibbon : Yes, everything needs to be done lawfully, within the legislative frameworks.

Senator COLBECK: How much is the development of the single entry point restricted by trading partners' capacity to interact or capabilities or even willingness in some sense to make some of the changes that are needed to manage that interaction, and how does that input into the risk profiles?

Ms Sawczuk : In terms of our international partners?

Senator COLBECK: Yes.

Ms Sawczuk : A number of our international partners actually have single windows. Under the World Trade Organization trade facilitation agreement, our members have single windows. We have a Customs single window, which is our Integrated Cargo System. Some of our international trading partners are actually looking at regional single windows. We work very closely with our bilateral partners and also more broadly our multilateral fora to talk about the digitisation of trade and single windows.

From a trading perspective, the entities that would be using the single window would be our Australian exporters or importers, so the way that information was provided from overseas entities would be the same as occurs today. It would just be how it effectively moves and communicates to government.

Senator COLBECK: Mr Hart raised the issue about a document that was stamped incorrectly or not in the fashion that was proposed. It is not just in a Customs sense but in a biosecurity sense; digitising all of these things and the requirements around some of that documentation; the capacity to digitise it; the physical capacity to manage it at perhaps the other end; and the willingness to actually go down that path and change the documentation, because they just want it in that form and they need to sight that physical document in that form. A number being wrong or a stamp being placed in the wrong way impacts on the viability or the validity of the document, so there's a resistance to change in a lot of jurisdictions around that space. How is that limiting the progress of this? There might be an agreement in place, but they just don't want to do it.

Ms Sawczuk : I guess from our perspective it's a slightly different context from a single window versus the digitisation of trade in other senses, so the certificates of origin and the types of stamps. Moving from paperwork, where paperwork is required to facilitate exporting from a particular country, to purely digital, we work closely with our bilateral counterparts to test particular initiatives, so that's one way—getting an MOU with a particular country to test a particular way of trading. We've also got our Australian Trusted Trader program. That is the voluntary trade facilitation program which is basically our authorised economic operator, and we trial trade digital initiatives with key counterparts in that sense as well. It's happening, I think, globally through other authorised economic operators with their key counterparts. But obviously it would be an ongoing issue in engagement if a particular country were unwilling to change a particular type of document.

Senator COLBECK: I've seen some developmental projects, particularly in China, where they're looking to try to integrate—given the huge growth in e-commerce into that market at a consumer level as much as anything else—both their customs and biosecurity and their country-of-origin documentation into a digital platform. It's effectively a trial through a private entity that I think is sitting in front of either a state or the federal government at some point, just to give that separation for local purposes in the development of it and the trialling of it.

And that's just around dealing with capacity. How much of that is a driver—just the need to manage the scale of product data and information? Are you seeing that as a driver in the development of some of these things?

Ms Sawczuk : That's a key driver, not only in terms of the volume but also in terms of the complexity and the way goods are traded through numerous intermediaries. That's absolutely a key driver.

Mr Gibbon : The underpinnings of the whole system are around getting advanced information—being able to reach into systems to understand the information and to undertake that initial triage of risk in intelligence and targeting frames. Volume is what will kill us in the longer term, which is why we need to move to these more modern systems and approaches—to understand the risks and threats at the earliest possible time.

Senator COLBECK: Are there any issues around compatibility of systems architecture?

Aled Hall : There are a number of standards that exist that are applicable, and that's part of what you were talking about—receiving information. The intent is to establish the ability for the department for receive as much information in a standard format that is globally acknowledged, and to assist and to facilitate trade securely. That's where we're looking to go. That's what our digital systems are looking to enable—leveraging standards, such as UN/CEFACT. I can't remember exactly what that stands for, but it's how data is presented. There are standards, and, globally, they're being developed and enhanced. We would look to ensure that any systems we develop acknowledge those standards.

Mr HART: Just a brief supplementary question: you mentioned in earlier evidence about the importance of chain of custody. In my electorate, there is a small manufacturer of internet-of-things devices, including small sensors. One example given to me was the fact that mangoes suffer from vibration; their shelf life is materially affected by vibration. But if you place a small device which measures vibration in a box of mangoes, you can tell whether they arrive at the destination, how much vibration they've suffered and whether they're going to have a shelf life of five days or two days. Presumably, using either RFIDs or something like an internet-of-things device, you could have something within a container, or a consignment or something like that which would not only report the physical condition of the consignment but also the chain of custody because it would actually be logged in and logged out.

So digital trade is actually an opportunity right down to chain of custody and also to authentication of the device, marrying up with the digital material behind it. You could have a bill of loading that matches up with the physical device, plus the internet-of-things device, and everything could go together. Are there any developments in that sort of system, with respect to the tracking of consignments so that you can tell if there is a heightened risk with respect to this material because this consignment was supposed to come via such and such but it didn't? It came via a different port, which exposed it to significantly greater risk.

Aled Hall : Yes, we are aware of evolutions in that area, and we are researching and actively engaged with industry to understand where industry is going. The data that is available through those internet-of-things devices has purpose from an import perspective, insofar as understanding how that container got to Australia. Was it opened in transit in an unexpected location? Your example is more in an export context. It's something that other agencies would be more interested in—it would be industry stakeholders.

But what we are aware of is that there are organisations out there that are developing internet-of-things-enabled capabilities that measure vibration, temperature and opening of container doors to see where it is in its journey.

CHAIR: I have just one final question. Do you think our FTAs, free trade agreements, have the flexibility to cope with these rapid changes in world trade?

Ms Sawczuk : We work very closely with our colleagues at the Department of Foreign Affairs and Trade around that particular component. In fact, they're a key partner in our work on single window and trade modernisation, because that's, I guess, fundamental. The way that goods are traded, the way that we engage with our trading partners and, I guess, the whole international fora will need to change and modernise and will be part of the journey.

CHAIR: So you're confident that we can do it?

Ms Sawczuk : Yes.

CHAIR: Thank you for your attendance at today's hearings. You'll be sent a transcript of all your evidence for your review. Thanks very much for coming in and lending us your valuable time.

Committee adjourned at 09:56