Senator LUDLAM: Welcome back, Commissioner. Has the AFP been consulted on the negotiations to the trans-Pacific partnership agreement?
Mr Negus : Not that I am aware of, but I will double check with my deputies here to see if there is anything in train.
Senator LUDLAM: It probably sounds a bit out of left field.
Mr Negus : No. There is no visibility from this end.
Senator LUDLAM: Not yet. But I suspect that you will have. My follow up is whether you have provided advice to government on the increased resources that will be needed given that the IP chapter, which was posted on the Wikileaks website a couple of nights ago, proposes criminal offences and statutory damage penalties to be set at a deterrent rather than a compensatory level for IP offences. What that means in plain English is a lot more work for you guys in enforcing the obligations that we may be about to be signed up to.
Mr Negus : We have not been asked. That would probably be a matter for the department in the first instance anyway. They would consult with us after receiving that request.
Senator LUDLAM: The Department of Foreign Affairs?
Mr Negus : No, the Attorney-General’s Department.
Senator LUDLAM: Mr Wilkins, I have just asked the commissioner about the trans-Pacific partnership agreement. I am not surprised to hear you say that you do not have any visibility of it. But it proposes a whole set of criminal offences and penalties that will require enforcement by somebody, presumably the AFP. Are you in contact with DFAT about the process of signing Australia up to that agreement?
Mr Wilkins : We are having some discussions with DFAT. I am not sure of the details.
Senator LUDLAM: Could you characterise those discussions for us? They would appear to me to have direct operational consequences for the AFP.
Mr Wilkins : I am not with you, I am afraid.
Senator LUDLAM: The draft IP chapter of the trans-Pacific partnership free trade agreement was leaked a couple of nights ago. It proposes a whole range of new criminal offences and statutory damage penalties.
Mr Wilkins : It was leaked where?
Senator LUDLAM: On the Wikileaks website.
Mr Wilkins : Okay. I will need to get a hold of this to understand whether it is accurate. Is it accurate?
Senator LUDLAM: That is fair enough. But I believe that it is accurate. I have certainly not seen any commentary to the contrary, but I will leave you to make your own judgment. It is consistent with what analysts thought would be in the agreement. But even if some of the specifics are inaccurate, this chapter does appear to propose substantial criminal penalties and new sets of offences that do not presently exist that someone will have to enforce.
Mr Wilkins : But we are negotiating-negotiating positions with which this treaty, if it is negotiated in a form which the government is happy with, will come to the Senate. So I am not sure what the question is actually. Senator LUDLAM: It will go to the treaties committee. The parliament will not have any visibility. It will be signed in the blind, and we will just have to cop it.
Mr Wilkins : We do not necessarily subscribe to the draft of the treaty. It depends. We are negotiating.
Senator LUDLAM: Fortunately for civil society groups, the draft shows what the different countries’ negotiating positions are, so we do appear to be signing up.
CHAIR: What is your question?
Senator LUDLAM: My question-and it may have already been answered-is: has anybody thought to ask the Federal Police, who will be in a position of having to enforce these new penalties for things like file sharing, of the increased resources that are going to be necessary to do that? When somebody introduces a whole new class of penalties and things that need to be investigated and enforced, somebody has to do that work.
Mr Negus : The answer is no, nobody has spoken to the AFP. But, given it is a draft document, I am not surprised by that at all if it is an accurate document.
Mr Wilkins : I think everyone seems to be getting way ahead of themselves here. What you have explained to me about the Australian negotiating position is new, so that is interesting. I have not seen anything on Wikileaks. I am not sure what Australia’s position is said to be by whoever it is who leaked this thing or whether it is accurate.
Senator LUDLAM: That is why I am trying to be helpful.
CHAIR: I think the question was: have they asked the Federal Police? The Federal Police have said no, nobody has asked them, so that has answered that question.
Senator LUDLAM: It has. Very efficient use of the committee’s time. Do the Federal Police use Microsoft software for your back office and regular operational stuff?
Mr Wood : Yes, Microsoft Office is our standard operating system for the office environment.
Senator LUDLAM: Same here. Are you confident of your network-level security given confirmed reports that Microsoft has a legal obligation to provide a back door to all of its products to the US NSA?
Mr Wood : Without agreeing to the premise of the question, I am confident that the way that we work with other partners that use Microsoft as well in this town-other partners within the intelligence base, for example-and the level of cooperation between ourselves and other Commonwealth agencies to ensure that we have best-practice protection of our systems is in place. I am confident of that.
Senator LUDLAM: All right. I have had this conversation a bit in another committee this morning.
Mr Wood : I did observe that.
Senator LUDLAM: You did? I thought you would be busy in here. My question is whether you specifically patch against that PRISM back door that is delivering all of your and my data to the US NSA’s servers. Have you specifically protected against that?
Mr Wood : I am not prepared to answer that.
Senator LUDLAM: Why is that?
Mr Wood : I do not think it is appropriate to reveal the specific measures we take in terms of cyberprotection of the AFP’s systems. What I will say is that I am confident that we are aware of risks from both our own experience and our communicating with other agencies, including agencies that have specialisation in this area and that that is an ongoing, dynamic process of ensuring best protection. It is not just a point in time.
Senator LUDLAM: You are aware of the potential vulnerabilities. Have you done anything to mitigate them?
Mr Wood : Yes.
Senator LUDLAM: You have? Okay.
Mr Wood : As a general comment, are we aware of potential vulnerabilities? Yes. Do we take steps to mitigate those vulnerabilities? Yes.
Senator LUDLAM: Okay. So it may be that the AFP has afforded itself a higher-level protection of your offices and the various people who support you than this parliament has gone to the trouble of doing.
Mr Wood : A range of our systems are rated, I suspect, at a higher level than the systems that are operated within this building for the use of parliamentarians. We do have secret systems, top secret systems et cetera. They would certainly have different protections from a system that, say, is merely restricted to members of parliament.
CHAIR: I would hope so.
Senator LUDLAM: You would hope so.
Mr Wood : That is the context of my answer.
Senator LUDLAM: That is fine; that is understood. Does that include the person operating the front desk when I walk into one of your offices in one of our capital cities?
Mr Wood : Some of our front desks are operated by contract staff who do not have access to AFP’s higher-level classified systems.
Senator LUDLAM: Okay, thank you. However, they are probably still using Microsoft Word, Microsoft Outlook and these other products that have all been comprehensively backdoored by the NSA.
Mr Wood : That we do not know, but they certainly would not have access through their systems. Their systems are not connected to our classified networks.
Senator LUDLAM: That is not quite the question I am asking.
Mr Wood : They are private contractors, and I do not know what the private contractors’ systems are.
Senator LUDLAM: Okay, but, if one of your private contractors emails one of your top secret, behind-the-firewall operatives, your private contractors’ system is vulnerable as every build of Microsoft Office or Outlook ever produced has been vulnerable.
Mr Wood : Yes. Anybody who emails in, whether they be a private contractor or some other member of the public, presents the same risk, and we therefore have the same methods for scanning for monitoring email traffic that arrives at the organisation.
Senator LUDLAM: Again-and not to belabour the point or be pedantic-it is not so much about malware infecting your internal network; it is about the fact that Microsoft has a legal obligation to provide the NSA with back doors into all its products. So you believe-and I think you have told us that you are confident-that that does not apply within secure levels of the AFP?
Mr Wood : I think I answered in a general sense, not specific to particular risks to the organisation.
Senator LUDLAM: All right. I will leave it there.
11/19/2013 – 09:44