[throwaway59229]

Additionally, it doesn't seem that there's anything in the bill that would prevent any of the information gained by a TCN/TAN from being shared with Five Eyes or other governments. While this might seem reasonable in the face of an international criminal/terrorist adversary, it is fundamentally security-breaking if private root signing keys that are requested as part of a TCN/TAN can just be shared with every Five Eyes government.

That means that the Australian government could just order a company to hand over their PKI/signing infrastructure (which is generally a global system) and then forward all of this information to the US or whoever else, completely outside of any judicial oversight.

I'm sure that the governments in question will deny this, and likely state that this is not their policy, but it doesn't seem to be specifically prohibited by the law and the intelligence community doesn't have a great reputation when it comes to respecting traditional legal values and due process (e.g. the FISA court in the US)