Not a day goes by, it seems, without another deeply troubling revelation about Australia’s hugely controversial anti-encryption laws coming out.
Yesterday, we reported about how tech companies large and small had been voicing their anger at the deeply flawed legislation. Today, we find out that this anger should come as no surprise because they weren’t even consulted about the new laws.
FOI reveals lack of consultation
Australia’s Home Affairs department has just released a number of documents related to the consultation process before the release of the first draft of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 under Freedom of Information laws.
These documents reveal that they did speak to the big US technology companies such as Apple, Google, and Facebook on multiple occasions in 2017 and 2018. Discussions were also held with Australia’s big telecoms companies including Telstra, Optus, Vodafone, and Vocus.
But not a single Australian-based IT company was consulted at any point according to ABC. The IT industry in Australia has long been arguing that the impact the new laws would have on them was not given due consideration. These documents appear to back up those accusations.
This failure to consult local IT companies has been described as “obviously problematic” by Alex McCauley, chief executive of the national start-up advocacy group StartupAus.
While obviously keen not to anger the Australian government too much, McCauley added, “[The laws make] it really difficult for Australian companies selling overseas to say with confidence that they have a secure system.”
It is not just start-up representatives who were excluded from the development of the new legislation. So too were larger Australian IT companies too.
ABC spoke to the Chief Executive of the Australian Information Industry Association, Ron Gauci, who also expressed his disappointment at not being consulted.
“Had we been involved in the process in the first place … hopefully, we would have avoided some of the matters that still remain as issues for us,” he said rather tersely.
Astonishingly, in responding to the evidence of a lack of consultation, a spokesperson for the Home Affairs department told ABC, “The laws do not create a standing obligation or compliance burden for the Australian technology sector.”
Businesses in the sector itself and almost every other expert would strongly disagree with this assertion. Indeed, there is already evidence of the new laws have a severely adverse effect on Australia’s IT sector.
The comment is either deeply disingenuous or it betrays the fact that this legislation was rushed through so fast that not even the Home Affairs department themselves fully understood the consequences of it.
A flawed consultation process
It was not just the IT sector that was completely excluded from the consultation process. So too were the various campaign and civil society groups that are involved in issues surrounding the laws.
Digital Rights Watch (DRW) was one such body which had no opportunity to voice their concerns about the anti-encryption laws.
Lizzie O’Shea, who sits on the board of DRW told ABC, “I’ve seen this happen time and again … whereby there’s a very significant piece of legislation or law reform that relates to technology, and the consultation process is substandard.”
DRW is now campaigning for the legislation to be repealed in its entirety.
While a number of key stakeholders were excluded altogether, even those that the Home Affairs department did deign fit to include were critical of the process.
The Chief Executive of Australia’s Communications Alliance, John Stanton, told ABC that they had hoped to sit down with government officials and go through the draft legislation in detail.
Instead, they were just given what he described as “a basic message” which went along the line of don’t worry because the legislation “would not create any backdoors.”
At the end of their report, ABC noted that their Freedom of Information had not been processed in its entirety and some documents had still not been released. Given the damning contents of what has come out so far, it does beg the question of what further revelations about this appalling legislation might still be waiting to emerge.
Stay safe online in Australia
While, at the time of writing, Australia’s Parliamentary Joint Committee on Intelligence and Security is reviewing the laws, it is not due to report back until April 2020.
This means that even if it does recommend making the necessary changes, it will not be able to do so for at least another year. For now, unfortunately, that means that encryption from Australian companies simply cannot be trusted.
It is likely that this situation will drive countless Australian business to the wall and do irreparable harm to the country’s IT sector, but individuals have to prioritise their own online security and privacy.
If you are using Australian tech or indeed going online in Australia in any way, it is therefore highly advisable to use a VPN to ensure that your data is encrypted by a company not subject to Australian laws.
VPNs such as ExpressVPN and NordVPN will encrypt everything you do online, regardless of which apps and websites you are using. With a VPN you can be confident that everything you do is secure and safe from the prying eyes of the Australian authorities.