The Australia government has been taking considerable flak from all sides this week as their hugely controversial and ill-thought-through anti-encryption legislation finds itself in the spotlight once more.
In the past few days, it has been condemned by big tech companies, start-ups, and journalists, as experts continue to line up to condemn it.
What are Australia’s laws on encryption?
For those not already familiar, last year, Australia’s parliament passed the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018. It was passed at a time of political turmoil in the country and subjected to almost no political scrutiny.
The upshot is a piece of shockingly vague and poorly drafted legislation that is doing untold damage to the rights of Australians and the country’s economy in the name of improving security. However, most experts would question whether there is any security benefit from the new laws either.
As we have recently reported, the laws have already been referred to the Independent National Security Legislation Monitor (INSLM) for scrutiny. It is also rumoured that the country’s opposition Labor Party might be finally about to challenge aspects of the new law.
They will be at the back of a very long queue if they do.
Encryption laws hitting businesses large and small
Both Australian businesses and international tech companies operating in the country have been hit hard by the new anti-encryption legislation.
This week, Amazon has become the latest big tech company to condemn the legislation. In a written submission, they have described the law as “technically flawed” and warned that the absence of any balance between security and individual rights in the legislation was likely to “reduce consumer trust in technology”.
“The Act has provided new powers for law enforcement and security agencies that could be used to order technology providers to create or install new ways to access secure systems and data,” Amazon submission states. “Each of these ways of access would constitute a security vulnerability.”
“The underlying assumption of the Act, that a security vulnerability can be created for a targeted technology without creating a systematic weakness or vulnerability, is technically flawed.”
Amazon has demanded that the power to require a technology company to introduce a security vulnerability into their software is removed from the legislation.
They have also called on the Australian government to introduce formal judicial oversight of the new laws in an attempt to improve consumer faith in them.
“Any law however that puts the data of Australians at greater risk and reduces trust in technology is not the answer,” they state in their submission.
Amazon’s criticisms are absolutely right but their solutions fall some way short of what some privacy experts have demanded.
The SME community backlash
It is not just multinational tech companies like Amazon who have suffered the ill-effects of the laws. Start-ups too have been hit hard by it.
As the Sydney Morning Herald has reported this week, key figures from Australia’s start-up community have called for urgent changes to the law.
One such figure, Didier Elzinga, the co-founder of Melbourne software start-up Culture Amp, has described the encryption laws as “an appalling piece of legislation”.
He has been unequivocal in his views that the laws are badly put together and “impossible to deliver”.
Elzinga reiterated Amazon’s view that there is no such thing as a safe backdoor and also questioned the lack of oversight of how the new laws were being implemented.
But most importantly, from a start-up point of view, Elzinga noted how the new laws were badly damaging Australia’s reputation as a place for new tech companies to do business.
“People investing in technology will say ‘I don’t want that issue I am going to go somewhere without vague and murky laws’,” he said.
The Herald article also interviewed Dr Catriona Wallace, founder of Flamingo, a business which provides artificial intelligence solutions to Australian and international companies. She described the new laws as “disastrous”.
Meanwhile, James Kane, co-founder of Digital product developer Two Bulls said the law “massively undermines” the country’s reputation as a top place for software development and technological innovation.
Sarah Moran, the founder of Girl Geek Academy, added that the encryption laws are inhibiting businesses.
“It is still having an effect on the minutiae the day to day operations of companies and the broader effect on brand Australia and our standing internationally,” she said.
Journalists also impacted
Another group to feel the negative effects of the laws are Australian journalists. One researcher has recently pointed out that the new laws have been used to bypass journalist protections in other national security laws.
One consequence of the new law has been that the Crimes Act has been updated to allow law enforcement agencies to “add, copy, delete or alter” data on computers as part of the execution of warrants.
It was on this basis that the hugely controversial raid of the headquarters of ABC, one of Australia’s biggest broadcasters, was carried out earlier this year.
Media condemnation of the new anti-encryption powers are almost universal and with tech companies large and small also feeling the effects, it would be easy to think that the end might be nigh for the laws.
But the Australian government continues to dig their heels in. Only last week, Home Affairs Minister Peter Dutton insisted that the laws had already saved lives. He failed to provide any evidence or examples to back up the claim.
With the latest slew of criticisms, reviews of the laws already underway, and the threat of a number of other big tech companies to withdraw from Australia altogether, it seems inevitable that changes are coming at the very least.
But for now, Australian law enforcement agencies continue to have these powers to undermine encryption. And as a result, no company, individual, or journalist is safe from their snooping.