Australian Tech Giant Says Country's Anti-Encryption Laws Are Harming Local Tech Companies
from the no-one-trusts-a-[compelled]-rat dept
The Australian government rang in 2019 by saddling the nation’s tech companies with compelled decryption mandates. The new law gave the government the power to demand technical assistance to access any data or communications sought by law enforcement or security agencies. Sure, “case-by-case” solutions might work for awhile, but sooner or later, built-in backdoors would expedite things for both the government and their compellees.
The backdoors may not be in place yet, but it appears no one really trusts Australian tech companies now, thanks to the Australian government. An inquiry into the country’s anti-encryption laws is underway and local tech giant Atlassian has expressed its displeasure with the new status quo.
Atlassian’s policy and government affairs head, Patrick Zhang, said the encryption laws had harmed Australia’s reputation in the sector.
Zhang said they had led to a reluctance among tech companies abroad to engage in Australia or with Australian companies, for fear that weaknesses would be built into their products.
Companies also fear that they could be compelled by the Australian government to do things that would constitute illegality in other countries where they operate, Zhang said.
The laws have also led to a reluctance among industry talent to work here.
You can’t put a price tag on catching criminals, but presumably the new law will pay for itself (and the damage to local industry) once enough children are saved or terrorists are caught. This isn’t to make light of either child exploitation or terrorism. Both should be taken seriously by law enforcement and security agencies. The problem in Australia is that legislators didn’t bother to consider how much damage compelled assistance would do to lots of innocent people.
It isn’t just the tech companies whose futures look a lot more murky. It’s also their employees and any number of people who rely on them for income. It’s anyone who uses their services and whose communications and data might be accessed inadvertently by government agencies or deliberately by malicious entities taking advantage of newly created security flaws.
In the end, Atlassian’s comments are unlikely to matter. The government has already decided what the proper security/liberty exchange rate is and it appears local tech companies are just expected to serve and suffer. The outgoing independent national security law monitor claims the law is “necessary.” So do the agencies that directly benefit from compelled assistance. And they’ve brought an unbelievable statistic with them to justify the collateral damage.
Australia’s domestic intelligence agency Asio and the Australian federal police support the law and say about 90% of priority cases involve encryption, which allows criminal suspects to communicate in a hidden manner.
Wow. 90%. This number appears to say that almost every case in which encryption is encountered is granted “priority” status. Encryption may be common but it’s not that common. And even if it is, there are still a number of options available to agencies that don’t include forcing companies to weaken or destroy features that secure the devices and communications of millions of innocent people.