Australian Tech Giant Says Country's Anti-Encryption Laws Are Harming Local Tech Companies

from the no-one-trusts-a-[compelled]-rat dept

The Australian government rang in 2019 by saddling the nation's tech companies with compelled decryption mandates. The new law gave the government the power to demand technical assistance to access any data or communications sought by law enforcement or security agencies. Sure, "case-by-case" solutions might work for awhile, but sooner or later, built-in backdoors would expedite things for both the government and their compellees.

The backdoors may not be in place yet, but it appears no one really trusts Australian tech companies now, thanks to the Australian government. An inquiry into the country's anti-encryption laws is underway and local tech giant Atlassian has expressed its displeasure with the new status quo.

Atlassian’s policy and government affairs head, Patrick Zhang, said the encryption laws had harmed Australia’s reputation in the sector.

Zhang said they had led to a reluctance among tech companies abroad to engage in Australia or with Australian companies, for fear that weaknesses would be built into their products.

Companies also fear that they could be compelled by the Australian government to do things that would constitute illegality in other countries where they operate, Zhang said.

The laws have also led to a reluctance among industry talent to work here.

You can't put a price tag on catching criminals, but presumably the new law will pay for itself (and the damage to local industry) once enough children are saved or terrorists are caught. This isn't to make light of either child exploitation or terrorism. Both should be taken seriously by law enforcement and security agencies. The problem in Australia is that legislators didn't bother to consider how much damage compelled assistance would do to lots of innocent people.

It isn't just the tech companies whose futures look a lot more murky. It's also their employees and any number of people who rely on them for income. It's anyone who uses their services and whose communications and data might be accessed inadvertently by government agencies or deliberately by malicious entities taking advantage of newly created security flaws.

In the end, Atlassian's comments are unlikely to matter. The government has already decided what the proper security/liberty exchange rate is and it appears local tech companies are just expected to serve and suffer. The outgoing independent national security law monitor claims the law is "necessary." So do the agencies that directly benefit from compelled assistance. And they've brought an unbelievable statistic with them to justify the collateral damage.

Australia’s domestic intelligence agency Asio and the Australian federal police support the law and say about 90% of priority cases involve encryption, which allows criminal suspects to communicate in a hidden manner.

Wow. 90%. This number appears to say that almost every case in which encryption is encountered is granted "priority" status. Encryption may be common but it's not that common. And even if it is, there are still a number of options available to agencies that don't include forcing companies to weaken or destroy features that secure the devices and communications of millions of innocent people.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: australia, backdoors, competitiveness, encryption
Companies: atlassian


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 30 Jul 2020 @ 4:10am

    The aim isn't so much as to be able to catch criminals, solve crimes, thwart terrorist plots, thry are minimal in number. The ehole aim is to do the very thing that has been fought against for generations, stopping 'Big Brother' from spying on ordinary people. And let's face it, those with nothing to hide are a hell of a lot easier to 'track and trace' than those who have!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jul 2020 @ 4:24am

    it seems a high price to pay ,catch a few terrorists, versus cripple the whole
    software industry in oz.
    Who would want to work with a tech company whose data can be given to the police at any time including passwords ,encryption keys etc
    this is similar to the policy in china where if a company works there
    the government has acess to all customer data including passwords and computer code.
    and before the new laws were passed the police could get a court order
    to look at a users browsing data or txt messages and emails .
    There has to be a point where the rights of users and companys to privacy are balanced against the fight against terrorism.
    Otherwise democratic western countrys are only a few steps over living in a country
    like china or russia.

    reply to this | link to this | view in chronology ]

  • icon
    PaulT (profile), 30 Jul 2020 @ 5:02am

    "Australia’s domestic intelligence agency Asio and the Australian federal police support the law and say about 90% of priority cases involve encryption, which allows criminal suspects to communicate in a hidden manner."

    I wonder how many victims of "priority" crime will be created once the people targeting them can't use encryption to protect themselves, or the backdoors start getting bypassed.

    Also, I'll bet that more than 90% of those cases also involved the criminals eating, drinking or using the toilet during the same timescale and using electricity. If big scary numbers are what we're focussing on here, they had better get to the real issues!

    reply to this | link to this | view in chronology ]

  • identicon
    Rob, 30 Jul 2020 @ 5:22am

    90%

    I'm sure the 90% is correct. If anything, it's a little low.

    "The criminal used a browser with https"

    They used encryption. It wasn't relevant to the crime, or used explicitly to hide the data, but it's encryption and they can use the stat.

    reply to this | link to this | view in chronology ]

  • icon
    aerinai (profile), 30 Jul 2020 @ 5:51am

    New Australian Mandate:

    Attention Australians,

    We hereby decree that all persons above the age of 13 must wear an ankle monitor that will track your position. We also demand you wear a wrist watch capable of listening to audio. At any time your audio is muffled or unintelligible for any reason, we must assume you are plotting nefarious things. You must also wear a body camera.

    Failure to comply will be met with 1 year in jail.

    We do this because there are criminals, pedophiles, rapists, and murderers amongst you. And we do this because we care. We can't let the terrorists win! Think of the Children!

    Sincerely,

    Ministry of Accountability

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 30 Jul 2020 @ 7:00am

      No see, dystopian novels are not 'how-to' guides...

      I'd like to laugh at that, but given the australian government is just shy of making private communication illegal that's actually not that out of the realm of possibility.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jul 2020 @ 8:52am

      Re: New Australian Mandate:

      Very close guess but I think more "You must install this phone app and have your phone with you at all times" is what history will note having happened.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jul 2020 @ 11:34am

      Re: New Australian Mandate:

      Attention Australians,

      We hereby decree that all persons must wear an ankle monitor that will track your position. We also demand you wear a wrist watch capable of listening to audio. At any time your audio is muffled or unintelligible for any reason, we will assume you are plotting nefarious things. You must also wear a body camera, and have your national ID tattooed to your forehead fully visible at all times.

      Failure to comply will be punishable by death.

      We do this because we can. And we do this because we care about maintaining our power over you. Get used to it! Bend over!

      Sincerely,

      Ministry of Slavery

      FTFY. Drop the pretenses of giving a crap. They don't now and they still won't when they come for you. Assuming otherwise, or continuing to spread those pretenses just serves to fool others into accepting their dystopia.

      reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 30 Jul 2020 @ 7:08am

    100% of priority cases involve humans

    Australia’s domestic intelligence agency Asio and the Australian federal police support the law and say about 90% of priority cases involve encryption, which allows criminal suspects to communicate in a hidden manner.

    Yeah, because most companies theses days make use of encryption because it's kinda important, so if someone is making use of electronic communications odds are very good they're using some kind of encryption even if they didn't realize it. I'm betting that of those 90% of cases a solid 100% make use of electricity as well, using that as part of the argument would be just as relevant and just as honest.

    What governments are really going after with attacks against encryption is privacy and security for anyone not them, where unless you have the right connections you are not allowed to have a conversation or otherwise say or do anything in a manner that the government is not allowed to peek in on, and if that means that anyone else can peek in as well that is a price they are willing to have the public pay.

    reply to this | link to this | view in chronology ]

  • identicon
    Cowardly Lion, 30 Jul 2020 @ 9:26am

    Hmmm...

    I confess I have mixed feelings about this. One the one hand, it seems to me that all they will have access to is anyone using Aussie software. 99.999% of the world will be outside the scope, including I suspect most Australians. Anyone in the business community [including people whose business is criminal] will continue to use https, VPNs, WhatsApp, etc. Meaning that the Law Enforcement and Intelligence won't be able to access their comms.

    On the other hand, Australia is a member of the 5-eyes...

    reply to this | link to this | view in chronology ]

    • identicon
      ryuugami, 30 Jul 2020 @ 7:22pm

      Re: Hmmm...

      One the one hand, it seems to me that all they will have access to is anyone using Aussie software. 99.999% of the world will be outside the scope, including I suspect most Australians.

      You appear to be severely underestimating the interconnectedness of the tech sector. For example, you should really look up Atlassian, the company mentioned in the article.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 31 Jul 2020 @ 12:44am

        Re: Re: Hmmm...

        Yeah, a lot of software startups I've worked for have used Atlassian services for source control and team communication as it's convenient and often free to use.

        That wont be happening any more.

        reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 31 Jul 2020 @ 12:49am

        Re: Re: Hmmm...

        "For example, you should really look up Atlassian, the company mentioned in the article."

        The roughly 450 employee company I currently work for uses JIRA, Confluence and BitBucket extensively, for example, as did the 30ish employee startup I previously worked for before they decided to switch to GitHub and more generalised tools.

        reply to this | link to this | view in chronology ]

    • icon
      Scary Devil Monastery (profile), 3 Aug 2020 @ 3:12am

      Re: Hmmm...

      "One the one hand, it seems to me that all they will have access to is anyone using Aussie software. 99.999% of the world will be outside the scope, including I suspect most Australians."

      Naturally. It is now no longer legal for most businesses OR indeed many private entities to use software written under australian law. So every international business with an aussie office needs to use exclusively non-aussie programs.

      If it becomes illegal for international companies or foreigners to NOT use australian software on australian soil then the bizarre situation presents itself that most nations won't be legally allowed to travel or operate in australia using communications technology more modern than early 19th century.

      reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 30 Jul 2020 @ 1:34pm

    What is the problem?

    WHICH encryption??
    Mail?? not to hard, if they dont include it in the Email program.
    Routers?? Modems?? NOT hard at all. Already broken 2-4 times.
    I think they are tired of paying for it to be done. And to decrypt Cellphones.. Which can be interesting.,because MOST of it is broken.. Unless they have a program to do it better, there isnt much they can do, ITS AN APP.
    How about unlocking.. most can be bypassed.

    How about the Gov. be Unencrypted?? All the representatives.. State and Cities, OPEN up your books, and contracts..
    (really doubt that will happen.)
    Lets watch the parliaments PORN..

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Jul 2020 @ 12:00pm

    Freakin' Atlassian now qualifies as a "giant"?????

    reply to this | link to this | view in chronology ]

    • icon
      NaBUru38 (profile), 1 Aug 2020 @ 7:18pm

      Re:

      It has an annual revenue of 1 billion. That's peanuts versus Google, Microsoft or Amazon, but still a pretty important company.

      Also, TIL Atlassian is Australian.

      reply to this | link to this | view in chronology ]

  • identicon
    automode, 31 Jul 2020 @ 6:14pm

    Age Old Wisdom break-down

    If you outlaw guns = only criminals will have guns. If you outlaw drugs = only criminals will have drugs. If you outlaw encryption = only criminals will have encryption. If you outlaw food = only criminals will have food. If you outlaw freedom = only criminals will have freedom.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Aug 2020 @ 6:26pm

    We like it here in the Peoples Democratic Republic of Australia. Our leeder [Bing,bing. It is spelt "leader" Comrade. Bing, bing] leader Saint Scotty from Marke [Bing, bing. This is very close to being seditious and as such you will only receive one more friendly warning. Bing, bing].

    reply to this | link to this | view in chronology ]

  • icon
    Tanner Andrews (profile), 3 Aug 2020 @ 1:43am

    don't laugh, it was a serious question

    data might be accessed inadvertently by government agencies or deliberately by malicious entities taking advantage

    This seems a little redundant. Malicious entities taking advantage would seem to include the government, including U.S. trade agencies by extension since OZ is member of 5-eyes. There is nothing inadvertent about it.

    As to the effect, I would deem it entirely foreseeable. Would you trust Microsoft software? Seriously, people actively choose anti-virus and malware scanning from Russia over Microsoft.

    That is even without considering that MS may have offices down under. If anything, that presence just makes them more directly obligated to include interesting monitoring features in the windows update distributions.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.