One year in to Australia’s controversial encryption busting laws, technology giants are still concerned about the potential “backdoors” being built in to communication systems by security agencies.
Stephen Schmidt, CISO at Amazon Web Services, told Which-50 the American tech giant is still worried about the privacy and security consequences of Australia’s Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, which gives government and security agencies unprecedented powers to access encrypted communications.
Passed on the final sitting day of 2018, with the support of the Labor party — which says the government reneged on a promise to review and amend the laws in early 2019 — the powers allow security agencies to force companies to provide access to encrypted conversations through “access notices”.
Legal experts, the privacy regulator, and the technology sector have heavily criticised the laws for being too broad and lacking judicial oversight. The Act is the subject of a parliamentary inquiry and the powers are also being reviewed by the Independent National Security Legislation Monitor.
Reports from those investigations aren’t expected until midway through 2020. In the meantime, Labor has introduced some of the amendments which it says the government promised to consider a year ago. Labor’s changes will be debated when Parliament returns next year.
Schmidt, who spent a decade at the FBI; where he was the bureau’s chief technology officer, says he recognises the legitimate needs of law enforcement to protect people but it must be balanced with privacy and security.
“We have to make sure that any implementation or particular law or regulation understands the privacy requirements of people everywhere,” Schmidt said at the AWS re:Invent conference in Las Vegas, where he launched several new encryption-based security services.
“And it is extremely dangerous to build in backdoors into crypto systems.”
One year in, Schmidt said it was too early to fully assess the implications of the new powers, but he revealed AWS customers are questioning whether data held in Australia is still secure and seeking advice on the issue from AWS.
“We’ll see what happens over time,” Schmidt told Which-50. “But what we are very concerned about is any kind of regulation or law that would require a company to build a backdoor into crypto systems.”
During the 2018 AWS:reInvent, when the new powers were still being debated in Parliament, Schmidt said Amazon was considering challenging them in court if they became law. Asked by Which-50 if this was still Amazon’s position, Schmidt again did not rule out legal action.
“In circumstances where we don’t know what’s going to happen, we don’t know what our response is going to be. All we do know is that we advocate very strongly on behalf of customers everywhere.
“So when we’ve had overreaching requests by the US government, for example, we’ve been very strong about our opposition to those sorts of things and filed public briefs and supportive cases even by other service providers.”
The author traveled to AWS re:Invent as a guest of Amazon.