The Australian government has diverted its cyber security and technology policies away from the best practice of western democracies and is now more in line with the policies of human rights abusing countries, including China, Russia and Saudi Arabia, a cybersecurity expert has warned.
Joseph Carson, chief security scientist at global cybersecurity software firm, Thycotic, says good progress on cybersecurity had been made in recent years in Australia but a marked shift at the end of last year by the coalition government showed a prioritisation of state power at the expense of privacy and security.
“[Australia is] taking the same stance that we speak out about from countries who oppress human rights in a physical world, and actually implementing it in a digital space against Australian citizens,” Carson told Which-50.
Carson’s examples include rights to privacy, press freedom, and freedom of expression, all of which he says have been undermined by coalition government policy and a general disregard for cyber expertise. At the same time other western nations have taken steps to improve citizen privacy and cybersecurity, according to Carson, who cited the EU and US, both of which have implemented tighter privacy and cyber security regulations.
“Australia seemed to align, in a digital scenario, with the likes of China, Russia, Thailand, and Saudi Arabia, which was quite shocking that that would be the approach.”
Carson has worked with various national governments on critical infrastructure defence and best practices, policy and data protection such as EU GDPR. He says Australia has an opportunity to be a leader but recent decisions by the federal government are putting that goal out of reach.
The change began, Carson says, with the introduction of encryption busting laws in December last year, which handed Australian authorities unprecedented power to access encrypted messages.
The coalition government claimed the new powers were necessary to fight serious crime and rushed the legislation through parliament with the help of Labor with an agreement to amend the legislation in the new year when parliament returned. The government reneged on the commitment and the laws remain largely unchanged, despite strong opposition from the technology industry and civil liberties groups.
“That was a complete opposite to what other Western countries have been doing, where most are focusing on companies strengthening their security, and focusing and prioritising things like privacy,” Carson told Which-50.
“But that was the complete opposite turn [in Australia] where it’s forcing companies to weaken security [with] laws that seemed to be hastily passed and not fully reviewed by politicians.”
To Carson’s point, legal experts now argue Australia’s encryption laws are incompatible with tightening EU and US regulations on data and technology.
The government also passed new laws this year requiring social media companies to remove violent or extremist content in certain situations. Carson says those new laws could “used and abused” to censor citizens and face a fundamental problem of not being able to effect data hosted overseas.
According to Carson, the Australian government is attempting to solve technology problems with “extreme” laws that ultimately “punish citizens” and actually weaken security.
“It doesn’t make the country more secure. It just gives the government more control, more power to control the citizens and freedom of speech and freedom of opinion,” Carson said.
“In order to solve a technology challenge you don’t necessarily need to pass laws to do so. You need to work the industry and you need to work with the experts to find appropriate solutions.”
Carson argues a greater separation of powers is also necessary, including a review of the structure of super agency, the Department of Home Affairs, as well as more input from industry experts.
“I think the government really need to sit down and think about this pragmatically and work with industry – work together – and actually get the experts who actually know and understand the challenge rather than try to get political wins.”
Carson says he is encouraged by the local cyber talent and believes damage can be minimised if government and industry can work together.
“After my visit I believe that Australia has an opportunity to be a world leader in cyber security but must listen to the subject matter experts in order to make that achievable … It is always important to have a strong relationship between government and industry to find common goals to reduce the risks from all cyber attacks for all Australian citizens. I have a positive view that Australia can and will be a leader in cyber security and it is all about communication and collaboration not about abolishing privacy.”