The local tech industry has reiterated its concerns over Australia’s controversial encryption laws, as Australian Federal Police documents reveal the new powers are already being exercised.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 passed in a hasty fashion on the final sitting day of parliament last year, with the opposition caving to political pressure from the government, on the proviso the legislation be reexamined when parliament returned.
Amendments are set to be debated in parliament tomorrow but Home Affairs Minister Peter Dutton has signalled he expects few changes to the legislation, which he says is already working.
The new laws give government agencies unprecedented power to access encrypted messages by compelling communication companies, through the issue of confidential “technical assistance notices”, to create capabilities to access data to which they do not have direct access to — essentially creating a backdoor into previously encrypted data, according to critics.
Opponents say the laws force employees to spy on their own company and customers, creates systematic weaknesses which threaten cybersecurity defences, and jeopardises Australia’s viability as a global technology player.
The government argues the new powers are necessary to combat child exploitation and terrorism.
In a submissions to the Federal Parliamentary Joint Committee on Intelligence and Security (PJCIS) currently reviewing the implementation of the legislation, leading tech firms from local startups to global giants have proposed sweeping changes.
DIGI, an industry association representing the digital industry in Australia with members including Facebook, Google and Twitter, co-signed a submission to the PJCIS calling for judicial oversight and clearly defined limits on government agencies’ ability to issue notices, among a raft of changes.
The group also said the threshold for criminal acts that warrant use of the new powers should be raised, several “loopholes” should be closed, and the obligation of government to consult with communication providers before issuing notices should be strengthened.
Executives from the other industry groups which co-signed the submission sounded off on the legislation and the government which rushed it through.
“The legislation shows a blatant disregard for and misunderstanding of how the Internet works, how online encryption operates and is used to secure millions of legitimate communications every day, and will almost certainly not prevent a single act of terrorism, child abuse or other serious crime that couldn’t have been prevented otherwise,” said Information Technology Professionals Association director, Robert Hudson.
“Instead, the privacy and security of law-abiding citizens is now almost certain to be compromised for commercial, criminal or other non-legitimate purposes as tools prove to be as useful as a chocolate teapot for the purpose they were developed for, and instead are released or leaked into the hands of those who would do us harm.”
Smaller local technology players are unhappy too. Industry group StartupAus has filed a submission calling the legislation “bitterly disappointing”, opposing it in principle while also suggesting amendments.
The group’s proposed changes include scrapping the possibility of individual employees being issued notices, limiting the definition of communication providers, adding more oversight and limits on use, and reducing the basis for executing the powers of the act.
Local technology heavyweight Atlassian, a coassignee of the StartupAus submission also slammed the new laws saying the fears it would damage Australia’s global reputation and trust were already being confirmed.
“We view this legislation as a choke hold on the Australian tech industry, because of the implications,” Atlassian cofounder Scott Farquhar told The Australian Financial Review.
“Within the first week of this coming out we had people cancelling their accounts, and they told us it was because of the laws. I also have a good friend that runs an energy company, and they had a very large deal with a foreign government, who pulled out as a result of this bill.”
Dutton downplays potential changes
Home Affairs Minister Peter Dutton also responded in The Financial Review, saying the legislation would remain largely unchanged and the new powers had already assisted agencies in the detection and investigation of “several major crimes”.
“Home Affairs has tasked PJCIS with reviewing the implementation of this legislation, and the government will consider the committee’s findings when they are tabled. Significant changes to the legislation are not anticipated.”
Despite bipartisan support of the initial legislation, Dutton is now accusing the opposition of pushing the agenda of tech companies.
“The Morrison government’s number-one priority is the safety of Australians. Unfortunately, the same cannot be said for Labor under Bill Shorten, who are doing the bidding of multinational tech companies such as Google by pursuing amendments to weaken the legislation,” he said.
Laws already in use
A submission by the Australian Federal Police to the PJCIS in January revealed the agency has wasted little time in exercising its new powers. The AFP are seeking industry assistance in the investigation of a serious Commonwealth crime and appear to be preparing to issue requests to communication companies.
“The AFP is in the advanced stages of negotiation in relation to forms of assistance that will be provided pursuant to the issuing of multiple [Technical Assistance Requests],” the submission says.
“This has involved engagement and collaboration between the AFP and designated communications providers to ensure that the forms of assistance are proportionate and technically feasible.”
The AFP said the internal implementation of the legislation “has been a priority, with work beginning prior to the commencement of the Act”.