Australian tech heavyweights led by Atlassian’s Scott Farquhar have called for urgent changes to controversial anti-encryption laws, which he said were already causing firms to lose international customers and risked choking progress of the local tech industry.
Home affairs Minister Peter Dutton, however, claimed the new powers, which were rushed through with bipartisan support before Parliament rose for the Christmas break last year, were already helping to fight serious crimes, and would be largely unchanged.
The Telecommunications Assistance and Access laws were introduced to enable authorities to monitor communications of terrorists and dangerous criminals within encrypted applications, such as WhatsApp and Telegram. However, the wording of the legislation meant all kinds of businesses were brought under the requirements to decrypt their data under law enforcement demands.
A group of leading local tech firms have co-signed a submission to the Federal Parliamentary Joint Committee on Intelligence and Security (PJCIS), suggesting changes they say are urgently needed to address commercial damage already being caused by unintended consequences of the laws.
“Not a single technology company on the list of people we are talking to now has been consulted. We view this legislation as a choke hold on the Australian tech industry, because of the implications,” Mr Farquhar told The Australian Financial Review.
“Within the first week of this coming out we had people cancelling their accounts, and they told us it was because of the laws. I also have a good friend that runs an energy company, and they had a very large deal with a foreign government, who pulled out as a result of this bill.”
The laws’ critics complain they unfairly force individual employees to spy on their companies without being able to tell anyone; weaken overall online security by breaking encryption; lack any judicial oversight or transparency; and reduce commercial opportunities overseas, whereby Australian tech is viewed with the same suspicion as Chinese firms like Huawei are viewed here.
Potential amendments to the laws are due to be debated in Parliament on Wednesday, but Mr Dutton told the Financial Review he was not expecting many changes.
“The Commissioner of the Australian Federal Police and the Director General of ASIO have made clear that these laws are essential to keep Australians safe … These new laws have already assisted agencies in the detection and investigation of several major crimes,” the minister said.
“The Morrison government’s number-one priority is the safety of Australians. Unfortunately, the same cannot be said for Labor under Bill Shorten, who are doing the bidding of multinational tech companies such as Google by pursuing amendments to weaken the legislation.
“Home Affairs has tasked PJCIS with reviewing the implementation of this legislation, and the government will consider the committee’s findings when they are tabled. Significant changes to the legislation are not anticipated.”
Mr Farquhar was speaking as a figurehead for the submission, which was lodged by industry group StartupAUS. Its submission is co-signed by a who’s who of the local tech scene including Canva co-founders Melanie Perkins and Cliff Obrecht; WiseTech Global CEO Richard White; Freelancer CEO Matt Barrie, Airtree Ventures partner Daniel Petre; CultureAmp CEO Didier Elzinga; SafetyCulture CEO Luke Anear; Blackbird Ventures partner Niki Scevak, Square Peg Capital partner Paul Bassat and 99designs CEO Patrick Llewellyn.
He said the industry had been taken by surprise by legislation that was named in a way that implied it would only be applicable for telecommunications companies, and had therefore been drafted and legislated without any consultation with the companies it most affected.
The StartupAUS submission makes four key recommendations for changes: compulsory notices requiring individual employees to build new capabilities to intercept communications should be scrapped; the definition of companies deemed to be “designated communications providers” should be tightened to include only specific communications providers; oversight on how companies are targeted must be introduced; and the definition of what constitutes a “serious offence” should be increased.
Under the existing laws authorities can demand access to communications they believe relate to offences that carry a maximum term of imprisonment of three years or more. Mr Farquhar said this was far too broad to genuinely reflect legislation that was supposed to catch terrorists and paedophiles.
“There are very few crimes of any note that don’t get three years, so this is a ridiculously low bar. The unauthorised disclosure of this Bill itself is a five-year crime,” he said.
The StartupAUS submission raises fears that the crimes warranting three years in prison were far more common and less nationally significant than paedophile rings or terrorist actions, and suggested the broad definition meant that the new powers would become part of the police’s “daily toolkit”, rather than being reserved as a critical measure in times of great need.
Not just tech
While it is largely companies directly involved in the tech sector that have led the protests against the new laws, the scope of the legislation means they could have similarly negative consequences to companies across sectors.
The Australian Industry Group, which represents the interests of more than 60,000 businesses across the country, made an initial submission to the bill consultation last year, warning the new laws risked removing trust between businesses and their customers by compromising their privacy, data protection rights, security and safety.
On Monday AI Group CEO Innes Willox said he remained concerned the potential impacts of the legislation extended well beyond technology businesses, and perhaps beyond what the government had intended.
“Manufacturing and many other industries increasingly depend on smart connected devices. Strong cyber security is central to customer trust, competitiveness, the strength of our economy and the reliability of our infrastructure,” Mr Willox said.
“For nearly everyone who may be affected the legislation remains unfamiliar and its implications poorly understood.”
Mr Dutton said claims that the legislation will weaken encryption were “completely false” and that a company cannot be compelled to create a decryption capability, make encryption less effective for general users, build “backdoors”, or jeopardise the information security of general users.
“Only Australia’s first law officer, the Attorney-General, with approval from the Minister for Communications can require that a company build a new capability. By law these cannot be decryption capabilities,” Mr Dutton said.
“The legislation provides an appeal mechanism for companies required to build a new capability. The company can have this reviewed by an independent assessment panel consisting of a technical expert and a former judicial officer. The company can also challenge this in court.”
Technology experts have frequently disputed the claim that it is possible to do what Mr Dutton claimed, and that any move to crack open communications would automatically weaken security across the whole system.
“They don’t understand enough about the technology … You can’t just open encryption when nice police officers are trying to read terrorists’ data and yet keep everyone else’s data secure,” University of Melbourne associate professor Vanessa Teague said.
Shadow Attorney-General Mark Dreyfus said Labor only passed the legislation before Christmas on the understanding that amendments would be properly considered in the new year.
“Those amendments will now be considered and debated in the first sitting fortnight of Parliament, and Labor looks forward to the government’s support. We are committed to improving this legislation,” Mr Dreyfus said. “This government has acted with arrogance in the way it has pursued this legislation, and has displayed complete disdain for the views of the tech industry. Labor has listened and will act.”
The encryption laws came into effect late last year, just as numerous Australian tech start-ups were reeling from moves by the Australian Taxation Office to claw back millions of dollars in research and development tax incentives previously awarded to companies, including online job marketplace Airtasker.
Mr Farquhar said the two areas in concert were clamping down on the nascent Australian tech industry, and questioned whether there was a broader policy to keep progress in check.
“I think it is a broader thing of whether the government wants a viable technology industry in Australia or not,” he said.
“These harmful changes just seem crazy, and they are covering companies that have nothing to do with terrorist communications. It is ridiculous that companies like [design software provider] Canva are somehow involved.
“We are finally getting traction in the local tech industry, and really the government has to do nothing much to help, but at the moment they seem hell bent on doing things to tear the industry down.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.