0

Australia's New Anti-Encryption Laws - Opening Locks for Law Enforcement Agencies; Locking Out Australian Tech from Global Market

Technology, automation and artificial intelligence (AI) seeks to cut out the very work that professional service advisors do.

By Law Squared

Shock was felt throughout the Australian tech industry in response to news that the Telecommunications and Other Legislation (Assistance and Access) Act 2018 has been passed. The Act extends the powers Australian law enforcement agencies to stop anti-terrorist activities by amending several pieces of legislation that deal with national security operations. 

There are concerns that the effect of this Act may spread beyond anti-terrorism purposes. The introduction of these new laws has been labelled as “tech industry killer” by several Australian businesses. A real risk is that these laws will significantly stifle the competitiveness of Australia’s burgeoning IT industry in the global market, as well as detract major brands from Australian talent and consumer market. 

How the Act will operate 

The Act allows Australian law enforcement agencies to seek voluntary OR mandatory technical assistance from telecommunication technology providers (including Facebook and WhatsApp), in order to access information from terrorism suspects. This technical assistance will make it easier for agencies to find encrypted information and monitor, track and identify private messages of anyone suspected of terrorist activities. 

Ultimately, these laws extend the powers for law enforcement agencies to investigate potential terrorist activities – in the past, agencies already can access encryption data through specialist techniques and software.  Tech industry assistance is hoped to make this process faster. 

The Act states that enforcement agencies must not ask telecommunication providers to build systemic weaknesses or vulnerabilities that can affect an operating system as a whole. However, it does allow the Director-General of Security and interception agencies to seek technical assistance relating to a vast number of acts or things, which have not yet been clearly defined. We also do not know what would happen if those acts or things that are requested can be done. 

The laws also introduce civil penalties for companies or individuals that do not comply with a mandatory request for assistance made by a law enforcement agency. Additionally, anyone asked by an enforcement agency to compel give technical assistance cannot tell anyone about the request, unless they are authorised by the agency – if they don’t comply, they may face jail time. 

Given these are new laws, it is unclear how and when these laws will be exercised. 

Tech industry concerns 

One of the issues raised by the tech industry is the Act’s incompatibility with the European Union’s GDPR laws. The GDPR requires transparency to be made towards consumers as to what, when and how online data of theirs would be collected. In effect, the Act locks Australian software products out of the European market. 

Another worry is whether employees of multinational tech companies based in Australia might be considered “compromised”, if they are requested by an agency to – in effect – bypass encryption on popular messaging services or reveal exploitable weaknesses in the system that haven’t been fixed up. 

These new laws may also threaten the security of messaging services on a wider scale, with hackers potentially pursuing and exploiting these weaknesses that have been made known at the request of law enforcement agencies. 

Other issues that have been raised also include the extensive powers that these law enforcement agencies now have to access private information from the Australian community and the potential impact of the laws of private information of foreign citizens. 

Where to go from here 

It is predicted that cybersecurity software products will bear the brunt of the negative repercussions. These laws may give government agencies extensive powers to request for vulnerabilities to be made in the software, rendering their core business defunct - even with the exceptions in place within the legislation.  With these laws in place, some technology company founders may start the new year by reconsidering whether Australia is the right home base for their operations. 

Many questions have been raised about the application of these laws and the impact it has beyond national security interests. Tech industry members are already calling for the Act to be amended or repealed in order to stop it from becoming a major barrier to growth of homegrown technologies.  Whether we like it or not, we may face a future where major Australian tech talent and brands decide to leave our shores for greener pastures.

--

The Law Squared team is closely following the development of this Act and its effect on the Australian tech industry and tech businesses. If you have questions or concerns surrounding the Act, don’t hesitate to speak with one of our lawyers by emailing hello@lawsquared.co.


Stay in the know

Sign up with your email address to receive news and updates.

Name *
Name

Categories


SEARCHING FOR SOMETHING?


Twitter