Australian Tech Giant Says Country's Anti-Encryption Laws Are Harming Local Tech Companies
from the no-one-trusts-a-[compelled]-rat dept
The Australian government rang in 2019 by saddling the nation's tech companies with compelled decryption mandates. The new law gave the government the power to demand technical assistance to access any data or communications sought by law enforcement or security agencies. Sure, "case-by-case" solutions might work for awhile, but sooner or later, built-in backdoors would expedite things for both the government and their compellees.
The backdoors may not be in place yet, but it appears no one really trusts Australian tech companies now, thanks to the Australian government. An inquiry into the country's anti-encryption laws is underway and local tech giant Atlassian has expressed its displeasure with the new status quo.
Atlassian’s policy and government affairs head, Patrick Zhang, said the encryption laws had harmed Australia’s reputation in the sector.
Zhang said they had led to a reluctance among tech companies abroad to engage in Australia or with Australian companies, for fear that weaknesses would be built into their products.
Companies also fear that they could be compelled by the Australian government to do things that would constitute illegality in other countries where they operate, Zhang said.
The laws have also led to a reluctance among industry talent to work here.
You can't put a price tag on catching criminals, but presumably the new law will pay for itself (and the damage to local industry) once enough children are saved or terrorists are caught. This isn't to make light of either child exploitation or terrorism. Both should be taken seriously by law enforcement and security agencies. The problem in Australia is that legislators didn't bother to consider how much damage compelled assistance would do to lots of innocent people.
It isn't just the tech companies whose futures look a lot more murky. It's also their employees and any number of people who rely on them for income. It's anyone who uses their services and whose communications and data might be accessed inadvertently by government agencies or deliberately by malicious entities taking advantage of newly created security flaws.
In the end, Atlassian's comments are unlikely to matter. The government has already decided what the proper security/liberty exchange rate is and it appears local tech companies are just expected to serve and suffer. The outgoing independent national security law monitor claims the law is "necessary." So do the agencies that directly benefit from compelled assistance. And they've brought an unbelievable statistic with them to justify the collateral damage.
Australia’s domestic intelligence agency Asio and the Australian federal police support the law and say about 90% of priority cases involve encryption, which allows criminal suspects to communicate in a hidden manner.
Wow. 90%. This number appears to say that almost every case in which encryption is encountered is granted "priority" status. Encryption may be common but it's not that common. And even if it is, there are still a number of options available to agencies that don't include forcing companies to weaken or destroy features that secure the devices and communications of millions of innocent people.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: australia, backdoors, competitiveness, encryption
Companies: atlassian
Reader Comments
Subscribe: RSS
View by: Time | Thread
The aim isn't so much as to be able to catch criminals, solve crimes, thwart terrorist plots, thry are minimal in number. The ehole aim is to do the very thing that has been fought against for generations, stopping 'Big Brother' from spying on ordinary people. And let's face it, those with nothing to hide are a hell of a lot easier to 'track and trace' than those who have!
[ link to this | view in chronology ]
it seems a high price to pay ,catch a few terrorists, versus cripple the whole
software industry in oz.
Who would want to work with a tech company whose data can be given to the police at any time including passwords ,encryption keys etc
this is similar to the policy in china where if a company works there
the government has acess to all customer data including passwords and computer code.
and before the new laws were passed the police could get a court order
to look at a users browsing data or txt messages and emails .
There has to be a point where the rights of users and companys to privacy are balanced against the fight against terrorism.
Otherwise democratic western countrys are only a few steps over living in a country
like china or russia.
[ link to this | view in chronology ]
"Australia’s domestic intelligence agency Asio and the Australian federal police support the law and say about 90% of priority cases involve encryption, which allows criminal suspects to communicate in a hidden manner."
I wonder how many victims of "priority" crime will be created once the people targeting them can't use encryption to protect themselves, or the backdoors start getting bypassed.
Also, I'll bet that more than 90% of those cases also involved the criminals eating, drinking or using the toilet during the same timescale and using electricity. If big scary numbers are what we're focussing on here, they had better get to the real issues!
[ link to this | view in chronology ]
90%
I'm sure the 90% is correct. If anything, it's a little low.
"The criminal used a browser with https"
They used encryption. It wasn't relevant to the crime, or used explicitly to hide the data, but it's encryption and they can use the stat.
[ link to this | view in chronology ]
New Australian Mandate:
Attention Australians,
We hereby decree that all persons above the age of 13 must wear an ankle monitor that will track your position. We also demand you wear a wrist watch capable of listening to audio. At any time your audio is muffled or unintelligible for any reason, we must assume you are plotting nefarious things. You must also wear a body camera.
Failure to comply will be met with 1 year in jail.
We do this because there are criminals, pedophiles, rapists, and murderers amongst you. And we do this because we care. We can't let the terrorists win! Think of the Children!
Sincerely,
Ministry of Accountability
[ link to this | view in chronology ]
No see, dystopian novels are not 'how-to' guides...
I'd like to laugh at that, but given the australian government is just shy of making private communication illegal that's actually not that out of the realm of possibility.
[ link to this | view in chronology ]
Re: New Australian Mandate:
Very close guess but I think more "You must install this phone app and have your phone with you at all times" is what history will note having happened.
[ link to this | view in chronology ]
Re: New Australian Mandate:
Attention Australians,
We hereby decree that all persons must wear an ankle monitor that will track your position. We also demand you wear a wrist watch capable of listening to audio. At any time your audio is muffled or unintelligible for any reason, we will assume you are plotting nefarious things. You must also wear a body camera, and have your national ID tattooed to your forehead fully visible at all times.
Failure to comply will be punishable by death.
We do this because we can. And we do this because we care about maintaining our power over you. Get used to it! Bend over!
Sincerely,
Ministry of Slavery
FTFY. Drop the pretenses of giving a crap. They don't now and they still won't when they come for you. Assuming otherwise, or continuing to spread those pretenses just serves to fool others into accepting their dystopia.
[ link to this | view in chronology ]
100% of priority cases involve humans
Australia’s domestic intelligence agency Asio and the Australian federal police support the law and say about 90% of priority cases involve encryption, which allows criminal suspects to communicate in a hidden manner.
Yeah, because most companies theses days make use of encryption because it's kinda important, so if someone is making use of electronic communications odds are very good they're using some kind of encryption even if they didn't realize it. I'm betting that of those 90% of cases a solid 100% make use of electricity as well, using that as part of the argument would be just as relevant and just as honest.
What governments are really going after with attacks against encryption is privacy and security for anyone not them, where unless you have the right connections you are not allowed to have a conversation or otherwise say or do anything in a manner that the government is not allowed to peek in on, and if that means that anyone else can peek in as well that is a price they are willing to have the public pay.
[ link to this | view in chronology ]
Hmmm...
I confess I have mixed feelings about this. One the one hand, it seems to me that all they will have access to is anyone using Aussie software. 99.999% of the world will be outside the scope, including I suspect most Australians. Anyone in the business community [including people whose business is criminal] will continue to use https, VPNs, WhatsApp, etc. Meaning that the Law Enforcement and Intelligence won't be able to access their comms.
On the other hand, Australia is a member of the 5-eyes...
[ link to this | view in chronology ]
Re: Hmmm...
You appear to be severely underestimating the interconnectedness of the tech sector. For example, you should really look up Atlassian, the company mentioned in the article.
[ link to this | view in chronology ]
Re: Re: Hmmm...
Yeah, a lot of software startups I've worked for have used Atlassian services for source control and team communication as it's convenient and often free to use.
That wont be happening any more.
[ link to this | view in chronology ]
Re: Re: Hmmm...
"For example, you should really look up Atlassian, the company mentioned in the article."
The roughly 450 employee company I currently work for uses JIRA, Confluence and BitBucket extensively, for example, as did the 30ish employee startup I previously worked for before they decided to switch to GitHub and more generalised tools.
[ link to this | view in chronology ]
Re: Hmmm...
"One the one hand, it seems to me that all they will have access to is anyone using Aussie software. 99.999% of the world will be outside the scope, including I suspect most Australians."
Naturally. It is now no longer legal for most businesses OR indeed many private entities to use software written under australian law. So every international business with an aussie office needs to use exclusively non-aussie programs.
If it becomes illegal for international companies or foreigners to NOT use australian software on australian soil then the bizarre situation presents itself that most nations won't be legally allowed to travel or operate in australia using communications technology more modern than early 19th century.
[ link to this | view in chronology ]
What is the problem?
WHICH encryption??
Mail?? not to hard, if they dont include it in the Email program.
Routers?? Modems?? NOT hard at all. Already broken 2-4 times.
I think they are tired of paying for it to be done. And to decrypt Cellphones.. Which can be interesting.,because MOST of it is broken.. Unless they have a program to do it better, there isnt much they can do, ITS AN APP.
How about unlocking.. most can be bypassed.
How about the Gov. be Unencrypted?? All the representatives.. State and Cities, OPEN up your books, and contracts..
(really doubt that will happen.)
Lets watch the parliaments PORN..
[ link to this | view in chronology ]
Freakin' Atlassian now qualifies as a "giant"?????
[ link to this | view in chronology ]
Re:
It has an annual revenue of 1 billion. That's peanuts versus Google, Microsoft or Amazon, but still a pretty important company.
Also, TIL Atlassian is Australian.
[ link to this | view in chronology ]
Age Old Wisdom break-down
If you outlaw guns = only criminals will have guns. If you outlaw drugs = only criminals will have drugs. If you outlaw encryption = only criminals will have encryption. If you outlaw food = only criminals will have food. If you outlaw freedom = only criminals will have freedom.
[ link to this | view in chronology ]
We like it here in the Peoples Democratic Republic of Australia. Our leeder [Bing,bing. It is spelt "leader" Comrade. Bing, bing] leader Saint Scotty from Marke [Bing, bing. This is very close to being seditious and as such you will only receive one more friendly warning. Bing, bing].
[ link to this | view in chronology ]
don't laugh, it was a serious question
This seems a little redundant. Malicious entities taking advantage would seem to include the government, including U.S. trade agencies by extension since OZ is member of 5-eyes. There is nothing inadvertent about it.
As to the effect, I would deem it entirely foreseeable. Would you trust Microsoft software? Seriously, people actively choose anti-virus and malware scanning from Russia over Microsoft.
That is even without considering that MS may have offices down under. If anything, that presence just makes them more directly obligated to include interesting monitoring features in the windows update distributions.
[ link to this | view in chronology ]