Encryption bill hits tech exports
Paul Brooks: Proposed encryption bill will have an unintended impact on exports
The federal government’s proposed encryption laws could lead to a “national tragedy” for Australia’s $3 billion information technology and software exports, Internet Australia has warned.
In an open letter sent to Home Affairs Minister Peter Dutton this week, Internet Australia chair Paul Brooks has criticised the “manifestly inadequate” time given to consult on the bill, which he said could potentially lead to Australian companies facing similar bans to those recently imposed on Chinese tech firms Huawei and ZTE over the 5G network build.
Internet Australia is a not-for-profit organisation “representing all users of the internet”, and is the Australian chapter of global Internet Society.
The Assistance and Access Bill 2018 was introduced to the lower house last month and is now the subject of a parliamentary joint committee inquiry. The legislation grants widespread new powers to law enforcement and other agencies to force tech companies to circumvent encrypted communications and data.
The legislation has been criticised by several heavyweight tech companies, as well as digital and civil rights groups, with concerns that it could undermine encryption as a whole.
The precedent that the new powers would set internationally could also have a negative impact on the value of Australian IT and telecommunications exports, which were worth $3.2 billion in 2016-17, Dr Brooks said.
The new powers in the bill include the ability for agencies to force a tech company to install, maintain, test or use software provided by the agencies with the aim of circumventing encryption.
In the open letter, Internet Australia pointed to the government’s recent banning of any companies that are “likely subject to extrajudicial directions from a foreign government that conflict with Australian laws” from participating in the country’s 5G network, and said that the encryption bill could lead to similar bans being implemented against Australian tech companies.
“The ban was reportedly driven by concerns that companies with strong Chinese links are subject to Chinese governmental control and requirements to act under direction of Chinese intelligence agencies,” Dr Brooks said.
“This bill will put in place a regime where Australian companies will be subject to the same suspicions, and effectively viewed by the international community as subject to the very same concerns around undisclosed surveillance and surreptitious bypassing of security and privacy functions at the request or direction of the Australian government.”
Just the existence of the new powers could create uncertainty around Australian tech companies, Dr Brooks said.
“Australian manufacturers of communications hardware, developers of Australian communications software systems, every Australian telecommunications provider active in a foreign country, and in fact every Australian website involved in ecommerce to international markets could be suspected to be insecure by international markets,” he said.
“Under the current structure of the bill, these concerns and suspicions will arise just by virtue of the legislation existing, even if the legislation is not used.”
If the bill impacts these Australian exports it would be disastrous, the letter said.
“It would be a national tragedy if Australian exporters of IT systems and software were harmed by international bans and security concerns for precisely the same reasons Australia has chosen to restrict foreign companies from our projects, as a result of this bill through your department being considered in its current form,” Dr Brooks said.
The long-awaited encryption bill, which gives law enforcement and other agencies widespread new powers to force tech companies to circumvent encrypted communications and data, was unveiled by the government in mid-August.
Just five working days after consultation on the draft legislation closed, the bill was approved by the Coalition party room and introduced to Parliament later that month.
On the same day it was referred to a parliamentary joint committee for an inquiry with only a three week submission window and one day of public hearings.
In the letter, Internet Australia criticised the “inadequate” time given to consultation and review, an the delays in publishing submissions received by the department.
“This delay in publishing all submissions robs the public, industry and other arms of government of the opportunity to learn from the analysis of experts and the concerns of the public, and is contrary to a transparent consultation process normally expected of government,” the letter said.
“Unintended consequences and hasty implementation of subtly interconnected requirements impacting the security of global systems could harm the future development of internet trust and e-commerce worldwide, and hamper Australian industry from competing internationally.”
While the legislation has been referred to a parliamentary joint committee for review, the short-time frame on this is “extremely short-sighted” and “ill-advised”.
“It is also telling that the single scheduled hearing day is only one week after the close of submissions, leaving insufficient time for the Committee to read and fully evaluate all the submissions it is likely to receive - this will in turn reduce the value of the public hearings in assisting the Committee to delve into the many substantial issues, concerns and profound implications raised about the proposed legislation,” Dr Brooks said.
The letter urges Minister Dutton to release all of the submissions, extend the reporting time of the inquiry and conduct a series of public meetings and workshops on the bill and to adopt a “slowly and cautiously” approach.
“Minister Dutton, this entire process by your Department of railroading a single draft bill, inadequate consultation, and lack of any effective engagement with the technical and policy expert community and stakeholders needs to be correct,” the letter said.
“This manifestly inadequate consultation process and rushed introduction risks Australia's international reputation as well as many billions of dollars of IT ‘smart economy’ exports, the very type of ‘smart, high-value export-focused industries’ the government identified it wishes to support in its 2016-17 budget.”
A spokesperson from the Department of Home Affairs has come out in defence claiming the premise of the bill is not new, and the government has been extensive consultation with the industry over the last year in development the legislation that is currently before Parliament.
“Communications providers, domestic or foreign, that operate in Australia have a responsibility to assist law enforcement where their products are being used to conduct illicit activity,” the spokesperson told InnovationAus.com.
“Australia’s law enforcement and national security agencies routinely receive assistance from the large tech companies, however this legislation provides a contemporary framework that will allow agencies to work in the increasingly complex digital environment.”
The bill now has been referred to the Parliamentary Joint Committee on Intellgence and Security for review, which will also include consideration of additional stakeholder submissions and comments.