Podcast: Change the encryption laws
Galvanised: Sarah Moran (left) and Nicola Nye on the difficulties facing the Australian software sector
The powerful Parliamentary Joint Committee on Intelligence and Security is expected to table its review of government’s controversial encryption legislation by Wednesday afternoon, even as the industry continues to press for a substantial re-write of the laws.
Anyone that has followed the progress of the so-called Telecommunications and Other Legislation (Assistance and Access) Act 2018 will know that it has created a stink within the local tech sector.
Australian software companies and cyber security firms say the legislation has damaged their businesses, and has alarmed their customers. The reputational damage to the nascent Australian software industry has been extensive.
Different parts of the tech industry camel together to voice their concerns about the legislation last week at the Safe Encryption Australia forum in Sydney. The forum brought together a coalition of voices from different part of the technology sector.
In this podcast, I spoke to Girl Geek Academy chief executive officer Sarah Moran and FastMail chief of staff Nicola Nye immediately following the Safe Encryption Australia forum.
Ms Moran had acted as the panel moderator for the forum, while Ms Nye had been one of the expert panellists at the event. The panel included Atlassian co-founder Scott Farquhar and cyber investor Eddie Sheehy and shadow minister for the digital economy Ed Husic.
Also presenting at Safe Encryption Australia was University of Technology, Sydney deputy vice-chancellor Glenn Wightwick and encryption specialists Senetas’ co-founder Francis Galbally.
Ms Moran said the people in technology are not always the best at communicating outside of the sector, and conceded many in the industry had not previously been politically active on industry issues.
But the controversy over the passing of encryption legislation on the final sitting day of the 2018 parliamentary year had been galvanised the tech sector. And this is a good thing, because regulation is going to become increasingly a part of life in tech, and the industry needs to get better at putting its views across the politicians.
“This is not something that we’re going to roll over on,” Ms Moran said of the industry concerns about the encryption legislation.
“We need to be able to say how it affects us and why, and to request a reduction in its scope,” she says.
Nicola Nye from the Melbourne-based global supplier of secure email services FastMail says there has been a difficult balance for Australian tech providers to make between speaking out against the negative impact of the legislation and risking reputational damage to Australian companies.
“There is a real tension here. Because of the reputational damage that you can cause your own brand by bringing up concrete examples of [the law’s impact],” Ms Nye said. “If you tell people that you have customers leaving or that people are not investing in your company because they are concerned about what’s going on [with the encryption laws], then that news is going to spread.”
The difficulty for the Australian tech sector is to be able to join the political conversation about legislation and its impact on the sector, without damaging your own brand. That’s not straight-forward, Ms Nye said, but it’s a position that Australian tech companies may increasingly find themselves.
As for the legislative amendments that Fastmail would like to see introduced, Ms Nye is circumspect.
“If I had a magic wand, we would go back in time and start this legislation again,” she said. “But we don’t have a magic wand so let’s look at what we can do to make this legislation … more workable.”
“The first thing I would say is that [government] keeps saying ‘we won’t target individuals’. Well, let’s take that out of the legislation then, let’s make the letter of the law match the spirit of the law.
“We would also look at raising the level at which this law can be used to obtain information. At the moment you need to have a criminal offence [that attracts a penalty] of at least three years in order for someone to be the target of it.
“But given that you can go to jail for five years for refusing to comply, this seems a little unequal. And so I would raise that bar."
Ms Nye says the judicial oversight of the program needs to be tightened. Having a retired judge providing that oversight is not strong enough – it needs an actual judge working from within the judicial system.