The federal government’s highly controversial encryption laws have damaged the growth of Australia’s tech sector and could hamper the nation’s economic recovery, according to Atlassian.
The Australian tech darling has made a late submission to the Parliamentary Joint Committee on Intelligence and Security’s (PJCIS) inquiry into the Assistance and Access Act, which gives law enforcement and agencies powers to compel tech companies to provide access to encrypted data.
Atlassian’s co-founders had been set to appear at a public hearing on the encryption powers, but after this was scrapped due to COVID-19 the company went with a written submission instead.
In the submission, Atlassian head of policy and government affairs Patrick Zhang said the powers have already damaged the reputation of Australian tech companies internationally and could stunt the growth of the promising sector.
“The continued viability and growth of technology innovation and manufacturing in Australia will in large part be based on the actual and perceived security of the technologies that underpin the digital economy and its ecosystem,” Mr Zhang said.
“Atlassian is concerned that the effect of the Act has been to erode trust in Australian technology providers and therefore limit the ability of Australian technology providers to compete internationally, through both their actual and perceived ability to protect their customers, data and systems from being compromised through weakened security.”
Australia’s tech sector will play a crucial role in rebuilding the economy following the coronavirus crisis, and all efforts need to be made to support it, Mr Zhang said.
“Atlassian believes that the sector can grow to become a backbone of Australia’s economy, and our export capability. With the world economy fast-changing as a result of a major digital transformation, Australia needs to be ambitious and visionary, in order to grow and develop an economy which is innovative, creates jobs and maintains wealth in our country well into the future,” he said.
“To support the transition and growth of our economy, Australia needs to support the growth of the technology sector to become the basis of Australia’s new manufacturing capability. To promote this successful transition, Australia needs to implement consistent legislation and administration across the broad matrix of technology policy to best position Australia for the future.”
The federal government has regularly said that the concerns about the encryption powers are not actually reflected in the legislation and based on “myths”.
But Atlassian has warned against these arguments, saying the laws are having a very real impact on local companies.
“We understand that it is tempting to consider that much of the vocal opposition to the Act in the media is based only on perceptions or ‘myths’ of how the Act operates. However, we would urge caution in adopting this approach both on principle and in substance,” Mr Zhang said.
“To the extent that the Act or its effect are unclear, there is no disadvantage – and indeed considerable advantage – to using this opportunity to clarify the intent and operation of its provisions. More importantly, in the context of the Australian technology sector and its reputation globally, the Act’s reception has made it clear that perception matters.”
The tech giant called for significant amendments to the Act, including the scrapping of the current definitions of “systemic weakness” and systemic vulnerability”, the introduction of additional oversight and review processes and clarification that the powers can’t be imposed on employees of tech firms.
The current definitions of key phrases in the legislation are “ambiguous” and “unworkable” and need to be wholly reframed, the submission said. The current definition risks being “selectively interpreted to allow a broad swath of actions that would have a systemic and detrimental impact on the security of a designated communications provider’s systems and products”.
The company pointed to Labor’s amendments to the Act, introduced to the Senate earlier this year, as a good starting point, removing the current definitions in favour of what effects are banned.
Atlassian is also pushing for further protections that would rule out notices being used to prevent improvements to security capabilities or to create new points of access into electronically protected systems or products that would expose otherwise secure data.
“Given the commercially valuable data entrusted to [companies] like Atlassian and the ongoing threats of intellectual property theft by state-sponsored and private actors alike, this is an important area for clarification,” Mr Zhang said in the submission.
There is also a need for additional independent approval and oversight mechanisms to be applied to the anti-encryption powers, Atlassian said, and these need to be related to the pre-approval of notices and subsequent disputes and reviews. The issuing of notices should be subject to independent judicial oversight and independent approval, the submission argued.
Atlassian also recommended that the threshold for the use of the powers should be raised to crimes punishable by seven years or more of imprisonment, and for the Act’s extra-territorial effect to be reviewed.
The legislation should also be amended to clarify that notices cannot be issued to employees of tech companies, Mr Zhang said. The government has said this was not the intention of the Act, and this should be solidified in law, he said.
The PJCIS report, due in September, will be informed by the Independent National Security Legislation Monitor’s own inquiry into the powers, with a report expected to be tabled next week.