The government’s new encryption-busting powers are already having a “profoundly negative” impact on the Australian tech sector, as industry heavyweights unite to demand changes to the controversial new laws.
Representative body StartupAUS has entered a submission to the Parliamentary Joint Committee on Intelligence and Security, co-signed by some of the biggest players in the Australian tech sector, including Atlassian, Canva, Girl Geek Academy, Blackbird Ventures and Airtree.
The submission calls for “urgent changes” to the Assistance and Access Bill to limit the scope of the government’s “globally unprecedented power to involve itself in the operations of technology companies”.
The groups calls for four key changes to the Act: removing the ability to issue enforcement notices to individuals within a company; reducing the types of organisations covered by the laws; improved oversight; and a reduction to the crimes allowing for the use of the new powers.
The Assistance and Access Bill grants wide-sweeping new powers to Australian authorities to compel tech companies to provide access to encrypted communications, and has been widely criticised for compromising the integrity of encryption as a whole and putting local tech companies at a disadvantage to their international competitors.
In the submission, the tech heavyweights said the passage of the bill without amendments during a farcical last sitting day of 2018 was “bitterly disappointing”.
“At a time in which our technology sector is beginning to find real success on the world stage, we should be focused on promoting and supporting those businesses looking to build and grow tech companies in Australia. Instead, the government has passed legislation that Scott Farquhar of Atlassian has described as a ‘gut punch’ to Australia’s tech sector,” the submission said.
Ideally, StartupAUS and the tech bigwigs want the new laws to be repealed entirely. But taking a realistic approach and relying on the promises from both sides of the aisle to amend the legislation in the New Year, the submission instead calls for key changes to the current Act as part of the committee inquiry.
The changes are focused around reducing the scope of the new powers and their potential impact on Australian tech companies.
A “significant concern” for the local sector is that a notice could be issued to an individual within a tech company requiring them to work with authorities to decrypt communications, and they won’t be able to even inform their superiors that this has happened.
StartupAUS chief operating officer Alex Gruszka said that after consultations with Home Affairs it seems clear that this was not the intention of the legislation, and it was written to instead cover sole traders, but it’s still important to remove any ambiguity from the significant powers.
“The possibility that it is used by law enforcement doesn’t depend on what the intention of Home Affairs is. They rely too heavily on intention, but in 10 years time when the politicians and public servants have changed, the intention goes and the letter of the law stays, so it’s important to get that right,” Mr Gruszka told InnovationAus.com.
“This should be a no-brainer for the government, to change the act so that where a company is providing a digital service, the company must be the target of the TCN.”
The three other core recommendations from the submission are focused on limiting the “insanely broad remit” of the legislation.
The laws currently apply to “any technology providers that offers technology designed to connect to the internet”, Mr Gruszka said, even though much of the rhetoric surrounding it has focused on telecommunications providers.
“That seems extremely far-reaching and that means that many, many more companies will be affected in ways they don’t need to be. Restricting it to communications platforms will still give law enforcement what they are looking for without giving them access to your Fitbit,” he said.
This is an “unacceptably broad” scope, the submission said, and should be restricted to just communications companies.
The joint submission said that current protections and oversight mechanisms in the laws are “largely toothless” due to a lack of clear definitions, no redress under the laws and little room for review.
This “significantly limits the accountability of the authorities exercising powers under this Act to ensure administration is consistent and proportional”, the submission said.
StartupAUS is calling for “objective, merits-based review to ensure consistency regarding the exercising of powers under the Act”, and further definitions of key terms in the legislation to “draw important boundaries around the exercise of powers and root them in meaningful legal frameworks”.
The tech group also want a significant reduction to the basis for executing the vast powers included in the Act, which are current applicable to any crime with an accompanying jail time of three years or more.
“The bill was sold on the idea it would be targeting pedophile rings and terrorists and yet it can be used for anything defined as a serious crime, which is essentially any non-trivial crime. This means it can be used on an everyday basis, and that needs to be increased significantly,” Mr Gruszka said.
With the new powers under the Act already in use by Australian authorities and huge backlash locally and overseas, the AA bill is already having “profoundly negative consequences” for the local tech sector, Mr Gruszka said.
“Already there is significant fear from customers overseas asking about Australian technology. It’s just common sense that if an overseas customer was deciding between an Australian tech solution and one where there is not the ability for the government to significantly meddle with the product, then that’s a genuine decision point,” he said.
“I know startups are already having to explain to customers that this bill does make it more likely that the Australian government can access your data and that can be a concern particularly for businesses that have highly sensitive data. Tech employees have already made it clear that they are concerned about the possibility of being targeted under the Act.
“I think we’ve already seen a substantive negative reaction to the bill from all sides, from customers to employees to founders.”
The submission is to a joint committee, but efforts are also being made to specifically lobby the Labor Party, which has already signalled an openness to further amend the Act and, based on polling data, is likely to form government following the May election.
The upcoming election is an opportunity to hold the government accountable for its actions towards the tech sector, Mr Gruszka said.
“With the election we have a close and immediate way in which to hold the government to account. Unlike most times when an election is far off, at the moment we have the ability to directly vote depending on what our perceptions of the government are. I hope that adds a little extra scrutiny and puts a magnifying glass on the actions of politicians to make sure they do what they say they will do,” he said.