Companies Prepare to Flee Australia Over Encryption Legislation Drew Wilson | November 29, 2018 Debate over the encryption legislation in Australia is heating up. Companies are now saying they are prepared to leave the country because of it. As Australia forges ahead with tightening censorship laws, it seems that this isn’t the only step Australia seems to be taking to crack down on free speech and innovation in the country. Back in August, we brought you news that Australia intends on weakening encryption by demanding that all encryption have back doors for law enforcement. At the time, we pointed out that this could kill business and investment – especially in the tech sectors should the proposed legislation move forward. Now, the war over encryption is heating up. Australia is not only not backing down from mandating the weakening encryption, but is also fast-tracking the legislation as well. Now, companies are sending a clear message to the Australian government: implement these laws and we’ll leave the country. An outcome we foresaw back when reports first surfaced. From SBS News Australia: Tech companies may choose to leave the Australian market to avoid being forced to install spyware on their devices and networks at the request of intelligence agencies, a lobby group for the country’s biggest firms has warned. Speaking exclusively with SBS News, the Communications Alliance warned the Morrison government’s controversial encryption reforms would see its members confronted with “difficult choices”. The Alliance represents dozens of tech companies operating in Australia, from the largest telcos Telstra and Optus, to the National Broadband Network, to the local operations of tech giants Google and Apple. “It’s possible, for example, that an engineer in a telecommunications company could be ordered to alter the network or services to create vulnerabilities or backdoors and not be able to tell senior management about that,” Mr Stanton told SBS News. “So the company wouldn’t know that they were operating a compromised service. “Similarly, device manufacturers could be ordered to install spyware onto devices they’re selling into Australia and not be allowed to tell the end users, or the companies selling those devices, that they had also been compromised.” He said that could lead to security failures, because companies would not necessarily know about secret software exploits running on their services, and therefore not know how to defend them from malicious cyberattacks. The move by Australia to force companies to compromise encryption has also sparked backlash from the United Nations. The UN Special Rapporteur suggested that such laws would get thrown out of a European court. From ZDNet: In relation to the right to privacy, the United Nations Special Rapporteur Joe Cannataci has told the Parliamentary Joint Committee on Intelligence and Security (PJCIS) to focus on other ways to deal with the issue of encrypted communication, rather than trying to break into it. “As it stands, the Bill enables gross invasions of privacy,” Cannataci said on Tuesday. “The government has not substantiated the need for this Bill, asserting a growth in the use of encryption does not constitute an argument, or evidence.” “Everybody is going to use encryption, and so they should, get over it.” Cannataci said the government’s proposed Assistance and Access Bill was a technologically naive framework that ignored the realities and dangers of the digital world. “No government has found a system that provides both exceptional access and security,” he said. Meanwhile, the Electronic Frontiers Australia re-iterated its stance on the legislation. As a representative from civil society, they’ve been an opponent towards the legislation for quite some time. From their press release: At the PJCIS Hearing on 19 October 2018, Angus Murray, Chair of Electronic Frontiers Australia’s Policy Team submitted that: “It is incumbent on me, and you; in your capacity as members of this Committee, members of your electorates and individuals who call this great country home, to ensure that we are considering the future and the way that actions today may affect that future. In this context, our security is important; however, we must be constantly vigilant to ensure that security does not become a catch cry for the dissolution of basic human rights… the extremely short consultation period for submissions into this Bill and its rapid progression is comprehensively wrong.” Power is not meant to be easy, in a democratic society it is meant to be measured against freedom and justice. Rushing the consultation process, rushing the committee process, and rushing this Bill means that this balance cannot possibly be achieved. This position is echoed in the UN Special Rapporteur to the Right to Privacy’s submission to the PJCIS and the importance of an informed discussion about the application and consequence of this Bill is paramount to proper democratic process. Law enforcement can always benefit from more powers, making it easier to do their job. However without oversight and proper consideration of the consequences, these powers can and likely will be misused. The Assistance and Access Bill lacks proper judicial oversight, reporting, and transparency mechanisms and seriously increases the government’s ability to secretly monitor Australians and it threatens our software industry’s ability to create secure products and sell them overseas. Building secure software is incredibly difficult and the scope of the Bill has the real potential that vulnerabilities will be created in software (and hardware) which may be discovered and misused by others. It is not simply about balancing security and privacy — when privacy is compromised so is security. The Australian government should invest in world-class secure software, not more vulnerabilities. Law enforcement organization ASIO, meanwhile, is saying that weakening encryption is necessary to stop terrorism. From The Guardian: But after four hours of closed classified briefings and two hours of public evidence the committee chair Andrew Hastie announced the committee is continuing its inquiry on a bipartisan basis, with no change to scheduled hearings on Tuesday and Friday this week. The government’s telecommunications assistance and access bill, first unveiled in August, contains powers to require tech companies to build new capabilities or provide technical assistance to law enforcement agencies’ surveillance activities, such as breaking encryption. On Thursday Scott Morrison and the home affairs minister, Peter Dutton, called on the committee to expedite its inquiry to allow the bill to pass in the final sitting fortnight of parliament. On Monday, Lewis suggested the bill should be passed “as quickly as it can be”, citing “cases afoot at the moment where this legislation will directly assist”. Encryption technology is affecting 90% of Asio’s priority cases, resulting in a “gap that’s been developing for some time” which is harming the agency’s capability, he said. So, for now, the Australian government is siding with the law enforcement side of the debate and moving ahead with the anti-encryption legislation. Clearly, that means that businesses cannot operate in good faith so long as they remain on Australian soil. If the law is passed, it stands to reasoning that businesses will simply have to close up shop and find a country that will protest privacy and security. As for regular citizens, they’ll have no choice but to wait for the courts to sort all this mess out. Either way, things are looking more and more grim for Australia on the technology side of things. Drew Wilson on Twitter: @icecube85 and Google+.