Very recently, the Australian Government passed what it called the Telecommunications and Other Legislation Amendment (Assistance and Access) Act. This overly complex and euphemistic title represents a piece of legislation that poses a significant threat to Australian data security and the economy.
Governments around the world insist that encryption hinders their efforts in dealing criminals and terrorist plots, due to the encryption of instant messaging apps. The creation of backdoors in apps and operating systems not only destroys innocent users’ privacy, it also threatens the integrity of systems upon which even government tools are built. Back in August, The Conversation explained:
the bill allows the Director-General of Security or the chief officer of an interception agency to compel a provider to do an unlimited range of acts or things. That could mean anything from removing security measures to deleting messages or collecting extra data. Providers will also be required to conceal any action taken covertly by law enforcement.
There are huge concerns about what this means for the security of businesses and how international companies interact with and work in Australia. One example that popped up in my Twitter feed was a blog post on the issue from Canadian company AgileBits Inc. I’m a huge fan and regular user of its app, 1Password, which provides a secure vault for passwords, logins, card information and various membership details and notes. How is this kept secure? You create a complex master password that protects all of your other information and encryption does the rest.
AgileBits Inc’s blog post dealt with its concerns about doing business with and hiring people from Australia. I doubt that the Australian Government really considered this and how Australia will be able to interact with the app economy in the future. Here’s an excerpt:
We do not, at this point, know whether it will be necessary or useful to place extra monitoring on people working for 1Password who may be subject to Australian laws. Our existing security and privacy design and internal controls may well be sufficient without adding additional controls on our people in Australia. Nor do we yet know to what extent we should consider Australian nationality in hiring decisions. It may be a long time before any such internal policies and practices go into place, if they ever do, but these are discussions we have been forced to have.
The more that I hear about the issue, the clearer it is to me that the Australian Government does not understand the implications of its decisions, despite arguments from major tech companies, app developers and other specialists in the field. We truly live in an era of dismissal (and even hatred) of experts.
Read the full blog post by AgileBits Inc here.