The tech giant Atlassian says controversial encryption laws have damaged the reputation of the technology sector, discouraged talent from working in Australia, and harmed an industry that could help drive economic growth in the nation’s post-Covid-19 recovery.
An inquiry into the encryption laws resumed on Monday before the parliamentary joint committee on intelligence and security, hearing from the industry leader Atlassian, which said it was presenting concerns on behalf of other players who “do not have the resources to engage in such advocacy”.
The laws created a system for law enforcement agencies to request or compel technical assistance from technology companies, including to create capabilities such as backdoors to get around the encryption in some of their products.
Atlassian’s policy and government affairs head, Patrick Zhang, said the encryption laws had harmed Australia’s reputation in the sector.
Zhang said they had led to a reluctance among tech companies abroad to engage in Australia or with Australian companies, for fear that weaknesses would be built into their products.
Companies also fear that they could be compelled by the Australian government to do things that would constitute illegality in other countries where they operate, Zhang said.
The laws have also led to a reluctance among industry talent to work here.
“It is my belief that the very rushed nature in which the [Telecommunications and Other Legislation Amendment] bill was passed and then also the nature of the rights granted to government under TOLA have had a negative impact on the reputation of the Australian technology sector,” Zhang said.
He said the use of technical capability notices (TCNs), which can be used to compel communication providers to build interception capabilities into their systems, had caused particular reputational damage.
“That has given a number of our customers concerns,” Zhang said. “It has given the technology industry at large concerns.
“Because I think that the fear is that by working with an Australian company, whether by using its product or as a vendor – is that company going to be subject to orders by the government to weaken its security or to build backdoors that will make the product less secure and expose a weak link, if you will, in the technology supply chain that is global in nature?”
Zhang said the tech sector in Australia, while small relative to other developed nations, could drive economic growth post-Covid-19.
“There is a lot of room to grow,” he said. “I think Australia’s technology sector is very high quality in terms of the companies that are here and the successes that have already happened.
“But there is definitely room to grow in terms of the sector taking up a bigger share of the national economic impact.”
This month the independent national security legislation monitor released a wide-ranging review of the laws.
The outgoing INSLM, James Renwick, said the law “is or is likely to be necessary” due to the widespread adoption of internet-based encryption by criminals and “other bad actors”. Australia’s domestic intelligence agency Asio and the Australian federal police support the law and say about 90% of priority cases involve encryption, which allows criminal suspects to communicate in a hidden manner.
Renwick, though, made recommendations which would constitute a major overhaul of the laws.
He recommended that the attorney general be stripped of the power to approve orders that can force tech and social media companies to help security services to potentially spy on the public.
Renwick said the power and ability for agency heads to compel assistance from tech companies should also be moved to the administrative appeals tribunal.
The types of offences that can be investigated using the powers should be limited to more serious offences, he said. These would include offences punishable by seven years in prison, not the present three-year threshold.