Australia has been a hot topic in the tech world due to its bills and legislation that give law enforcement and other government officials backdoor access to technology and the power to intercept communications to check for threats or criminal activity. The legislation leaves consumers and businesses concerned over their right to privacy.
The language outlined in the bills, like the Telecommunications and Other Legislation Amendment (TOLA) asks that manufacturers design products with backdoors. Companies such as Atlassian claim that these decrypting requests not only weaken security in products but may cause consumers to lose trust in tech companies throughout the country.
Legal Language Leaves Little Leverage
Australia first passed a bill in 2018 known as the Telecommunications Assistance and Access Bill. This gave law enforcement and intelligence agencies the ability to view the contents of encrypted devices and messaging. Companies must bypass encryption if the Australian government asks them to and a search warrant allows an officer to add, copy, or delete data if they deem necessary. If a company refuses to decrypt information, they may face fines or even prison time. This, as well as the new TOLA bill, is believed to have been passed too quickly.
The TOLA Act has also been in play for over a year, but is still receiving backlash over its vague language. Under the law:
- Technical Assistance Notices (TAN) are used to give notice to a communication provider to use an existing interception capability.
- Technical Assistance Requests (TAR) which are voluntary requests that can be made by a variety of Australian security groups including the Secret Intelligence Service and the Australian Signals Directorate. There is no penalty for not complying, but they are still covered by secrecy provisions.
- Technical Capability Notices (TCN) are notices for a communication provider to build a new interception capability to meet the TAN.
Privacy Issues Affect Global Community
Ahead of IP, Policy and Government Affairs for Atlassian, Patrick Zhang said he believes the amount of rights being granted to law enforcement officials and agencies gives them too much power. They not only can request access to encrypted products but can request that the entire design of the product be changed to allow for backdoors.
Without appropriate safeguards for privacy and information protection, companies in the country and employees who may be considering coming to work in Australia will feel unprotected. The language is vague, leaving most of the power in the hands of the officials. These laws may deter employees from other countries from coming to work in Australia and existing businesses feel they have no layer of protection between them and the mandatory decryption policy.
Without a neutral third party overseeing the warrants that are made, the new laws will not gain the public’s trust. The Australian Parliament needs to amend the ambiguity in the new bills and Zheng said that giving companies and employees a way to appeal would be a great first step.
Of course, this is an issue on a global level as well. If other countries involved in trade or commerce with Australia find that the products that are made and shipped to them have encryption backdoors, they may cut ties with the country due to the lack of security for personal and corporate information.
Encryption and Data Security First
This is not the first instance of governments attempting to gain access to encrypted devices. The US government requested that Apple create backdoors in its products to allow them to access information about drug trafficking, terrorism and other crimes. While the intent behind having access to data seems to be a positive in terms of safety, legislation needs to be worded plainly and find a balance between mandating decryption and protecting people’s right to privacy.
Data security is the number one priority at SecureData. Our line of hardware encrypted data storage devices is designed without any backdoors and keep the user in total control over their data. With complex PINs and wireless authentication via a secure app, these devices keep corporate or individual information protected and the user can decide when and where they want to grant access permission to another party.