The Department of Home Affairs has acknowledged that, according to advice it has received from industry, the way the so-called ‘encryption’ legislation is perceived has “had a material impact on the Australian market and the ability for Australian companies to compete globally”.
In a submission to a parliamentary inquiry examining the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (the TOLA Act), the department argues that the legislation won’t make Australian-built electronic products and services less secure, but admits that the rest of the world may not see it that way.
“Consumers, international companies and investors are concerned domestically produced or located products and services have been undermined by the legislation, and that the industry assistance framework increases the costs of doing business in Australia,” the department said.
In the lead-up to the legislation being passed in December, Australian and foreign tech companies warned that it would have an impact on their operations.
Senetas, which makes network encryption products, warned it may have to shift its operations overseas. The legislation would undermine trust in their products, the company’s founder, Francis Galbally, told a parliamentary inquiry in November.
Cisco, Mozilla, and industry bodies representing tech heavyweights such as Google, Facebook and Apple were also among the bill’s critics.
In the wake of the bill being passed, the tech sector has continued to call for changes to the new law.
The “public perception” of the legislation is “having the largest economic impact to Australia,” Australian cloud service provider Vault argued in its submission to the current inquiry.
The cloud company added: “For commercial and confidentiality reasons we are unable to disclose details, but we can verify that the export of Vault’s technology has been materially and detrimentally impacted by perception of the AA Act. As foreign governments and customers are assessing against a ‘media headline test’, we are in an unfortunate position where logical persuasion is not sufficient to counter perception.”
Home Affairs said it was working across government, with its international counterparts and industry (domestic and international) to “clarify and reiterate the intent and operation of the law”.
Administrative guidance developed by the department will help explain the way the new rules function, Home Affairs said.
“The industry assistance framework does not place any immediate or ongoing obligations on providers,” the submission states. “Providers will only be required to give assistance in the event of a formal request or notice being issued which relates to their eligible activities.
“The industry assistance framework does not require companies to fundamentally change the way they conduct their business operations in Australia. Consumers, and international providers and investors should have confidence that no provisions in the legislation will lead to significant changes to how services and products are developed in Australia.”
The legislation contain “security guarantees” as well as “consultation requirements and core decision-making criteria which reinforces the need for decision-makers to hold impact on businesses at the forefront of their mind.”
The department indicated it is also working to “emphasise that individual employees who receive a notice” to assist law enforcement agencies or implement a new capability to aid an investigation “can and should discuss that notice with their employer for the purposes of actioning it”.
“While the notice may be handed or sent to an individual employee (for example an individual nominated by an organisation to receive these notices), it is the corporate entity (not the individual) who is being served with the request or notice,” the department said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.