Skip to main content
banner image
venafi logo

Australia’s New Encryption Laws Are Disappointing

Australia’s New Encryption Laws Are Disappointing

Australia encryption backdoor law
December 20, 2018 | Terrie Anderson

To be honest, when Australia’s new encryption law first passed, I was left in an utter state of shock. I didn’t expect it to pass based on feedback I knew had been given by the technology and security industries. I couldn’t believe that we, as a nation, could be so short-sighted and isolationist. And on reflection, I still feel very strongly about it, so I’d like to share my thoughts about why restricting encryption is such a bad idea.

But first, a brief recap on what the law is. The new legislation gives the government’s security and intelligence agencies the legal authority to compel tech companies to break their encryption. It would require tech companies to provide law enforcement and security agencies with access to encrypted communications.

The bill was passed with considerable opposition from IT industry advisors in Australia; there were multiple amendments recommended that could have made the bill a more palatable and intelligent piece of legislation.

What is concerning is that a logistical issue caused the bill to be tied to a completely unrelated issue on refugee immigration policy. This caused it to pass quickly, despite serious concerns. It’s extremely alarming that the Australian government chose to devalue the opinions of experts and the industry body.

I do acknowledge that this law has idealistic goals, but I also feel that it is poorly envisioned and ill-constructed in practice. It’s just that the Australian government doesn’t seem to understand the domino effect, and significant ramifications that this legislation will have on global technology companies. For example, who knows if these companies will decide to allow Australian enterprises and citizens access to world-class highly secure technology?

Global governments are already grappling with poor investment in technology, and daily breaches of supposedly protected sensitive data. And now they want to “control” the internet, which, in turn, will stifle the incredible innovation and growth of the most significant industry civilisation has ever seen—IT/OT related technology. The consequences of stifling this industry with outdated government legislation and controls, even though they may be altruistically aimed at catching a small number of nasty criminals, is very far reaching.

I know of several legitimate technology companies with platforms needed by Australian organisations that will withdraw from the Australian market, or if cloud based, prevent Australian IP addresses from accessing their technology, because of their concerns about the impact of this legislation on larger markets in US, EMEA, BRIC and SE Asia—which due to size are a priority. The risk is that Australian companies and citizens end up with less access to best in class technology to protect sensitive data and communication, and far more breaches for hackers.

For example, it will be interesting to see what happens when an Australian organisation is faced with (for example) a GDPR breach, due to a leak within a government system which had access to information covered by this legislation. The reality is that we are giving corporations, and government agencies, a free pass to get out of responsibility and liability for breaches. Who Dun it? Will be an unsolvable question, when encrypted data can be accessed by so many.

Organised criminals and terrorist groups will still be able to access encryption technology through access to global internet, regardless of a piece of legislation in Australia. In essence this new legislation gives our government a window into a few bad actors with serious criminal intent, at the cost of an extreme loss of privacy of millions of private citizens and the IP value of companies. Hackers must be very excited—any back door that government agencies, which generally leak like sieves, can access, so can they!

Do you agree that governments are qualified to securely manage encryption backdoors?

Related posts

Like this blog? We think you will love this.
Featured Blog

EARN IT Act Is Back and So Is Debate Over End-To-End Encryption

The Eliminating Abusive and Rampant Neglect of Interactive T

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Terrie Anderson
Terrie Anderson

Terrie is Country Manager (ANZ) for Forescout Technologies Inc., and a speaker and futurist in Digital Enterprise Leadership, Cyber Security Strategy and Workplace of the Future.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more