Atlassian says Australia's encryption busting laws are too broad and scare off overseas customers. Image by Lukas Coch/AAP PHOTOS

Technology

Australian tech law ‘self-inflicted wound’

2020-07-28 16:03:09

Tech and telecommunications companies warn Australia’s encryption-busting laws would give the sector “self-inflicted wounds”.

Atlassian and the telco industry lobby have told parliament’s security and intelligence committee that overseas customers are wary of doing business in Australia because of the invasive powers.

The current laws force companies to create ways to decrypt user data on their systems for access by Australian police and security agencies.

But tech giants have warned such a back door would make their systems too vulnerable to hackers.

Atlassian’s head of government affairs, Patrick Zhang, said the laws were intrusive and lacked oversight.

“(The laws) must also not create self-inflicted wounds for industry as it looks to secure customer data in today’s challenging cybersecurity environment,” he said on Monday.

“That has given a number of our customers concern (and) that has given the technology industry at large concern.”

Mr Zhang said companies feared the Australian laws would create a weak link in their global operations.

Communications Alliance chief executive John Stanton said the laws were inhibiting business.

“It is more than a passing worry, it is a factor that does have the potential to undermine (business) growth,” he said.

Mr Stanton said Australian businesses were getting questions from overseas customers and other potential customers about the laws.

Atlassian wants to see more independent oversight of the scheme.

A compromise would be installing an independent judge with extensive experience dealing with the industry to oversee the scheme, Mr Stanton said.

Businesses should also be able to appeal against requests to access data, Mr Zhang said.

Mr Zhang said authorities should only be allowed to access data relating to more serious offences, instead of the current law allowing police to request data for offences that attract three or more years in prison.

Digital Rights Watch chair Elizabeth O’Shea wants the bill repealed.

“Strong encryption is our best protection against criminal and state-sponsored hacking,” she said.

“These are put at ongoing risk as a result of this law.”

Ms O’Shea pointed to the public take-up of the COVIDSafe app falling short of the government’s aims because of its poor handling of cybersecurity issues.

“Public trust is critical and necessary as a factor for these projects being successful,” she said.

“The public harbours a lack of trust in government.”