Juha Saarinen: The controversial law that's set Aussie's tech industry on fire

COMMENT:

"No, no, no — they can't do it." Techies in and outside Australia watched and listened aghast last week when Labor first slammed the Assistance and Access Bill for being poor law, and then waved it through the Federal Parliament.

From now on Australian government agencies can issue notices to tech companies requiring them to remove encryption and secure authentication on devices and services, so as to provide access to the data.

That doesn't seem so bad until you realise there's no way to do it in a select few cases without creating what the Government said the law mustn't do, namely create systemic weaknesses and backdoors that will inevitably leak out and be used by bad people.

The not-so-fine irony is that the Aussie Government is doing the same thing it alleges the Chinese spies would force Huawei to do, and which was considered dangerous enough to ban the telco equipment vendor from national communications networks.

Australian and overseas techies tried to explain this to the coalition Government which didn't listen and raced ahead with the law.

Hopes that Labor would be more sensible were dashed last Thursday when the Assistance and Access Bill (AABill) was passed by both parties, putting Australia's tech industry in an impossible position.

The techies are furious and since it's Australia, they let Labor know exactly how angry they were with scores of people signing the "You Bunch of Idiots" open letter.

Who can blame the techies? Thanks to the new law requiring them to quietly add that backdoor that mustn't be called a backdoor into their code, Aussie developers can no longer be trusted by their international peers.

You can't say no when government agencies issue a notice, saying absolutely do not tell your employer about it or you'll cop a hefty punishment.

Not that you'd be able to hide the backdoor anyway. Software and hardware development these days is laced with accountability and testing to catch bugs and to avoid malicious code being added in on the sly.

That's before you consider open source where anyone can see the code in question.

Making a bad situation worse, overseas companies will think twice before hiring Aussie talent for fear that the developers are compromised by the new law.

Exporting Australian tech which could have backdoors introduced into it at any time and jeopardise security will become much more difficult.

It may even be impossible in the European Union, where the General Data Protection Regulation privacy laws force companies to safeguard personal data, or else.

Past experiences with the Aussie metadata retention law shows that lots of government agencies, major and minor, are keen on a spot of digital surveillance.

Since the new law can be used for suspected crimes that carry a prison sentence of three years or more, it's likely that plenty of encryption breaking notices will be issued.

Concerns about the AABill are also being raised internationally. Crypto expert Mathias Pfau, who runs the end-to-end encrypted Tutanota email service that focuses on user privacy, can't see how the new law is workable without user coercion.

"The encryption in Tutanota is an integral part and therefore cannot be removed or broken. Australian law enforcement would have to force people to hand over their passwords," Pfau told me.

"In Germany this would not be possible as it is illegal to force someone to testify against themselves."

A bad law that won't stop bad people from doing bad things will hurt Australia's tech industry. It is a spectacular own goal by the coalition and Labor.

The risk now is that other Five-Eyes countries, including New Zealand, follow Australia into making the same monumental mistake.

Now is the time for the local tech industry to start creating awareness and move the encryption debate out of the current, narrow security context, or risk being undermined and trusted by no one.