Australia’s anti-encryption legislation is already costing our tech industry billions of dollars, according to a report that takes a first look at the economic impact of the controversial surveillance law two years after it was introduced.
The point of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act was to allow Australia’s law enforcement and security agencies to break through any form of digital protection to catch serious crime and terrorism acts.
The effect was a rushed, wide-ranging law that forces tech services to install malware on Australians’ devices or figure out other ways to get around their customers’ privacy protections. As far as we know it’s never been used for terrorism offences — a major justification for encroaching on Australians’ privacy — although it was cited as being used in an unspecified way as part of the AFP’s global sting Operation Ironside.
One prediction made before the bill was passed that has come true is that the act is hurting Australia’s tech industry.
Analysis released by the Internet Society found that Australia’s anti-encryption legislation is causing “significant economic risk”. The direct cost of complying with the legislation had been small but the laws have undermined international trust in Australia’s digital services and their cybersecurity, increased business uncertainty, and hurt the brand image of Australian providers internationally.
“We mean economic harms measurable in the multiple billions of dollars that are broad-based and likely to be (primarily) realised in coming years,” the report said.
Researchers used a combination of in-depth interviews with nine major tech companies operating in Australia who are likely to be subjected to the law and a survey of 79 firms in Australia. What they found was that all but one major tech company and two-thirds of the companies surveyed felt negatively towards the law.
Barring one interviewee who said the law clarified Australia’s legislation framework, eight others said its lack of transparency, inadequate oversight and sheer breadth hurt the security of Australians’ digital data.
One interviewee said plans to expand into international markets that were a “billion-dollar opportunity” were squashed when the law passed because international customers shied away, leading it to lose business to providers who weren’t in Australia.
Other interviewees from major firms said the mere perception created by the act was that their offerings were less secure, and this would lead to more data leakages and security breaches in Australia and internationally. More than 40% of respondents said the law had already negatively affected their business.
The report warned that it was still early days and the full damage was only beginning to be felt. The authors also noted the impacts were foretold.
“A key result that emerges from this analysis is the remarkable similarity in terms of what industry participants anticipated would be the effects of [the act] and what they report have been their experiences and expectations going forward” it said.
Or in other words: “We told you so.”
Despite the chickens starting to come home to roost, the federal government is carrying on with pushing forward a suite of laws that erode Australians’ privacy and beef up its surveillance state. Who knows how much those bills will cost us.
Do you think this law is a valid way to keep our data safe? Send your thoughts to [email protected], and don’t forget to include your full name if you’d like to be considered for publication.