Bad place for doing business: Australia will force tech companies to make security holes
The legislation will force tech companies to help Australian authorities decrypt users' online communications — and it could represent a major blow to data privacy elsewhere in the world.
Messages sent via services such as Facebook's Messenger or Apple's iMessage can be encrypted. That means the message is scrambled in a way that's unintelligible without a special key.
But now that the Assistance and Access Bill is law, companies that refuse to help Australian authorities could face fines of nearly $10 million in Australian currency.
The Digital Industry Group (DIGI), a tech industry association, said the law raised "the prospect of introducing systemic weaknesses that could put Australians' data security at risk."
"It is also deeply concerning that the minimum safeguards Australians should expect under such unprecedented new powers — judicial oversight and a warrant-based system — are absent," the group said in a statement.
"I think it's right for governments to be tackling the issue of how to do effective investigations in the digital environment," Daniel Weitzner, director of the Internet Policy Research Initiative at MIT, told the Australian Broadcasting Corporation (ABC).
"What is risky is when government puts the interest of investigators over the safety of everyone who uses the internet and mobile phones."
He said that the planned encryption rules could deter top tech firms from operating in Australia, given the costs and compromises they would demand.
"If a company that does business globally is suddenly told by the Australian government that it has to weaken its security, then it may think twice about whether it's worth being in the Australian market," Weitzner said. ■