Companies will stop storing data in Australia, Microsoft warns

Australia’s controversial anti-encryption laws came under independent scrutiny this week as tech leaders, including Microsoft’s Brad Smith, continued to criticize the legislation.

The country’s Parliamentary Joint Committee on Intelligence and Security (PJCIS) has referred the Telecommunication & Other Legislation Amendment (Assistance & Access) Act of 2018 (TOLA) to the Independent National Security Legislation Monitor (INSLM).

The legislation, passed by a parliamentary vote in December, enables the government to coerce technology companies into decrypting user communications. It would allow the government to gain access to encrypted communications sent via messaging apps, for example.

Under the legislation, the government can first ask the technology companies for help. If they don’t want to help, it can force them to. If they are unable to help, then the government can force them to change their systems, making it possible for them to provide the necessary support.

INSLM is an independent position established by legislation. It has access to all relevant material, regardless of national security classification, can force anyone to answer its questions, and holds both public and private hearings.

The current INSLM, Dr. James Renwick, will review whether the legislation properly safeguards individual rights and whether it remains proportional to the threat to national security, said a statement from the PJCIS. Committee chair Andrew Hastie MP and deputy chair Anthony Byrne MP added:

In our view, the INSLM provides a valuable, independent perspective on the balance between necessary security measures and the protection of civil liberties. As such, the INSLM is an important and valued component of Australia’s national security architecture.

Companies will go elsewhere, warns Microsoft

The move follows strong complaints from the technology sector about its scope and perceived lack of clarity.

In February, the Mozilla Corporation and FastMail both wrote to the PJCIS, complaining that the wording of the legislation was too vague, and could be used to directly force individual employees to tinker with technology systems without telling anyone. Mozilla argued that it effectively forced it to treat Australian employees as insider threats.

The latest technology luminary to speak out against the laws was Microsoft president and chief legal officer Brad Smith. Speaking in Canberra, he warned that given the vagueness of the legislation, people’s privacy was at risk:

… I think people will worry and we will be among those who will worry because we do feel it is vitally important we protect our customer’s privacy.

He warned that the legislation could turn companies away from storing their data in Australia. Companies in other countries were already asking it to build more data centers outside Australia, he said, adding:

If I were an Australian who wanted to advance the Australian technology economy, I would want to address that and put the minds of other like-minded governments at ease.

Scott Farquhar, co-founder and co-chief executive of collaboration and security software company Atlassian, criticised the legislation for putting Australian jobs at risk.

Speaking at the Safe Encryption Australian forum this week, he warned that the Act created uncertainty for the company’s staff and customers.

Dr Renwick must submit his report to the PJCIS by 1 March 2020, which will factor the findings into its own review of the legislation, due later that year.