An unlikely alliance of tech companies, start-ups and digital consumer rights groups has locked horns with the Australian government over its proposed anti-data encryption law, currently under review by the Parliamentary Joint Committee on Intelligence and Security (PJCIS).
Now, concerns are rising over just how far world governments, including the United States, will go to compromise citizen’s liberties for the sake of national security.
Opponents argue that the bill will effectively require tech companies and platforms like WhatsApp and Facebook to build “vulnerabilities” or “backdoors” into their own products and services so government agencies can access the private data of their users on-demand — with virtually no judicial oversight. Shockingly, the bill could even ban companies from informing their customers about these weaknesses.
The security of our most sensitive information is at stake, from private WhatsApp messages to credit card details used for online shopping. Right now, these are secured through data encryption, the process of scrambling transmitted info through complex mathematical models designed to protect the privacy of users.
Not only does encryption give us peace of mind as we shop, bet online or send “spicy memes” to our friends while bored at work — it is also a vital source of protection against cybercrime and identity theft.
Weakening encryption might assist the government in spying on suspected criminals, but it is also ripe for exploitation by those seeking sensitive information that can be harnessed from our computers servers and phones.
For instance, strong encryption protections, like passcodes, have caused a steep decline in phone thefts. If encryption is weakened, this could be reversed. Encrypted messages and transactions can make a literal life-or-death difference for victims of stalking or domestic violence.
Recent major data breaches, including an attack which left 3 million European Facebook users’ information open to hackers, highlight the need to encourage more data protection, not less.
To this end, Australia’s punishing non-compliant companies through exorbitant fines sends the opposite message than that of initiatives like the European Union’s Global Data Protection Right (GDPR) — which rightly seeks to fine companies for failing to safeguard information voluntarily disclosed by users.
If the threat of these fines worry large tech giants, it’s sure to decimate the hopes of smaller companies and startups that face uncertain and potentially grievous compliance costs that could drive them out of business. It also discourages the market-driven innovations meant to push us into a more secure data future.
While defending the bill, Australia’s Home Affairs Minister Peter Dutton claims that quick access to encrypted content is necessary for intelligence agencies to combat terrorism and human trafficking. Yet, there is nothing in the bill to prevent its application for a range of other purposes.
Marginalized groups, like America’s undocumented immigrants and communities under the threat of proactive over-policing face an even greater threat to their ability to freely socialize and navigate the world due to growing anti-encryption power.
Compliance requirements for laws like this can spell disaster for tech companies that face an uncertain regulatory quagmire.
Many businesses fell short of the EU's General Data Protection Regulation compliance requirements a full two years after it was revealed, and a whopping 70 percent of British companies face potential fines just two weeks before that law took effect.
Companies are now forced to retain “data protection officers” or pay consultants to ensure compliance, further blowing up costs and creating difficulties due to a shortage of applicants.
It is likely that a similar effect will take place in Australia should the parliament succeed in passing the world’s first anti-encryption legislation, creating a barrier of entry to the newer, less-resourced players unequipped to navigate the regulatory uncertainties.
Social media and e-commerce spaces already face significant market concentration among a few companies, with market domination a decisive factor behind the willingness of consumers to disclose more sensitive information than they otherwise would to sites like Facebook rather than simply migrating to alternative platforms.
Businesses with international dealings are also at risk. Dr. Paul Brookes of Internet Australia notes that the bill threatens Australian information technology and telecommunications exports, which generated $2.28 billion in 2016-17.
But compliance costs also put consumer choice in jeopardy. When Australia implemented its world-first requirements for online marketplace platforms like eBay and Amazon to collect sales tax on imports on its behalf, ordinary Australians suffered the most as the main Amazon site now refuses to ship to Australia due compliance difficulties.
This means that Australians are effectively second-class citizens, restricted to the local Amazon portal which offers a small fraction of the 500 million-plus products available on the global site.
Australia’s anti-encryption bill will be closely watched by other member countries of the Five Eyes Intelligence Network, including the United States and the United Kingdom, which have already called for similar laws.
It also sets a sinister precedent for dictatorships and illiberal surveillance state regimes like China where potential dissidents are watched carefully, and where millions rely on encryption to carry on any semblance of a normal civilian life.
Civilians in any country who socialize, conduct business or trade in an increasingly globalized and digitized space should be concerned by this bill — one that threatens our civil liberties and privacy wholesale.
Satyajeet Marar is director of Policy at the Australian Taxpayers’ Alliance, an organization that advocates for low taxation and limited government intervention. He is a tech policy fellow at Young Voices, a public relations shop for classically liberal writers.