Aussie IT firms cop customer trust hit as encryption laws bite

Australian technology companies are now “regularly fielding questions” from customers about how encryption-busting laws might impact the products they have installed and are using, ASX-listed Senetas says.

Worse still for the tech firms, the laws passed at the end of last year look like they could have a dulling effect on prospective sales engagements.

Additionally, foreign competitors not subject to the same onerous rules are now using that as a point of difference to win over business that might otherwise go to Australian tech firms, Senetas says.

The company, which itself makes encrypted technologies such as for secure file drop and collaboration, said that fears about the impact of the Assistance and Access Act had so far been well-founded.

“The risk previously stated by many industry providers that the legislation would damage Australian developers’ and manufacturers’ reputations in international markets has now been realised,” it said in a new submission [pdf] to a joint parliamentary inquiry still looking at the laws.

“Trust in Australian companies operating in this market has been severely damaged”.

Senetas said that foreign governments and competitors were taking advantage of widespread condemnation of the laws by international media outlets - using it as “evidence that Australian IT products and services are not to be trusted”.

The company warned that the laws are a direct threat to jobs in Australian IT firms, and that specialist security skills would be lost.

Senetas said it was difficult to estimate what the financial impact of the laws might be to Australian industry.

Labor - whose support allowed the encryption-busting laws to pass, without key flaws being addressed - said this week it wants to refer the laws to a separate committee to understand the economic impact in full.

Senetas cited the case of TPG having to pull the plug on its 5G network build due to mistrust issues surrounding a key supplier - Huawei - as an example of the economic impacts that could result from government decisions.

In its submission, Senetas argued that TPG’s exit meant the loss of price competition on telecommunications services and downward pressure on future spectrum auctions due to the lessening of demand.

It used this to argue that the consequences of decisions made by governments - in this case, to bar Huawei from being used in Australian 5G networks - “are regularly downplayed or ignored”.

“The commercial reality, and the impact for businesses and citizens in Australia, on the other hand are very real and they hurt,” Senetas said.

Senetas also called on the government to properly clarify what constitutes a systemic weakness or vulnerability in the laws.

Currently, law enforcement agencies can ask a tech firm to “assist” as long as the manner of assistance doesn’t introduce a systemic weakness or vulnerability that impacts all users of a device or service.

The definition that passed into law is even more ambiguous than those floated by industry in previous consultations.

Senetas called the definitions that passed “unintelligible”, “inconsistent” and “perverse” in that it appeared to allow systemic weaknesses or vulnerabilities to be introduced into products or services anyway.

What Senetas said it really wanted, however, was to see the laws overhauled properly, taking into account industry feedback which has so far been largely ignored.

“We continue to strongly urge the government to reconsider the Act in its entirety as part of a collaborative consultation process,” Senetas said.