IBM criticises Australia's anti-encryption laws

IBM Australia has issued a rare critique of Australian government policy, urging a review of anti-encryption laws framed by the damage they are causing to the country’s security investment and image.

In a submission to Home Affairs’ 2020 cyber security strategy consultation [pdf], IBM said the Telecommunications (Assistance and Access) Act 2018 had “created concerns about Australia’s ability and commitment to embrace the most effective cybersecurity policies and technologies.”

In particular, IBM said the laws had “undermined” previous work by the government to create a “regulatory environment that promotes strong cybersecurity without constraining innovation or digital commerce.”

“Strong encryption represents a critically important cyber security technology,” IBM Australia said.

“It underpins data security identity management and protection of devices against unauthorised access. It also plays a crucial role in defending critical infrastructure systems.

“Security experts around the world recognize that empowering law enforcement agencies to build technology to counter encryption will result in a weakening of the encryption technology in use.”

IBM specifically criticised the existence of Technical Assistance Notices, which compel providers with an “existing means to decrypt” communications to use it to aid law enforcement.

The vendor urged a review of the notice regime.

“To position the Australian Government to embrace technologies that will best protect Australia from malicious cyber attacks, IBM urges the government to review the provisions of the … Act to clarify the important and potentially damaging consequences for cyber security investment in Australia, particularly those that arise from the current operation of Technical Assistance Notices,” it said.

IBM said that encryption would be important to 5G as well as to ongoing development of the internet of things. 

“As Australia embraces 5G technology for example, encryption - and end-to-end encryption, particularly - will take on even greater importance as a way to protect massive volumes of data traversing increasingly decentralized potentially untrusted network infrastructure,” IBM said.

IBM has previously been a constituent to industry group submissions that criticised the anti-encryption laws, but hasn’t previously weighed in by itself.