Vault says anti-encryption laws harming its tech exports

Australian secure cloud provider Vault Cloud says the public perception of the government’s anti-encryption law has “materially and detrimentally” impacted the export of its technology.

In a submission to another review of the hastily passed Assistance and Access Act (AA Act), Vault's chief Rupert Taylor-Price told a senate committee this perception alone was the “largest economic impact” of the new law.

Vault's submission is significant in terms of the pressure it can bring to bear at both a policy and public sector perception level, with two former public service agency chiefs on its board.

One of those is Dennis Richardson, the former head both of the Department of Defence and the Australian Security Intelligence Organisation, a respected veteran with a deep understanding of the motivations of security agencies and their masters.

Vault's CEO didn't hold back in the company's submission.

“[We] can verify that the export of Vault’s technology has been materially and detrimentally impacted by perception of the AA Act,” CEO Rupert Taylor-Price said [pdf].

“As foreign governments and customers are assessing against a “media headline test”, we are in an unfortunate position where local persuasion is not sufficient to counter perception.”

The company, however, did not detail to what extent it had been affected for “commercial and confidentiality reasons”.

Vault used the submission to raise concerns about the impact of the law on Australia’s domestic market, noting that was "seeing an exodus of data from Australia" as multinationals 'blacklisted' Australia.

Like countless other Australian companies, Taylor-Price said that the AA Act was harming Australia’s attractiveness for hosting data as multinational's moved to 'side step' the law.

He suggested this was down to the “perceived compliance of the jurisdiction”, as well as its small market size.

“The AA Act addresses many law enforcement concerns that impact the security and safety of Australians, however the AA Act's perception detracts from the attractiveness of hosting data in Australia,” he said.

“As multinational companies move physical, operational and legal jurisdiction offshore, they easily side step the AA Act - in effect thwarting the AA Act. 

“Current legislation does not prevent these companies continuing to provide services to Australia citizens, companies or Government.”

He said multinationals choosing to "reduce or remove physical, operational and legal sovereignty" meant that Australian jobs, as well as opportunity for growth and taxation revenue,were "displaced".

This echoes similar comments by Atlassian’s co-founder and co-chief executive Scott Farquhar, who earlier this year called out the laws for threatening jobs and creating uncertainty in Australia's tech sector.

Cloud not covered by DTA hosting strategy

Taylor-Price also used the submission to call on the government to create a new data sovereignty policy that expanded sovereignty measures from data centres to cloud services.

The Digital Transformation Agency's recently released government-wide hosting strategy subjected data centre and managed services providers that handle government data to more stringent assessment.

It introduces a new certification framework to mitigate data sovereignty, supply chain and data centre ownership risks.

But Taylor-Price said that "technology platforms ... such as clouds [were] not assured" under the policy.

"The government should mandate that all sensitive data hosted in cloud environments be sovereign (including legal data sovereignty), and that staff go through an Australian Government Security Vetting Agency (AGSVA) clearance where appropriate," he recommended.