Fresh cries for change to the Assistance and Access Act

UPDATED Mozilla and FastMail have joined key figures in Australia’s tech industry in campaigning for change to the government’s controversial new encryption law.

FastMail, an Australia-based email provider used in 150 countries, warned that the bill was already having a negative impact on its business, 90% of which it says is located overseas.

“We have seen existing customers leave, and potential customers go elsewhere, citing this bill as the reason for their choice,” CEO Bron Gondwana wrote in a statement (PDF) last week to members of the Parliamentary Joint Committee on Intelligence and Security (PJCIS).

The committee is currently reviewing the Assistance and Access Act, the encryption bill made law last December amid industry backlash over its lack of clarity.

According to the new rules, telcos, internet service providers, and other tech companies may be required to modify their products in order to allow authorities to bypass encrypted communications that are said to be a huge restraint on criminal investigations and counter-terrorism measures.

The law states that compliancy with the regulation will not compel companies to build a systemic weakness, or backdoor, into their products – although the wording is technically ambiguous, which is where much of the criticism stems from.

“We are happy to add capabilities to provide data in a more usable format, or capture more useful data, to assist police with their work,” Gondwana said.

“However, we do not believe that it is technically possible to keep those capabilities themselves secret.”

Proponents of the law have argued that the bill helps facilitate a culture of mistrust within organizations due to the limited amount of transparency warranted by law enforcement requests.

Open source champion Mozilla has joined FastMail in its criticism, claiming that this bill effectively means global companies will be forced to treat their Australian employees as an “insider threat”.

“This [Assistance and Access Act] introduces another vector for compromise that could undermine trust in critical products and incentivize companies to move critical roles to other localities,” it wrote in a statement (PDF) to the PJCIS on February 22.

“While it is our absolute preference that this legislation be abandoned and annulled, we recognize that the political will may not exist to take this action to protect the security of all Australians,” it added.

Mozilla and FastMail were just two of the 62 organizations that filed proposed amendments in the latest call for evidence as the PJCIS produces a review of law, expected to be released at the beginning of April.

According to local Australian media, a number of enforcement notices have already been issued – failure to comply can result in a civic penalty of up to AUS$10million ($7.16m).

“We anticipate a reduction in foreign investment for startups, as people refuse to put their money into a product that could be compromised without warning,” Gondwana added.

“We also anticipate that other Australian companies will find it more difficult to export their products.”

A FastMail representative confirmed with The Daily Swig that the company had seen a small amount of customers say they would stop using its services because of the bill, but a significant impact on its business had yet to materialize. 

“We have taken – and will continue to take – a public position on the AABill because it has raised concerns from technology companies and privacy supporters around the world,” they said.

This article has been updated to include comments from FastMail.

RELATED Australian cybersecurity industry reels over anti-encryption law