Documents released by the Home Affairs department suggest it did not consult with Australian technology companies about its encryption laws before releasing a public draft.
Government officials spoke multiple times with US technology giants Apple, Facebook and Microsoft about the proposed legislation in 2017 and 2018, according to heavily redacted records obtained under freedom of information laws.
Telecommunication providers such as Telstra, Optus, Vodafone and Vocus are also named.
But no brands from Australia’s IT sector appear among the dozens of pages released so far, further fuelling industry complaints that the impact of the laws on local industry was not adequately considered as the bill was developed.
Among other things, the laws give authorities power to compel a company to create a new technical way to access encrypted communications — a text message sent in the WhatsApp messaging service, for example.
During a committee inquiry into the legislation in November 2018, Francis Galbally, chairman of Australian encryption provider Senetas, suggested companies like his own would be unable to prove to customers they had not made a product modification to help a government agency.
“The bill, should it become law, will profoundly undermine the reputations of Australian software developers and hardware manufacturers in international markets,” he said at the time.
This concern is still largely shared by Alex McCauley, chief executive of the national start-ups advocacy group StartupAus, who said his industry should have been involved in the early consultation process.
“[The information in the consultation documents is] not a list of companies that includes any Australian tech businesses, which is obviously problematic,” he said.
“[The laws make] it really difficult for Australian companies selling overseas to say with confidence that they have a secure system.”
Tech giants and telcos
The confidential consultation documents indicate officials were in touch with Apple, Google, Facebook and Microsoft multiple times in 2017.
Some of the companies appear to have been approached again in the weeks before a public exposure draft of the legislation was published in mid-August 2018, according to emails and calendar bookings.
An undated “attendee snapshot” included in the documents lists Optus, Telstra, Vodafone, TPG, Vocus and the Communications Alliance.
Department representatives also spoke with the Australian Strategic Policy Institute in 2017.
Ron Gauci, chief executive of the Australian Information Industry Association, said it was “disappointing” his organisation was not consulted.
“Had we been involved in the process in the first place … hopefully we would have avoided some of the matters that still remain as issues for us,” he explained.
A Home Affairs spokesperson said the department consulted about the laws with a range of telecommunications, social media and technology companies operating within Australia — a process that is ongoing.
The draft legislation was released to a number of companies for comment at a Ministerial roundtable in June 2018.
“The laws do not create a standing obligation or compliance burden for the Australian technology sector,” the spokesperson said.
An array of law enforcement and public service officials were sometimes present at the meetings, the documents indicate, including representatives of the Attorney General’s department, the Australian Federal Police, ASIO and the Communications department.
‘Substandard’ consultation process
Even some groups that were consulted prior to the release of the draft legislation did not find the process adequate.
John Stanton, chief executive of the Communications Alliance, which represents the telecommunications sector, said “the basic message” was not to worry as the legislation “would not create any backdoors”, when he met with government officials in 2017.
“We would have preferred very much to sit down and engage with government on the detail,” he added.
Sunita Bose, managing director of the Digital Industry Group, which represents Twitter, Google, Facebook and Microsoft, said the broader consultation process was appreciated albeit perceived as speedy.
“We did raise concerns at the time that the Bill appeared to be fast-tracked through Parliament, ignoring the voices of a wide range of organisations who directly raised concerns,” she said.
Draft legislation was released for public consultation by Home Affairs in mid-August 2018, and was introduced in Parliament weeks later.
The Parliamentary Joint Committee on Intelligence and Security’s review of the bill was cut short after Home Affairs Minister Peter Dutton said authorities needed the additional powers before the Christmas break.
The Assistance and Access Act then passed on Parliament’s last sitting day in December 2018, as the Labor Party voted for the bill despite voicing numerous concerns, including inadequate judicial oversight.
Digital Rights Watch (DRW) board member Lizzie O’Shea pointed out that many civil society groups were also excluded from the initial consultation process.
“I’ve seen this happen time and again … whereby there’s a very significant piece of legislation or law reform that relates to technology, and the consultation process is substandard,” she suggested. DRW wants the law repealed.
The Communications Alliance’s Mr Stanton said he hoped the government would work more closely with industry on future technology legislation.
The Parliamentary Joint Committee on Intelligence and Security is currently reviewing the laws, and is due to report in April 2020.
Just before deadline, the Department of Home Affairs advised that two to five pages pertaining to the ABC’s FOI request were missing and still being processed. Their content is unclear.