Chair of Australian security vendor Senetas Francis Galbally has told the Parliamentary Joint Committee on Intelligence and Security (PJCIS) that the current debate surrounding the proposed encryption-busting Assistance and Access Bill is similar to the one surrounding climate change in Australia.
Despite being told over and over again by experts that accessing encrypted communications will introduce weaknesses into the system, committee members continued to press that a solution is possible.
“It’s a bit like the people denying climate change — all the scientists say there’s climate change, but you politicians don’t admit it,” Galbally said towards the end of the hearing on Friday morning. “It’s the same thing here.
“You cannot do it without creating a systemic weakness. There’s no definition of it, but we’ve had everyone around the world telling you the same thing.”
Galbally detailed how the company had conducted an assessment of the Bill at its own expense, and identified three “catastrophic outcomes” as certain or likely to occur if the Bill is passed.
“The Bill, should it become law, will profoundly undermine the reputations of Australian software developers and hardware manufacturers in international markets; there is simply no doubt that this will result in a significant reduction in local R&D and manufacturing as a consequence of declining employment and export revenue,” Galbally said.
“Foreign governments and competitors will use the mere existence of this legislation to claim that Australian cybersecurity products are required to use or collaborate in creating encryption backdoors.”
[Galbally] added that customers and global competitors are not interested in the nuances and exemptions that could possibly be added to the Bill, as the company will be undercut and lose business.
“In the cut and thrust of the sales world, the existence of such legislation is enough for us to lose a sale,” Galbally added.
“I can say confidently that Senetas will be directly affected, and with exports representing over 95 percent of our sales, there will be a substantial impact on our business, were we to remain in Australia.”
… Should the Bill proceed, Senetas said it could find itself, and up to 200 jobs, moving offshore to avoid perception issues.
… ”The Russians, for example, they haven’t even done it because they know to do it upsets other things far greater than what they are trying to do.
“You have a problem with insurgents in Syria, you don’t drop an atom bomb on those insurgents and see what happens, the consequences that happen to everybody else around. This is the equivalent of dropping an atom bomb to find some nefarious character.
“You will destroy, eventually, Australian’s own data protection — that’s what it is.”
The battle in Australia over encryption and data protection makes my eyes roll every time I read about it. But the Deputy U.S. Attorney General has similar ideas to the Aussies:
“There is nothing virtuous about refusing to help develop responsible encryption, or in shaming people who understand the dangers of creating any spaces—whether real-world or virtual—where people are free to victimize others without fear of getting caught or punished,” Rosenstein said.
He is wrong. There are myriad virtues for privacy, for freedom and liberty, for capitalism, for trust in the economy, and a bunch of other things. Rosenstein wants to manage to the exception — basically treating edge cases (criminality) as the norm — instead of manage by exception.
“Responsible encryption,” as the Deputy U.S, A.G. defines it, is weak encryption … at best.
Towards the end of the hearing, PJCIS chair Andrew Hastie justified the encryption-busting legislation due to the amount of methamphetamine use in his electorate.
“We use more ice in regional WA than in Sydney or Melbourne, so my point is from an economic perspective, we have a serious problem in this country with ice, and of course, my electorate has a large meth problem,” he said.
“I’ll just put on the record, different perspectives on this question.”
It’s not different perspectives. They are not related … except by exception.