The startup community still has serious misgivings about the Assistance and Access Act passed into law late last year, and individuals must come together to stand against it.
That’s according to a panel of speakers at the Safe Encryption Australia event, supported by StartupAUS and InnovationAUS.
Some 320 tech leaders and other industry participants gathered at Fishburners for a panel discussion chaired by Girl Geek Academy co-founder Sarah Moran, as representatives discussed the challenges the act poses for the ecosystem as a whole, and what can be done to change it.
The so-called AA Bill passed in December last year, and an inquiry reviewing the bill was accepting feedback until February this year.
The 62 submissions filed included feedback from the Department of Home Affairs, Internet Australia and the Australian Human Rights Commission, as well as a submission from StartupAUS which gained the support of 420 signatories.
Atlassian co-founder Scott Farquhar said the Aussie tech giant has seen pushback from international clients concerned about what the bill means for them, as well as concern from its employees.
However, there are also implications for the economy, he said, and this is what politicians should be paying attention to.
“This law threatens jobs,” Farquhar said.
“Everyone in Australia votes for people who are going to deliver jobs.”
While Farquhar recognises the importance of safety and national security, he suggested this should be paired with economic security.
None of the proposed amendments to the bill will affect the ability for security services to do their jobs, he said.
“It just reduces the blast radius that affects all of us.”
Also speaking on the panel, Nuix founder Eddie Sheehy said, having grown a digital investigation and cybersecurity business that often worked with law enforcement, “I can see both sides of the argument”.
The government is concerned about serious threats, “and what they’re trying to do with this bill is credible”, he said.
“I can understand why law enforcement wants more capacity to deal with those threats.”
On the other hand, he now mentors startups, and is currently considering investing in one.
“If these laws go through, I could be pissing that money up against a wall,” he said.
The employee problem
One amendment Atlassian is pushing for, in particular, is clarity on how the act affects the employees of tech companies.
As it currently stands, it appears employees can be mandated to provide assistance to law enforcement in monitoring communications. Just telling anyone about this could land employees up to five years in prison.
However, the bill is unclear in this, Farquhar said.
“Can employees be compelled to work against their employer in a way where they aren’t allowed to talk to their employer, and there is a threat of jail time if they do?
“That’s just a weird spot to put employees in,” he added, noting that it may well put people off entering the tech sector.
Sheehy also cast doubt on this part of the bill, saying he couldn’t understand how this would work in practicality, without the people who run the business realising.
“People work in teams, and there are fail-safes and code reviews and log files,” he said.
“Nothing can be done without somebody else being able to see.”
However, there are also moral implications that many developers and IT managers did not sign up for.
To be asked to work against their employers in this way “would be a personal disaster for them”, Sheehy said, predicting that many would “probably just get up and leave rather than be put in that place”.
That said, Farquhar noted we should not “assume malice when incompetence will suffice”.
It’s not that the act sets out to “conscript” employees, he said.
“I think it’s so poorly written that ends up being the outcome rather than the intent,” he adds.
“That’s why it befuddles me the government isn’t rushing to fix poorly written legislation.”
Another oft-cited implication of the act is what it means for the perception of Australian technology companies overseas.
Nicola Nye, chief of staff at email provider FastMail, said she has already seen people leaving the service, or considering joining and deciding against it — something the firm has already detailed in its submission to the bill consultation.
She has even had customers who are not citizens of Australia putting in their own submissions, she said.
However, putting up a fight and drawing more attention to the issue means businesses risk even more customers feeling at risk and taking their business elsewhere.
“We can’t even visibly fight back, because that creates reputation damage,” Nicola said.
“It’s a very tricky line to run here.”
Moran, who has from the beginning been vocal in her opposition to the bill, also explained she has spoken to leaders in the technology who said they would have like to have spoken up a little more.
“But, at the same time, the reputational risk is too high,” she said.
Who asked you?
The panellists noted a serious lack of consultation when it came to drawing up the bill in the first place.
“It comes back down to communication,” Sheehy said.
“The people who write this bill didn’t take into account the people on the ground”.
Sheehy explained many startups have their heads down, pouring blood, sweat and tears into their business with skeleton staff and not enough hours in the day.
“Those individuals, even when it’s important, rarely have time to get down and advocate on their own behalf,” he said.
But the government should find advocates for those people. People who have been in the trenches, who understand what life is like for a tech startup, and who can speak for them.
“They need to have those conversations with people who are experts … who understand what it’s like to live in the world they live in,” Sheehy said.
According to Farquhar, even a tech giant like Atlassian wasn’t consulted at any point in the discussions.
The law says it applies to anyone that connects to the internet, he explained. But when the founders asked why they were not consulted, they were told it didn’t apply to them.
Of course, according to the wording of the legislation, it does apply.
Farquhar and co-founder Mike Cannon-Brookes were “asked to trust that the laws won’t be applied in those ways”, he said.
“We either get consulted, because it applies to us, or it gets written in a way that doesn’t apply to us,” Farquhar added.
Now, the business is in “a dangerous place”, he said.
“We’re in a weird situation now where people are saying trust us that the law won’t get used in that way.”
There is no excuse
Finally, Moran called on attendees and the tech community to take action, calling this “an opportunity for us to hold the government to account and to hold our representatives to account”, and to present an opportunity to make change.
Nye explained that, while it can be difficult to speak up publicly, people working in tech could put pressure on their local MP.
“There are also a number of organisations that have the resources to advocate on your behalf”, she said, such as Electric Frontiers Australia, Digital Rights Watch and the Australian Privacy Foundation.
She also urged people simply to speak about the issue.
“There are plenty of people out there who don’t know what’s going on,” she said.
“You can be part of that advocacy for change.”
Farquhar encouraged attendees to “have substantive political debate without point-scoring”.
Polarised and emotive debates can lead to “very bad political discourse”, he said.
“That’s the most important part, because then politicians have to engage in real debate, as opposed to sloganeering on either side,” he added.
Finally, Moran also called on the audience to write to their local parliament representatives and to make their own voices heard.
“There absolutely isn’t an excuse. We can’t do it for you. We cannot be your voice,” she said.
“I can be one voice. I can’t be 320 voices. That’s your job.”