“It will essentially put them out of business”: Aussie AA Bill a threat to local startups

encryption bill

Source: AAP/Mick Tsikas.

The Australian government has passed the controversial Assistance and Access Bill 2018 (AA Bill) on the final sitting day of the year, and without any of the amendments originally proposed by the Labor party.

The bill will allow law enforcement to access encrypted communications they believe may contain plans for illegal or terrorist activity.

However, concerns have been raised any back-door access would inherently weaken security. If it’s possible for the authorities to access encrypted data, it’s possible for cyber criminals to access it, too.

Speaking to StartupSmart about the bill in October, Josh Jessop-Smith, co-founder of blockchain startup Loki, said for startups like his that are built on encryption, the passing of the bill would “100% undermine the entire project we have here”.

One of the major concerns about the bill is it will drive tech companies and startups out of Australia, with Jessop-Smith saying Loki was “seriously considering doing the majority of our work elsewhere”.

The reaction among the startup community on Twitter has been largely one of rage from locals and disbelief from afar, with some questioning whether ministers fully understood what they were voting for.

Speaking to StartupSmart, Monique Mann, a research fellow in regulation of technology at the Queensland University of Technology, says the threat of startups leaving Australia is very real.

She points out there has been debate across what constitutes a “systemic weakness” under the bill, however, it hasn’t really been noted “it’s the obligation of the company or developer to be able to audit this and there are associated costs”.

While large companies may have the resources to manage those costs, for “small fish”-like startups, there’s a chance “it will essentially put them out of business”.

The fines for non-compliance are also significant. While fines for breaching the EU’s General Data Protection Regulation are 4% of a company’s annual turnover, fines for breaching the AA Bill legislation could reach $10 million, regardless of a company’s turnover.

Again, these fines are manageable for to a large or multi-national organisation, but could be devastating for a startup.

Mann predicts the government will “try and come after non-compliers with a stick”, noting there is also a risk of up to five years’ jail time if companies do not hand over data.

The new legislation is also “fundamentally incompatible” with GDPR, which protects the data privacy right of all European Union citizens including those living in Australia and is generally seen as a benchmark for data protection policies, globally.

GDPR requires “data protection by design and default”, Mann says. The AA Bill, on the other hand, mandates “information insecurity by design and default”, she says.

“There are real questions around what the implications will be on the Australia tech industry and startup industry.”

A statement from StartupAus noted the need to combat criminal activity, but said the bill “is both ineffective at doing so and creates a significant burden for the local technology sector”.

In the statement, Alex Gruszka, chief executive officer at StartupAUS, pointed to the “increasingly hostile political attitude” towards startups and tech companies outlined in the StartupAus Crossroads report released last week.

“In an environment where legislation is difficult to pass on any issue, it is particularly frustrating to see bipartisan support for a bill that furthers Australia’s tech-phobic position in comparison to its international peers,” Gruszka said.

The bill places a unique regulatory burden on startups, limiting the security they can build into their systems and burdening them with additional costs.

“While some reimbursement possibilities are included in the bill, startups typically exist with very short cash runways and are put at existential risk when having to conduct significant activity that takes away from core business,” Gruszka said.

Finally, startups will be “left hamstrung” in export negotiations, he said.

“No global company will choose a weakened system provided by a company whose employees can be legally forced to comply with the Australian government.”

NOW READ: Mandatory data breach reporting: Here’s what your business needs to know

NOW READ: The right to be forgotten: Protecting privacy in the age of blockchain

Trending

COMMENTS

Subscribe
Notify of
guest
6 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Dennis Levy
Dennis Levy
1 year ago

Australians all let us rejoice,
For our bureaucrats are free
To read your emails and punish you
For chatting to someone across the sea

Our land abounds in nature’s gifts
Of LNG and coal rich and rare;
If you post on smartcompany we will dob you in
Advance Australia Fair.

XdenkA
XdenkA
1 year ago
Reply to  Dennis Levy

Lol

Eric Vigo
Eric Vigo
1 year ago

Yeah but, you guys will still vote for them though, won’t you ….

Krzysiu Kowalczyk
Krzysiu Kowalczyk
1 year ago
Reply to  Eric Vigo

ofc they will, most people know as much about encryption as those old farts who came up this bill.

Eric Vigo
Eric Vigo
1 year ago

Yes, I agree. I’m saying that those who even write how terrible this is, have a likelihood of voting Libs anyway because reasons. Not that I know the author and those who run Startup Smart would reflexively vote for the Libs, but the business community is relentlessly pro-Libs. You could say this is the CODB (cost of doing business) for the other things the Libs do which are way more important: pay others less money, and pay less taxes.

There is pride in the startup scene that you can and do jump around, exiting out of one business and investing in another (as if they didnt actually care about what they were running a business around), so if this legislation stops them disrupting, they’ll disrupt somewhere else and get funding for that. Meh.

Frank Warwick
1 year ago

No one will want to do business with an Australian company,, I know I wont. I am moving my 2 businesses to operate out of Hong Kong, goodby to my Aussie tax dollars, goodby to employing Australians and we will probably ban the Australian IP addresses. its not going to be good to be Australian if you do business on the internet.