“Insider threats”: Mozilla and FastMail sound alarm about Aussie staff as AA Bill incentivises moving elsewhere


Mozilla's flagship Firefox browser.

Two large technology firms have raised concerns about the effects of the Assistance and Access Act 2018, or the AA Bill, particularly regarding the effect on their employees, with one suggesting Australians are likely to lose jobs.

Browser provider Mozilla and hosted email provider FastMail each made submissions to the inquiry into reviewing the AA Bill, which has caused controversy in the Australian scene.

Both expressed concern that individual employees could be mandated to make changes to their systems, and about the position that places staff in.

Mozilla said companies may have to view all Australian employees as “insider threats”, ultimately taking their tech teams elsewhere.

Submissions closed on February 22, with 62 submissions filed. These included input from the Department of Home Affairs, Internet Australia and the Australian Human Rights Commission.

A submission from StartupAus gained the support of 420 signatories, including Atlassian co-founders Mike Cannon-Brookes and Scott Farquhar, Canva founders Melanie Perkins and Cliff Obrecht, Girl Geek Academy founder Sarah Moran, and AirTree ventures partner Daniel Petre.

In its submission, Mozilla stressed it does not think the bill should have been passed in the first place, “and we believe the best possible path is to repeal this legislation in its entirety and begin afresh with a proper, public consultation”.

However, it noted one of the main issues is the ability of law enforcement to target employees of a designated communications provider (DCP).

“It is easy to imagine how Australian authorities could abuse their powers and the penalties of this law to coerce an employee of a DCP to compromise the security of the systems and product they develop or maintain,” the submission said.

This would remove the opportunity for a DCP to avail of protections allowed under the law, but would also “force DCPs to treat Australia-based employees as potential insider threats”.

This, in turn, comes with the risk of “incentivising companies to move critical roles to other localities”, the submission continued.

The submission from FastMail expressed similar concerns, with chief executive Bron Gondwana asking for clarity on what employees could lawfully be asked to do.

Staff have expressed concern they may be forced to add so-called back doors into systems, “and be unable to tell us why they have made these changes”, Gondwana said.

While he believes it is much more likely that a company itself would be targeted, not the individual, “if this is the case, the law should be written to this exact intent rather than leave it to hoping that it will be handled reasonably when put into practice”.

Gondwana stressed changes to manage a technical capability notice (TCN) should not be kept secret. It’s this secrecy that is causing concern to staff, he said.

“Our staff are curious and capable  if our system is behaving unexpectedly, they will attempt to understand why,” he explained.

“By far the biggest concern for our staff is that they would inadvertently leak information about a capability that we had built in response to a TCN, possibly not even knowing that it was built for a TCN.”

Gondwana said FastMail has already seen adverse effects on business as a direct result of the AA Bill.

“We have seen existing customers leave, and potential customers go elsewhere, citing this bill as the reason for their choice,” he said.

“Our customers are deeply concerned that they cannot trust the Australian government to properly manage, monitor and control the flow of access requests. They don’t trust the government’s technical capabilities (activities around the MyHealthRecord and Robodebt are sources for justification for this view).”

While FastMail is based in Australia, some 90% of its customers are not.

“Australia’s reputation as a country which respects the right to privacy has been damaged,” Gondwana said.

He anticipates a reduction in foreign investments in startups, “as people refuse to put money into a product that can be compromised without warning”.

At the same time, tech companies in Australia are likely to find it more difficult to export products and services.

“We are regularly being asked by customers if we plan to move,” he said.

“In addition to affecting current businesses, this bill has a chilling effect on anyone who might be considering starting a business. Technology companies have a choice of location that bricks-and-mortar companies do not,” he explained.

“If Australians with great ideas choose to take their intellectual property to another country, it has a negative impact both by reducing future tax revenue and by depriving the technology community in Australia of another entrant.”

NOW READ: How will Australia’s encryption bill affect the startup ecosystem? And should you be worried?

NOW READ: “Another massive kick in the guts”: Ongoing R&D debate causes more uncertainty for startups and for Australia’s economic future


Notify of
Inline Feedbacks
View all comments