The founder and non-executive chairperson of Senetas has warned MPs that the company, which makes high-grade network encryption products, could be forced to shift its manufacturing operations overseas if the government forges ahead with a new surveillance bill.
Francis Galbally appeared this morning before the Parliamentary Joint Committee on Intelligence and Security, which is currently considering a bill that could empower the government to force companies to modify their products and services to facilitate police surveillance and spy operations.
If the legislation is passed, the impact on companies like Senetas could be devastating because it would undermine trust in their products, Galbally said.
Without mentioning the company by name, he draw a comparison with Chinese telecommunications equipment manufacturer Huawei, which the government has banned from participating in the National Broadband Network rollout and the 5G networks being built by local telcos.
“There are technology companies that the Australian government is reluctant to deal with because they are domiciled in and subject to the laws of countries whose national security and law enforcement requirements open them up to potential vulnerabilities,” Galbally said.
“We will see exactly the same impact on Australian industry following the passage of these laws.”
China’s national intelligence law requires organisations to cooperate with and maintain the secrecy of work by the country’s national intelligence services. The legislation being considered in Australia, in addition to compelling cooperation and potentially constructing new features or modifying existing ones in response to notices from police agencies or the attorney-general, also contains stringent secrecy provisions.
Galbally said he had been told questions are already being raised within open source software communities about “what level of trust could be assumed of Australian developers”.
Australian academic institutions may be “locked out of collaboration with other institutions around the world because nobody will be able to trust them,” he said. “They will secretly, perhaps, and they’ll certainly be suspected of, collaborating with the government to develop tools to interfere with the Internet.”
The bill will “profoundly undermine” the reputation of Australian software and hardware manufacturers in international markets, he added. “There is simply no doubt that this will result in a significant reduction in local R&D and manufacturing as a consequence of declining employment and export revenue.”
“Foreign governments and competitors will use the mere existence of this legislation to claim that Australian cyber security products are required to use or collaborate in creating encryption back doors,” Galbally said.
A letter from Australian electronics manufacturer Extel submitted to the inquiry warned of the loss of up to $3 billion in export revenue. Extel CEO Greg Toland wrote that Senetas was a major customer of his company.
“Senetas have informed me that they could not manufacture in Australia if there was a risk that it would be required by a government agency to create a back door to its products,” the CEO wrote.
“What I find staggering is that a government that on one hand professes that cyber security is important also is prepared to put all of us Australians at risk by weakening the very security it professes is important.”
“This nation faces the real prospect of sales being lost, exports declining and local companies failing or leaving Australia,” Galbally told today’s hearing.
He said that attempts during the ’90s by the US to rein in access to strong encryption were a “disaster”. “You don’t think other countries haven’t thought about this and looked at it and thought it would be a good idea to do it?” he told the committee.
“You have a problem with insurgents in Syria – you don’t drop an atom bomb on those insurgents and see what happens, the consequences that happen to everybody else around,” Galbally said. “This is the equivalent of dropping an atom bomb in order to find some nefarious character. You will destroy, eventually, Australians’ own data protection.”
One of the key measures in the bill intended to counter claims that it will undermine security is a prohibition on requiring a company to introduce a “systemic weakness” into a product or service. However, Galbally and other critics have noted that the term is not defined in the bill.
“It’s axiomatic that if you make a modification and it’s secret and you don’t tell anybody else along the chain it will create a systemic weakness,” he told the hearing. “That’s not me saying this; every scientist around the world is telling you that… everybody’s telling you the same thing. It’s a bit like the people denying climate change.”
Senetas CEO Andrew Wilson said that secretly introducing a new piece of software or hardware into a system, which companies could be compelled to do under the bill’s provisions, “may give rise to a systematic weakness or system vulnerability that at the time of the introduction of that software or hardware may be unknown until many years later”.
The PJCIS has been under pressure to swiftly conclude its inquiry into the legislation.
Senate president Senator Scott Ryan this week wrote to the committee expressing concern that the bill could potentially affect parliamentary privilege. The senator noted that the covert use of surveillance powers could deny MPs the opportunity to raise a claim of parliamentary privilege. “These concerns may be exacerbated by the provisions of the Assistance and Access Bill 2018,” he wrote.
Dealing with the concerns may require “legislative amendment, providing that it is not lawful for proceedings in Parliament to be seized, accessed, listened to, recorded or observed by use of such powers”.