Australia’s data encrytion laws, which compel tech firms to give police and security agencies access to encrypted messages, are an oppression of human rights, according to a visiting cyber expert.
Joseph Carson, the chief security scientist at cybersecurity software firm, Thycotic, told CIO that the new laws are putting Australia on par with the likes of Saudi Arabia, China and Russia when it comes to privacy.
“When we talk about human rights and privacy…and the countries that suppress [these rights] such as Saudi Arabia and China, we speak about people’s right in the physical world. When we view it in a digital scenario, that law is actually an oppression of human rights,” Carson said.
Carson is also an advisor to governments, including Estonia, which is considered one of the ‘Digital 5’, the five nations that are world leaders in digital transformation. He spoke at the Gartner Security and Risk Summit this week about privilege access management, drawing from his experience during implementations in Estonia.
“It’s quite shocking that in one scenario from a physical world, [the government] has one opinion but in a digital world it’s the opposite.
"You want to have some ability to reduce the risk of terrorism and threats within the country but at the same time traditional police work actually does solve that. Globally, a lot of the terrorism threats have actually been eliminated and reduced due to investigative work [done by police]."
Carson said nation-state attacks represent less than one per cent of attacks globally with the majority coming from individual cyber criminals. "The biggest [cyber] risk is from across the seas from cyber criminals who are acting beyond the laws of the country.”
Like other western countries, Australia should have taken a closer look at the European Union’s General Data Protection laws which enable nations to deal with external threats outside their borders, he said.
“So what you are doing is putting pressure on other countries to come to your terms rather than actually forcing technology companies to come to your terms.”
Carson described the benefits of GDPR using a shipping analogy.
“If you think about the shipping industry, GDPR is really about putting a flag (which are used on ships), on data so no matter where that data flows in the world, it almost ties back to the origin of that data which is in the EU.
“In the shipping world, the ships travel through international waters – which is cyberspace – and the flag on the vessel is where the legal boundaries lie. GDPR establishes that type of scenario in cyberspace,” he said.
“GDPR has done a really good job of this – of course it’s evolving and improving – but it has a pure focus on privacy and transparency at the core of it, security by design. There are legal frameworks around [protecting] critical infrastructure such as power, finance and health [systems] that institutions and private companies need to adhere to.”
Like China, Australia has done the complete opposite and can now surveil people and use this information even if there isn’t a legal warrant to suggest that a crime has been committed.
He added that Australia’s laws are likely to have a negative economic impact too as global technology companies, working within the EU and California, may reconsider growing their presence and offering services to citizens here.
"So from an economic perspective it could have a negative effect - it could actually harm the government and also harm creativity. And what you will find is that those companies, rather than actually locate in Australia, will take the talent from Australia and put them in other countries."
Follow Byron Connolly on Twitter: @ByronConnolly
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.