Another Open Letter to Luke Howarth (and Mark Dreyfus)

Following is the letter I sent to Luke Howarth, my Local MP on the 10th of October. I am yet to receive a response. The same letter was sent to Mark Dreyfus (QC, MP, Shadow Attorney-General and Shadow Minister for National Security). To date I have had a pro-forma response from Mr Dreyfus and no response yet from Luke Howarth.

<SENT 10th October 2018>
Mr Howarth,
My name is <REDACTED> and I am a resident in the seat of Petrie in Queensland. We met face to face a while back in a cafe in Redcliffe where we spoke about my concerns surrounding the government’s approach to encryption.

I am writing today to voice my concerns with the current Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, which is currently being reviewed by the Parliamentary Joint Committee on Intelligence and Security.

I would greatly appreciate the opportunity to discuss this legislation with you, if you have the time.

For the last twenty odd years, I have worked in the the IT industry for both Australian and US based companies. I have designed and built accredited security solutions for Federal Government, assisted Australian and global customers design, built and deployed technology solutions for eCommerce, Enterprise, Industry, Banking and Finance, and many others.

During this time, I have been front and centre in the products and technology stacks that are usually the first line of the encryption underpinning the trustworthiness of these business solutions.

I will not go heavily into details (although I am certainly happy to help you and your staff understand both the technology and the likely implications), as I know you are a busy MP.

What I will give you is the “Elevator Pitch” as to why the legislation, as it stands currently and the speed with which it is being pursued is such a bad idea:

1) Terrorists, Drug Runners and Paedophiles: These are always the “Go To” reasons for draconian approaches to encryption. While it is true that they use encryption, the approach suggested just means they will get their encryption from somewhere that this legislation can’t reach. In the end, the only people you will end up being able to surveil will be the “everyone else’s” who aren't major criminals.

2) It will weaken the Australian Economy: I am a product manager working with Australian technology start ups. The perception of systemic security / privacy weaknesses in any solutions we build, will immediately limit our ability to grow into the global market. It will hurt innovation and the tech economy. We saw this in China when the Snowden leaks revealed what the US was doing with US technology products. Entire US tech companies in the security space lost their Chinese revenue stream almost overnight, and it has fundamentally weakened all US based technology growth (both security and non security related products) in the region. The effects are still seen today. (https://www.scmp.com/tech/enterprises/article/1831657/nsa-spy-revelations-damaging-us-tech-firms-competitiveness-china)

3) The powers WILL be abused: The oversight and transparency suggested in the current bill is so incredibly weak, so as to be useless. I have worked in security for long enough to know that the greatest threat to any system, policy, practice or procedure is people, and more often than not, it is the people INSIDE the system. I have also worked in government for long enough to know that the systems suggested by this legislation will be abused at some point. Any legislation must be written so as to take this absolute certainty as it’s starting point, and only then can you start to build controls to manage that risk.

4) Proliferation of Rogue Nation Encryption: Imagine this bill passing: Do we want to live in a country where people trust encryption products developed in rogue nations such as Iran, more than those within the reach of this legislation?

If you would like to chat further on the topic, my contact details are below.

Cheers...
<NAME AND ADDRESS REDACTED>