Officials mull effect of Aussie encryption law
New Zealand government officials say they are looking into the implications of Australia’s controversial ‘‘anti-encryption’’ law but have not yet issued any advice to agencies.
Many Kiwi businesses and some government agencies have outsourced their information technology requirements to cloud-computing services in Sydney over the past several years to take advantage of economies of scale offered by the likes of Amazon Web Services and Google.
However, that trend may be threatened by an Australian law that means technology firms and their staff can be compelled to help Australian federal authorities gain access to encrypted communications.
Many technologists have argued the law change – which is regarded as a potential precedent for other ‘‘Five Eyes’’ countries – could fundamentally undermine security by requiring internet giants such as Amazon, Apple and Google to build ‘‘backdoors’’ into their services that could then be exploited by hackers. The Internal Affairs Department said it had not yet provided advice to Kiwi government agencies that use Australian-based cloudcomputing services. But spokeswoman Amanda Duncan said it was ‘‘working with other agencies to consider the implications’’ of the Australian legislation. The former National government removed most restrictions on government agencies using overseas cloud-computing services in 2016. That was despite acknowledging the move could allow other countries to access their data for ‘‘law enforcement, national security or other reasons’’.
Don Christie, director of Wellington tech firm Catalyst, said Australia’s move would undermine the protections offered by the likes of Amazon Web Services (AWS) and Microsoft Azure and make it more likely that criminals could access data.
Catalyst offers a New Zealandbased cloud-computing service that competes with the likes of AWS and Microsoft Azure.
The Government had been ‘‘negligent’’ in avoiding doing due diligence on the use of overseas data centres in the past and the encryption law should bring ‘‘focus to the need for that and on how tied they are to particular platforms and services’’, Christie said.
Graeme Muller, chief executive of industry body NZTech, doubted the ‘‘anti-encryption’’ law would result in Kiwi firms abandoning cloud-computing services in Sydney in big numbers and bringing their IT back home.
But he believed it might result in large global IT firms thinking more carefully about using Australia as a base, saying that could have knock-on implications for New Zealand.