Australia’s encryption laws have now been in place for a year, after the Telecommunications and Other Legislation (Assistance and Access) Act 2018 was rammed through Parliament in order to, as former Opposition Leader Bill Shorten said, “keep Australians safe over Christmas”.
Being rushed, the laws have continued to face heat, both locally and abroad.
Speaking with a handful of journalists during Amazon Web Services (AWS) re:Invent last week, president of security engineering and AWS CISO Steven Schmidt discussed Australia’s encryption laws and did not rule out the potential to challenge the law in court.
“Encryption is one of those topics that is extremely complex and it’s something where, like everyone else, we recognise the legitimate needs of law enforcement and intelligence organisations to protect people,” Schmidt told journalists.
“At the same time, we have to make sure that any implementation of a particular law or regulation understands the privacy requirements of people everywhere, and it is extremely dangerous to build in backdoors in encrypted systems.”
As the Bill is only a year old, Schmidt said it’s unclear what the actual implication is going to be, saying it is a matter of waiting to see what happens over time.
“But what we’re very concerned about is any kind of regulation or law that would require a company to build a backdoor in encrypted systems,” he said.
“We’ve heard a lot customers ask questions, we’ve heard a lot of customers be concerned about it, what we advise customers to do in those circumstances is just use the encryption services that we’ve got, we will make sure to help them architect their systems and services as efficiently and effectively as we possibly can, and we’ll see what happens.”
In not ruling out a challenge to the law, Schmidt said that in circumstances where the future is unknown, his company would continue to advocate “very strongly” on behalf of its customers.
“When we’ve had overreaching requests from the US government for example, we’ve been very strong about our opposition to those sorts of things and filed public briefs in support of cases by even other service providers,” he added.
Government-wide cloud deal a ‘tremendous success’
The cloud giant in June signed a new whole-of-government deal with the Commonwealth of Australia, allowing all federal, state, and territory agencies and departments, as well as public universities and government-controlled corporations, to access AWS Cloud services.
According to AWS Worldwide Public Sector Asia Pacific regional managing director Peter Moore, the arrangement, which was facilitated by the Digital Transformation Agency (DTA), has been a “tremendous success”.
Speaking with ZDNet during re:Invent, Moore said that in addition to the key government agencies who were the launch agencies for the arrangement, the company has seen a “huge number” of agencies sign up.
“Beyond that, it’s exceeded our expectations in terms of going to both state governments and also other government affiliates that are signing up for the program,” he said.
“The pain of a state government trying to come up with a procurement vehicle that’s constantly refreshed and where they’re getting the most value for money has sort of gone away now because everyone’s able to sign up for this central arrangement … we’re very happy.”
Moore said in addition to the likes of Australia Post, who were one of the initial signatories to the agreement, a number of agencies who were taking a long time to even consider cloud have used the new deal as the catalyst to start their journeys.
With the Australian Bureau of Statistics (ABS) running the 2021 Census on AWS, Moore said everything is going to plan.
“Our previous projects with the Australian Bureau of Statistics were delivered faster than expected and under budget and we expect that to be the case here,” he said, saying he was cautious not to count his chickens until they’ve hatched. “We’re working very closely with PwC who are the system integrator involved, the Census is too important to fail again.”
In addition to scoring a government-wide arrangement, AWS in January received certification from the Australian Cyber Security Centre (ACSC), allowing the cloud behemoth to provide storage for highly sensitive government workloads out of its AWS Asia Pacific (Sydney) Region.
AWS Australia and New Zealand managing director Paul Migliorni said Australian organisations are realising there now aren’t any rational blockers in moving to the cloud.
“AWS is founded upon trust, and I don’t use the word flippantly. So if I’m a government agency, and I’m handling sensitive citizen data, they’ve got to work through a process of doing diligence,” he told ZDNet.
“What we’ve done is integrated with the various government agencies using the service, and it has been a journey … they’ve been doing advanced work for a long time. But getting to something like IRAP protected is a big deal — certifying protected workloads is a big deal.”
Pointing to the likes of Australian health fund NIB, which moved one of the first systems of record in the country to AWS, Migliorini called it a “big milestone”.
“We’re at a point now where there aren’t any rational blockers for cloud adoption anymore,” he said.
“I think there’s still some emotional and perceived ones, but I think there aren’t any rational ones.”
According to Migliorini, the region is among the most advanced markets in the world, and with the slew of new products announced during the cloud giant’s annual conference, he expects local companies to further adopt artificial intelligence and machine learning capabilities.
“I would argue that Australia is kind of right at the leading edge of cloud adoption, globally,” he said.
“I think we’re going to see more and more practical applications of machine learning and AI in Australian enterprise and government, and the startup sector.”
Asha Barbaschow travelled to re:Invent as a guest of AWS.
READ MORE HERE