Thursday, 13 December 2018 08:14

Aussie software firm claims encryption law will slash its profit Featured

Aussie software firm claims encryption law will slash its profit Pixabay

The head of a small unnamed Australian-headquartered software company claims that its tax payments will drop from $800,000 in FY18 to $400,000 in FY19 and just $2000 in FY20 as a result of changes it has decided to make to protect itself in the wake of the government's encryption law being passed.

In a post on Reddit, this individual said he/she had obtained two legal opinions before deciding, that as of 1 January 2019, all customer contracts held by the Australian branch would be novated to one of the firm's European or American subsidiaries, and customers were being informed about this.

Further, the unnamed individual said that customers would make payments through these subsidiaries and be allowed to keep 40% as a margin to avoid transfer pricing issues, making them resellers.

"All code written by Australian engineers will be reviewed by engineers in other countries," the post said. "This already happens as part of code review.

"Any suspect code will be removed [at] the reviewing managers' discretion without the explicit agreement of the Australian manager. This part is new and our advice states this will mitigate the risk to the Australian engineer."

The individual said that all hosting would be migrated to providers outside Australia and hosting contracts would be with overseas subsidiaries, adding that 95% of the unnamed company's hosting was already done this way.

As a result of these changes, the head of this firm said that the Australian headquarters would declare 40% less revenue for tax purposes, relegating it from being highly profitable to just about breaking even.

"So tax from us will go down from around $800k in FY18 to probably $400k in FY19 and around $2k in FY20," the unnamed individual said. "None of our staff will see any difference in employment or conditions. All that said we will probably know more after a few weeks/months of the law in operation."

Among some of the comments in response to this post, was one that claimed that as long as this business had any operations or staff in Australia, it was a risk to all its customers whether they were Australians or not, and whether the infrastructure was hosted Down Under or not.

In response, the unnamed individual raised two interesting hypothetical scenarios:

"Some terrorist group is using Linux and there is a legitimate threat. Someone who is contributing to the Linux kernel in Australia gets a TCN [a technical capability notice, one of the three notices that the new law enables law enforcement to serve on industry in order to force it to co-operate in building in new functionality to serve as a backdoor].

"No other contributors or the kernel developers know about the TCN. They write code and submit, which is picked up by the peer review process and leads to a classic Linus Torvalds rant. Now I would pay to watch this, but at the end of the day the code is not going to get in. It is not the fault of the Australian engineer or the peer reviewers.

"Who will get prosecuted in Australia? [The] Australian engineer who did what was asked? Peer reviewers who did not know about the TCN? Linus Torvalds? Replace Linux with any software platform and Linus with your engineering manager and you see the problem."

A second hypothetical scenario outlined was this: "Australia is in a trade dispute with country X. There is arbitration at the WTO [World Trade Organisation]. There are many Australians who work for the WTO. [A] TCN is issued to one or more of these individuals in Geneva or New York and now they have to tell the Australian Government all about the negotiating positions of the counter party. This is clearly absurd. Replace WTO with any organisation not based in Australia and now you see the problem here too.

"Both of these are practical issues. The parliament can pass a law that says X must be done, but if there is no practical way of doing it what are the consequences?"

The encryption law took effect on 6 December after the Labor Party agreed to pass it without any amendments due to the fact that the House of Representatives had risen for the year. Labor leader Bill Shorten says he has secured a pledge that 50 pages of amendments will be passed in the new year, though the government says it has only agreed to consider them.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments