"This Bill (which is now law) has a number of small but powerful provisions tucked away in its 220 pages – but none might raise more eyebrows than the provision regarding members of Parliament," Shearing pointed out in his analysis which came to iTWire's notice after InnovationAus editor James Riley mentioned it.
"While the rest of the Australia (and in many cases, the world) is subject to the new legislation, the only people who are expressly excluded from everything in the Bill are the very people who rushed it through Parliament in the first place – the politicians."
And in a sarcastic aside, he added: "It’s not a big deal though – it’s common knowledge that our politicians are the most trustworthy and transparent of anyone in our society. I, for one, am glad they have blanket immunity."
Shearing mentions the danger that the law poses to the technology industry in Australia many times.
"If I was advising an international company on this Bill, I’d say they must assume that any data originating in Australia is being routed via Australian intelligence servers," he wrote.
"I’d also say there’s a the much higher chance that Australian software will be breached by hackers and malicious actors. I suspect many experts will recommend avoiding Australian software and staff altogether – which some organisations have already begun doing.
"This is tough, because most Australian companies probably haven’t been served with a notice yet.
"Business, however, is cold and pragmatic, and there’s little room for doubt when you’re talking about data security. It’s entirely possible that, when weighing options for service agreements or software development, one of the first questions asked will be 'Who has an Australian presence?'
"Much in the same way that low university grades are filtered out of job application processes early, being ‘Australian made‘ may get you automatically removed from shortlists quicker than you can say 'there should have been a referendum on this'.“
Also listed in his analysis are a number of measures that can be taken to minimise the impact of the law. One that Shearing cites is, "Wherever possible, put measures in place to monitor your software for unauthorised alterations and suspicious activity from your employees.
"The Bill gives authorities the power to compel employees to make changes without the knowledge or involvement of anyone else in a company. If you’re unaware of the existence of a notice, you must treat any unauthorised alterations as a cyber attack and deal with it accordingly."
And his advice to international firms does not sound good for Australia. "If you’re an international company, seriously consider if you still want to do business in Australia. You may save a lot of time and money by simply excluding Australia from your business until our government comes to their senses. How overseas companies will interact with this Bill (and what they can be forced to do) is still something that requires further thought and will probably form a Part 2 of this article."
An inquiry is now underway into the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 by the Parliamentary Joint Committee on Intelligence and Security. The PJCIS is expected to submit a report to government by 3 April.