Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Tuesday, 19 March 2019 09:58

Like Splunk, Aust firms may also have to give up business abroad

Like Splunk, Aust firms may also have to give up business abroad Image by Christine Schmidt from Pixabay

The same fate that befell big data analytics company Splunk last month — having to pull out of doing business in Russia — is likely to be shared by many Australian technology companies in the same or other countries once the Federal Government's encryption law begins to make its presence felt.

Splunk announced it would no longer sell its software and services to organisations in Russia, and, to date, no reason, apart from some bizspeak — "[we are] continually evaluating where we are investing and focusing our company resources" — has been advanced to account for the decision.

But is fair to assume that Moscow would have asked for access to the source code of the application – and many companies are now fighting shy of granting such requests, especially given the hostile state of relations that the US enjoys (!) with many other nations.

If that same demand was made of an Australian company which had complied with a demand from the authorities to build in functionality — which can be demanded under the encryption law — there is no way it could accede to a request to provide its source code. That would mean a term behind bars.

There is nothing unusual about requests for source code: China allowed Microsoft to supply a version of Windows for its public sector only after the Redmond giant had allowed Beijing to look at the source in its entirety. Given the oodles of money in that market, Microsoft did not hesitate.

But then it has no vulnerabilities built into its code by the US Government. Or, at least none that have been discovered so far.

For the uninitiated, or those who have been living under a rock for the last eight months, the Australian encryption law — officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 — was passed in December 2018.

(An inquiry is now underway by the Parliamentary Joint Committee on Intelligence and Security. The PJCIS is expected to submit a report to government by 3 April.)

Under the law, the authorities can get industry to aid in gaining access to encrypted material in three ways. A technical assistance request (TAR) allows for voluntary help by a company; in this case, its staff would be given civil immunity from prosecution.

Else, an interception agency can issue a technical assistance notice (TAN) to make a communications provider offer assistance.

Finally, a technical capability notice (TCN) can be issued by the attorney-general at the request of an interception agency; the communications minister of the day would also need to agree. This would force a company to help law enforcement, by building functionality.

But if the company or individual who is asked to build in functionality breathes so much as a word about it, then he/she/they would all end up eating dry bread and water in one of the many prisons in this big, brown land.

So, if an ambitious Australian company wants to sell its wares abroad — many already do and are much valued — and if the prospective buyer asks for an assurance that there are no doodahs in the code of the product, how does the Aussie firm offer that assurance if it has been approached and has satisfied a request for "help"?

Without that assurance — and often an inspection of the code itself — no buyer would be satisfied.

Australia has used similar logic to exclude Chinese telco equipment vendor Huawei Technologies from its 5G networks – even though Huawei has offered its source code to the authorities for inspection!

There have been muttered arguments about Communism and capitalism, and angry noises that the Australian and Chinese systems cannot be compared.

But such arguments — "trust us, we are fair dinkum Aussies" — will be worth nothing if it comes to a request for source code and the company which is seeking business abroad cannot meet the request.

The only option left will be to dig up some bizspeak the way Splunk did. This site should help.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments