If you’re storing data Down Under, you're likely re-thinking that decision, says Microsoft president

Yesterday, Microsoft President and Chief Legal Officer Brad Smith said many of its government and enterprise customers want to build data centers outside of Australia. He said that they’re very concerned with Australian legislation passed last December that may leave their data ripe—at least more ripe—for the cybersecurity picking.

Combined, Labor and Coalition parties may have succeeded in leaving the backdoor open

The legislation, titled The Telecommunications (Assistance and Access) Act, basically allows Australian law enforcement to, as it sees fit, hack, implant malware and be given backdoor access to companies, including the biggies, such as Facebook, Google and Apple. The goals of the act, which was fervently opposed by the conservative Labor Party, were admirable—find and catch digital evildoers. Who can argue with that? But the Labor Party was afraid of giving the government that level of free rein, so they agreed to a compromise that limited its powers only to investigate terrorism, child sexual offences, or any offense that would bring about a term of at least three (3) years in prison. If it sounds like those “limits” could be stretched due to ambiguity, it’s because they can. By all accounts, the legislation is vaguely worded.

Many in the Labor Party are already expressing regret that they agreed to the legislation in the first place. Yesterday, Labor spokesman Ed Husic told a technology forum in Sydney that he wished he could turn back time. They reportedly agreed to the restructured bill because they feared that blocking it would ultimately result in the Labor Party being blamed for a terrorist attack that was suspected to take place around Christmas. It never came.

Just last week, Labor claimed Coalition is already reneging on the agreement by not supporting amendments previously published in a bipartisan security report.

Broad security measures

The list of measures the Australian government can utilize is long and as broad as the Mighty Mississippi. It includes, among dozens of other elements, its ability to remove an organization’s form(s) of electronic protection, facilitate access to its services and equipment, install or update security software, modify technology, and be able to conceal that any of the aforementioned measures have taken place.

Several concerns by several players

Australia’s Communications Alliance, which is the country’s primary lobbying group for the technology sector, fears the law will take a chunk out of the country’s $3.2bn technology export business. Due to it, they claim, companies and countries will restrict Australian imports because of concerns that Australian devices will be more vulnerable.

Australia’s Human Rights Commission is concerned the law could result in suspects being tricked into providing access to encrypted messages. For instance, an email to an individual or entity instructing them to update an application could ultimately provide the police or a government agency access to users’ devices.

The Labor Party’s Scott Ryan, the current Senate president, is afraid it will allow agencies access to devices utilized by members of Australia’s Parliament. So, parliamentarians would lose the opportunity to claim parliamentary privilege concerning material seized under warrant. File this under the heading CYA.

Smith acknowledges that the law certainly wasn’t written to push open backdoors and create vulnerabilities, but he’s hearing many companies and governments claim that they’ll no longer put their data in Australia. “So,” he says, “they [customers] are asking us to build more data centers in other countries.”

Forget the politics; secure your network

To find out how to shore up your organization’s security posture, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of organizations of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

Author

GDT

View all posts

Share this article

GDT Security VP on Leveraging AI & Machine Learning in Cybersecurity

By Chelsea Brickwedel
April 3, 2024

As the head of GDT’s security practice and an industry veteran, Jeanne Malone and her team help customers worldwide advance their cybersecurity posture. One of the biggest cybersecurity game-changers is artificial intelligence (AI). We asked Jeanne to weigh in on leveraging AI and machine learning in cybersecurity to improve intrusion

Guard Against the “Elite Eight” Cybersecurity Threats of 2024

By Jeanne Malone
March 26, 2024

NCAA basketball coaching legend Bobby Knight once said: “Good basketball always starts with a good defense.” Winning teams understand their opponents’ strengths and weaknesses, as well as their own. They study their opponents’ plays and anticipate their next moves. The same concept is true for cybersecurity, which is why, at

Newly Launched GDT NaaS, Powered by Juniper Offers Modern Approach to Networking

By GDT
January 31, 2024

Dallas, Texas, January 31, 2024 – General Datatech (GDT), a leading global IT services provider, has worked with Juniper Networks to launch GDT Network as a Service (NaaS), Powered by Juniper. This modern networking approach simplifies network design, implementation, and management by delivering a flexible, subscription-based option to access the industry’s