Updated 4 October 2018 – see De-encryption De-encryption Bill currently before Joint Committee.
According to the ABC website, in the next few weeks Cyber Security Minister Angus Taylor is poised to present new legislation which once passed will require technology companies and multinationals to assist law enforcement to access encrypted data of “suspected criminals and terrorists”. Currently, the bill is not yet before parliament but should appear on its website once officially announced.
In February, the government has indicated its plans to tackle criminal use of encryption with the Honourable Peter Dutton MP stating in an address to the National Press Club:
“Law enforcement access to encrypted communications should be on the same basis as telephone and other intercepts, in which companies provide vital and willing assistance in response to court orders.”
In April, Dutton confirmed in his opening address to the Australian Cyber Security Centre Conference the government has created legislation which requires telecommunication companies to help agencies with any decryption.
To date criminals have used encryption to successfully hide from law enforcement though the government claims this will be changed if this bill becomes law.
At the same time encryption has also been used lawfully by Australians. How the government plans to create backdoors to encryption without undermining the security of lawful technologies remains unclear.
Several commentators on this issue, including Digital Rights Watch and InnovationAus.com, are critical of the legislation and fear that allowing a backdoor will create a weakness in platforms. Encryption is thought to only be ‘strong and robust’ if it is not susceptible to backdoors by the government.
It is believed that government agencies can create a backdoor by including code into technologies, unbeknownst to the consumer. The government is basing this legislation on the UK Investigatory Powers Act 2016 and the New Zealand Telecommunications (Interception Capability and Security) Act 2013. According to the former Attorney General George Brandis, this legislation is being enacted to further Australia’s co-operation as a member of the Five Eyes, sharing and gathering intelligence with its partners – Canada, New Zealand, the UK and the United States.
In summary this legislation will be divided into three (3) parts which:
- widen powers for search warrants and device surveillance for encryption technologies;
- provide power requiring telecommunication companies to co-operate with government agencies in accessing their encrypted information; and
- create penalties for a failure to co-operate with government agencies.
All telecommunication companies and ‘tech giants’ will be affected if the bill becomes law, including the likes of Optus, Facebook and Apple.
Takeaways
Watch this space! Once the government officially announces the bill, companies will be able to ascertain any potential risks or issues to their business in the use of encryption.
Links and further references
Legislation
Telecommunications (Interception Capability and Security) Act 2013
Other links
ABC News, ‘Tech giants to be targeted by anti-terror laws to help police access encrypted data’
Computerworld, Digital Rights Watch, ‘The Role of Encryption in Australia’
Mr Peter Dutton, ‘Opening Address to the Australian Cyber Security Centre Conference, Canberra’
Mr Peter Dutton, ‘Address to the National Press Club of Australia, Canberra”.
Computerworld, ‘Encryption crackdown: The government doesn’t much care for you terroristic maths’
Further information about technology law
If you need advice on any issues associated with technology law, contact us for a confidential and obligation-free discussion:
Malcolm Burrows B.Bus.,MBA.,LL.B.,LL.M.,MQLS.
Legal Practice Director
T: +61 7 3221 0013 (preferred)
M: +61 419 726 535
E: mburrows@dundaslawyers.com.au
Disclaimer
This article contains general commentary only. You should not rely on the commentary as legal advice. Specific legal advice should be obtained to ascertain how the law applies to your particular circumstances.
Related insights about technology law
-
Federal parliament passes cyber security laws
On 25 November 2024, the Australian Parliament passed a suite of legislation, collectively referred to by the Australian Government as the Cyber Security Legislative Package 2024. The purported impetus for this legislation was a series of high-profile data breaches in 2022 and 2023.
-
New OAIC guidance on Artificial Intelligence
On 21 October 2024, the Office of the Australian Information Commissioner (OAIC) published two (2) new guides on artificial intelligence (AI), purportedly in effort to make privacy compliance easier for business.
-
Uber breaches Australian privacy laws
This article provides an overview of interesting decisions of Australian Courts in Corporate Law, Technology Law and Intellectual Property. With cases on Trade Marks, Copyright, Defamation, Negligence, Joint Ventures and Confidential Information, it is an invaluable resource for anyone interested in these areas.
-
Ransomware Payments Bill 2021 (Cth)
Australian government proposed the Ransomware Payments Bill 2021 (Cth) (Bill) to enforce mandatory reporting of ransomware payments. Penalties of up to $110,000 for non-compliance.
-
Data breach compliance and data breach response plans
Dundas Lawyers create tailored data breach response plans to ensure compliance with the Privacy Act 1988 (Cth). Plans include actions, registers, records, tests and tasks. Get an obligation-free and confidential discussion to learn more.
-
OAIC Notifiable Data Breaches report – July 2020
The OAIC’s Notifiable Data Breaches Report reveals 518 data breaches reported by eligible entities in the first half of 2020. Learn more about the types of personal information involved, the highest reporting sector, and the key takeaways from the report to protect your data.
-
Top 11 legal tips when selling a technology business
These tips include asset sale or share sale, intellectual property ownership, legal and accounting due diligence, change of control issues, restraint of trade clauses, key personnel, and more.
-
Data breaches: what exactly is serious harm?
This article looks at the notifiable data breaches scheme, and the factors to consider when determining if an eligible data breach would likely result in serious harm. It also provides an in-depth look at the Office of the Australian Information Commissioner observations in its ‘Notifiable Data Breaches Statistics Report’.
-
Technology startups – top 5 legal considerations
Start your tech startup on the right footing by considering the top five (5) legal considerations: entity structure and asset protection, intellectual property (IP), confidentiality, contracts, privacy and compliance.
