Updated 4 October 2018 – see De-encryption De-encryption Bill currently before Joint Committee.
According to the ABC website, in the next few weeks Cyber Security Minister Angus Taylor is poised to present new legislation which once passed will require technology companies and multinationals to assist law enforcement to access encrypted data of “suspected criminals and terrorists”. Currently, the bill is not yet before parliament but should appear on its website once officially announced.
In February, the government has indicated its plans to tackle criminal use of encryption with the Honourable Peter Dutton MP stating in an address to the National Press Club:
“Law enforcement access to encrypted communications should be on the same basis as telephone and other intercepts, in which companies provide vital and willing assistance in response to court orders.”
In April, Dutton confirmed in his opening address to the Australian Cyber Security Centre Conference the government has created legislation which requires telecommunication companies to help agencies with any decryption.
To date criminals have used encryption to successfully hide from law enforcement though the government claims this will be changed if this bill becomes law.
At the same time encryption has also been used lawfully by Australians. How the government plans to create backdoors to encryption without undermining the security of lawful technologies remains unclear.
Several commentators on this issue, including Digital Rights Watch and InnovationAus.com, are critical of the legislation and fear that allowing a backdoor will create a weakness in platforms. Encryption is thought to only be ‘strong and robust’ if it is not susceptible to backdoors by the government.
It is believed that government agencies can create a backdoor by including code into technologies, unbeknownst to the consumer. The government is basing this legislation on the UK Investigatory Powers Act 2016 and the New Zealand Telecommunications (Interception Capability and Security) Act 2013. According to the former Attorney General George Brandis, this legislation is being enacted to further Australia’s co-operation as a member of the Five Eyes, sharing and gathering intelligence with its partners – Canada, New Zealand, the UK and the United States.
In summary this legislation will be divided into three (3) parts which:
- widen powers for search warrants and device surveillance for encryption technologies;
- provide power requiring telecommunication companies to co-operate with government agencies in accessing their encrypted information; and
- create penalties for a failure to co-operate with government agencies.
All telecommunication companies and ‘tech giants’ will be affected if the bill becomes law, including the likes of Optus, Facebook and Apple.
Takeaways
Watch this space! Once the government officially announces the bill, companies will be able to ascertain any potential risks or issues to their business in the use of encryption.
Links and further references
Legislation
Telecommunications (Interception Capability and Security) Act 2013
Other links
ABC News, ‘Tech giants to be targeted by anti-terror laws to help police access encrypted data’
Computerworld, Digital Rights Watch, ‘The Role of Encryption in Australia’
Mr Peter Dutton, ‘Opening Address to the Australian Cyber Security Centre Conference, Canberra’
Mr Peter Dutton, ‘Address to the National Press Club of Australia, Canberra”.
Computerworld, ‘Encryption crackdown: The government doesn’t much care for you terroristic maths’
Further information about technology law
If you need advice on any issues associated with technology law, contact us for a confidential and obligation-free discussion:
Malcolm Burrows B.Bus.,MBA.,LL.B.,LL.M.,MQLS.
Legal Practice Director
T: +61 7 3221 0013 (preferred)
M: +61 419 726 535
E: mburrows@dundaslawyers.com.au
Disclaimer
This article contains general commentary only. You should not rely on the commentary as legal advice. Specific legal advice should be obtained to ascertain how the law applies to your particular circumstances.
Related insights about technology law
-
Federal parliament enacts cyber security legislation
On 25 November 2024, the Australian Parliament passed a suite of legislation, collectively referred to by the Australian Government as the Cyber Security Legislative Package 2024. The purported impetus for this legislation was a series of high-profile data breaches in 2022 and 2023.
-
Uber found in breach of Australian privacy laws
This article provides an overview of interesting decisions of Australian Courts in Corporate Law, Technology Law and Intellectual Property. With cases on Trade Marks, Copyright, Defamation, Negligence, Joint Ventures and Confidential Information, it is an invaluable resource for anyone interested in these areas.
-
Overview of the Ransomware Payments Bill 2021 (Cth)
Australian government proposed the Ransomware Payments Bill 2021 (Cth) (Bill) to enforce mandatory reporting of ransomware payments. Penalties of up to $110,000 for non-compliance.
-
Data breach compliance and response plans
Dundas Lawyers create tailored data breach response plans to ensure compliance with the Privacy Act 1988 (Cth). Plans include actions, registers, records, tests and tasks. Get an obligation-free and confidential discussion to learn more.
-
OAIC Notifiable Data Breaches report – July 2020
The OAIC’s Notifiable Data Breaches Report reveals 518 data breaches reported by eligible entities in the first half of 2020. Learn more about the types of personal information involved, the highest reporting sector, and the key takeaways from the report to protect your data.
-
Data breaches: what is serious harm?
This article looks at the notifiable data breaches scheme, and the factors to consider when determining if an eligible data breach would likely result in serious harm. It also provides an in-depth look at the Office of the Australian Information Commissioner observations in its ‘Notifiable Data Breaches Statistics Report’.
-
De-encryption laws: compelling tech giants to cooperate with law enforcement
The Australian Government is introducing encryption-related legislation that could have significant implications. Get the full scoop on what this Bill could mean for companies and citizens before it is officially announced.
-
What is a data breach response plan and how do you obtain one?
Organizations must now comply with the Notifiable Data Breaches Scheme. Learn how to create a Data Breach Response Plan and why it is so important for compliance.
-
Notifiable Data Breach Scheme commenced 23 Feb 2018
As of 23 February 2018, certain entities must notify affected individuals of eligible data breaches under the Privacy Act 1988 (Cth). Penalties for non-compliance can reach up to $420,000. Learn more about who’s affected, what constitutes serious harm, how to assess likelihood of harm, and how to prepare a response plan.
