Privacy Law

Swiss company hands over user data

HomePrivate: BlogLegal insightsSwiss company hands over user data

by

reviewed by

Malcolm Burrows

Reading Time:

3–4 minutes

Protonmail, an end-to-end encrypted secure email provider based in Switzerland, was recently obligated by a Swiss Court order to provide a certain class of user’s IP addresses to French police via the transnational Europol law enforcement agency.  This article considers the Australian statutory perspective on obtaining access to ‘encrypted’ data where such information may be contained within end-to-end encrypted communications.

Legislative foundation for accessing encrypted information

It may be the case that similar, encrypted email or instant message platforms in Australia may be susceptible to Court orders much like Protonmail.  Recently, Dundas Lawyers published an article on the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 (Bill) which is linked here.  That article highlighted how the Bill could be used to access various types of personal information, including data contained in encrypted messages and emails.  Therefore, in Australia there exists avenues through which the government, through the Australian Federal Police or the Australian Crime Commission (as discussed in our earlier article on the passing of the Surveillance Legislation), can access and obtain control of encrypted personal or business communications.  The parallels between Australian law and the circumstance involving Protonmail are clear.

Notwithstanding the newly enacted Bill, there exists a slightly older amendment to statutes providing for governmental intervention in personal or business communications.  The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018  provides for this possibility by amending the Telecommunications Act 1997 (Cth) (Act), among other acts.  The Act generally operates in relation to the providers of telecommunication services and may obligate such providers to provide information to government agencies.

The primary function of the amendments was to provide law enforcement and intelligence agencies with the power to make ‘technical assistance requests’,[1] ‘technical assistance notices’[2] and ‘technical capability notices’.[3]  In providing this authority, the Act acknowledges that various enforcement agencies were hampered in their ability to carry out their expected functions as a result of their limited technical capacity to do so.  Often, targets of investigations were capable of usurping scrutiny because their communications were encrypted end-to-end.

It’s worth noting that a broad prohibition against the dissemination of any information retrieved subject to, amongst other things, a technical assistance notice, a technical capability notice or a technical assistance request.[4]  That encrypted information can be accessed by the government appears inevitable in certain circumstances, but it does not necessarily follow that the information accessed will enter the public domain.  The legislation takes appropriate steps to safeguard against this possibility.

Takeaways

It appears that the situation in Switzerland with Protonmail is entirely replicable under Australian statute.  Whilst only two (2) avenues have been identified in this article as to how such governmental access could be facilitated, there may be further avenues open to government bodies allowing them access to personal or professional end-to-end encrypted information.  Thus, Australian businesses need to be aware that legislation has adapted to overcome the barrier presented by end-to-end encryption.  Reasonable checks and balances are in place the ensure that a requirement to provide such information is not unjust, but this does not derogate from the reality that encryption is no longer a safe haven for private, electronically communicated messages.  It follows then, that persons and corporations may, in certain circumstances, consider using non-electronic communication means in respect ultra-sensitive information.

Links and further references

Legislation

Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021

Telecommunications Act 1997 (Cth)

Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018

Further information about accessing encrypted data

If you are a business and need advice on accessing encrypted data, contact us for a confidential and obligation-free discussion:

[1] Act s 317G.

[2] Act s 317L.

[3] Act s 317T.

[4] Act s 317ZF.


Related insights about accessing encrypted data

  • Evidence from the Wayback Machine accepted

    Evidence from the Wayback Machine accepted

    Australian Courts are increasingly considering the use of evidence from the Wayback Machine, but questions remain as to whether they will accept such reports in practice and what will be allowed?

    Read more …

  • $750k awarded for fake online reviews

    $750k awarded for fake online reviews

    The Supreme Court of South Australia awarded $A750,000 in damages to a lawyer in the case of Cheng v Lok [2020] SASC 14, demonstrating the serious consequences of posting fake reviews online. Find out more about the implications of this case and alternative legal actions for companies that receive negative reviews.

    Read more …

  • Adaptations and computer code – copyright issues

    Adaptations and computer code – copyright issues

    An adaption in copyright is the exclusive right of the owner of the work in question.  Section 10 of the Copyright Act 1968 (Cth) (Act) defines adaption as it relates to literary works in dramatic and non-dramatic forms, in a computer program and in relation to a musical work.   The rights that apply to adaptions…

    Read more …

  • Data breaches: what is serious harm?

    Data breaches: what is serious harm?

    This article looks at the notifiable data breaches scheme, and the factors to consider when determining if an eligible data breach would likely result in serious harm. It also provides an in-depth look at the Office of the Australian Information Commissioner observations in its ‘Notifiable Data Breaches Statistics Report’.

    Read more …

  • Know-how vs confidential information

    Know-how vs confidential information

    Understand the difference between “know-how” and confidential information when it comes to employer-employee relationships. Find out how to protect confidential trade secrets and use broad contractual terms to ensure protection. Click through to get the full details.

    Read more …

  • Computer code libraries and copyright ownership

    Computer code libraries and copyright ownership

    The Australian case of Redrock Holdings Pty Ltd and Hotline Communications Ltd v Hinkley [2001] VSC 91 has shed light on how the ownership of copyright in code libraries is determined. Learn more about the dispute and its implications for copyright ownership in this blog post.

    Read more …

  • e-Signatures – legally binding on companies?

    e-Signatures – legally binding on companies?

    E-signatures are becoming increasingly popular, but are they legally binding? Find out in this article, which examines the Adelaide Bank case and reveals the limitations of e-signatures when it comes to executing a deed. Click through to learn more.

    Read more …

  • New safety standards proposed for online platforms

    New safety standards proposed for online platforms

    The Australian Government has proposed an Online Safety Act that could significantly change the way businesses manage user-generated content online. Find out how this proposed Act could affect your business and how you can prepare for it.

    Read more …

  • Compilations from the public domain – confidential or not?

    Compilations from the public domain – confidential or not?

    The Court of Appeal in Ezystay Systems Pty Ltd v Link 2 Pty Ltd [2014] NSWSC 180 had to re-examine the test for confidential information. It found that for information to be protected, it must have the necessary attributes of confidentiality and must be the product of skill and ingenuity of the human brain.

    Read more …

Send this to a friend