Privacy Law

Swiss company hands over user data

HomePrivate: BlogLegal insightsSwiss company hands over user data

by

reviewed by

Malcolm Burrows

Reading Time:

3–4 minutes

Protonmail, an end-to-end encrypted secure email provider based in Switzerland, was recently obligated by a Swiss Court order to provide a certain class of user’s IP addresses to French police via the transnational Europol law enforcement agency.  This article considers the Australian statutory perspective on obtaining access to ‘encrypted’ data where such information may be contained within end-to-end encrypted communications.

Legislative foundation for accessing encrypted information

It may be the case that similar, encrypted email or instant message platforms in Australia may be susceptible to Court orders much like Protonmail.  Recently, Dundas Lawyers published an article on the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 (Bill) which is linked here.  That article highlighted how the Bill could be used to access various types of personal information, including data contained in encrypted messages and emails.  Therefore, in Australia there exists avenues through which the government, through the Australian Federal Police or the Australian Crime Commission (as discussed in our earlier article on the passing of the Surveillance Legislation), can access and obtain control of encrypted personal or business communications.  The parallels between Australian law and the circumstance involving Protonmail are clear.

Notwithstanding the newly enacted Bill, there exists a slightly older amendment to statutes providing for governmental intervention in personal or business communications.  The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018  provides for this possibility by amending the Telecommunications Act 1997 (Cth) (Act), among other acts.  The Act generally operates in relation to the providers of telecommunication services and may obligate such providers to provide information to government agencies.

The primary function of the amendments was to provide law enforcement and intelligence agencies with the power to make ‘technical assistance requests’,[1] ‘technical assistance notices’[2] and ‘technical capability notices’.[3]  In providing this authority, the Act acknowledges that various enforcement agencies were hampered in their ability to carry out their expected functions as a result of their limited technical capacity to do so.  Often, targets of investigations were capable of usurping scrutiny because their communications were encrypted end-to-end.

It’s worth noting that a broad prohibition against the dissemination of any information retrieved subject to, amongst other things, a technical assistance notice, a technical capability notice or a technical assistance request.[4]  That encrypted information can be accessed by the government appears inevitable in certain circumstances, but it does not necessarily follow that the information accessed will enter the public domain.  The legislation takes appropriate steps to safeguard against this possibility.

Takeaways

It appears that the situation in Switzerland with Protonmail is entirely replicable under Australian statute.  Whilst only two (2) avenues have been identified in this article as to how such governmental access could be facilitated, there may be further avenues open to government bodies allowing them access to personal or professional end-to-end encrypted information.  Thus, Australian businesses need to be aware that legislation has adapted to overcome the barrier presented by end-to-end encryption.  Reasonable checks and balances are in place the ensure that a requirement to provide such information is not unjust, but this does not derogate from the reality that encryption is no longer a safe haven for private, electronically communicated messages.  It follows then, that persons and corporations may, in certain circumstances, consider using non-electronic communication means in respect ultra-sensitive information.

Links and further references

Legislation

Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021

Telecommunications Act 1997 (Cth)

Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018

Further information about accessing encrypted data

If you are a business and need advice on accessing encrypted data, contact us for a confidential and obligation-free discussion:

[1] Act s 317G.

[2] Act s 317L.

[3] Act s 317T.

[4] Act s 317ZF.


Related insights about accessing encrypted data

  • Tort of conspiracy & confidential info

    Tort of conspiracy & confidential info

    Australian Intelligence Community (AIC) and PC Falk issued decision in Uber Technologies and Uber B.V. investigation, providing guidance on Privacy Act 1988 (Cth) compliance and penalties. Uber ordered to implement plans, policies and programs and engage independent expert to ensure compliance.

    Read more …

  • Injunctions granted for breach of confidence

    Injunctions granted for breach of confidence

    Court denied injunction due to lack of precision in describing confidential info. Businesses should review procedures to ensure secure info.

    Read more …

  • Has my software been copied? – legal test explained

    Has my software been copied? – legal test explained

    This article examines the legal test for a “substantial reproduction” of computer code, as established by the High Court in Data Access Corporation v Powerflex Services Pty Ltd [1999] HCA 49 and further discussed in subsequent cases. The Court will consider the essential features of the work to determine if there has been a substantial…

    Read more …

  • Technology startups – top 5 legal considerations

    Technology startups – top 5 legal considerations

    Start your tech startup on the right footing by considering the top five (5) legal considerations: entity structure and asset protection, intellectual property (IP), confidentiality, contracts, privacy and compliance.

    Read more …

  • Legal concerns in software support agreements

    Legal concerns in software support agreements

    Software developers must consider tech and product support services when taking software to market, such as differences between technical and product support, supported and non-supported items, and differences between installed and hosted software support agreements.

    Read more …

  • Abhorrent violent content prohibited

    Abhorrent violent content prohibited

    Organizations hosting abhorrent violent material, such as terrorism, murder, torture, rape and kidnapping, now face hefty fines under the Criminal Code Amendment Act 2019 (Cth), up to 50,000 penalty units or 10% of annual turnover.

    Read more …

  • Use of competitor’s confidential information

    Use of competitor’s confidential information

    Many businesses try to increase market share by employing a competitor’s member of staff who may bring with them relationships and information acquired over the years.  Employees owe fiduciary duties to their employers meaning, among other things, that an employee cannot make a personal gain by using confidential information acquired in the course of their…

    Read more …

  • De-encryption Bill currently before Joint Committee

    De-encryption Bill currently before Joint Committee

    The much awaited Telecommunications and other Legislation Amendment (Assistance And Access) De-encryption Bill 2018 (De-encryption Bill) has been referred to the Parliamentary Joint Committee on Intelligence and Security (Joint Committee).  The Joint Committee has allowed three (3) weeks for submissions.  It is a very short time-frame for submissions considering the controversial nature of the Bill.…

    Read more …

  • Making financial forecasts – legal pitfalls for business

    Making financial forecasts – legal pitfalls for business

    Organisations must be aware of the legal risks associated with social media use, such as wrongful dismissal, trade mark infringement, and defamation. This article outlines these risks and provides steps to protect against them.

    Read more …

Send this to a friend