The Senate has backed a motion to amend Australia’s anti-encryption laws to clear the way for a landmark cross-border data access agreement that would streamline law enforcement access to data held by US-based service providers, and vice versa.
The agreement would therefore leave Australian cloud operators open to requests to access data from US authorities. A similar agreement has already been signed between the US and the United Kingdom.
That agreement is based on the USA's CLOUD Act, which as CRN reported two weeks ago was announced with almost zero consultation despite its potential for significant impact on local cloud operators.
In our coverage we identified that one barrier to the agreement is Australia's widely criticised anti-encryption legislation gives law enforcement agencies the power to ask technology companies to provide assistance or introduce technical changes to its platforms.
But late last week the Senate moved to address that issue.
Shadow home affairs minister Kristina Keneally on Thursday moved that the federal government work to address “any and all obstacles” the controversial legislation might pose to a deal.
A coalition of American tech giants and civil liberties organisations first raised concerns with the impact of the anti-encryption laws on an agreement under the CLOUD Act earlier this year.
The coalition said the laws "undermine substantive and procedural protections for privacy and civil rights", threatening US Congress’ ability to rubber stamp a bilateral agreement with Australia.
Those calls were reiterated last week by the chairman of the US House of Representatives judiciary committee, Jerrold Nadler.
Nadler wrote to Dutton shortly after negotiations began to express concern that the anti-encryption laws “may undermine your ability to qualify for an executive agreement under the CLOUD Act”.
He also asked for information on the risk of encryption being weakened, as the CLOUD Act prohibits an agreement from creating “any obligation that providers be capable of decrypting data or limitation that prevents providers from decrypting data”.
Last Thursday, Kenneally said the government needed to address the “widespread concerns” with Australia's anti-encryption legislation to ensure the data access pact, which will also be underpinned by yet-to-be introduced Australian laws, progresses.
“The speed in which Congressman Nadler, whose committee plays a key role in approving any potential agreement between the US and Australia, wrote his letter suggests that Australia may be a long way off from being able to access electronic data held in the United States to investigate serious crimes,” she said.
Keneally also used the motion to condemn the government for “not being as proactive as the UK Government”, which finalised its agreement with the US earlier this month.
She said that by not having an agreement in place Australian police and security agencies were being isolated “from potential resources that could reduce wait times to get access to critical data”.
“It can currently take up to two years for police or security agencies to access data held in the United States on platforms like WhatsApp and Facebook in relation to serious crime investigations, such as terrorism, violent crime, paedophilia and cybercrime,” Keneally said.