A US Congress committee has thrown a spanner into the Federal government’s plans to join America’s data sharing program, citing concerns over Australia’s encryption laws.
Earlier this week, United States Attorney General William Barr and Minister Dutton jointly announced the two countries were currently in formal negotiations over the CLOUD – Clarifying Lawful Overseas Use of Data – Act designed to force service providers in Australia and the US to respond to lawful orders from the other country without restrictions on disclosure.
The US enacted the CLOUD Act in 2018 to speed up access by foreign countries for electronic information held by US-based global providers when investigating serious crimes.
Although electronic data can be currently sought through a mutual legal assistance arrangements, the CLOUD Act creates a “faster and efficient” way to ensure access to the data through executive agreements between the United States and its allies.
However in a letter to Minister Peter Dutton, the US House of Representatives Committee on the Judiciary expressed concerns about Australia's "Assistance and Access Act", which gives authorities greater powers to obtain encrypted communications of criminal suspects.
Committee on the Judiciary Chairman, Jerrold Nadler and Ranking Minority Member, Doug Collins wrote “Australia’s Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 ('Access Act') may undermine your ability to qualify for an executive agreement under the CLOUD Act.”
Senator Kristina Keneally, Shadow Minister for Home Affairs told Information Age, for the past year Labor, civil liberty groups, big technology companies, and small tech start-ups have all warned Peter Dutton’s encryption laws were not compliant with the US CLOUD Act.
“This new letter from the US House Judiciary Chairman, which has a key role in overnighting Australia’s access to the CLOUD Act, is the latest blow to Peter Dutton’s credibility,” she said.
“The CLOUD Act was specifically introduced by the US Government to radically speed up the time it takes foreign police and security agencies to access electronic data held in the United States for serious crimes like terrorism and paedophilia.”
Given it can currently take more than a year for Australian police or security agencies to access data held in the United States under existing arrangements, this move by the US Government was seen as a critical tool for local law enforcement.
“Peter Dutton has refused to admit his legislation is flawed and could mean that Australian law enforcement will be without access to the US data they need to fight crime,” said Senator Keneally.
In his joint statement with US Attorney General Barr, Minister Dutton said there was still some way to go before the agreement is finalised.
“Underpinned by Australian legislation yet to be introduced, a bilateral CLOUD Act agreement would enable Australian law enforcement to serve domestic orders for communications data needed to combat serious crime directly on US based companies, and vice versa,” he stated.
“Once in place it will mean service providers based in the United States can respond directly to electronic data requests issued by our enforcement agencies under Australian law for data critical for the prevention, detection, investigation and prosecution of serious crime.”
Professor Jill Slay, Director Optus La Trobe Cyber Security Research Hub said these negotiations made sense to her, having worked with law enforcement and government for many years
“Cloud based evidence of one crime may be stored in several countries and the processes involved to get the evidence and bring back to Australia may take weeks – in this time crime or terrorism may have been committed,” she said. “With [this] agreement Australia and USA will have easier mutual access to evidence stored in the Cloud.”
Professor Slay doesn’t see that there would be a problem with Australia’s current encryption laws and the CLOUD Act.
“In my opinion there has been too much negative hype on the encryption issue,” she said.
“We have to balance Australia’s need to protect and defend its citizens with a need – and I assume from privacy perspective – to encrypt any of their own data. We do not want to curtail right to freedom say of press or academia but do want safeguard from crime and terrorism."
Professor Slay said people need to see the issues raised “as a series of activities to protect Australians from crime and terrorism rather than suggesting they have not been thought through by Government”.
While Minister Dutton was in talks with the Attorney General about securing the CLOUD Act for Australia, the UK has become the first country to formalise the CLOUD Act agreement into law.
