Australia queues to broker offshore data access deal with US

Australia is in line to negotiate a bilateral agreement with US authorities that would streamline access to data held on US-based servers, using a law passed by Congress late last month.

Minister for law enforcement and cyber security Angus Taylor welcomed passage of the law in a statement Sunday.

The law also had the backing of Microsoft, Google, Facebook and Apple (pdf).

It is known as the Clarifying Lawful Overseas Use of Data (CLOUD) Act, and updates existing laws to compel US-based cloud and technology companies to hand over data held offshore under warrant.

The law also contains provisions for the US Justice department to authorise foreign governments to serve US providers directly with requests for user data.

It appears Australian authorities are keen to begin negotiations for that authorisation.

Fairfax reported Sunday that Taylor would travel to the US “in the next fortnight” to begin the process of negotiating an international agreement under the CLOUD Act.

“The CLOUD Act will greatly improve the efficiency of law enforcement’s access to the information they need to do their job and strengthen protections of people’s data, no matter where their data is held,” Taylor said in a statement.

"Timely access to electronic data held by communications service providers is an essential component of government efforts to protect public safety and combat serious crime.

“Those efforts are impeded when access to important data held on servers overseas is slowed down by cumbersome processes not suited for fast-advancing communication environments, significantly delaying the investigation and prosecution of serious crimes.

“Given the size and scale of technology and communications companies based in the US, the CLOUD Act has the potential to be of significant benefit to law enforcement.”

For the US, an immediate benefit of the new law is the likely cessation of a legal tussle with Microsoft over the extent that a US warrant compelled the company to hand over data - in this case, emails - stored on servers in Ireland.

Microsoft had, in part, backed the CLOUD Act to “reduce international conflicts of law”.

The CLOUD Act also contains some protections, including that data still cannot be handed over if doing so would contravene the local laws of the place in which it is held.