Australia, US negotiate CLOUD Act data swap pact

Australian law enforcement and national security agencies are set to have greater access to data held by US-based cloud providers under an agreement being negotiated with the US government.

But the bilateral agreement, if finalised and approved, will also require Australian-based cloud providers to hand over data requested by US law enforcement authorities.

Home Affairs Minister Peter Dutton and US Attorney General William Barr on Monday entered into formal negotiations for the agreement under the US Clarifying Lawful Overseas Use of Data (CLOUD) Act.

The CLOUD Act was enacted last year to compel US-based cloud and technology companies like Microsoft, Google, Facebook and Apple to hand over data held offshore under warrant.

But the law also contains provisions for the US Justice department to authorise foreign governments like Australia to serve US providers directly with requests for user data.

This allows governments to bypass the slow and awkward mutual legal assistance (MLA) mechanism currently used by law enforcement agencies to access information.

Australia first expressed interest in negotiating a bilateral agreement with the US to streamline access to data held on US-based servers just after the law was passed in April 2018.

At the time, former Cyber Security Minister Angus Taylor travelled to the US to kick off discussions for an agreement he said would give Australian law enforcement agencies “timely” access to information.

On Monday, Barr said the agreement would “allow service providers in Australia and the United States to respond to lawful orders from the other country without fear of running afoul of restrictions on disclosure”.

He said both countries would benefit from the agreement, which would enhance the "ability to fight crime by allowing faster access to data needed for quick-moving investigations".

“By increasing the effectiveness of investigations and prosecutions of serious crime, including terrorism, in both countries, citizens of both countries will be safer,” Barr said.

Dutton described the agreement, which would be underpinned by new Australian laws, as the “way of the future between likeminded countries”.

“Current processes for obtaining electronic information held by service providers in other countries risk loss of evidence and unacceptable delays to criminal justice outcomes,” he said.

“When police are investigating a terrorist plot or serious crime such as child exploitation, they need to be able to move forward without delay, but within the law – and the CLOUD ACT strikes exactly the balance.”

Dutton said although there was "some way to go before the agreement is finalised", the agreement to give agencies access to data was “critical for the prevention, detection, investigation and prosecution of serious crimes”.

In July, a coalition of large technology companies include Amazon, Google, Facebook and Apple claimed the US Congress was unlikely to go along with a bilateral agreement with Australia under the CLOUD Act due to Australia's anti-encryption laws.