Senate pushes encryption fix for US CLOUD Act fracture

The Senate has backed a motion to amend Australia’s anti-encryption laws to clear the way for a landmark cross-border data access agreement being negotiated with the US.

Shadow home affairs minister Kristina Keneally on Thursday moved that the federal government work to address “any and all obstacles” the controversial legislation might pose to a deal.

The two nations began negotiating the bilateral agreement under a provision in the Clarifying Lawful Overseas Use of Data (CLOUD) Act last week.

The CLOUD Act was enacted by the US government last year primarily to compel US-based cloud and technology companies to hand over data held offshore under warrant.

The bilateral agreement under the legislation, however, is intended to streamline law enforcement access to data held by US-based service providers, and vice versa.

A similar agreement has already been signed between the US and the United Kingdom.

But the Australian government's prospective agreement with the US is threatened by its own controversial Assistance and Access Act, which is at odds with key principles in CLOUD Act.  

Australia's widely criticised anti-encryption legislation gives law enforcement agencies the power to ask technology companies to provide assistance or introduce technical changes to its platforms.

A coalition of American tech giants and civil liberties organisations first raised concerns with the impact of the anti-encryption laws on an agreement under the CLOUD Act earlier this year.

The coalition said the laws "undermine substantive and procedural protections for privacy and civil rights", threatening US Congress’ ability to rubber stamp a bilateral agreement with Australia.

Those calls were reiterated last week by the chairman of the US House of Representatives judiciary committee, Jerrold Nadler.

Nadler wrote to Dutton shortly after negotiations began to express concern that the anti-encryption laws “may undermine your ability to qualify for an executive agreement under the CLOUD Act”.

He also asked for information on the risk of encryption being weakened, as the CLOUD Act prohibits an agreement from creating “any obligation that providers be capable of decrypting data or limitation that prevents providers from decrypting data”.

On Thursday, Kenneally said the government needed to address the “widespread concerns” with Australia's anti-encryption legislation to ensure the data access pact, which will also be underpinned by yet-to-be introduced Australian laws, progresses.

“The speed in which Congressman Nadler, whose committee plays a key role in approving any potential agreement between the US and Australia, wrote his letter suggests that Australia may be a long way off from being able to access electronic data held in the United States to investigate serious crimes,” she said.

Keneally also used the motion to condemn the government for “not being as proactive as the UK Government”, which finalised their agreement with the US earlier this month.

She said that by not having an agreement in place Australian police and security agencies were being isolated “from potential resources that could reduce wait times to get access to critical data”.

“It can currently take up to two years for police or security agencies to access data held in the United States on platforms like WhatsApp and Facebook in relation to serious crime investigations, such as terrorism, violent crime, paedophilia and cybercrime,” Keneally said.