The Department of Home Affairs has dismissed claims that Australia’s controversial anti-encryption laws are standing in the way of a landmark cross-border data access agreement with the United States.
The compatibility of the Assistance and Access Act 2018 with a future bilateral agreement under the US Clarifying Lawful Overseas Use of Data (CLOUD) Act to streamline law enforcement access to data first came under the spotlight in mid-2019.
A coalition of American tech giants, including the likes of Amazon, Google and Apple, and civil liberties organisations warned that the US Congress was unlikely to enter into such an agreement with Australia due to a clear conflict between the laws.
The group said Australia’s laws, which give law enforcement agencies the power to ask technology companies to provide assistance or introduce technical changes to their platforms, "undermine[d] substantive and procedural protections for privacy and civil rights".
These claims have since been reiterated by chairman of the US House of Representatives judiciary committee Jerrold Nadler, who wrote to Minister for Home Affairs Peter Dutton to express his concerns shortly after the two nations began negotiating the data access pact in October 2019.
Nadler said the Assistance and Access Act “may undermine [Australia’s] ability to qualify for an executive agreement under the Cloud Act” and asked for information on whether there was any risk of encryption being weakened.
He said the CLOUD Act, which is described as ‘encryption neutral’ by the US Department of Justice, prohibits an agreement from creating “any obligation that providers be capable of decrypting data or limitation that prevents providers from decrypting data”.
The Senate has since backed a motion by Shadow Home Affairs Minister Kristina Keneally that calls on the federal government to amend the Assistance and Access Act so that “any and all obstacles” it poses are addressed.
But in answers to questions on notice from recent budget estimates, the department said it had not identified any rift between the Assistance and Access Act and the US CLOUD ACT that would stop an agreement from taking place.
“The Department of Home Affairs took into account a broad range of relevant considerations in developing the [Assistance and Access Act]. This included consideration of the requirements of the United States CLOUD Act,” it said.
“No issues were identified with the Assistance and Access Act that would prevent Australia from successfully negotiating a CLOUD Act bilateral agreement.”
The department said it had not received any advice from the US government to date that would suggest the Assistance and Access Act and CLOUD Act weren’t compatible, characterising Nadler’s letter to the Dutton as merely “asking for clarification about concerns” raised.
The agreement, if finalised and approved after negotiations, will replace the slow and awkward mutual legal assistance mechanism currently used by law enforcement agencies to access user data.
It will give Australian law enforcement agencies greater access to data held by US-based service providers, but will also require Australian-based cloud providers to similarly hand over data requested by US authorities.
Any agreement will also be underpinned by yet-to-be introduced dedicated laws and will likely take queues from a similar agreement that is already in place between the US and the United Kingdom.
Home Affairs also said that it is “in contact with the UK about its experience in entering into and implementing a CLOUD Act agreement, including what changes were required as part of their reforms to domestic legislation”.
The US CLOUD Act became law in March 2018 and is primarily used to compel US-based cloud and technology companies like Microsoft, Google, Facebook and Apple to hand over data held offshore under warrant.