Australia encryption law data privacy

Australia’s new anti-encryption laws have been in place for less than a year, but have already begun to negatively affect the data privacy of technology companies worldwide. The bill, known as the Telecommunications Assistance and Access Bill, essentially gives law enforcement and intelligence agencies permission to view the contents of encrypted devices and messaging.

In a world where digital privacy is becoming a greater need, this law has caused an outcry among many governments and businesses. They believe that this bill will only result in the jeopardization of information security among businesses, individuals, and societies alike.

What Does the Bill Do?

The bill itself is somewhat complicated but the main takeaway is that the law allows for the government to access any devices or systems to check for threats or criminal suspects. Under this bill:

  • Companies have to bypass encryption if asked by the Australian government
  • Technology businesses must create special access to backend data within telecommunications companies, email providers, and social media platforms
  • A search warrant allows an officer to add, copy, or delete data if necessary

The law encourages manufacturers and companies to give officers tools or software to decrypt devices and messaging or create ways for officers to access information that would otherwise be unreachable.

Overall, the Act explains that it establishes “frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence agencies in relation to encryption technologies via the issuing of technical assistance requests, technical assistance notices and technical capability notices.”

Reacting with Concern Over the Bill

The main concern that countries and critics have is that any type of tool or program that weakens the security of an encrypted message on one system can adversely affect innocent users. While the law promises that they will not use the encryption if it creates a weakness, there was little explanation as to what that entails. When encryption and other defenses are weakened, even on a small scale, that welcomes hackers and other cybercriminals to expose the flaws for their gain.

If technology companies or other businesses refuse to decrypt information for the Australian authorities, they can be fined and may even face prison time. There is growing concern that the bill itself was passed too quickly by the Australian Parliament and therefore had several issues that were not looked at thoroughly.

The bill has already begun to affect industries like journalism negatively. With the power to add, copy, or delete data on computers as a part of search warrants comes the violation of freedom of the press. A recent article by the Guardian explained that this law allowed federal police to raid the homes and offices of reporters over articles that had been published in July 2017 and April 2018.

Australia’s Law Compared to GDPR and Cloud Act

The anti-encryption law comes into direct conflict with many points under the EU’s GDPR. The European Union’s laws require that any websites and applications inform users how their data is stored and shared and if there will be any encrypted data. This applies to any country who is interacting with a European country. Under Australian law, companies are forced to create new ways to access data and are required by law not to reveal to consumers whether the information is accessed.

The US Cloud (Clarifying Lawful Overseas Use of Data) Act allows the United States to access data stored overseas from American companies or foreign companies with a presence in the United States. The data is accessed in criminal law enforcement investigations. Companies may refuse the request if exposing the data would violate foreign law. But the protection lies in the hands of the business, as no individual may challenge the Act alone.

The Australian bill is not sufficient enough in its wording that the United States would go against their current CLOUD Act. This means that the Australian bill does not have procedural protection like judicial authorization and does not minimize the collection, retention, and distribution of US data. These are required under the CLOUD Act, making Australian Law in direct conflict with that of America.

Encryption Importance Worldwide

Data protection is strengthened by using encryption. Its power is exemplified by how many people and entities are attempting to create legislation just to bypass it. Your personal information is something worth protecting because so many people are fighting to access it through illegal online measures or strict government laws. Taking part in the digital world is unavoidable, but data leaks are not. Our SecureDrives offer a hardware encrypted storage solution for all of your documents, photos, and more.

The devices are GDPR compliant, HIPAA compliant, and offer brute force anti-hacking that wipes the device clean after 10 consecutive failed unlocking attempts. We believe in the value of data privacy, especially in the digital world that is full of people fighting to collect your information like baseball cards. Learn more about our unique storage solutions by calling 1-800-875-3230.