Potential changes to Australia’s security laws will create additional challenges for companies, according to CipherCloud.
Chief trust officer, Bob West, said changes to Australia’s National Security Legislation Amendment Bill 2014 could impact the privacy of Australian citizens and organisations operating locally.
“The changes under consideration will expand the Australian Government’s authority to obtain and search private data across a company’s computer network, rather than just an individual computer, with a single warrant,” he said.
The existing legislation, which allows a government issued computer access warrant to search data held by a particular computer, could be amended so that a single access warrant could apply to multiple computers on a network.
“The bill creates a significant challenge for companies to ensure the privacy of their data, including information they are putting in the Cloud,” West said.
The change could allow ASIO to undertake activities to obtain data, including intrusion to private premises and privacy.
For businesses operating in Australia, West said Government snooping of an organisation’s network of private data would be allowed with a warrant to investigate an individual of security interest.
Following the US
Government snooping concerns are nothing new in the US, though the legislative changes in Australia raises concerns whether the same will happen locally.
West said the US Patriot Act expanded the U.S. government’s authority to conduct surveillance activities, and governments around the world are enabling special provisions to access private data.
“While the Australian bill under review still requires search warrants, many nations are experimenting with how to balance national security with the citizen's right to privacy,” he said.
Some people view stronger surveillance as “authoritarian," though West said it is a cynical approach.
“I see this trend more as governments trying to catch up to monitoring digital communication, which is the de facto method to exchange information for both personal and business matters,” he said.
Re-evaluating the situation
Faced with these potential changes, international companies in Australia may want to re-evaluate their approach to privacy.
“Companies interested in bolstering their privacy posture have increasingly turned to Cloud encryption or tokenisation as a means to protect sensitive information from unauthorised parties,” West said.
Customer-controlled encryption keys can bring transparency into the surveillance process, creating a “technology barrier” that encourages the government to disclose its investigation and ask for consent.
West said this limits the extent of government surveillance, resulting in greater visibility and control for Cloud users.
“In light of the increase in surveillance interest and data breaches, I would also expect more enterprises to invest in more sophisticated network monitoring tools to better understand intrusions, unusual patterns and access activities,” he said.
Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.