US crime and intelligence agencies could be granted access to Australian technology companies' data if a new bilateral deal is passed.
Australia's Home Affairs Minister Peter Dutton and US Attorney-General William Barr have entered formal discussions to enact an agreement underpinned by the US’ CLOUD Act, which enables American law enforcement to access data held overseas by US companies.
If legislated, the act would compel Australian service providers to hand over data to US authorities, and vice-versa, if presented with a warrant or subpoena by law enforcement agencies or the courts.
Announced during a meeting held in Washington on 7 October, the bilateral agreement would be itself underpinned by Australian legislation “yet to be introduced”, according to a statement from Dutton.
“Current processes for obtaining electronic information held by service providers in other countries risk the loss of evidence and unacceptable delays to criminal justice outcomes,” Dutton said.
Citing issues such as terrorism and child exploitation, Dutton claimed the act would “strike the balance” or allowing authorities to “move forward without delay, but within the law”, although stressed there was still some way to go before the agreement is finalised.
The CLOUD Act first passed in the US in March 2018 and was spurred by a protracted legal fight between Microsoft and the US Department of Justice over access to emails stored in an Irish data centre.
Previously the US had relied on the mutual legal assistance (MLA) process to access electronic data held overseas and introduced the CLOUD Act as a legal framework aimed at speeding up the process of obtaining the data.
Barr reiterated that bilateral agreements would only apply to foreign partners with “robust protections for privacy and civil liberties, such as Australia”.
However, in July this year, Australia’s Law Council warned that the recently passed ‘encryption’ legislation would prevent local law enforcement agencies from qualifying for the CLOUD Act.
In a submission to an inquiry examining the 2018 legislation, the Law Council warned that the US law “affords robust substantive and procedural protections for privacy and civil liberties in light of the data collection”, something foreign governments would also be subjected to.
As such, the submission claimed The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 was in this way “insufficient” to allow Australia to qualify for entry.