New encryption laws have been met with concern and controversy. A likely outcome of them is an erosion of privacy and protection by advancing police access to data. This expansion in police powers also comes with government bodies gaining new access to this data with limited oversight.
Therefore, being aware of the new changes that will come into place is necessary for businesses and individuals. This article will discuss these new laws and what they mean for you.
The current act which regulates data and mobile services is the Telecommunications Act 1997 (Cth). The new encryption laws relate to the new bill which is the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018. As of the 6th December the bill has passed both houses. The bill will naturally apply to all businesses operating in Australia. As a result it may act as a disincentive for businesses to set up and operate within Australia.
Main Ways of Access
These are broken up into different acronyms such as TAR, TAN and TCN. A technical assist request (TAR) is the lowest level of power. A TAR is when the police can only ask and request a company to assist them. The business complies only on a voluntary basis. The next level is a technical assistance notice (TAN). This applies if the business already has measures in place to decrypt messages. Then they must do so if the police use a TAN. The last is a technical capability notice. A business under this police power must create new features so that police can access and decrypt data.
Who has access?
There have been numerous government agencies all trying to get access per the new bill. Likewise, some of the national bodies which will have these powers include: ASIO,ASIS,AFP,ACC. Historically, there was already access to data like emails and messages if a warrant was granted. The next step was metadata access which the police did not need a warrant to access. However, this only contained dates and times but not the actual content itself. Furthermore, under the new law if any of the TAR,TAN and TCN are not followed there penalties and fines which follow.
Overseas and Europe
Recently the EU brought in the GDPR. This is a new set of laws regulating the privacy of EU citizens. Therefore the new bill in Australia may affect your business if the GDPR regulates your business. Therefore, the bill allows for built in backdoor access to data. This is all without the users knowledge that it’s taking place. Furthermore, there is also the issue of security. The creation of mechanisms for police access to backdoor data access reduce security. Therefore, it may lead to greater hacking, theft and consumer data leaks. Hence, how can a business continue to promote the security of consumers data if the bill possibly leads to a reduction in encryption and security. If you want to know more about how this will affect your business operations in Australia and overseas you can always check with an IT lawyer.
As time passes we will see how encryption laws play out. There may be future cases which challenge and shape the provisions. Regardless, businesses will have to adapt in this new regulated space.
Have more questions? Contact a LawPath consultant on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest legal marketplace.