Senate backs CLOUD encryption fix
Lyndsey Jackson: The EFA says the senate CLOUD concerns are 'disingenuous'
The senate’s backing of a motion calling on the federal government to make its controversial encryption powers compliant with a US data-sharing law has been branded “disingenuous” and “worrying” by digital rights advocates.
The senate on Thursday voted in favour of a motion moved by Labor home affairs spokesperson Kristina Keneally which criticised the Coalition for delays in negotiating a deal with the US under the Clarifying Lawful Overseas Use of Data (CLOUD) Act and called on it to amend the legislation to ensure it is compliant with the act.
The CLOUD Act allows the US government to sign an agreement with a foreign country allowing its law enforcement to directly request data from a company based in the US without consulting with its counterparts and vice versa, in an effort to greatly speed up and simplify the process.
The agreement would allow Australian authorities to directly request communications from American companies like Facebook, using local laws as a justification without having to work with US authorities.
Home Affairs Minister Peter Dutton confirmed earlier this month that he had entered into formal negotiations to secure a deal under the CLOUD Act, but there have been widespread concerns that the recently passed Assistance and Access Act, which allows authorities to compel tech companies to provide access to encrypted data, would make Australia ineligible for such a deal.
US House of Representatives Judiciary Committee Chair Jerrold Nadler confirmed these doubts in a letter to Mr Dutton dated 4 October, saying there were “concerns” that the Act will “undermine” Australia’s ability to qualify for an executive agreement.
Senator Keneally’s motion focuses on the importance of securing a CLOUD Act to help Australian authorities get quicker access to data to fight serious crimes, and questions whether the encryption powers will go against the requirements of securing a deal.
With the motion, the senate recognised that the CLOUD Act includes a number of requirements that must be satisfied before a deal is made, including that Australia’s domestic laws must afford “robust substantive and procedural protections for privacy and civil liberties in light of the data collection and activities of the foreign government that will be subject to the agreement”.
“Unlike the UK government, which has already concluded its CLOUD Act negotiations, the Australian government has only just started its negotiations with the United States,” the motion said.
“There are widespread concerns that Australia’s encryption laws, passed last year by the Morrison government, do not provide ‘robust substantive and procedural protections’ as required by the CLOUD Act,” it said.
The motion criticised the government’s delay in entering negotiations for a CLOUD Act agreement.
“The speed with which Congressman Nadler, whose committee plays a key role in approving any potential agreement between the US and Australia, wrote his letter suggests that Australia may be a long way off from being able to access electronic data held in the US to investigate serious crimes, and without an agreement between the US and Australia under the CLOUD Act, victims of vile crimes will continue to have to wait for up to two years for police to even be able to get a good start on their case,” the motion said.
It also “condemned” the Australia government for “not being as proactive as the UK government” in securing a CLOUD Act deal, and for “isolating” Australian police and security agencies from these new powers.
The Senate called on the federal government to “work productively” with all parties to amend the legislation in order to “address any and all obstacles in the way of securing the best outcome for Australian police and security agencies and the Australian people”.
In response, Liberal Senator Jonathan Duniam said the government has been told that the encryption powers would not stand in the way of securing a CLOUD agreement.
“The US Attorney-General recognised Australia as a close partner with robust protections for privacy and civil liberties, and the government can advise that no issues have been identified with the Assistance and Access Act that would prevent Australia from successfully negotiating a CLOUD Act bilateral agreement with the United States,” Senator Duniam said.
The Assistance and Access bill was passed unamended by Parliament on the last sitting day of 2018 thanks to last-minute support from the Labor Party. At the time, the Opposition said it had secured an agreement from the government to amend the legislation at the start of this year, but that never eventuated.
The senate motion is pushing for privacy and data security fixes for the encryption legislation in order for Australia to qualify for a data-sharing agreement that itself has a number of privacy and data security concerns surrounding it.
Electronic Frontiers Australia chair Lyndsey Jackson said the move by the Senate was “disingenuous”.
“We just keep digging a bigger and bigger politicised hole without stopping and looking at the actual problem with the legislation. It’s problematic to see encryption continuing to be used and leveraged like this,” Ms Jackson told InnovationAus.com.
“While it’s good that there’s still something on the table and pressure and public debate, it’s disappointing we’re not getting any further with this. This is a symptom of this problematic approach of digital policy development. Bills are being leveraged against each other, and there’s no holistic view," she said.
"It’s hard to not think this is a mess and the processes behind it are quite disingenuous. Seeing these things politicised is not a good way to create public policy.”
In the Senate last week, Greens Senator Nick McKim said that while his party has concerns regarding the CLOUD Act, such a bilateral agreement would “at least shine a light” and “could potentially regulate how data is shared between partner nations”.
Centre Alliance Senator Rex Patrick backed the motion but called for the CLOUD Act agreement to be made public in full before it is signed, and to be closely scrutinised by Parliament.