Aust-US data access deal comes into effect

Brandon How

American and Australian law enforcement can now more easily access data stored in each other’s jurisdiction after a landmark bilateral agreement came into effect more than two years after it was signed.

The Agreement on Access to Electronic Data for the Purpose of Countering Serious Crime allows authorities in Australia and the United States to directly request data held by technology companies in the other jurisdiction for use as evidence of serious crimes.

Previously, Australian authorities had to issues their requests through the US Justice department, an arduous process that could take up to 24 months to process.

The agreement, which came into effect on Wednesday, is expected to overwhelmingly benefit Australian authorities by expediting requests for data from American tech companies. Australian tech companies are, in comparison, anticipated to receive few requests from US authorities.

Serious crimes are considered to be those with maximum penalties of at least three years of imprisonment like terrorism, child sexual abuse, ransomware attacks, and the sabotaging of critical infrastructure over the internet.

Australia’s Attorney-General Mark Dreyfus and the US Attorney-General Merrick B. Garland. Image: X

Australia’s Attorney-General Mark Dreyfus jointly announced the agreement with the US’ Attorney-General Merrick B. Garland on Wednesday (AEDT) as a part of his three-day trip to Washington DC.

In a joint statement, the pair said the “agreement also provides safeguards and protections that reflect the commitment of both countries to human rights, civil liberties, and the rule of law”, including “stringent privacy and oversight protections” for any data collected.

Due to the popularity of communications services provided by US tech companies, electronic data related to serious crime is often held by companies based in the US, according to a National Interest Analysis undertaken by the federal parliament’s joint standing committee on treaties in 2022.

As such, Australian law enforcement is increasingly using international crime cooperation mechanisms to access data held offshore, a process which was considered in the analysis to be overly demanding on authorities.

“Such a process can take anywhere between 6 – 12 months for an Australian authority to receive data in response to a mutual legal assistance request,” the report reads.

“This delay often comes not from the Australian authorities involved, but the time it takes for a foreign government to review, process, and use legal process on Australia’s behalf to obtain the electronic data.”

In a more recent submission to a parliamentary inquiry on ‘the capability of law enforcement to respond to cybercrime’ released earlier this month, the Northern Territory Police Force said the process could take between 18 to 24 months.

However, during the 2022 inquiry, Australian National University college of law visiting fellow Andrew Ray said that there is no clear evidence that any existing delays were actually significantly impacting prosecution efforts.

The agreement was primarily driven by the US’ Clarifying Lawful Overseas Use of Data (CLOUD) Act, an American legal framework legislated in 2018 to improve procedures for investigators to obtain data from communications providers based in other jurisdictions.

It is legally underpinned in Australia by the Telecommunications (Interception and Access) Act, which was amended in July 2021 with bipartisan support, ahead of the CLOUD Act Agreement being signed in December 2021. Negotiations on the agreement began in late 2019.

The US only has CLOUD Act Agreements with the United Kingdom and Australia, with negotiations ongoing with Canada and the European Union.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories