Australia-US CLOUD Act treaty clears final roadblock

The federal government has been given the all-clear to ratify a treaty with the United States that will expedite the sharing of data for law enforcement purposes after the cross-border agreement was found to be in the national interest.

The Joint Standing Committee on Treaties released its final report on Tuesday, recommending that “binding treaty action be taken” despite lingering concerns with reporting requirements in the agreement.

Australia and the United States reached agreement under the US Clarifying Lawful Overseas Use of Data (CLOUD) Act in December 2021 following two years of negotiations. Legislation for a reciprocal cross-border access regime passed in June 2021.

The treaty will allow Australian law enforcement agencies to request data directly from a US tech company operating in Australian when investigating serious crimes without going through the US government, and vice versa.

Parliament House

The International Production Order (IPO) regime that the treaty will introduce provides an alternative path to the existing Mutual Legal Assistance (MLA) process for authorities to obtain data in days or weeks, rather than months or years.

During the course of the inquiry, representatives from the Attorney-General’s Department said the “significant improvement” in the timeliness of processing would likely lead to an increase in data requests to US providers from Australia.

The same influx of request from US authorities to Australia providers is not expected, however, “based on historical experience in receiving MLA requests from the US and the limitation on what Australian source data can be access under the agreement”.

In its report, the committee said the treaty is “an important tool for Australian agencies to combat the increasingly sophisticated tactics of criminals, in a way that is largely consistent with existing domestic requirements” and, therefore, in the “national interest”.

But the committee also noted several “general concerns”, including that orders issued to Australia providers “would only be exchanged between designated authorities, and even then, may not be disclosed in their entirety if operational or national security concerns are present”.

“While individual providers in Australia would be permitted to report on the aggregate number of orders they may have received, this would not be centralised or coordinated,” the committee said in its report.

“The committee is of the view, that while needing to consider operational and national security, some level of transparency and oversight is necessary in an open and democratic society to ensure the public does not lose confidence in the work governments undertake on their behalf.”

The Australia government would also have “little control or oversight of US executive and judicial decision-making in the process of issuing an order, and that certain requirements under the Privacy Act would not be operationalised under the CLOUD Act agreement”, the committee said.

The Greens were particularly vocal about reporting in its dissenting report, recommending “more qualitative information that contains suitable and appropriate disaggregated data, to increase transparency and provide further context and scope in the use of this agreement”.

The party also said that order should only be used for crimes with a maximum imprisonment of seven years or more, with the existing MLA treaty” adequate” for crimes that hold a maximum term of three years imprisonment.

With the approval of the committee, the Australia-US CLOUD Act agreement is expected to be ratified and operational by the end of 2022, at which time authorities will be able send order under the IPO framework.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories