The federal government is looking to quickly sign a new bilateral agreement with the US that would allow local authorities with a warrant to directly access user data held by US tech companies.
The new deal would be facilitated by the controversial Clarifying Lawful Overseas Use of Data Act (CLOUD Act), which was recently passed by Congress.
The legislation creates a framework for US law enforcement authorities to directly access data held by US companies on overseas servers, with a warrant.
The bill also allows for new bilateral agreements between the US and other governments, facilitating the reciprocal sharing of requested data on citizens much quicker than is currently possible.
InnovationAus.com understands Law Enforcement and Cyber Security Minister Angus Taylor is planning a US visit in the next fortnight to push for Australia to be among the first countries to sign one of these bilateral data sharing agreements with Washington.
If it were signed, Australian authorities would be able to directly serve US tech companies with warrants to access data and communications on their users, and vice versa.
The legislation outlines that the US would only sign agreements with governments that have robust privacy, human rights and other protections.
If the deal goes ahead, Australian authorities would still need to obtain a warrant, but could then go directly to the relevant tech company to force them to hand over the data.
Such warrants had previously typically been rejected by the US and other overseas governments due to legal uncertainties and difficulties.
The CLOUD Act has been criticised by civil liberty and digital rights groups in the US, with claims it “undermines the rights of individuals both inside and outside the US”.
A spokesperson for Mr Taylor said the protection of data would be at the forefront of a potential partnership.
“The specifics of an agreement would be a matter for negotiation, but one of the key aims of the CLOUD Act is to improve the privacy outcomes for customers, including Australians,” the spokesperson told InnovationAus.com.
“The CLOUD Act mandates that countries that enter into agreements are subject to requirements to respect and uphold the rule of law and human rights.”
“Any bilateral agreement under the CLOUD Act would strengthen the protections for data held by communications service providers by ensuring consistent, strong restrictions on access, no matter where your data is held.
“Australians’ data is already protected by a number of Acts, including the Privacy Act and strong laws governing lawful access to communications. Those protections would continue in any agreement with the US.”
In a statement on Sunday, Mr Taylor welcomed the passing of the CLOUD Act, saying it will help authorities around the world to combat “serious crime”.
“The CLOUD Act will greatly improve the efficiency of law enforcement’s access to the information they need to do their job and strengthen protections of people’s data, no matter where their data is held,” Mr Taylor said.
“Timely access to electronic data held by communications service providers is an essential component of government efforts to protect public safety and combat serious crime, including terrorism, child sex offences and organised crime,” Mr Taylor said.
The new Act was borne out of a protracted court battle, where Microsoft refused to hand over to US authorities the emails of an American citizen that were stored on an Irish server.
Under the new Act, if the US authorities had a lawful warrant, Microsoft would now be forced to hand over the data.
The prospect of these bilateral deals and other aspects of the CLOUD Act have been criticised by several US civil rights and digital rights groups in an open letter.
“We believe the CLOUD Act undermines privacy and other human rights, as well as important democratic safeguards,” the letter states.
“The alternative framework created by the bill fails to protect the rights of Americans and individuals abroad, and would place too much authority in the hands of the executive branch with few mechanisms to prevent abuse,” it said.
The groups raised specific concerns with the bilateral agreements that Australia is pushing for.
“These agreements would permit foreign governments to obtain wiretaps and stored communications, including those that contain information about Americans, directly from US technology companies without review by the Department of Justice, or approval from a US judge…this framework creates numerous problems,” the groups said.
“The CLOUD Act would allow the executive branch to enter into agreements with foreign governments – without congressional approval.”
Electronic Frontiers Foundation also slammed the new legislation, labelling it a “dangerous expansion of police snooping on cross-border data” that “diminishes the data privacy of people around the world”.
The bill does have the support of some of the biggest tech companies in the world, with Microsoft, Apple, Google and Facebook issuing a joint statement saying it marks “notable progress to protect consumers’ rights”.