Australia is all set to adopt one of the toughest regulations in matters related to denying data access to investigators. The proposed new Australian cyber security law comes at a time when other Western countries are looking to devise their own rules on the matter.
New Australian cyber security law – what’s the need?
Existing Australian legislation awards up to two years of imprisonment in case anyone tries to restrict investigators access. However, the new Australian cyber security law, which is now up for public consultation, talks about increasing the jail term from two years to ten years. The bill would appear for a vote later this year.
According to the Federal Government in Australia, the current legislation is out of date as they were drafted when the Australians would call each other on their landlines, office phones and email was nonexistent. However, in the current scenario, mobile phones have become a life-line, and the use of messaging apps is a common medium of communication.
In such an environment, the police are worried about terrorists planning attacks and pedophiles hunting down children without the fear of being monitored.
“In the last 12 months, 200 cases have arisen where our investigations for serious crimes have been impacted by our inability to access that data under the existing legislation,” Cyber Security Minister Angus Taylor says, according to abc.net.au.
“Encryption and other forms of electronic protection… are being employed by terrorists, child sex offenders and criminal organisations to mask illegal conduct,” the new Australian cyber security law reads. Further, it says that the misuse of modern communication technology for illegal activities comes as a significant hurdle in the lawful access of communication by Australia’s law enforcement and national security agencies.
The proposed bill gave an example of a pedophile rapist, who used mobile messenger to offer drugs to underage teens in exchange for sex. To better equip the law enforcement agencies in handling such cases, the government has decided to let the authorities access some mobile phone data, given they have a valid search warrant.
According to the authorities, such rules would help the spy agencies and law enforcement to put a restraint on the criminal activities through phones and the internet. The Department of Home Affairs believes that the document is seeking a “reasonable and proportionate response” to such violations.
Making tech companies more accountable
The proposed new Australian cyber security law would also hold communication companies accountable if they fail to provide the details of any individual. When asked, the tech companies would have to hand over customer data, or else could face a fine of up to A$10 million ($7 million).
We can’t afford to give terrorists and paedophiles a place to hide. Our new Assistance and Access Bill will modernise law enforcement and national security investigations in a digital age without requiring companies to weaken their systems. https://t.co/BXFK1HDOGG
— Angus Taylor MP (@AngusTaylorMP) August 14, 2018
Further, the draft extends to both domestic and international service providers, which will now be required to hand over the data to the authorities when asked. This stands in stark contrast to the current arrangement, where only the domestic telecommunication providers were bound by the law enforcement investigation.
“We have had very productive meetings with industry partners based both in Australia and offshore to discuss these reforms. This Bill reflects those conversations,” Taylor said.
No threat to encryption
The government, however, maintains that these laws are not meant to make encryption weaker. Addressing concerns of the privacy advocates, the government stated that the authorities would not ask the companies to break the encryption, where they do not hold the “Golden Key.” The government stated that encryption plays a crucial role in protecting Australians, and therefore, the question of legislation asking companies to weaken those encryptions does not arise.
For instance, Apple cannot be compelled to have a backdoor for the iMessage because every user has different encryption keys. However, Apple’s iCloud services use a single encryption key, something that the government can ask for access to.
The U.S., on the other hand, has a rather liberal approach in such a scenario. There have been debates if such access requests from the police, with or without a warrant, is a breach of the constitutional right. In July, a man in Florida was imprisoned for six months for contempt of court. The suspected drug arrest failed to grant access to his phone communication. In the UK also, such cases are seen as contempt of court, but the sentences have usually been less than a year.
