Australia encrypted data bill passes first hurdle

Legislation seen as a test-case for tech firms, but faces fight in parliament’s upper house amid privacy concerns.

Tech encryption
Australia wants to compel tech firms to hand over encrypted data [Martin Meissner/AP Photo]

A bill to force technology firms including Google, Facebook and Apple to give police access to encrypted data was passed by Australia’s lower house of parliament on Thursday, pushing it closer to becoming a precedent-setting law.

The proposal, opposed by the tech giants because Australia is seen as a test case for other nations who want to explore similar rules, faces a sterner test in the upper house where there are concerns about privacy and information security.

Under the bill, companies that fail to hand over data linked to suspected illegal activities would face a fine of as much as 10 million Australian dollars ($7.3m) while individuals could face a prison sentence.

Earlier in the week, the bill, with some amendments, appeared to have enough support to be passed.

But the main opposition Labor party said on Thursday the bill could undermine data security and jeopardise future information sharing with authorities in the United States.

“A range of stakeholders have said there is a real risk that the new powers could make Australians less safe … (by) weakening the encryption that protects national infrastructure,” Labor’s Mark Dreyfus told parliament.

Privacy, safety concerns

The proposed laws could also scupper cooperation with US authorities because they lack sufficient privacy safeguards, Dreyfus said.

Labour voted the bill through the lower house, but was still negotiating with the government on the issue and would debate it in the Senate, he added.

Thursday was the last parliamentary sitting day of the year. The next session is in February so the impasse could delay the law for months with an election due by May.

The government has said the proposed laws are necessary to counter attacks by armed groups and organised crime, and security agencies would need to seek warrants to access personal data.

“I will fight to get those encryption laws passed,” Prime Minister Scott Morrison told reporters in Canberra after Dreyfus spoke. “I want to see our police have the powers they need to stop terrorists.”

Technology companies have strongly opposed efforts to create what they see as a back door to users’ data, an issue underlined by Apple’s refusal to unlock an iPhone used by an attacker in a 2015 shooting in California.

Representatives of Google, Amazon and Apple did not respond immediately to a request for comment by the Reuters news agency.

Hacking risk

Apple said in a public submission to legislators that providing access to encrypted data would necessitate weakening the encryption and would increase the risk of hacking.

The Digital Industry Group Inc (DIGI), whose members include Facebook, Apple, Google, Amazon and Twitter, said in a statement that the Australian legislation was “out of step” with other countries that had strong national security concerns.

“Several critical issues remain unaddressed in this legislation, most significantly the prospect of introducing systemic weaknesses that could put Australians’ data security at risk,” DIGI said.

If the bill does become law, Australia would be one of the first nations to impose broad access requirements on technology companies, but others may follow.

The Five Eyes intelligence network, made up of the US, Canada, Britain, Australia and New Zealand, have each repeatedly warned national security was at risk because authorities were unable to monitor the communications of suspects.

Source: Reuters