Please change your location to view this page.
This page contains content that does not match your current location
On the final day of Parliament for 2018 (6 December), and in the midst of some criticism, the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Cth) (referred to in this summary as the Encryption Act) passed both Houses of the federal Parliament. The Encryption Act commenced on 9 December 2018.
According to the Explanatory Memorandum, the Encryption Act is designed to improve the ability of Australian law enforcement and security agencies to better respond to the challenges presented by encryption in detecting intrusions into Australian computer networks and in the investigation of serious crimes (including organised crime, terrorism, smuggling and sexual exploitation of children).
There may be some circumstances where not-for-profit community organisations may be impacted by the Encryption Act. We have outlined key features that may be of interest to community organisations below.
Covert computer access warrants
Law enforcement officers may now obtain warrants (under the Surveillance Devices Act 2004 (Cth)) that allows them to covertly seize and access data. This means the law enforcement agency can do anything reasonably necessary to conceal the fact that anything has been done under the warrant (this can include removing a computer from a premise and returning it if, for example, the agency needs to use specialist equipment to access the computer). Similar warrants are also available to ASIO.
These warrants can be issued in a number of situations including in relation to suspected Commonwealth offences punishable by a maximum term of 3 years or more imprisonment or child recovery matters.
Increased access to data in search warrants
From 9 December, warrants that are issued under s3E of Crimes Acts 1919 (Cth) now permit:
- an executing officer (that is, a person named in or issuing a warrant) to obtain access to data and account-based data. This could include data associated with, for example, email accounts, Facebook accounts, Instagram accounts and WhatsApp accounts; and
- data to be accessed remotely; and
- permit a computer or data storage device to be moved to another place for analysis for 30 days (rather than 14 days).
Furthermore, the penalty for failing to comply with an order under this section requiring assistance to be given to the law enforcement agencies has increased to up to 10 years imprisonment.
The Encryption Act allows law enforcement and security agencies to request that communication service providers undertake certain actions that would assist the agency intercept and decrypt communications. The required actions are either voluntary (Technical Assistance Requests) or mandatory (Technical Assistance Notices and Technical Capability Notices).
However, you can only be issued a notice if you are a ‘designated communication provider’. This primarily captures the telecommunications industry (for example carriage service providers and companies that supply hardware or software relating to a carriage service). However, companies who supply an “electronic service” that allow end users to access material via a carriage service (for example a secure messaging application) are also included.
The future of the Encryption Act…
Although the Encryption Act has come into force, there is a possibility that it may be subject to amendments early in 2019. In particular, the Australian Labor Party has indicated that it may raise a number of amendments when Parliament resumes in 2019 and the Parliamentary Joint Committee on Intelligence and Security is due to provide a report on the Encryption Act in April 2019. Watch this space…