Revised data laws encryption laws explained

I am often asked by clients, how people can get into their encrypted messages. There are many ways that this can happen, but from a government viewpoint only; the following excerpts from an article by Griffin legal breaks down the 2018 legislation.

A controversial shake up to Australia data laws came into force in December 2018.

The telecommunications and other legislation amendment (assistance and access) Act 2018 (the Amendment) amended several pieces of legislation to enable the Government to access the communications of individuals in the name of national security.

The amendment was passed to make it easier to investigate suspected criminal activity in an age of data becoming increasingly encrypted.

Whilst the amendment doesn’t allow the government to de-crypt an individual’s data, it does allow them to intercept it wither before encryption has taken place or after it has been decrypted by users.

Summary of changes

The amendment enables the Government to:

  • Issue: “technical assistance requests” (TAR) to communications providers, asking that they voluntarily assist in providing access to devices, removing electronic protection or providing technical information.
  • Issue: “technical assistance notices” (TAN) to communications providers, demanding that they use their current systems to enable access to or interception of certain data/ communications.
  • Issue: ”technical capability notice” (TCN) to communications providers, demanding that they create a new capability which would allow interception by ASIO;
  • Expand their powers of interception and concealment in the area of computer access warrants.
  • Enhance their ability to remotely collect evidence from electronic devices under warrant.

What does it mean for compliance?

Although the Government held consultation with tech giants such as Apple, Google, Facebook, Telstra and Optus – these laws are set to have a big impact on smaller communications companies.

Tech companies will need to be aware of these changes and understand the difference between a compulsory and voluntary request. Failure to comply with a TAN and TCN will result in significant fines for communications companies.

The whole article can be seen here:

https://griffinlegal.com.au/data-encryption-laws/

author avatar
Dee Ridge