A controversial shake up to Australia’s data laws came into force in December 2018. The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (the Amendment) amended several pieces of legislation to enable the Government to access the communications of individuals in the name of national security. The Amendment was passed to make it easier to investigate suspected criminal activity in an age of data becoming increasingly encrypted.
Whilst the Amendment doesn’t allow the Government to de-encrypt an individual’s data, it does allow them to intercept it either before encryption has taken place or after it has been decrypted by users.
Summary of changes
The Amendment enables the Government to:
- Issue “technical assistance requests” (TAR) to communications providers, asking that they voluntarily assist in providing access to devices, removing electronic protection or providing technical information;
- Issue “technical assistance notices” (TAN) to communications providers, demanding that they use their current systems to enable access to or interception of certain data/communications;
- Issue “technical capability notice” (TCN) to communications providers, demanding that they create a new capability which would allow interception by ASIO;
- Expand their powers of interception and concealment in the area of computer access warrants; and
- Enhance their ability to remotely collect evidence from electronic devices under warrant.
What does it mean for compliance?
Although the Government held consultations with tech giants such as Apple, Google, Facebook, Telstra and Optus – these laws are set to have a big impact on smaller communications companies.
Tech companies will need to be aware of these changes and understand the difference between a compulsory and voluntary request. Failure to comply with a TAN or TCN will result in significant fines for communications companies.
Now over 7 months on, we are beginning to feel the ripple effects of the law’s implementation. The laws have also impacted on many businesses’ privacy practices, including careful analysis of storing data overseas and jurisdiction shopping.
For more information on your requirement to comply with the Amendment or the relevant privacy legislation, please contact our office.