Revised data encryption laws explained

laptop in the dark with code

A controversial shake up to Australia’s data laws came into force in December 2018. The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (the Amendment) amended several pieces of legislation to enable the Government to access the communications of individuals in the name of national security. The Amendment was passed to make it easier to investigate suspected criminal activity in an age of data becoming increasingly encrypted.

Whilst the Amendment doesn’t allow the Government to de-encrypt an individual’s data, it does allow them to intercept it either before encryption has taken place or after it has been decrypted by users.

Summary of changes

The Amendment enables the Government to:  

  • Issue “technical assistance requests” (TAR) to communications providers, asking that they voluntarily assist in providing access to devices, removing electronic protection or providing technical information;
  • Issue “technical assistance notices” (TAN) to communications providers, demanding that they use their current systems to enable access to or interception of certain data/communications;
  • Issue “technical capability notice” (TCN) to communications providers, demanding that they create a new capability which would allow interception by ASIO;
  • Expand their powers of interception and concealment in the area of computer access warrants; and
  • Enhance their ability to remotely collect evidence from electronic devices under warrant.

What does it mean for compliance?

Although the Government held consultations with tech giants such as Apple, Google, Facebook, Telstra and Optus – these laws are set to have a big impact on smaller communications companies.

Tech companies will need to be aware of these changes and understand the difference between a compulsory and voluntary request. Failure to comply with a TAN or TCN will result in significant fines for communications companies.

Now over 7 months on, we are beginning to feel the ripple effects of the law’s implementation. The laws have also impacted on many businesses’ privacy practices, including careful analysis of storing data overseas and jurisdiction shopping.

For more information on your requirement to comply with the Amendment or the relevant privacy legislation, please contact our office.

Related Articles

modern data breach

Unpacking modern Data Breaches: Is your data safe?

In November 2018, the Australian National University (ANU) suffered a massive data breach where up to 19 years of sensitive and personal data were obtained by an unknown hacker. The ANU has said that the hack not only affected students and professionals in Canberra but that it had the potential to affect a number of …
Read more

COVIDSafe: The latest government app and what it means for your privacy

The Federal Government have just released their highly anticipated COVIDSafe App to help monitor the spread of novel Coronavirus (COVID-19). Of key concern to many is the privacy implications of downloading and using the App. There is much discussion regarding how much data the App collects, who can access the data and how that data …
Read more