Australia’s Anti-Encryption Laws Contradict US and EU Privacy Laws

The bad news keeps rolling in for Australia’s anti-encryption law. This time, some are pointing out that it contradicts American and European privacy laws.

Late last month, we brought your news about how companies are now blacklisting Australia over their anti-encryption laws. While some are saying it’s a perceived compliance burden, it seems law experts are pointing out that complying with Australian laws means you are breaking privacy laws in Europe and the United States. From ZDNet:

In a submission to the Parliamentary Joint Committee on Intelligence and Security’s encryption law review, the Law Council said Australian law enforcement will have to continue seeking data through the slower mutual legal assistance treaties (MLAT), rather than the expedited service the CLOUD Act would offer once Canberra and Washington enter into an agreement.

“The Law Council considers that the current law in Australia as it relates to storing and accessing telecommunications data will be insufficient to allow Australia to qualify for entry into an ‘executive agreement’ with the US,” the Council said.

The Law Council’s reasoning said Australia fell foul of the need for orders to US companies to be “specific and identify the relevant individual, account, address or personal device or another specific identifier”, as well as the fact that US companies cannot be compelled to break US law.

“In this context, the requirements under the Assistance and Access Act and the CLOUD Act clearly differ, as the US law does not allow for the mandating of the decryption of data as is now permitted under Australian law,” it said.

This falls in line with criticisms we’ve seen earlier on in the debates. If companies have to decrypt communications for law enforcement, then they are violating the privacy rights of users. As such, following the laws in Australia means breaking the laws in other countries. While the criticisms we’ve seen in the past only covered the General Data Protection Regulation (GDPR), this is the first criticism that involves American privacy laws.

This legal catch twenty two will likely cause some multinational companies to think twice before even touching Australia’s economy. Already, we are seeing word of a mass innovation and investment exodus from the country already. These latest comments will likely solidify the push out of the country.

Drew Wilson on Twitter: @icecube85 and Facebook.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.