Australia’s controversial encryption busting law needs further amendments to clarify vague language and add appropriate judicial oversight, according to the Office of The Australian Information Commissioner. Despite increased scrutiny and multiple submissions by the OAIC, several “privacy impacts remain that require further mitigation”.
In its latest submission to the Parliamentary Committee reviewing the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, the privacy watchdog has called for further clarification of the terms in the act which which continue to generate controversy.
The Act allows security agencies to force companies to provide access to encrypted conversations through access notices but prohibits them from requesting access that would create a “systemic weakness” or “systemic vulnerability”. Definitions for those terms were only added following pushback from the technology community. Among their fears was adding access to encrypted communication would undermine software products, thereby reducing confidence in the Australian market.
According to the OAIC the definitions which have subsequently been added still aren’t clear, despite the agency already raising the issue in February. The laws came into effect last December and are already in use.
“Clearly defining the terms would provide clarity as to the intended scope of the limitation, which in turn would assist in determining whether the privacy impacts of a notice were reasonable, necessary and proportionate in the circumstances,” the submission, signed by Australian Information Commissioner and Privacy Commissioner Angelene Falk, says.
- Read more: Encryption Bill Incompatible With GDPR, US Law, Says Law Council Of Australia
- Tech Giants, Civil Groups Continue To Press Government On Encryption Laws
- Industry Argues Encryption Laws A “Body Blow” For Local Tech Sector
The submission also calls for the more judicial oversight in the authorisation of access notices. The OAIC wants warrants to be required before agencies can issue access notices, or, if that recommendation is rejected, an allowance for judicial review under the Administrative Decisions (Judicial Review) Act 1997. Currently the encryption access laws are not subject to judicial review under the act.
“This would provide judicial review avenues under both the ADJR Act and the original jurisdiction of the High Court or the Federal Court of Australia,” the submission says.
The OAIC and several other stakeholders have consistently made requests for clearer terms and more oversight in both initial consultation on the bill and since it was passed. A report from the Joint Standing Committee Intelligence and Security currently reviewing amendments is due in April 2020 but the government has indicated it will extend the deadline to June.