Regulatory arbitrage and transnational surveillance: Australia’s extraterritorial assistance to access encrypted communications

This article examines developments regarding encryption law and policy within ‘Five Eyes’ (FVEY) countries by focussing on the recently enacted Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) in Australia. The legislation is significant both domestically and internationally because of its extraterritorial reach, allowing the development of new ways for Australian law enforcement and security agencies to access encrypted telecommunications via transnational designated communications providers, and allowing for Australian authorities to assist foreign counterparts in both enforcing and potentially circumventing their domestic laws. We argue that Australia is the ‘weak link’ in the FVEY alliance as – unlike other FVEY members – has no comprehensive enforceable human rights protections. Given this, there is a possibility for regulatory arbitrage in exploiting these new surveillance powers to undermine encryption via Australia. Read More

APF joins a coalition of human rights groups and experts in calling on the Australian government to protect encryption

Today, the Australian Privacy Foundation joins with Electronic Frontiers Australia, Digital Rights Watch, Future Wise, and other domestic and international human rights organisations in asking the Australian government to not pursue legislation undermining encryption, and other tools, policies and technologies critical to protecting individual rights. The 76 organisations, companies, and individuals signatory to this open letter call on government officials to become proponents of digital security and work collaboratively to help law enforcement adapt to the digital era.

This letter was been initiated by global digital rights organisation Access Now. “Australia is facing a choice on cybersecurity and encryption: real security or false,” said Nathan White, Senior Legislative Manager at Access Now. “The country can either be the testing ground for policies that undermine privacy and security in the digital era, or it can be a champion for human rights, leveraging its relationships to raise cybersecurity standards for the next generation. The world is watching.” Read More

MEDIA RELEASE: Australian Privacy Foundation “seriously alarmed” about recent revelations that would allow Australian Signals Directorate to spy on Australians with even less accountability

The Australian Privacy Foundation is seriously alarmed about a recently revealed legislative proposal that would have Australia’s foreign signals intelligence agency, the Australian Signals Directorate (ASD), use its considerable powers to surveil, track, and hack Australian citizens without prior authorisation. This is a dangerous precedent that would remove an already inadequate oversight mechanism that our… Read More

Cross-border access to data – EDRi delivers international NGO position to Council of Europe

Earlier this week, a global coalition of civil society organisations, including the Australian Privacy Foundation, submitted to the Council of Europe its comments on how to protect human rights when developing new rules on cross-border access to electronic evidence (“e-evidence”). The Council of Europe is currently preparing an additional protocol to the Cybercrime Convention. European Digital Rights (EDRi)’s Executive Director Joe McNamee handed the comments over to Mr. Alexander Seger, the Executive Secretary of the Cybercrime Convention Committee (T-CY) of the Council of Europe. Read More

The Australian government is importing spyware – Is that legal?

An Australian Tax Office (ATO) staffer recently leaked on LinkedIn a step-by-step guide to hacking a smartphone.
The documents, which have since been removed, indicate that the ATO has access to Universal Forensic Extraction software made by the Israeli company Cellebrite. This technology is part of a commercial industry that profits from bypassing the security features of devices to gain access to private data. Read More