CLOUD on the horizon

10 January 2020
Michael Owens, Partner, Brisbane

Australia and the United States (US) have recently entered into negotiations for a bilateral agreement that would enable law enforcement agencies in each country to more easily obtain access to electronic information held by communications service providers (CSPs) in the other country.[1]

Electronic communications services, including social media, are increasingly being used to facilitate illegal activities, making the information generated by these services a vital source of evidence for the investigation and prosecution of crimes.

The bilateral agreement, to be made under the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act), would streamline the process of obtaining electronic evidence stored on foreign soil in cases involving serious crime or terrorism. The CLOUD Act was enacted in the US in 2018 to allow law enforcement agencies to compel CSPs to provide requested electronic information stored on servers, regardless of whether the information is stored in the US or internationally. The first bilateral agreement made under the CLOUD Act was entered into by the US and the United Kingdom in October 2019.

Australian law enforcement agencies could benefit significantly from the proposed CLOUD Act agreement as a great deal of electronic information is presently held by CSPs in the US.[2]>

Currently, evidence (including electronic information) can be obtained by arrangements between law enforcement agencies in Australia and the US in accordance with the mutual legal assistance (MLA) process. Under the existing Australia-US Mutual Legal Assistance Treaty (MLAT), the central authority in each country must handle any requests for assistance. In recent years, the number of MLAT requests has increased dramatically, leading to slower response times.[3]

The proposed bilateral agreement would shorten delays in the MLA process by providing an expedited framework to enable Australian law enforcement agencies to serve domestic orders for the production of electronic information directly on CSPs in the US, and vice versa.[4] The agreement is intended to supplement rather than replace the MLA process, which will continue to be an option in cases not covered by the agreement.[5]

However, Australia’s encryption laws could potentially jeopardise negotiations relating to the CLOUD Act agreement with the US. The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (Encryption Act) gives Australian law enforcement agencies powers to require CSPs to assist with decryption of encrypted messages, such as texts sent via WhatsApp. This raises the possibility that Australia may not meet some of the minimum legal standards required by the CLOUD Act, which stipulates, for example, that any bilateral agreement must not create obligations on CSPs to decrypt data.[6]

A review of the Encryption Act has already commenced, with a report due in April 2020, focusing on whether it contains appropriate safeguards for protecting the rights of individuals and remains proportionate to any threat of terrorism or threat to national security. The outcome of the review will impact on the ultimate success of negotiations relating to the CLOUD Act agreement.

Key takeaway

If negotiations are successful, and the proposed Australia-US bilateral agreement under the CLOUD Act is formalised, law enforcement agencies in Australia will be able to serve domestic orders for the production of electronic information directly on CSPs in the US, and vice versa. This will help to expedite investigations and prosecutions for serious crimes and terrorism by allowing law enforcement to circumvent the protracted MLA process and liaise directly with CSPs storing relevant electronic information.


[1] https://minister.homeaffairs.gov.au/peterdutton/Pages/australian-negotiation-cloud-act.aspx
[2] ‘Promoting Public Safety, Privacy, and the Rule of Law Around the World’, page 10, at https://www.justice.gov/dag/page/file/1153466/download
[3] ‘Promoting Public Safety, Privacy, and the Rule of Law Around the World’, page 10, at https://www.justice.gov/dag/page/file/1153466/download
[4] https://minister.homeaffairs.gov.au/peterdutton/Pages/australian-negotiation-cloud-act.aspx
[5] ‘Promoting Public Safety, Privacy, and the Rule of Law Around the World’, page 11, at https://www.justice.gov/dag/page/file/1153466/download
[6] The CLOUD Act, available at https://www.justice.gov/dag/page/file/1152896/download\
Authored by:

Michael Owens, Partner
Lisa Harden-Parnell, Associate

This update does not constitute legal advice and should not be relied upon as such. It is intended only to provide a summary and general overview on matters of interest and it is not intended to be comprehensive. You should seek legal or other professional advice before acting or relying on any of the content.

Get in touch