New Commonwealth laws, which can also be used by State police forces in some cases, allow law enforcement agencies greater potential access to encrypted information, highlighting both security and privacy considerations.
As we come to rely more and more on technology, businesses and individuals need to be able to trust the security and privacy of their data. But what happens when this need conflicts with the needs of law enforcement in gathering information in the course of an investigation? And where does the balance between these two, seemingly conflicting, needs lie?
In answer to these questions, in its final sitting day last year the federal government passed the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (TOLA), which took effect on 9 December 2018.
TOLA established an “industry assistance scheme” by which certain Australian national security, intelligence and law enforcement agencies, including State police in some circumstances, can request or require Australian technology companies (and those that provide products/services in Australia) to provide technical assistance. This arguably weakens the privacy and security measures employed by these companies, and threatens trust in the Australian technology sector.
Under the new law, various government agencies can issue three different types of technical assistance notices:
Compulsory notices can only be issued where the agency considers they are reasonable, proportionate, practicable and technically feasible for enforcing serious criminal law or national security. The relevant agency must consult with the recipient prior to giving a compulsory notice. Importantly, a recipient of a notice is immediately bound by strict confidentiality obligations. A notice may be challenged by judicial review.
Maximum penalties of $10m apply to a company which does not comply with a notice.
The Australian technology industry is concerned that the Act in its current form does not adequately balance security and privacy considerations and may affect their golobal competitiveness, sowing a seed of distrust in the privacy and security of Australian technology products and services.
Further amendments have been proposed to the TOLA. These are currently being reviewed by the Parliamentary Joint Committee on Intelligence and Security. The Committee is scheduled to report by 3 April 2019.
Some of the submissions for further amendment include:
The balancing of rights and obligations is a work-in-progress, particularly in areas such as technology which change faster than the law’s ability to maintain pace.
 Technical assistance requests can be issued by Director General of the Australian Security Intelligence Organisation (ASIO), Director General of the Australian Secret Intelligence Service (ASIS), Director General of the Australian Signals Directorate (ASD) and the chief officer of an “interception agency” (defined to mean the Australian Federal Police (AFP), Australian Crime Commission (ACC) and the Police Force of a State or the Northern Territory).
 Technical assistance notices can be issued by the Director General of ASIO and the chief officer of an “interception agency” (including State police).
 Technical capability notices can only be issued by the Commonwealth Attorney General.
Michael Owens, Partner
Lara Cresser, Senior Associate