Australian police leave strongest part of encryption law untouched, parliament hears

Parts of Australian legislation granting law-enforcement agencies the right to demand access to de-encrypted communications has remain unused since its introduction in 2018, despite demands from Federal Police almost two years ago that the measures were urgently needed.

The head of Australia’s Federal Police force told parliament officials today that law-enforcement agencies had only requested access to data voluntarily, rather than through compulsory notices, prompting criticism from lawmakers over the effectiveness of the controversial measures.

Police Commissioner Reece Kershaw said the police hadn’t been required to use the mandatory request, because industry assistance had been given voluntarily.

Witnesses from the Australian Federal Police were the first of four contributors to more than five hours of public hearings today that will feed into the Parliamentary Joint Committee on Intelligence and Security’s review of Australia’s controversial encryption law. It was the second round of public hearings since an independent review of the law was published earlier this month. A first round of hearings focused on feedback from industry groups.

The law, which grants law-enforcement agencies the right to request access to de-encrypted communications, including services such as Telegram, Viber Messenger and Whatsapp, has been mired in criticism since it was rushed through parliament in late 2018. The law is known in full as the Telecommunications and Other Legislation Amendment (Assistance and Access) Act.

Lawmakers pressed the Federal Police today on claims that the law had improved the efficiency of its operations and weren’t used to counter a terrorism threat until mid-2019, despite the legislation being passed six months prior specifically to respond to terror threats.

Mark Dreyfus, Shadow Attorney General for the opposition Labor Party said there was no evidence to the committee when the law was being drafted to suggest industry had previously been unwilling to aid law-enforcement agencies or refused to provide access.

“If providers were cooperative before and are cooperating now, what’s the basis for an increase in cooperation?” he asked police witnesses, who took the question on notice.

Dreyfus later put the same question to government officials from Australia’s Department of Home Affairs.

Assistant Secretary for the National Security Policy Branch, Andrew Warnes, said while he was careful about accepting Dreyfus’ proposition that if industry was willing before and are still willing to help investigations then nothing has changed.

“What is reasonable and necessary is somewhat amorphous,” Warnes said, prompting Dreyfus to suggest the assessment was based on little more “than a vibe.”

One assurance that Warnes gave today to industry concerns over the law was to its relationship with the US Clarifying Lawful Overseas Use of Data Act, or Cloud Act. The law is intended to govern how US digital services companies such as Amazon, Microsoft and Google comply with domestic and foreign criminal investigations when data is stored overseas.

Warnes said the orders under the Assistance and Access Act “don’t go under [the Cloud Act] at all.”

The government’s implementation of the law will be influenced by the ongoing review underway by the parliamentary committee, as well as the earlier independent review, but officials said today they had no current plans of how to deal with the reports.

The parliamentary report on its review is expected in September.