Following up on a previous post, the Australian government passed the Assistance and Access Bill on December 6, 2018. This piece of legislation was created with a stated goal of accessing data stored by technological companies by law enforcement for criminal law purposes. In essence, the intended goal is to create backdoors and new processes that would allow the collection of data for the protection of national security.
Reaction from data experts seems to be unanimous concern: weakening procedures that protect privacy will likely create vulnerabilities when citizens send and receive messages, emails, and input and exchange sensitive information. Some believe that the intent to access and read encrypted messages without creating a security risk is “unrealistic.” Access to private messages necessitates removing encryption services; in this case, it is extremely likely that the removal of encryption will leave individuals’ personal information at risk.
An interesting critic of the bill has been tech companies, with Apple submitting a formal letter to Parliament regarding its concerns. In the letter, Apple makes a similar argument that weakening encryption will leave citizens more vulnerable. The company used the words “dangerously ambiguous” when referring to the language of the legislation itself.
The letter goes on to mention specific concerns the company has with this bill. An important issue mentioned is a lack of judicial review that accompanies the statute. A quick skim of the bill itself does not seem to show a dedicated section to review processes when requests for data are made. In fact, provisions show that requests are made seemingly at the discretion of security and intelligence agencies, for the broad purposes of “national security, national economic well-being, and the enforcement of criminal law.”
The combination of discretionary requests and lack of oversight can pose a significant threat to human rights in the country. One can imagine that little to no supervision could lead to abuse of powers. Given that there seems to be no judicial procedure that holds agencies and interceptors accountable, there is a chance that personal information could be accessed and reviewed without just cause.
Or, it is possible that decisions might have been reached in a lawful manner; however, that decision might not have been the “proper” one. Deciding whether or not legitimate grounds existed for a request for information is hampered if there is no overlooking body that analyzes the underlying reasoning. An individual’s privacy rights could be at risk if sweeping requests to access personal information are allowed without the opportunity to consider the appropriateness of the request.
This blog post was written by a CCLA Volunteer. Opinions expressed do not necessarily reflect the views of the CCLA.