US DoJ on encryption laws and the CLOUD Act


Denham Sadler
Senior Reporter

The nation’s controversial encryption laws will not stand in the way of Australia securing an expedited data-sharing deal with the United States, the US Justice department said in a submission to a parliamentary inquiry.

The Australian government is in the final stages of negotiating a CLOUD Act agreement with the US. This would allow faster access to data held by US-based companies for Australian authorities and vice versa, without a need to go through the local authorities.

It would be a faster and more efficient process compared to the current mutual assistance notice system, according to the government.

Capitol Hill
Assurances: US Justice says encryption laws won’t stymie CLOUD cooperation

But there have been ongoing concerns that the federal government’s encryption-busting powers, the so-called TOLA Assistance and Access laws passed by Parliament at the end of 2018, would make Australia ineligible for a CLOUD Act deal.

In a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) inquiry, the US Department of Justice has said there is no issue with the encryption laws’ compatibility with the CLOUD Act.

“It is the view of the US Department of Justice that there is nothing in Australia’s Assistance and Access Act that would preclude or prevent the conclusion of a CLOUD Act agreement between our governments,” US deputy assistant attorney-general Richard Downing said in the submission.

The US CLOUD Act states that to qualify for an agreement, a country must afford “robust substantive and procedural protections for privacy and civil liberties in light of the data collection and the activities of the foreign government that will be subject to the agreement”.

In October last year US House of Representatives Judiciary Committee chair Jerrold Nadler wrote to home affairs minister Peter Dutton to raise concerns that the encryption legislation “may undermine” a CLOUD Act agreement.

But Mr Downing said the CLOUD Act only requires other countries to be “encryption neutral”, meaning that the deal “shall not create any obligation that providers be capable of decrypting data or limitation that prevents providers from decrypting data”.

“This means that CLOUD Act agreements may not create any new requirement on service providers to decrypt communications, nor may CLOUD Act agreements prevent or limit service providers from assisting in decryption,” Mr Downing said.

“In short, CLOUD Act agreements may not prevent partner countries from addressing encryption requirements in their own domestic laws. This neutrality allows for encryption issues to be discussed and addressed separately among governments, companies and other stakeholders pursuant to domestic law and policy, and addressing such requirements in domestic law does not affect a country’s eligibility for a CLOUD Act agreement.”

Mr Downing met with PJCIS chair Andrew Hastie and shadow home affairs minister Kristina Keneally in Sydney in February to discuss the issue. Labor had previously used concerns about Australia’s CLOUD Act eligibility to push for amendments to the encryption legislation in the Senate.

Legislation paving the way for Australia to enter into a CLOUD Act agreement is before Parliament and is also the subject of a PJCIS inquiry. There have been calls for this inquiry and the passing of the legislation to be put on hold due to the ongoing COVID-19 pandemic.

But in the submission, Mr Downing said the two countries are still in discussions over the “conclusion of an agreement”.

“We hope that we can continue to make progress despite the strained circumstances caused by the COVID-19 pandemic,” he said.

Do you know more? Contact James Riley via Email.

Leave a Comment