International Production Orders Bill will give ASIO access to encrypted communications

The spy agency said the Bill would help it fulfil its function of protecting Australia from violent, clandestine, and deceptive efforts to harm Australians and undermine the nation's sovereignty.

Free PDF

Australia’s encryption laws: An insider’s guide

Australia now has world-first encryption laws. This guide explains what the laws can do, what they cannot do, and how Australia ended up here.

Read More

The Australian Security Intelligence Organisation (ASIO) has shown its support for the Bill, paving the way for Australia to obtain a proposed bilateral agreement with the United States for implementing the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act).

In a submission [PDF] to the Parliamentary Joint Committee on Intelligence and Security (PJCIS), ASIO said the Telecommunications Legislation Amendment (International Production Orders) Bill 2020 (IPO Bill) is a "key mechanism to enable ongoing and reliable access to a broad range of data and communications sourced from offshore providers".

The IPO Bill is intended to amend the Telecommunications (Interception and Access) Act 1979 (TIA Act) to create a framework for Australian agencies to gain access to stored telecommunications data from foreign designated communication providers in countries that have an agreement with Australia, and vice versa.

The Bill is a precondition for Australia to obtain a proposed bilateral agreement with the United States in order to implement the CLOUD Act. The CLOUD Act creates a legal framework regulating how law enforcement can access data across borders.

A bilateral CLOUD Act agreement would enable Australian law enforcement to serve domestic orders for communications data needed to combat serious crime directly on US-based companies, and vice versa.

Specifically, ASIO said passage of the Bill would allow it access to encrypted communications stored overseas.

"Australia has seen a steady shift to encrypted Internet Protocol (IP)-based communications over the past decade, with the majority of these services provided by offshore companies," it wrote. "This shift in communications practices has naturally been mirrored by the subjects of ASIO's investigations."

Must read: Terrorism, espionage, and cyber: ASIO's omne trium perfectum

ASIO said as companies that provide encrypted IP communications services are mostly based offshore -- meaning they often fall outside the legal frameworks in Australia that authorise interception of communications or disclosure of telecommunications data -- such communications are therefore not accessible to ASIO or, when collected through warranted interception via onshore providers, are encrypted and unusable.

"The Bill seeks to enable access by agencies such as ASIO to data controlled by technology companies located offshore, where such access is for national security purposes. It will enable ongoing and reliable access to a broad range of data and communications sourced directly from offshore providers," it said.

"Legislation that supports ASIO's ability to fulfil its function to obtain, correlate, and evaluate intelligence relevant to security is essential."

ASIO said the Bill would provide it with a clear legal mechanism to seek access to data and communications, and that it would help ensure consistent and reliable access in support to investigations.

"By enabling ongoing and reliable access to data and communications sourced from offshore providers, where such access is for national security purposes, the Bill will assist us to fulfil our function of protecting Australia from violent, clandestine, and deceptive efforts to harm Australians and undermine Australia's sovereignty," it said.

MORE ON THE IPO BILL