Under the Australia-US CLOUD Act Agreement, which was signed between the two countries on Dec. 15, 2021, Australian and U.S. intelligence and law enforcement agencies will be allowed timely access of data on serious crimes from alleged criminals, including in cases of child sexual abuse, ransomware attacks, terrorism, and the sabotage of critical infrastructure over the internet.
In March 2018, the U.S. Congress passed the Clarifying Unlawful Overseas Use of Data (CLOUD) Act, which allows both foreign and US investigators to obtain access to electronic data held by communication service providers, such as Google, Facebook, Apple and messaging apps.
Speaking at a public hearing on Sept. 14, Andrew Warne, the Attorney-General’s first assistant secretary for the Electronic Surveillance and Law Enforcement Policy Division, said the treaty would expedite the process of obtaining data from the U.S.
Currently, requests that are made through the existing mutual legal assistance avenue can take more than 12 months to be approved.
“I don’t think we can understate the positive impact that we’re expecting this to have on criminal investigations,” Warnes said.
The new IPO under the Telecommunications Act will enable a designated authority in Australia to issue requests directly to U.S. providers without a request being reviewed by U.S. government agencies and courts and vice versa.
Warne said that using an IPO via the designated authority to a US provider could actually reduce the response time to just “hours.”
“[Companies] don’t quite think that’s quite realistic, but we do think it will reduce it to days or weeks, rather than months or years,” he said.
Warnes said that currently, only the “absolute top, top end” most serious cases were going ahead and that under the new treaty, more cases would be heard in court.
“The biggest thing that gets missed here sometimes is it’s the investigations that aren’t happening,” Warnes said, adding that at present, officers with big caseloads might move on when they realise they require mutual legal assistance as part of their investigation.
U.S. Attorney General Merrick Garland said: “This Agreement paves the way for more efficient cross-border transfers of data between the United States and Australia so that our governments can more effectively counter serious crime, including terrorism while adhering to the privacy and civil liberties values that we both share.”
However, permission would be needed from the Australian government if evidence was to be used in a case that resulted in the death penalty, and Australian agencies cannot target a US citizen, the public hearing committee was told.
Concerns and Safeguards
Critics also remain concerned about data protection and the reach of U.S. intelligence agencies into Australia.
But Warnes said “very few” requests were expected from the U.S., and all work must be justified.
The Department of Home Affairs states that the agreement ensures Australia’s commitment to human rights, civil liberties, the rule of law, principles of non-discrimination and the protection of privacy.
“There’s multiple checks and balances in this agreement,” he said.
Orders for data must be specific and tied to the prevention, detection, investigation or prosecution of serious crime.
“It can’t be a bulk-data fishing exercise, that is not at all what is contemplated,” he said.
He said there must be a target person or target account, whether it’s Google, Facebook, Apple or messaging apps.
Australia was the second country after the United Kingdom to sign an agreement with the US to access data.
The treaty must be reviewed by the Australian parliament and the US Congress before it enters into force, which is expected by the end of 2022.
AAP contributed to this report.