Abstract
This article examines developments regarding encryption law and policy within ‘Five Eyes’ (FVEY) countries by focussing on the recently enacted Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) in Australia. The legislation is significant both domestically and internationally because of its extraterritorial reach, allowing the development of new ways for Australian law enforcement and security agencies to access encrypted telecommunications via transnational designated communications providers, and allowing for Australian authorities to assist foreign counterparts in both enforcing and potentially circumventing their domestic laws. We argue that Australia is the ‘weak link’ in the FVEY alliance as - unlike other FVEY members - has no comprehensive enforceable human rights protections. Given this, there is a possibility for regulatory arbitrage in exploiting these new surveillance powers to undermine encryption via Australia.
Highlights
Since the Snowden revelations in 2013 an ongoing policy issue has been the legitimate scope of surveillance, and the extent to which individuals and groups can assert their fundamental rights, including privacy
There has been a renewed focus on policies regarding access to encrypted communications, which are part of a longer history of the ‘cryptowars’ of the 1990s. We examine these provisions in the Anglophone ‘Five Eyes’ (FVEY) 1 countries - Australia, Canada, New Zealand, the United Kingdom and the United States (US) - with a focus on those that attempt to regulate communications providers
The AA Act introduces wide powers for Australian law enforcement and security agencies to request, or mandate assistance in, communications interception from a wide category of communications providers, internet and equipment companies, both in Australia and overseas, and permits foreign agencies to make requests to Australian agencies to use these powers in the enforcement of foreign laws
Summary
Since the Snowden revelations in 2013 (see e.g., Lyon, 2014; Lyon, 2015) an ongoing policy issue has been the legitimate scope of surveillance, and the extent to which individuals and groups can assert their fundamental rights, including privacy. 7 Section 253 allows a government minister, subject to approval by a 'Judicial Commissioner', to issue a ‘Technical Capability Notice’ (TCN) to any communications operator (which includes telecommunications companies, internet service providers, email providers, social media platforms, cloud providers and other ‘over-the-top’ services), whether UK-based or anywhere else in the world, imposing obligations on that provider.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
