Australia’s new cyber laws impose hefty fines on tech companies

The Assistance and Access Bill was passed on Tuesday in a bid to reduce criminal activities

Australia has passed new cyber laws in an effort to crack down on criminal operations. Tech companies could receive fines of up to $10 million if they choose to retain requested encrypted data.

Back in June, Australia’s Cyber Security Minister Angus Taylor sought to “modernise” existing cyber laws. The Turnbull government have now passed the legislation to gain “access to information for holding criminals and terrorists to account for investigations and gathering evidence.”

The past legislation negatively impacted over 200 criminal investigations, according to Taylor. He added that “more than 90% of data lawfully intercepted by the Australian Federal Police now uses some form of encryption.”

The Assistance and Access Bill grants Australian law enforcement the power to access encrypted information from tech companies. Technical Assistance Request (TAR) allows agencies to ask providers for voluntary assistance.

If a company refuses to comply, they will receive a compulsory Technical Assistance Notice (TAN). This imposes fines of up to $10 million for providers, and fines of up to $50,000 for non-compliant individuals.

The Attorney General will issue the final order. The Technical Capability Notice (TCN) forces tech giants to build tools that allow law enforcement authorities access to encrypted communications.

Taylor said “we know that more than 90% of data lawfully intercepted by the Australian Federal Police now uses some form of encryption.” “We must ensure our laws reflect the rapid take-up of secure online communications by those who seek to do us harm,” he added. 

The laws target companies that provide communications services, like Whatsapp. Nevertheless, authorities will require a warrant or authorisation to implement the legislation.

The bill reads “the new powers will have no effect to the extent that requirements would reasonably make electronic services, devices or software vulnerable to interference by malicious actors.” Despite this, the government said it has “no interest in undermining systems” designed to protect user privacy.

The new legislation comes amidst the GDPR hype in Europe, and undoubtedly raises questions of privacy and trust for those who are not suspected of crime. Nonetheless, Taylor said that he could “absolutely” ensure the private encrypted messages of innocent individuals would be safe under the new laws.