USA, Australia start negotiating negotiate data access executive agreement under CLOUD Act

Elias Hubbard
October 10, 2019

The Australian and United States governments plan to negotiate a bilateral agreement that would pave the way for stronger law enforcement cooperation, including sharing of telecommunications data between the jurisdictions.

The two governments have entered into formal negotiations under the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act) as the first step towards such an information-sharing regime.

The commencement of negotiations was announced by Minister for Home Affairs Peter Dutton and US Attorney General William Barr during a meeting on Monday.

The CLOUD Act was enacted previous year to compel US-based cloud and technology companies like Microsoft, Google, Facebook and Apple to hand over data held offshore under warrant.

But the bilateral agreement, if finalised and approved, will also require Australian-based cloud providers to hand over data requested by United States law enforcement authorities.

The Law Council said at the time that Australian law enforcement would have to continue seeking data through the slower mutual legal assistance treaties (MLAT), rather than via the expedited service the CLOUD Act would offer.

A bilateral CLOUD Act agreement would enable Australian law enforcement to serve domestic orders for communications data needed to combat serious crime directly on US-based companies, and vice versa.

Citing issues such as terrorism and child exploitation, Dutton claimed the act would "strike the balance" or allowing authorities to "move forward without delay, but within the law", although stressed there was still some way to go before the agreement is finalised. "This is the way of the future between like-minded countries", Dutton said.

The Law Council's reasoning in July was that Australia fell foul of the need for orders to USA companies to be "specific and identify the relevant individual, account, address or personal device or another specific identifier", as well as the fact that U.S. companies can not be compelled to break United States law.

In a submission to an inquiry examining the 2018 legislation, the Law Council warned that the U.S. law "affords robust substantive and procedural protections for privacy and civil liberties in light of the data collection", something foreign governments would also be subjected to.

The CLOUD Act states that before entering an agreement the U.S. attorney-general is required to certify that the other nation "affords robust substantive and procedural protections for privacy and civil liberties in light of the data collection and activities of the foreign government that will be subject to the agreement".

As such, the submission claimed The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 was in this way "insufficient" to allow Australia to qualify for entry.

"And yet the USA requires that for any bilateral agreement to proceed, that country's laws must afford "robust substantive and procedural protections for privacy and civil liberties in light of data collection and activities of the foreign government that will be subject to the agreement".

At the time, former Cyber Security Minister Angus Taylor travelled to the U.S. to kick off discussions for an agreement he said would give Australian law enforcement agencies "timely" access to information.

Other reports by Click Lancashire

Discuss This Article

FOLLOW OUR NEWSPAPER