IT companies are unequipped to deal with requests for data under the new encryption laws.
Since the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill was passed in December 2018, agencies such as the Australian Federal Police can seek access to data by issuing a Technical Assistance Request, Technical Assistance Notice or Technical Capability Notice.
“If companies are receiving a Technical Assistance Request, you do not have to comply as the request is voluntary. Companies should assess whether complying with a Technical Assistance Request could compromise their product and reputation,” said LegalVision IT lawyer, James Adler.
“Your company must comply if it receives a Technical Assistance Notice or Technical Capability Notice. However, you do not have to comply if it is impossible technically (such as rebuilding your software to work on an incompatible operating system), that you would break a foreign law or you are being asked to build a systemic weakness into the system.”
Mr Adler said as law enforcement agencies have already started using the laws to issue requests or notices, companies need to urgently review their internal policies about how to comply with a potential request or notice.
He has developed a short checklist that provides a quick and easy overview of how companies can comply with the encryption laws.
“Businesses who are looking to expand internationally, especially startups, need to consider these laws when setting up their corporate structure and developing their expansion plan,” said Mr Adler.