Tech Giants Face Hefty Fines Under Australia Cyber Laws
15.8.18 securityweek IT
Tech companies could face fines of up to Aus$10 million (US$7.3 million) if they fail to hand over customer information or data to Australian police under tough cyber laws unveiled Tuesday.
The government is updating its communication laws to compel local and international providers to co-operate with law enforcement agencies, saying criminals were using technology, including encryption, to hide their activities.
The legislation, first canvassed by Canberra last year, will take into account privacy concerns by "expressly" preventing the weakening of encryption or the introduction of so-called backdoors, Cyber Security Minister Angus Taylor said.
Taylor said over the past year, some 200 operations involving serious criminal and terrorism-related investigations were negatively impacted by the current laws.
"We know that more than 90 percent of data lawfully intercepted by the Australian Federal Police now uses some form of encryption," he added in a statement.
"We must ensure our laws reflect the rapid take-up of secure online communications by those who seek to do us harm."
The laws have been developed in consultation with the tech and communications industries and Taylor stressed that the government did not want to "break the encryption systems" of companies.
"The (law enforcement) agencies are convinced we can get the balance right here," he told broadcaster ABC.
"We are only asking them to do what they are capable of doing. We are not asking them to create vulnerabilities in their systems that will reduce the security because we know we need high levels of security in our communications."
The type of help that could be requested by Canberra will include asking a provider to remove electronic protections, concealing covert operations by government agencies, and helping with access to devices or services.
If companies did not comply with the requests, they face fines of up to Aus$10 million, while individuals could be hit with penalties of up to Aus$50,000. The requests can be challenged in court.
The draft legislation expands the obligations to assist investigators from domestic telecom businesses to encompass foreign companies, including any communications providers operating in Australia.
This could cover social media giants such as Facebook, WhatsApp and gaming platforms with chat facilities.
The Digital Industry Group (DIGI), which represents tech firms including Facebook, Google, Twitter and Oath in Australia, said the providers were already working with police to respond to requests within existing laws and their terms of service.
DIGI managing director Nicole Buskiewicz called for "constructive dialogue" with Canberra over the adoption of surveillance laws that respect privacy and freedom of expression.