Australia and the United States have entered into a landmark CLOUD Act agreement to bolster efforts in preventing serious organised crime, terrorism, ransomware attacks, critical infrastructure sabotage, and child sexual abuse.
The Clarifying Lawful Overseas Use of Data Act, known as the CLOUD Act, is a US legal instrument that allows for law enforcement to access data across borders.
“Signing the CLOUD Act Agreement will enable our two nations’ law enforcement agencies to share important digital information and data with each other, under carefully defined legal authorities and safeguards,” said Karen Andrews, Australia’s Minister of Home Affairs.
Through the bilateral agreement, Australia’s law enforcement agencies gain the ability to issue orders compelling US service providers to provide communications data for the purposes of combatting serious crime directly on US-based companies, and vice versa.
Previously, Australian law enforcement agencies could only rely on mechanisms such as mutual legal assistance agreements to access crucial evidence from other countries, which have been flagged as complex and time-consuming by Home Affairs.
It’s the second CLOUD Act agreement to come into force, after a similar one was finalised between the UK and US in 2019.
“This agreement paves the way for more efficient cross-border transfers of data between the United States and Australia so that our governments can more effectively counter serious crime, including terrorism, while adhering to the privacy and civil liberties values that we both share,” said US Attorney-General Merrick Garland.
Australia and the US have been working on an agreement since 2019, but Australia needed to implement other legislation over the past two years in order to establish the required framework for a CLOUD Act agreement to exist. Over that span, the Australian government has faced scrutiny over its push for a CLOUD Act agreement, with privacy advocates like Australian Privacy Foundation saying such an agreement “conflated bureaucratic convenience with what is imperative”.
The CLOUD Act agreement comes off the heels of Australia announcing various initiatives in recent months to prevent crime. In December alone, Australia has announced the Online Safety Youth Advisory Council, passed “Magnitsky-style” and Critical Infrastructure cyber attack laws, commenced work on electronic surveillance law reforms, and proposed anti-trolling laws. The Australian government also started work on a new ransomware plan back in October.
The bilateral agreement will now undergo parliamentary and congressional review processes in both countries before it is finalised.