PoliticalClaims.au

Government Claims About US Access

The Australian government, through Minister for Government Services Stuart Robert, made statements that provided assurances about US access to COVIDSafe data. According to a ZDNet report from May 2020, a spokesperson for Minister Robert stated: "Uploaded contact information will be stored in Australia in a highly secure information storage system and protected by additional laws to restrict access to health professionals only" [1].

The government also claimed that under law, "it is a criminal offence to transfer data to any country other than Australia, with a penalty of imprisonment for five years and/or 300 penalty units -- AU$63,000" [1]. The stated basis for this protection was a determination through the Biosecurity Act and specific legislation [1].

Civil Liberties Groups' Challenge to These Claims

Civil liberties experts directly challenged these government guarantees. During Parliamentary Joint Committee on Intelligence and Security (PJCIS) hearings, representatives from the International Civil Liberties and Technology Coalition testified that "the Australian government cannot guarantee United States authorities will not have access to data held by the COVIDSafe coronavirus contact tracing app" [2].

Lucie Krahulcova from the International Civil Liberties and Technology Coalition stated: "One of the things the government has sought to do is to ensure individuals that their data won't be shared by Amazon with US entities and that data won't leave … it's not something that Australia can guarantee" [1]. She further explained: "Amazon is still an entity, it's a US-based entity, and when we get into a place where governments put provisions like this into legislation, there's simply no way unless there's a very expensive diplomatic undertaking and extreme carve-outs are sought, there's just no way to guarantee that" [1].

Legal Mechanisms for US Access

The claim references "American encryption back-door laws." The relevant US law is the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) [1]. Under the CLOUD Act, US service providers can be compelled to disclose data to foreign governments pursuant to executive agreements [1].

AWS (Amazon Web Services), which hosted COVIDSafe data, is a US-based entity [2]. Civil liberties experts argued that AWS, as a US company, would be subject to US legal demands under the CLOUD Act [1].

The International Production Orders Bill

Australia's response to enable access to US data was through the Telecommunications Legislation Amendment (International Production Orders) Bill 2020 (IPO Bill), which was designed to create a framework for Australian agencies to gain access to stored telecommunications data from US providers [1]. The Bill was explicitly a precondition "for Australia to obtain a proposed bilateral agreement with the United States in order to implement the US CLOUD Act" [1].

Chronology of Encryption Laws

The Assistance and Access Act 2018 (also known as Australia's encryption backdoor law) was passed by the Australian government in 2018, which gave the government authority to compel technology companies to assist in accessing encrypted communications [3]. This occurred prior to the CLOUD Act discussions in 2020.

However, the claim's assertion that the CLOUD Act "inspired" the Assistance and Access Act cannot be verified. The timeline shows Australia's Assistance and Access Act (2018) predated the negotiations around CLOUD Act implementation in Australia (2020). The Assistance and Access Act was influenced by law enforcement concerns about end-to-end encryption, not by the CLOUD Act specifically [3].

The relationship between the two laws is more accurately described as: both represent similar governmental approaches to compelling access to encrypted/protected data, but the causality claimed in the assertion (that CLOUD Act "inspired" the Australian law) does not align with the chronology.