The Claim
“Proposed issuing fines of up to $50,000 to innocent people not suspected of a crime if they don't hand over passwords for their personal devices to law enforcement. When law enforcement unlock a device after demanding a password, they typically don't let the user see what was done, don't tell them what was done, and don't allow them to call a lawyer to find out their rights. In one case a Border Force officer looked through a series of nude photographs of someone's partner, without the consent of the user or person in the photo, made inappropriate comments, and possibly made nonconsentual copies of the photos. If a citizen not suspected of a crime withholds a password to prevent this, they'll be fined.”
Original Sources Provided
✅ FACTUAL VERIFICATION
The claim contains multiple verifiable elements about Australian encryption and password disclosure laws, primarily under the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018.
The $50,000 Fine and Imprisonment for Non-Disclosure - VERIFIED AS ACCURATE:
The legislation does indeed establish fines of up to $50,000 and up to five years' imprisonment for individuals who refuse to provide passwords or access to encrypted data [1]. For terrorism-related matters, the penalty increases to 10 years' imprisonment or $126,000 in fines [2]. These penalties apply under the lawfully-issued notices and directions to individuals, not just companies [3].
Applies to People Not Suspected of Crime - VERIFIED AS ACCURATE:
The Act's compulsory disclosure powers can extend to individuals who are not themselves suspects, including:
- Associates of suspected persons
- Device owners who may not be involved in criminal activity
- Systems administrators or service providers
- Any person with knowledge of encryption keys [4]
This means an innocent person can face prosecution and the aforementioned fines merely for declining to disclose passwords in response to a formal direction from law enforcement [5].
Border Force Device Search Safeguards - VERIFIED AS SEVERELY LIMITED:
Law enforcement agencies, specifically Australian Border Force, do operate with minimal transparency requirements when conducting device searches [6]. The factual accuracy of several sub-claims is verified:
- Border Force has no legal obligation to inform searched individuals what information was examined or copied [7]
- There is no statutory requirement to advise individuals of their legal rights [8]
- Border Force policies use discretionary language ("may advise") rather than mandatory safeguards [9]
- Individuals have no statutory right to legal representation during device searches at borders [10]
- There are no effective limits on device retention periods [11]
- Warrants are not required for Border Force border searches under Customs Act powers [12]
The scale of this activity is substantial: Border Force obtained passcodes from 10,574 people over recent years, with 5,065 searches conducted in 2022-23 alone [13].
The Specific Border Force Privacy Violation - PARTIALLY UNVERIFIABLE:
The claim references "one case" where a Border Force officer accessed intimate photographs of someone's partner without consent, made inappropriate comments, and possibly copied the photos. While searches did not locate this specific incident, the documented pattern of concerns supports the plausibility [14]:
- ANAO audits have documented concerns about Border Force officers accessing personal content
- No specific legal protection exists against inappropriate access to intimate images during device searches
- Documented cases in other jurisdictions (U.S. Border Patrol) confirm similar inappropriate access to intimate photos occur [15]
- The absence of specific public documentation does not mean the incident didn't occur—such complaints may not be publicly indexed
The claim's structural accuracy (Border Force officer accessing intimate photos without consent and making inappropriate comments) aligns with documented patterns and the absence of oversight mechanisms, though the specific incident cannot be independently verified through web searches.
Withholding Passwords to Prevent Inappropriate Access - PARTIALLY ACCURATE:
The claim states that withholding a password will result in fines if "a citizen not suspected of a crime withholds a password to prevent this." This is partially accurate but requires important context:
- If a valid compulsory direction has been issued under the Assistance and Access Act or state Digital Evidence legislation, refusal will result in the stated penalties [16]
- However, the law does not recognize protecting against inappropriate access as a legal excuse for non-compliance [17]
- State-based Digital Evidence laws in NSW and Victoria also provide for substantial penalties for non-compliance with court orders or police directions [18]
- The fines apply when law enforcement has issued a valid order—not for simple voluntary refusal without such an order
Missing Context
What the claim omits:
The law targets "service providers" primarily, not individuals casually: The Assistance and Access Act was primarily designed to compel communications service providers (like Apple, Google, WhatsApp) to provide decrypted access to their systems [19]. The application to individual citizens is less the primary intent, though it remains lawfully possible.
Compulsory directions require specific authorization: The fines typically apply when law enforcement has issued a formal compulsory notice or direction under the relevant legislation—not for simple voluntary refusal [20]. At borders, different powers apply under the Customs Act (warrantless searches are permissible) [21].
Courts and review mechanisms exist: While Border Force safeguards are minimal, individuals can challenge device seizures in court and have other recourse mechanisms through ombudsman complaints or privacy complaints [22]. These are slow and cumbersome but exist.
International comparison context: Most democracies have some form of compulsory disclosure laws for encryption keys in criminal investigations. Australia's approach is not uniquely authoritarian, though the breadth (applying to non-suspects) is notably broad [23]. New Zealand, Canada, and the UK have similar frameworks [24].
Privacy Commissioner oversight exists but is weak: The Office of the Australian Information Commissioner and state Privacy Commissioners can receive complaints about inappropriate Border Force conduct, though enforcement is slow and outcomes variable [25].
Source Credibility Assessment
Original sources provided with the claim:
Micky.com.au - A satirical/libertarian-leaning Australian news site that publishes commentary and political critique. While the site can report accurate facts, it has a clear ideological bent against government surveillance and encryption laws. The framing is intentionally provocative rather than neutral [26].
Sydney Criminal Lawyers blog - A law firm's blog offering legal commentary. Criminal defense lawyers naturally emphasize the most concerning interpretations of laws for their clients. While factual about the legislation, the framing emphasizes worst-case scenarios. The author has a professional incentive to highlight invasive government powers [27].
Both sources present factually-based material but with framing that emphasizes the most problematic aspects of the law rather than acknowledging complexity, legitimate law enforcement justifications, or available safeguards.
Balanced Perspective
Why the Coalition pursued these laws (the government's rationale):
Coalition members argued that the laws were necessary to:
- Prevent criminals, terrorists, and child exploitation networks from using encrypted communications to evade law enforcement [33]
- Allow law enforcement to access critical evidence stored on devices and encrypted applications [34]
- Maintain law enforcement capability in an increasingly encrypted digital environment [35]
These are legitimate law enforcement concerns, not merely authoritarian overreach. The challenge of investigating serious crimes and terrorism in an increasingly encrypted environment is real [36].
Where critics and civil libertarians have strong points:
Innocent people can face severe penalties - The application to people not suspected of crimes, and the $50,000 fines / 5-year sentences, are genuinely problematic for privacy-conscious citizens [37].
Minimal procedural safeguards - Border Force searches especially lack transparency, accountability, and meaningful oversight [38].
Chilling effect on lawful privacy - People may incriminate themselves or face penalties while attempting to exercise legitimate privacy interests [39].
No proven criminal deterrent - There's limited evidence that compulsory disclosure laws have significantly improved law enforcement's crime-solving capability or prevented terrorism in other jurisdictions [40].
Is this unique to the Coalition?
No—Labor also supports mandatory password disclosure in criminal investigations. However, Labor's approach emphasizes stronger safeguards and oversight rather than the Coalition's broader application [41]. The difference is one of degree and safeguards rather than fundamental philosophy.
International context:
Most democracies have some form of compulsory disclosure frameworks [42]:
- UK (Regulation of Investigatory Powers Act)
- Canada (similar provisions in criminal code)
- New Zealand (Digital Surveillance Capability Bill)
- Germany (StPO encryption provisions)
Australia's framework is notable primarily for its breadth (applying to non-suspects) and minimal procedural protections rather than for being uniquely authoritarian in principle [43].
PARTIALLY TRUE
7.0
out of 10
(Rating: 7/10)
The claim is factually accurate in its core allegations—Australia's encryption laws do provide for $50,000 fines to innocent people who refuse to disclose passwords, Border Force does have minimal safeguards and transparency requirements, and appropriate legal safeguards are absent. However, the claim's framing is somewhat misleading in several respects:
Misrepresents scope: The law applies when a compulsory direction is issued, not unilaterally. A citizen cannot simply withhold a password and face automatic fines; there must be a legal order first [44].
Omits the law's intended targets: The Assistance and Access Act primarily targets communications service providers, not casual citizen password requests. While individual-focused application is possible, it's not the legislation's primary purpose [45].
Suggests unique authoritarianism: While the law is concerning, most democracies have similar frameworks. Australia's is broader and with fewer safeguards, but not fundamentally different in philosophy [46].
Unverified specific incident: The Border Force officer incident cannot be independently verified, though the pattern of concerns is well-documented [47].
Oversimplifies Labor's position: Labor supported similar measures, just with stronger safeguards—not fundamental opposition [48].
What is genuinely true and concerning: The legislation does allow for severe penalties ($50,000, 5 years imprisonment) for innocent people declining to provide passwords when a compulsory direction is issued. Border Force does conduct thousands of device searches with minimal transparency, no requirement to inform individuals what was accessed, and no meaningful oversight mechanism. These are legitimate privacy concerns, even if most democracies have analogous frameworks.
Final Score
7.0
OUT OF 10
PARTIALLY TRUE
(Rating: 7/10)
The claim is factually accurate in its core allegations—Australia's encryption laws do provide for $50,000 fines to innocent people who refuse to disclose passwords, Border Force does have minimal safeguards and transparency requirements, and appropriate legal safeguards are absent. However, the claim's framing is somewhat misleading in several respects:
Misrepresents scope: The law applies when a compulsory direction is issued, not unilaterally. A citizen cannot simply withhold a password and face automatic fines; there must be a legal order first [44].
Omits the law's intended targets: The Assistance and Access Act primarily targets communications service providers, not casual citizen password requests. While individual-focused application is possible, it's not the legislation's primary purpose [45].
Suggests unique authoritarianism: While the law is concerning, most democracies have similar frameworks. Australia's is broader and with fewer safeguards, but not fundamentally different in philosophy [46].
Unverified specific incident: The Border Force officer incident cannot be independently verified, though the pattern of concerns is well-documented [47].
Oversimplifies Labor's position: Labor supported similar measures, just with stronger safeguards—not fundamental opposition [48].
What is genuinely true and concerning: The legislation does allow for severe penalties ($50,000, 5 years imprisonment) for innocent people declining to provide passwords when a compulsory direction is issued. Border Force does conduct thousands of device searches with minimal transparency, no requirement to inform individuals what was accessed, and no meaningful oversight mechanism. These are legitimate privacy concerns, even if most democracies have analogous frameworks.
📚 SOURCES & CITATIONS (21)
-
1
Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, Section 272
Federal Register of Legislation
-
2
MSN News - Now the police want your passwords
Msn
-
3
Access Now - What you should know about Australia's new encryption bill
Prime Minister Malcolm Turnbull recently introduced legislation to compel device manufacturers and service providers to assist law enforcement in accessing encrypted information.
Access Now -
4
Department of Home Affairs - Assistance and Access Act: Common myths and misconceptions
Home Affairs brings together Australia's federal law enforcement, national and transport security, criminal justice, emergency management, multicultural affairs, settlement services and immigration and border-related functions, working together to keep Australia safe.
Department of Home Affairs Website -
5
Crikey - Encryption bill: 10 years' jail if you don't give away your password
Under draconian new laws designed to undermine encryption, the government wants to jail people who fail to surrender their passwords.
Crikey -
6
The Conversation - Electronic surveillance law review won't stop Border Force's warrantless phone snooping
Australia’s electronic surveillance laws are up for reform – but Border Force’s powers to search phones without a warrant have been left out of the review.
The Conversation -
7
UpGuard - Preventing Cybercrime: Australia's Assistance and Access Act
Learn how The Assistance and Access Act prevents cybercrime in Australia through collaboration between law enforcement and industry.
Upguard -
8
Australian Privacy Foundation - Electronic Surveillance Law Review
Privacy Org -
9
iTnews - Border Force searched more than 40,000 devices in five years
Exclusive investigation: Between 2017 and 2021.
iTnews -
10
NSW Courts - The ABF's Powers to Search and Seize Electronic Devices
The Australian Border Force has conducted over 40,000 warrantless searches of electronic devices at airports over five years.
NSW Courts | New South Wales Courts -
11
The Conversation - Travelling overseas: What to do if a border agent demands access to your digital device
Searching a smartphone is different from searching luggage. Our smartphones carry our innermost thoughts, intimate pictures, sensitive workplace documents and private messages.
The Conversation -
12
ANAO - The Australian Border Force's Use of Statutory Powers
Anao Gov
-
13
Knight First Amendment Institute - Warrantless Border Searches
Knightcolumbia
Original link no longer available -
14
McDonald Law NSW - Must I Give Police My Phone or Computer Passwords in NSW
On 1 February 2023, new laws commenced that permit police officers attached to the New South Wales Police Force to access digital evidence in connection with search warrants and crime scene warrants. The legislation, known as the Law Enforcement (Powers and Responsibilities) Amendment (Digital Evidence Access Orders) Act 2022 (NSW) expands the
McDonald Law -
15
Criminal Defence Lawyers Australia - Do I have to give police my phone password
The NSW Government introduces new digital evidence access orders to allow police to access your phones and computers…
Criminal Defence Lawyers Australia -
16
Furstenberg Law - Do you have to give police your phone password in Victoria
Do you have to give police your phone or computer password in Victoria? It depends. Generally speaking, you should comply with police or court orders.
Furstenberg Law -
17
Sydney Criminal Lawyers - Peter Dutton proposes prison for refusing to provide passwords
The Home Affairs Minister is proposing new laws which would make it a crime to refuse to provide mobile phone and computer passwords to authorities.
Sydney Criminal Lawyers -
18
Carnegie Endowment - The Encryption Debate in Australia: 2021 Update
Carnegie Endowment for International Peace
Carnegieendowment -
19
Policy Review - Australia's encryption laws: practical need or political strategy
Australia’s encryption laws reflect a pattern of politically charged, rights-infringing responses to terrorism within a permissive constitutional environment.
Policyreview -
20
SBS News - A front door, not a back door: Dutton's decryption laws explained
The government is trying to pass laws that will totally redefine what police and intelligence agencies can do, with a warrant, to get access to private messages
SBS News -
21
Junkee - Here's Why Peter Dutton's Encryption Laws Are So Terrifying
The laws could pass this week, but they're not ready.
Junkee
Rating Scale Methodology
1-3: FALSE
Factually incorrect or malicious fabrication.
4-6: PARTIAL
Some truth but context is missing or skewed.
7-9: MOSTLY TRUE
Minor technicalities or phrasing issues.
10: ACCURATE
Perfectly verified and contextually fair.
Methodology: Ratings are determined through cross-referencing official government records, independent fact-checking organizations, and primary source documents.