Encryption, Cybersecurity, and Privacy: a Global Conundrum
02/10/2018 Daniela Previtali
BSA | The Software Alliance, a global software industry advocate, recently asserted their opinion on communications legislation being considered by the Australian Government. The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 proposes new provisions that would allow Australian law enforcement and security agencies to gain assistance from key providers in the communications supply chain to increase their ability to collect evidence from electronic devices under Crimes Act search warrants. At the crux of the matter is the ability for law enforcement to break encryption code designed to protect personal data for the purpose of obtaining incriminating evidence useful to identify and arrest lawbreakers.
BSA Director Darryn Lim said, in a statement to itwire.com, that “BSA has urged the Australian Government to include in its encryption bill a judicial oversight and challenge mechanism in order to ensure that any new powers given to law enforcement are not abused.” In their submission to the Australian Government, the BSA further urged “continued engagement between the Australian government, policy-makers, and industry to ensure that the solution eventually adopted would balance the legitimate rights, needs, and responsibilities of the government, citizens, providers of critical infrastructure, third-party stewards of data, and innovators.”
The issue brought to the table in Australia shines a spotlight on a controversial topic with global implications. Undoubtedly, these discussions conducted by International governments, advocacy groups and technology companies will become more urgent as new cyberattacks and data breaches unfold. BSA is encouraging the establishment of standards to govern how personal data is used. In their recently released Privacy Framework guidance for policymakers, BSA supports making collection and use of personal data more transparent, giving consumers more control over their personal data, enabling governance over data collection and use, providing robust security, and promoting the use of data for legitimate business purposes.
The Privacy Framework incorporate ten components:
Transparency: Organizations should provide clear and accessible explanations of their practices for handling personal data, including the categories of personal data they collect, the type of third parties with whom they share data, and the description of processes the organization maintains to review, request changes to, request a copy of, or delete personal data.
Purpose specification: Personal data should be relevant to the purposes for which it is collected and obtained by lawful means.
Informed Choice: Organizations should provide consumers with sufficient information to make informed choices and, where practical and appropriate, the ability to opt out of the processing of personal data.
Data Quality: Personal data should be relevant to the purpose for which it is used and, to the extent necessary for those purposes, should be accurate, complete, and current.
Consumer Control: Consumers should be able to request information about whether organizations have personal data relating to them and the nature of such data.
Security: Organizations should employ reasonable and appropriate security measures designed to prevent unauthorized access, destruction, use, modification, and disclosure of personal data based on the volume and sensitivity of the data, size and complexity of the business, and cost of available tools.
Facilitating Data Use for Legitimate Business Interests: Privacy frameworks should facilitate the use of data for legitimate business purposes.
Accountability: Organizations should develop policies and procedures that provide the safeguards outlined in this framework.
Legal Compliance and Enforcement: Organizations that determine the means and purposes of processing personal data should have primary responsibility for satisfying legal privacy and security obligations.
International Interoperability: Privacy frameworks should enable and encourage global data flows, which underpin the global economy.