|The Bill takes a multi-pronged approach to accessing a suspect’s data by co-opting third parties to help the authorities. New
rules apply to “communication service providers”, which is a definition with a broad scope. It covers not only telcos, but
also device vendors and application publishers, as long as they have “a nexus to Australia”.
These companies would be subject to two kinds of government order that would compel them to help retrieve a suspect’s
The first of these is a ‘technical assistance notice’ that requires telcos to hand over any decryption keys they hold. This
notice would help the government in end-to-end encryption cases where the target lets a service provider hold their own
But what if the suspect stores the keys themselves? In that case, the government would pull out the big guns with a second
kind of order called a technical capability notice. It forces communications providers to build new capabilities that would
help the government access a target’s information where possible.
In short, the government asks companies whether they can access the data. If they can’t, then the second order asks them
to figure out a way. Here’s a flowchart explaining how it works.