• forIndividuals
  • forBusiness
  • forCommunity
search
About usFact sheetsPrimary legislationWhat's new?
DictionaryTeachingContact usSite mapLinks
click to go home


Our Fact Sheets provide a detailed account of 29 areas of law as they apply to the Internet

Fact Sheets



IIA releases draft Cybercrime Code of Practice in July 2003

Information security

Encryption of data

1. What is encryption?

Encryption is a technique to encode and decode text and data transmitted over computer networks by using complex mathematical algorithms. See Secure Electronic Transactions Fact Sheet.

2. Issues arising from encryption

(a) Encryption is increasingly used in software and hardware to provide additional security to electronic communications and websites.

(b) Most countries including Australia have laws regulating the export or import of encryption technology.

These countries often give law enforcement bodies the right to access or intercept electronic communications in an unencrypted form.

You should consider the laws of other countries when importing or exporting encryption products. For example, if the product or any of its components originates from the United States, the United States export restrictions would apply to that product if it is re-imported into the United States. In such cases a United States re-export licence may be required regardless of whether an Australian export licence is needed or has been granted.

The exportation from Australia of goods specified in the defence and strategic goods list is prohibited without a licence. The List formulated by the Minister for Defence specifies certain kinds of cryptographic material. Goods is defined to include personal moveable property (eg CD ROMs and diskettes) and documents (in paper or other form). The electronic exportation of cryptographic software is likely to constitute a document for the purposes of the legislation.(1)

3. Managing legal risk in relation to encryption

(a) Ensure electronic communications sent by you or your website are encrypted to a security level appropriate to the communication. You may avoid or minimise legal liability by encrypting electronic communications involving:

* personal information protected by privacy laws (see Privacy Fact Sheet);

* confidential information or trade secrets;

* potentially defamatory material; and

* information to which intellectual property rights apply (eg copyright and moral rights).

(b) Ensure encryption technologies are used:

* where required for any security purpose (eg on a server to protect a database);

* when making or receiving electronic payments (see fact sheets on Secure Electronic Transactions, Electronic Payment Systems);

* when using digital signatures (see Digital Signatures); and

* as part of an electronic payment service offered by a bank or merchant.

(c) Ensure the encryption technology used by you complies with the legal requirements in any jurisdiction that can access your website using encryption.


Other relevant Articles on this site:
Best practice model
Secure electronic transactions
Electronic payment systems

Other relevant Fact Sheets:
Electronic Payment Systems
Electronic Transactions Act
Jurisdiction
Online Contracts
Privacy
Secure Electronic Transactions
Telecommunications (short version)

End Notes
(1) Customs Act 1901 (Cth) section 112; Customs (Prohibited Exports) Regulations 1958 (Cth) reg 13E(2)

"I don't know the key to success, but the key to failure is to try to please everyone", Bill Cosby
forBusiness/