The Assistance and Access Bill of 2018 was recently pushed through parliament on 6 December, the last sitting day of this year. This legislation amends the Telecommunications Act of 1997, giving law enforcement and government sweeping new powers to compel others to collect data and provide access to sensitive information, such as online profiles, viewing habits and other sensitive, private information of users without the need for judicial review of the request. While defenders of the legislation assert that it will not allow authorities to demand companies to build “backdoors” into their encryption, the focus does seem to be on granting authorities a means to access communications that utilise end-to-end encryption services.

What this Change Means for Nonprofits

As part of fulfilling their mission to serve the public good, most nonprofits collect a variety of information about individuals in their communities. NFPs who encounter or interact with those who may have been either convicted, or suspected, of a serious criminal offence, might find that the police or intelligence agencies would be very interested in the information that they would have on their clients who might be under suspicion or otherwise surveilled. Since most NFPs use technology in some form, the legislation means that nonprofits could then find themselves being compelled to turn over access to their data or allow the government to install spyware or other tracking programs onto their systems. They could also find their phone lines and other communications under wiretap. Since there isn’t a limit on what can be collected, or for how long the data would be held, its possible that information could be obtained and accessed that is not limited to an individual client in question.

Additional Security Concerns

Opponents of the legislation aren’t just worried about the loss of privacy. Others are concerned that providing enforcement agencies with access to these communications will make it easier for criminals and others to hack into an organisation’s systems. The potential is there for others to exploit access and use it to gain entry to other types of information on an organisation’s servers or within their data storage, including data stored in the cloud. A scenario like this has already occurred in the UK, where hackers exploited a tool that was being used the National Security Agency to gain access into UK’s National Health Service.

Is your nonprofit prepared for this “brave new world” that will be created by the government’s new unlimited surveillance power? Look at our handy technology and security checklist to see if you’ve taken the necessary steps to reduce the risk of loss from hackers and other events.