It’s inaccurate to call it “Peter Dutton’s give me your password law” – it’s been around since 2001 (although the maximum penalty was increased from 2 to 10 years in 2018), and there are equivalent laws in most developed countries. As far as I am aware, only in the US have people actually spent years in prison solely for refusing to disclose a password: https://arstechnica.com/tech-policy/2020/02/man-who-refused-...