Australian law enables state-authorised hacking and surveillance

Introduced into law in the face of widespread criticism, Australia’s new ID Act gives policing and intelligence agencies reach beyond their borders. Legislators have granted three new powers: data disruption warrants, network activity warrants, and account takeover warrants.

These powers add to the digital arsenal of federal authorities. Data disruption warrants allow the Australian Federal Police or the Australian Criminal Intelligence Commission to “modify, add, copy or delete data to frustrate the commission of serious offenses online”. A network activity warrant enables the monitoring of the computer-related activities of criminal groups, such as covertly monitoring WhatsApp chats or iMessage texts. And, if there is suspicion that a serious crime is taking place, agencies can take control of someone’s online accounts using an account takeover warrant, locking a user out of services such as email and social media, and operating the accounts themselves. These three powers have been coupled with assistance orders which serve to force businesses and individuals to help facilitate warrants. Refusing or failing to assist law enforcement can lead to up to ten years in jail. Not only are these new abilities intrusive, but they are also a shift in the focus of federal law enforcement agencies. Traditionally, the remit of the AFP and the ACIC has been to collect admissible evidence of specific crimes. Now, with the assistance of the Australian Signals Directorate, federal law enforcement authorities are going on the offensive. Cause for concern It would be expected that federal police could only hack or surveil people suspected of very serious crimes. In reality, practically anyone can be surveilled as part of an “electronically linked group” under the ID Act. Australia’s Human Rights Law Centre says the ID Act defines the group so “absurdly” broadly that any WhatsApp user or iPhone owner could be monitored as a result of one person committing a crime over WhatsApp on an iPhone. Even the threshold of a suspected act to be considered a ‘serious crime’ has attracted criticism. The rationale for introducing these powers was to prevent and disrupt the worst crimes in society, such as child exploitation, human trafficking, and terrorism. With the Act’s definition of ‘serious crime’, many other offenses that are unrelated to the rationale of introducing these powers also meet the test. While these crimes ought to be investigated and prosecuted, these new powers bring the proverbial sledgehammer to walnuts. Network activity warrants can be issued irrespective of whether the identities (or, indeed, location) of the individuals in the electronically linked group can be ascertained. Warrants can be issued even where details of the relevant offenses cannot be made out, or where it’s unclear whether group composition has changed over time. This means Australian agencies may not only surveil and disrupt the online activities of Australian citizens, but internet users overseas, effectively extending their reach beyond borders. And requiring judicial officers to authorize operations outside of their lawful jurisdiction to do so. All of these concerns were raised before the ID Act was passed as law. The Parliamentary Joint Committee on Intelligence and Security (PJCIS) also made many substantive recommendations, many of which were dismissed. With the parliamentary oversight process largely sidelined, it raises the question: who is watching to ensure responsible use of these powers? The more secret the use of power is, the harder it is to ensure it is being used responsibly. Policy fixes There were many policy suggestions made by the PJCIS that could have improved the ID Act. It is not too late for policymakers to bring these recommendations back.

Policing agencies require specific oversight and monitoring, and should transparently report on offenses for which warrants were sought under the ID Act. Such warrants should only be issued by Federal or Supreme courts. And the Act should be subject to an early review by Australia’s Independent National Security Legislation Monitor.

A “public interest advocate” could be appointed to review warrants being sought about a journalist or media organization. Australia only recently reviewed its national intelligence laws and is yet to undertake much of the reform required to put its recommendations into action. A recommendation that the Australian Signal Directorate’s cybercrime function not be extended to apply onshore has been ignored in the introduction of the ID Act. The powers granted under the ID Act are expansive and are only one addition in the ever-growing arsenal of power being conferred onto Australian law enforcement agencies. It will be important to monitor how, and for what purpose, these new powers are used. There should also be proper consideration as to whether these powers should remain after their sunset period lapses. 

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)