1.1
The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 (the Bill) was introduced into the House of Representatives by the Hon Peter Dutton MP, Minister for Home Affairs on 3 December 2020.
1.2
In his second reading speech Minister Dutton said:
These key new powers are critical in enabling law enforcement to tackle the fundamental shift in how serious criminality is occurring online. Without enhancing the AFP and ACIC's powers, we leave them with out-dated ways of attacking an area of criminality that is only increasing in prevalence. This bill demonstrates the government's commitment to equipping the AFP and ACIC with modern powers that ensure serious criminality targeting Australians is identified and disrupted as resolutely in the online space as it is in the physical world.
1.3
On 7 December 2020 the Minister for Home Affairs wrote to the Committee to refer the provisions of the Bill to the Committee for inquiry and report pursuant to section 29(b)(i) of the Intelligence Services Act 2001 (the IS Act).
Conduct of the inquiry
1.4
The Committee resolved to undertake an inquiry into the Bill and details of the inquiry were uploaded to the Committee’s website, www.aph.gov.au/pjcis, on 8 December 2020. Calls for submissions were announced the same day, with submissions requested by 12 February 2021.
1.5
The Committee received 23 submissions and 9 supplementary submissions. A list of submissions received can be found at Appendix A.
1.6
The Committee held a public hearing on 10 March 2021. A list of witnesses appearing at the hearing can be found at Appendix B.
1.7
Copies of submissions, the transcript from the public hearing and links to the Bill and Explanatory Memorandum, can be accessed at the Committee’s website.
Report structure
1.8
In addition to this introductory chapter the report has five additional chapters being:
Chapter 2 – General discussion and common issues;
Chapter 3 – Data Disruption Warrants;
Chapter 4 – Network Activity Warrants;
Chapter 5 – Account Takeover Warrants; and
Chapter 6 – Committee Comment
1.9
Chapter 2 will address issues common to all three warrant powers, whereas chapters three through five will discuss issues specific to each warrant type. From a Committee perspective there is substantial overlap legislatively and structurally between the three powers, and particularly so between the proposed network activity and data disruption warrants given they are proposed for the same act. This also reflects that many submissions discussed issues universal to the powers, with some addressing each proposed power specifically. For greater consistency the Committee has addressed uniform issues in chapter two.
1.10
Chapter 5 also discusses minor amendments, including to the Controlled Operations regime, proposed under this Bill that are distinct to the three new warrants outlined above.
Relationship with concurrent PJCIS inquiries and other Acts
1.11
The Bill most relevantly relates to the Committee’s ongoing review of the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020 (the IM Bill). Where this Bill focusses on equipping particular agencies with certain new powers, the IM Bill relates to oversight of multiple bodies including those proposed to receive the SLAID Bill powers more broadly. There are contingent measures built into both the SLAID and IM Bills to this point.
1.12
The IM Bill proposes to extend Inspector General of Intelligence and Security (IGIS) oversight to the Australian Criminal Intelligence Commission (ACIC) and the Australian Transaction Reports and Analysis Centre (AUSTRAC). Of note, the IM Bill proposes PJCIS oversight be extended to AUSTRAC and not the ACIC. The relevant provisions of the IM Bill are those that relate to the ACIC and AFP as the proposed recipients of new powers under the SLAID Bill.
1.13
These two Committee inquiries have been underway simultaneously and the Committee heard evidence from the IGIS who said their ability to provide oversight did not depend on one bill being passed first as the oversight provisions were included in both bills.
1.14
Some submissions commented on the complex legislative landscape in which this Bill is a part of. The Digital Industry Group Inc (DIGI) said they were ‘extremely concerned’ that a number of Telecommunications and Other Legislation Amendment Act 2018 (the TOLA Act) reviews were outstanding and recommended the Bill not proceed until the outstanding concerns under current reviews of the TOLA Act have been addressed. DIGI noted the Government had not yet responded to the Independent National Security Legislation Monitor’s (INSLM) review of the TOLA Act and the PJCIS review of the Act had not been completed.
1.15
The QCCL and others said it was not clear how these laws would interact with other proposed surveillance laws such as the Telecommunications Legislation Amendment (International Production Orders) Bill 2020 (Cth) (the IPO Bill) which is also currently subject to review by this Committee.
The threat environment and general requirement for new powers
1.16
The Australian Federal Police (AFP), Department of Home Affairs (Home Affairs) and ACIC set out to the Committee the current threat environment to provide context to the proposed powers as set out in the Bill. This context is universal across the three warrant types and will not be set out in full in later chapters which will focus more on the specific applicability of the particular proposed power to the threat context and its function within that context.
1.17
Home Affairs gave an overview of the threat environment, highlighting in particular the role of anonymising technologies and the dark web, two particularly relevant factors when considering the threat context:
New and emerging technology continues to change the landscape in which criminals operate by providing new opportunities for countering law enforcement efforts, in particular by disguising activity and hiding identities. Technology that enables people to be anonymous online, whilst having legitimate uses, is increasingly used by criminals so that they can remain invisible to law enforcement. Often these technologies are cheap, commercially available and require little technical expertise, allowing the scale and sophistication of cyber-enabled crime to grow. The use of the dark web and anonymising technologies (such as bespoke encrypted devices) has made it easier than ever before for criminals to commit serious crimes at volume and across multiple jurisdictions. This has significantly degraded law enforcement agencies’ ability to access communications, gather evidence, prevent crimes and conduct investigations.
1.18
The AFP provided an in depth description of the threat environment/ Their submission covered anonymising and encrypted technologies, criminal activity on the dark web, and the subsequent impact on child protection investigations. The AFP also discussed the prevalent use of dedicated encrypted communications platforms by serious and organised crime groups. The AFP defined key terms as follows:
Increasing criminal use of the dark web and anonymising technology facilitates a wide array of serious, cyber-enabled crime, while creating significant challenges for law enforcement in identifying and locating offenders, and gathering admissible evidence.
Firstly, the terms ‘dark web’ and ‘anonymising technology’ are not synonymous. ‘Anonymising technology’ refers to those technologies which can disguise a person’s activities, location and true identity, while the ‘dark web’ refers to areas of the internet which cannot be accessed without specialised browsers or other software. These concepts are often linked, because anonymising technology is required to access the dark web.
From the AFP perspective, both issues present significant challenges for law enforcement, as they both facilitate a wide variety of criminal activity, while providing offenders with the cloak of anonymity. The intersection of these issues is particularly concerning when investigating offences involving child abuse material.
1.19
The ACIC broadly concurred with the AFP articulation of the threat environment and said:
Criminals are increasingly using the dark web and dedicated encrypted communication platforms to facilitate and undertake a wide range of serious crimes, including money laundering, illicit drug and firearms smuggling, and the production and dissemination of child exploitation material.
1.20
The ACIC said the electronic surveillance powers currently available to the ACIC were not sophisticated enough to identify and disrupt the totality of activities serious and organised crime entities were undertaking using these technologies. ACIC said the powers provided under the TOLA Act were required and important, but not solely sufficient to address this threat environment. The ACIC said:
More is needed to provide the ACIC and AFP with effective powers to combat the rising tide of cyber-enabled crime.
1.21
The ACIC said the place of this Bill would be to complement the ACIC’s existing powers by providing new avenues to gather information and respond to serious crime occurring online and criminals using dedicated encrypted communication platforms. They said all the new powers would be used to develop understanding and gathering intelligence on serious and organised crime entities using these technologies to cover their activities.
1.22
The Carly Ryan Foundation also set out the threat environment:
The investigation of alleged crimes is not immune to technological creep, and law enforcement are increasingly dealing with digital aspects of criminality amongst many crime types: terrorism, domestic violence, stalking and harassment, and importantly for the Foundation, child exploitation. Units that specialise in online and cybercrime are best placed in understanding what tools they require to keep the Australian community safe.
1.23
The Carly Ryan Foundation said the current amount of child exploitation was absolutely extraordinary and had risen with COVID-19. They described the issue as a pandemic and said the proposed Bill would help prevent the further victimisation of children.
Organised crime use of dedicated encrypted communications
1.24
The AFP said intersection of encryption and anonymising technology was most evident in Dedicated Encrypted Communications Platforms (DECPs) which were designed for, and marketed to, organised criminals as tools to avoid law enforcement detection.
1.25
The AFP said organised criminal networks were increasingly using DECPs to facilitate a wide variety of serious offending. They said DECPs were modified handsets that had ordinary functions removed allowing for bespoke encrypted applications to ensure anonymous contact between handsets. Providing a practical example outlining the relationship between this Bill and the TOLA Act, the AFP said the TOLA Act was able to identify how many DECPs were present in Australia but not who is using them or where they were being used. This Bill would assist the AFP in this latter question.
1.26
The AFP said internationally DECP networks had been taken down and some DECP providers had provided information on law enforcement evasion to their users.
1.27
The ACIC concurred with the comments made by the AFP and said the dark web and encrypted communications had allowed serious and organised crime groups to more effectively conceal their criminal activity.
The Bill
1.28
The following section gives a brief overview of the Bill as described in the Explanatory Memorandum (EM). A more detailed discussion of the powers proposed in the Bill will be given in Chapters 2 – 5.
1.29
The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 will amend the Surveillance Devices Act 2004 (the SD Act), the Crimes Act 1914 (the Crimes Act) and associated legislation to introduce new powers for law enforcement agencies that the Government state will ‘enhance the ability of the AFP and the ACIC to combat online serious crime.’ It has specifically been designed for the most serious crimes. Of note, these are powers for law enforcement agencies rather than necessarily law enforcement powers themselves. The relevance of this point will be discussed later.
1.30
The Bill introduces three new powers for the AFP and the ACIC exclusively. They are:
Data disruption warrants (DDWs) to enable the AFP and the ACIC to disrupt data by modifying, adding, copying or deleting in order to frustrate the commission of serious offences online;
Network activity warrants (NAWs) to allow agencies to collect intelligence on serious criminal activity being conducted by criminal networks; and
Account takeover warrants (ATWs) to provide the AFP and the ACIC with the ability to take control of a person’s online account for the purposes of gathering evidence to further a criminal investigation.
Schedule 1 – Data disruption warrants
1.31
Schedule 1 amends the SD Act to introduce DDWs. These warrants will allow the AFP and the ACIC to disrupt criminal activity that is being facilitated or conducted online by using computer access techniques.
1.32
A DDW will allow the AFP and the ACIC to add, copy, delete or alter data to allow access to and disruption of relevant data in the course of an investigation for the purposes of frustrating the commission of an offence. This will be a covert power also permitting the concealment of those activities. Whilst this power will not be sought for the purposes of evidence gathering, information collected in the course of executing a data disruption warrant will be available to be used in evidence in a prosecution.
1.33
The intended purpose of the DDW is to offer an alternative action to the AFP and the ACIC, where the usual circumstances of investigation leading to prosecution are not necessarily the option guaranteeing the most effective outcome. For example, removing content or altering access to content (such as child exploitation material), could prevent the continuation of criminal activity by participants, and be the safest and most expedient option where those participants are in unknown locations or acting under anonymous or false identities. Under these circumstances, it may be prudent for the AFP or the ACIC to obtain a data disruption warrant.
1.34
Applications for DDWs must be made to an eligible Judge or nominated Administrative Appeals Tribunal (AAT) member. A DDW may be sought by a law enforcement officer of the AFP or the ACIC if that officer suspects on reasonable grounds that:
one or more relevant offences are being, are about to be, or are likely to be, committed, and
those offences involve, or are likely to involve, data held in a computer, and
disruption of data held in the target computer is likely to substantially assist in frustrating the commission of one or more of the relevant offences previously specified that involve, or are likely to involve, data held in the target computer.
1.35
An eligible Judge or nominated AAT member may issue a DDW if satisfied that there are reasonable grounds for the suspicion founding the application for the warrant and the disruption of data authorised by the warrant is justifiable and proportionate, having regard to the offences specified in the application. The issuing authority will consider, amongst other things, the nature and gravity of the conduct targeted and the existence of any alternative means of frustrating the commission of the offences.
1.36
Information obtained under DDWs will be ‘protected information’ under the SD Act and be subject to strict limits for use and disclosure. Consistent with existing warrants in the SD Act, compliance with the DDW regime will be overseen by the Commonwealth Ombudsman.
Schedule 2 – Network activity warrants
1.37
Network activity warrants will allow the AFP and the ACIC to collect intelligence on criminal networks operating online by permitting access to the devices and networks used to facilitate criminal activity.
1.38
These warrants will be used to target criminal networks about which very little is known, for example where the AFP or the ACIC know that there is a group of persons using a particular online service or other electronic platform to carry out criminal activity but the details of that activity are unknown. NAWs will allow agencies to target the activities of criminal networks to discover the scope of criminal offending and the identities of the people involved. For example, a group of people accessing a website hosting child exploitation material and making that material available for downloading or streaming, will be able to be targeted under a network activity warrant.
1.39
Intelligence collection under a NAW will allow the AFP and the ACIC to more easily identify those hiding behind anonymising technologies. This will support more targeted investigative powers being deployed, such as computer access warrants, interception warrants or search warrants.
1.40
Network activity warrants will allow the AFP and the ACIC to access data in computers used, or likely to be used, by a criminal network over the life of the warrant. This means that data does not have to be stored on the devices, but can be temporarily linked, stored, or transited through them. This will ensure data that is unknown or unknowable at the time the warrant is issued can be discovered, including data held on devices that have disconnected from the network once the criminal activity has been carried out (for example, a person who disconnected from a website after downloading child exploitation material).
1.41
The AFP and the ACIC will be authorised to add, copy, delete or alter data if necessary to access the relevant data to overcome security features like encryption. Data that is subject to some form of electronic protection may need to be copied and analysed before its relevancy or irrelevancy can be determined.
1.42
Applications for network activity warrants must be made to an eligible Judge or nominated AAT member. A NAWmay be sought by the chief officer of the AFP or the ACIC (or a delegated Senior Executive Service (SES) member of the agency) if there are reasonable grounds for suspecting that:
a group of individuals are engaging in or facilitating criminal activity constituting the commission of one or more relevant offences, and
access to data held in computers will substantially assist in the collection of intelligence about those criminal networks of individuals in respect of a matter that is relevant to the prevention, detection or frustration of one or more kinds of relevant offences.
1.43
There are strict prohibitions on the use of information obtained under a NAW. Information obtained under a NAW is for intelligence only, and will not be permitted to be used in evidence in criminal proceedings, other than for a breach of the secrecy provisions of the SD Act. Network activity warrant information may, however, be the subject of derivative use, allowing it to be cited in an affidavit on application for another investigatory power, such as a computer access warrant or telecommunications interception warrant. This will assist agencies in deploying more sensitive capabilities, with confidence that they would not be admissible in court.
1.44
The Inspector-General of Intelligence and Security (IGIS) will have oversight responsibility for NAWs given their nature as an intelligence collection tool. This approach departs from the traditional model of oversight by the Commonwealth Ombudsman of the use of electronic surveillance powers by the AFP and the ACIC. However, the approach is consistent with the oversight arrangements for intelligence collection powers available to other agencies, including the Australian Security Intelligence Organisation (ASIO) and the Australian Signals Directorate (ASD).
1.45
The Bill also provides that the IGIS and the Commonwealth Ombudsman will be able to share information where it is relevant to exercising powers, or performing functions or duties, as an IGIS or Ombudsman official. This ensures that where a matter may arise during an inspection that would more appropriately be dealt with by the other oversight body, a framework is in place for the transfer of NAW information, allowing efficient and comprehensive oversight to occur.
Schedule 3 – Account takeover warrants
1.46
The Bill inserts account takeover warrants into the Crimes Act. These warrants will enable the AFP and the ACIC to take control of a person’s online account for the purposes of gathering evidence about serious offences.
1.47
Currently, agencies can only take over a person’s account with the person’s consent. An account takeover power will facilitate covert and forced takeovers to add to their investigative powers.
1.48
An AFP or ACIC officer may apply to a magistrate for an ATW to take control of an online account, and prevent the person’s continued access to that account. Before issuing the ATW, the magistrate will need to be satisfied that there are reasonable grounds for suspicion that account takeover is necessary for the purpose of enabling evidence to be obtained of a serious Commonwealth offence or a serious State offence that has a federal aspect. In making this determination, the nature and extent of the suspected criminal activity must justify the conduct of the account takeover.
1.49
This power enables the action of taking control of the person’s account and locking the person out of the account. Any other activities, such as accessing data on the account, gathering evidence, or performing undercover activities such as taking on a false identity, must be performed under a separate warrant or authorisation. Those actions are not authorised by an account takeover warrant. The ATW is designed to support existing powers, such as computer access and controlled operations, and is not designed to be used in isolation.
1.50
The Bill will require the agencies to make six-monthly reports to the Commonwealth Ombudsman and the Minister for Home Affairs on the use of account takeover warrants during that period. There are also annual reports to the Minister for Home Affairs that are required to be tabled in Parliament.
Schedule 4: Controlled operations
1.51
Schedule 4 will introduce minor amendments to Part IAB of the Crimes Act to enhance the AFP and the ACIC’s ability to conduct controlled operations online.
1.52
In particular, the Bill amends the requirement for illicit goods, including content such as child abuse material, to be under the control of the AFP and the ACIC at the conclusion of an online controlled operation.
1.53
This is intended to address how easy data is to copy and disseminate, and the limited guarantee that all illegal content will be able to be under the control of the AFP and the ACIC at the conclusion of an online controlled operation.
Schedule 5: Minor corrections
1.54
Schedule 5 will make minor technical corrections to the SD Act and the Telecommunications (Interception and Access) Act 1979 (the TIA Act).