The national security legislation watchdog is considering whether Australia’s peak criminal intelligence agency needs controversial powers that allow it to take over the online accounts of criminals and hack into their networks.
Independent National Security Legislation Monitor Jake Blight, who is currently reviewing the so-called hacking powers, is also mulling whether to put a far higher bar on the types of serious offences the laws can used for.
In an interview on Miah Hammond-Errey’s Technology and Security podcast, Mr Blight provided some early thoughts from his review, which began in September and will inform a future review by the government.
Enacted with bipartisan support in 2021, the identify and disrupt laws introduced new powers for the Australian Federal Police and the Australian Criminal Intelligence Commission to combat serious crime using three new warrants.
The agencies can apply for data disruption’, ‘network activity’, or ‘account takeover’ warrants in relation to a “relevant offence” — typically an offence with a maximum penalty of at least three years imprisonment.
Three years on, Mr Blight said that “quite a good case” for the laws remains and that there is a “general need” for authorities to “respond to some pretty unique problems and changing technology”.
He said that ‘data disruption’ warrants are particularly “unusual” in that they allow the agencies to “intentionally damage, disrupt, modify, add, copy, delete data in order to frustrate a crime”.
“It’s not unusual for police to do things to disrupt crime, but usually they do things that are otherwise lawful… What’s unusual about the data disruption ones is that they actually can cause damage,” he told the podcast, released on Tuesday.
But Mr Blight, who is the first full-time monitor, said there is question mark over whether the ACIC, the country’s top criminal intelligence agency, needs the “law enforcement disruption and takeover or just the intelligence warrants”.
The ACIC has never used the account takeover warrant, which allows officers to gain control of a person’s online account and secretly gather evidence about serious offences, or data disruption warrants.
Mr Blight said the review is also considering the threshold for the use of the powers, which he said are largely targeted at terrorism, serious drugs and child abuse material offenses.
“When the business case was put up to the Parliament, it was about terrorism. It was about serious drugs. It was about child abuse material,” he told the Technology and Security podcast
“Those are… very serious crimes. But that doesn’t really match with the three-year bar. So, that’s one of the things we’re looking at; is that an appropriate safeguard or does that need to be raised.”
Digital rights advocates have previously argued against that the laws are “extraordinarily dangerous” because of the low threshold, which means they can be used on minor criminal offences.
As reported by InnovationAus.com last week, the AFP used the account takeover warrant for the first time last year to fight terrorism. Before 2023-24, it has been limited to drug and child abuse material offences.
One of the six warrants granted to the AFP in 2023-24 was also secured through an emergency authorisation, meaning there was an imminent risk of serious violence or damage to property.
Do you know more? Contact James Riley via Email.