Australia’s “extraordinary” new hacking powers for law enforcement authorities represent the next step in the “explosion of the surveillance state”, according to a leading digital rights advocate, with backlash against the recently passed legislation gaining pace.
A petition calling on the government to repeal the Identify and Disrupt bill, which hands sweeping new hacking powers to the AFP to access the computers and networks of those suspected of committing a crime, “disrupt” their data and even take over their online accounts, has now reached more than 100,000 signatures.
Since the legislation passed Parliament with bipartisan support last month, there has been a groundswell of opposition to the new police powers from a wide range of experts and organisations, including civil and digital rights groups and legal bodies.
The Identify and Disrupt bill gives the AFP and ACIC access to three new warrants, allowing the authorities to disrupt the data of suspected offenders, access their devices and networks to identify them and covertly take over their accounts.
Concerns around these new powers centre on the low threshold for accessing the warrants, the potential impact on innocent third parties and the potential for them to be misused.
Australian Lawyers Alliance national criminal justice spokesperson Greg Barns said the new hacking warrants mark “another step in undermining the rule of law”.
“These powers are extraordinarily dangerous because the threshold for using them is low and they allow for the AFP to alter a person’s online presence, to gather ‘evidence’ outside the scope of the warrant, or even to plant evidence on a laptop, for example,” Mr Barns told InnovationAus.
“These laws apply to us all so anyone with an online presence is potentially impacted by these laws. Innocent parties who might, for example, email a suspect, could find themselves the subject of an order to surveil their online presence. It shows the capture by the security state on legislators and the executive in Australia.”
Deakin University senior lecturer Dr Monique Mann said the new hacking powers represent the next step in digital surveillance in Australia, following the metadata retention laws and the anti-encryption legislation in recent years.
“Over the last six years we’ve seen the introduction of metadata retention, the attempts to undermine encryption and now data disruption and account takeover, then you’ve got the International Production Orders bill on the horizon. It’s really showing this explosion of the surveillance state in the Australian context,” Dr Mann told InnovationAus.
“It represents the next step from Assistance and Access [legislation]. It’s expanding the scope of law enforcement agencies like the AFP and ACIC, not the intelligence agencies. These powers are traditionally reserved for the ASD.”
Dr Mann said that the definition of a criminal group in the legislation is “ridiculous” and will potentially include people with “very loose potential connections”. She also raised concerns with the low threshold for which the warrants can be accessed.
“There is a very low threshold for the seriousness of offences that’s not consistent with the rationale for the introduction of powers, which is terrorism and child exploitation material,” Dr Mann said.
“That really low threshold also combined with the definition of an electronically-linked group of individuals means warrants can be used to target pretty minor criminal offences, and also potentially people acting in the public interest like whistleblowers and journalists.”
The anger surrounding the new legislation needs to be productively directed to more widespread reforms of Australia’s surveillance laws, Dr Mann said, and efforts need to be focused on the Richardson review.
The Richardson review, a comprehensive review of the legal framework of the national intelligence community, was completed in late 2019, with the report made public a year later.
The federal government has agreed to most of the recommendations, including to introduce a new electronic surveillance act, a process which may take five years and cost $10 million.
This presents an opportunity for organisations to make their case for more substantial reforms around digital surveillance, Dr Mann said.
“We can’t view it in isolation of all these other powers and their potential interaction. Things play out in practice as a suite of powers, not just a focus on each piecemeal law as it is quickly introduced. This is where we are perhaps going wrong in terms of the backlash,” she said.
“We shouldn’t be putting out fires successively, we need to step back and take a much broader view of the surveillance legal framework in Australia which aligns with the Richardson report. We need to start thinking about this wholesale reform and ensure we have fundamental human rights protection. We need to start looking at the landscape collectively, and the Richardson review provides an opportunity to do that.”
The broad coalition of organisations in opposition to the Identify and Disrupt bill need to work together for better human rights protections in this new surveillance legislation, she said.
“We can’t keep responding in a knee-jerk way. We need to be proactive and think bigger picture about how we effect meaningful reform and change, and have a forward thinking strategy about that, rather than little groups of people here and there trying to put out spot fires,” Dr Mann said.
“We need to be a bit more strategic. When the Richardson review reforms start kicking off, that’s when we need to be heard, that’s when people need to speak up. We need to think about what we’re going to say to counter the government’s arguments in the review process.”
Do you know more? Contact James Riley via Email.
Throw away your phones and computers, problem solved. ????
We are not a police state Leave us our freedom and our rights
Big brother is here, next will be a camera in your house watching you
Giving idiots power creates new idiotic policies and laws this is just widespread fear what you all fearing is your imagination
This is getting completely out of hand. The Australian govt are one of the most ignorant and anti-science we’ve ever had. They dont understand cyber security and constantly fail basic audits let alone hack systems we legitimately have a right to secure.