New laws extend police power to hack suspects’ personal computers
New Commonwealth legislation has extended police power and security agency authority, allowing them to secretly access personal computers and scrutinise the electronic accounts of any citizen deemed a suspect in serious criminal activities.
The Surveillance Legislation Amendment (Identify and Disrupt) Act 2021 gives the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) greater power to disrupt and prosecute online criminal activity.
The law applies only to Commonwealth crimes with a sentence of more than three years, not crimes such as murder or robbery that fall under state law.
AFP and ACIC now have access to three types of warrant
The new legislation has introduced three new powers for the AFP and ACIC.
Data Disruption Warrants give the police power to modify, alter and delete online data in order to frustrate serious offences such as the distribution of child abuse material.
Network Activity Warrants allow the investigation and collection of intelligence on criminal networks operating online.
Account Takeover Warrants allow police to take control of a person’s online accounts to gather evidence and pursue other criminal investigations.
Before police can hack into a citizen’s online account, magistrates or nominated Administrative Appeals Tribunal (AAT) members must issue a warrant. They must consider the gravity of the alleged offence, whether there are alternative ways to obtain the evidence, and whether taking control of a person’s account would cause the person to suffer permanent loss of money.
New police power enables faster disruption and prosecution of cyber crime
Once police have control of a person’s account they can add, copy, delete or alter data on devices in pursuit of investigating criminal activity.
In a public warning to child sex predators, the AFP has said it will quickly seek to use its new powers to track perpetrators hiding in the dark web and other forums. (See AFP to target child sex predators sharing abuse material, AFP, September 2021.)
Threshold for granting new warrants under scrutiny
The aim of the new laws is to battle the spread of child abuse material, serious crime and terrorists using the dark web. While this is justified, critics do have concerns that the new powers lack sufficient oversight.
A parliamentary committee unsuccessfully argued warrants should be assessed higher up the judiciary ladder than the AAT or magistrates. Some argued the threshold for granting warrants is too low.
All an officer needs to show is that an offence “is being” or “is likely to be” committed, and that access to the data “is likely to substantially assist in frustrating the commission of offences”.
The Human Rights Law Centre believes a public interest advocate should be involved in the process to grant warrants, so where necessary they may argue for the right to privacy and ensure the law is not used to investigate government whistleblowers or journalists’ sources. (See Online surveillance bill a dangerous overreach, Human Rights Law Centre, March 2021.)
There is no notification to an individual that police are hacking into their online accounts or computer activity, at least not until the police knock on their door.
AFP assures Australian public it will not abuse its powers
The Inspector General of Intelligence and Security has oversight over the new powers granted to police, not a parliamentary committee, and the law will be reviewed in 2024. Until then it is up to the Minister for Home Affairs to ensure the new police power is not abused.
The AFP issued a statement seeking to allay concerns about its power to hack into citizens’ computers, insisting it does not apply to minor crimes. (See Fast Facts: AFP powers under SLAID legislation, AFP, September 2021.)
For more information on the powers of the Australian Federal Police to access business computers, please see our February 2022 article What do new critical infrastructure laws mean for Australian businesses?
What does the AFP define as serious online offences?
The AFP has said its new police power applies only to Commonwealth crimes that have a penalty of at least three years’ jail.
The AFP listed the following serious offences.
- An activity against the security of the Commonwealth (eg terrorism, foreign interference or espionage)
- An activity against the proper administration of government (eg bribery of a Commonwealth official)
- Conduct which causes serious violence or harm to a person (eg child abuse and human trafficking)
- Conduct which causes a danger to the community (eg drug and firearms trafficking, or organised crime/criminal association offences)
- Conduct which causes substantial damage to, or loss of, data, property or critical infrastructure (eg cybercrime and money laundering)
- Any other conduct involved in transnational, serious or organised crime