Spy agency computer taps face oversight deficiency

Summary:The Inspector-General of Intelligence and Security has said it will need additional resources to oversee new powers planned for Australian intelligence agencies to access computers and networks during investigations.

Legislation that would allow ASIO to tap and search computers and computer networks as part of investigations would not have proper independent oversight if the oversight body isn't given additional resources.

In July, Attorney-General George Brandis introduced legislation that will see the powers of the Australian Security Intelligence Organisation (ASIO) significantly boosted, enabling the agency to target, tap, and disrupt all computers and third party computers linked to a specific individual under investigation.

In its defence against the potential for the misuse of its broad new powers, ASIO told a parliamentary committee investigating the legislation that the agency has oversight over its use of the powers through the Office of the Inspector-General of Intelligence and Security (OIGIS).

"When exercising the inquiry function, IGIS has significant powers, comparable to those of a royal commission, to obtain information, require persons to answer questions and produce documents, take sworn evidence and enter the premises of any intelligence or defence intelligence agencies," ASIO said in its submission.

But the OIGIS said in its own submission that the legislation would increase the scope of its oversight over ASIO and would require additional resources in order to maintain that oversight.

The access to computers as defined in the legislation would increase the scope of access to computers by ASIO that may be irrelevant to ASIO's investigation, the OIGIS said, and there was no guarantee in the legislation that irrelevant private data obtained by ASIO would be deleted.

"There is no obligation in the current or proposed legislation that would require ASIO at any point in time to actively consider whether information obtained under such a warrant is actually related to the individual who was the subject of the warrant and no obligation to promptly delete information generated by or about individuals who are not relevant to security," the inspector-general said.

Under the current legislation, ASIO warrants prevent the agency from doing anything that "interferes with, interrupts, or obstructs the lawful use of a target computer" but the proposed changes lift the threshold so ASIO must not make a "material" impact on lawful use by targeted or third party computers.

ASIO chief David Irvine explained this today as using a small amount of diskspace or bandwidth on the internet connection of a target computer, and would amount to 1 percent of the bandwidth used by a target computer.

OIGIS said the legislation should include a provision that would require ASIO to report when it does interfere in a computer's lawful use.

The OIGIS has flagged that in order to oversee those new powers, it would need technical expertise to oversee the computer operations.

"From an oversight perspective the challenge for the IGIS will be in determining whether interference occurred and, if so, whether it was 'material' and 'necessary'. As is currently the case, it is unlikely that a person who experienced interference, interruption or obstruction would be aware that it was caused by an action of ASIO," the submission stated.

"The increasing complexity of computer related operations means that the IGIS office requires increased access to technical expertise to oversight these operations effectively."

During the parliamentary hearing this morning, concern was raised by one new provision in the legislation that would create an offence for disclosing information relating to what is designated to be a "special intelligence operation". It has been argued that the provision would see journalists jailed for reporting leaks from national security agencies such as those from whistleblower Edward Snowden about the NSA.

At the hearing today, representatives for the Attorney-General's Department claimed that the provision would not target "legitimate reporting" on national security matters, but only "reckless reporting" where a person knows that the information being disclosed might be related to a security intelligence operation.

Labor Senator Penny Wong asked the department to define "reckless" reporting for the next hearing on Monday.

Topics: Security, Australia, Government, Government : AU, Privacy

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.