NSW passes police hacking Bill

NSW passes police hacking Bill

Summary: Legislation to boost NSW Police covert searching and computer hacking powers looks set to go ahead after facing almost no opposition in the lower house of the NSW Parliament earlier this week.


Legislation to boost NSW Police covert searching and computer hacking powers looks set to go ahead after facing almost no opposition in the lower house of the NSW Parliament earlier this week.

NSW shadow Attorney General and Minister for Justice, Greg Smith, who led the opposition's stance on the Law Enforcement (Powers and Responsibilities) Amendment (Search Powers) Bill 2009, has given his party's "in principle" agreement to pass the Bill.

Key powers under the Bill include remote access to a suspect's computer network, the right to remove a suspect's computer for between seven to 28 days for forensic investigation, and the right to use an adjoining property without notice or impersonate anyone in order to gain physical access to a target's computer.

The opposition's major amendment to the Bill was to reduce the three-year extension period on the six-month time frame police would have to notify the suspect of covert access to their equipment.

"The opposition will seek to amend that three-year extension to 18 months," Smith said.

Police will need to be granted a warrant by a Supreme Court judge who has been declared suitable by the Attorney General under the bill. Privacy advocates have raised concerns that the bill had been structured in a way that would facilitate "judge shopping".

Shadow Attorney General Smith said the powers to impersonate anyone "undoubtedly will attract much criticism" and warned "it might be argued that it does not cover occupiers of adjacent premises."

Security vendors have recently vowed to block attempts by police to hack their customers' computers, however, Declan Ingram, Practice Manager at Australian security consultancy, Securus Global told ZDNet.com.au while law enforcement "don't have any magical back doors into systems", if police gain physical access to a target's computer, security software won't protect them.

"Physical access is game over," Ingram said.

Mandating remote access to computers, according to Mikko Hypponen, chief research officer for Finnish security company F-Secure, would address another problem police have in collecting digital evidence: encryption.

"Remote access is used exactly to fight hard drive and communication encryption. You can't bypass those unless you're allowed to hack the computer itself; then you can access the data even if it's encrypted in transit or when the computer is not in use," he told ZDNet.com.au.

The chief technology officer of counter-espionage firm ESD Australia, who wished to remain anonymous, said that encrypted communications protected by SSL connections, Skype, or anything transferred over a Virtual Private Network (VPN) would be difficult for police to access.

"This sort of information can be compromised by a direct 'hack' or a virus on a computer, which may also monitor screenshots, keys pressed or even open 'backdoors' to a compromised computer," he said.

Topics: Security, Browser, Government, Government AU

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Australia - the new china

    Internet filters, police allowed to snoop on your computer seeing pictures of you and your children. Although china is communist, they probably don't even have laws allowing police to hack your computer. what next? the right to pillage plunder and r word?
  • Police Hacking

    In 2004 I caught, via Zone Alarm, a back door hacker. When I used Geek tools to track the hacker it came up as The Federal Police and or Centrelink. These monsters are capable of anything even without legislation to control them. It is like being raped. No one can explain the oddities that have been occurring on my system ever since. I am a 54 year old Granny who fight for human rights and animal welfare rights. Go figure. I am a real threat - right? I would be the person trying to stop this sort of violation to our privacy. It seems it is not worth while having the internet. Recently we witnessed the stats on criminal records on members of the NSW Police force. The Government are arming criminals with the right tools to further breach the laws. When does it stop.
  • Did you actually read the legislation?

    Remote access is not part of the legislation. Police need physical access to the network.

    Any attempt to remotely access the computer would breach the Commonwealths Interception laws, and they take precedence.

    So lets start the debate about wether the NSW police force, or any other state police force should have these powers and I have concerns, but lets have the facts rather than hyperbole.
  • remote access to a suspect's computer network

    So you are saying this article is wrong (para 3)?
    Liam should apologise and retract that part of his article then..
  • Yes he is right

    the link is here http://www.parliament.nsw.gov.au/prod/parlment/nswbills.nsf/0/dcd79fca7419bc52ca25756e0020aa20/$FILE/law.pdf

    Which has the section.
    75A Operation of electronic and other equipment at premises and
    removal of things from premises for examination.


    75B Access to and downloading of data from computers (including
    access to computers outside premises the subject of a warrant)

    which includes the subsection:
    The person executing or assisting in the execution of the warrant
    (a) copy any accessed data to a disk, tape or other data storage
    device <b> brought to the premises </b>,

    So the poster above is right.

    Next time Liam you want to spread hysteria check your facts
  • come on

    seriously, you are having a laugh with us.
  • Declan Ingram

    LOL are you serious - physical access is not "game over" - indeed it is merely the beginning ;)

    Get out of Canberra and get into the REAL world