The Australian Criminal Intelligence Commission (ACIC) has taken the opportunity to revise the claims it made in a submission earlier this month around the unlawful use of encrypted communications, saying it has its sights on devices that are specifically used for illegal purposes rather than encrypted messaging apps, such as WhatsApp or Signal.
In a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) as part of its inquiry into the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, the commission said, "ACIC observation shows there is no legitimate reason for a law-abiding member of the community to own or use an encrypted communication platform".
Facing Senate Estimates on Tuesday, ACIC CEO Mike Phelan was questioned on ZDNet's article that highlighted the claims the submission made and said in response, "That's not true".
"I mean, we all need encryption," he said. "The legislation as designed -- and it is absolutely our intention to not go after over-the-top apps, so I'm not after WhatsApp, Signal, Telegram, all those sorts of things. What we're after is to get deep inside criminal networks that exist on the platforms within Australia."
Phelan clarified what he's after are dedicated encrypted devices on closed networks, specifically, those that are only designed for criminal communications.
"So, you know, it's public, where we are after things like Cipher and also similar networks that were taken down overseas; EncroChat, Phantom Secure, Sky ECC, these are dedicated devices -- you can't even make phone calls on, only text messages within a closed network," he said.
"That's what we're after and that's my understanding of what the legislation will enable us to do -- to get behind and try and get into the encryption for intelligence purposes, not to get into networks that are, quite frankly, if it's WhatApp or whatever."
"I don't think any legislation is going to give us the ability to do that nor could I get in behind it anyway."
The Bill, if passed, would hand the Australian Federal Police (AFP) and ACIC three new computer warrants for dealing with online crime.
The first of the warrants is a data disruption one; the second is a network activity warrant; and the third is an account takeover warrant.
Phelan further clarified that what he considers as illegitimate are not encrypted messaging apps, but encrypted devices.
"The devices that we're talking about -- so far, the commission, through law enforcement in Australia and overseas, has not found one of them in the hands of a legitimate person," he said.
"However, I can envision a time when the technology can be used for encrypted communications legitimately, of course ... It's just that the ones -- the dedicated networks -- that we're after, we haven't seen any in the hands of people like you and me."
Devices, he reiterated, that you can't walk into a shop and purchase.
"These are networks that are financed by criminals -- imported devices, imported by criminals, resold by criminal networks," he said. "You can't walk into a Telstra store and say I want [a] Cipher device please."
Earlier in the day, the head of the Australian Security Intelligence Organisation (ASIO), Mike Burgess, lashed out at tech giants for running interference and handing a free pass to Australia's adversaries and "some of the worst people in our society".
"Through the use of encryption social media and tech companies are, in effect, creating a maintaining a safe space for terrorists and spies," Burgess said.
"Encryption is a fundamental force for good as a society, we need to be able to shop, bank, and communicate online with confidence. But even a force for good can be hijacked exploited and abused.
"In the case of encryption, we need to recognise how it is being used by terrorist and spies. End to end encryption is degrading our ability to protect Australia and Australians from threats, from the greatest threats."
MORE ON THE 'HACKING BILL'
- Senators concerned 'hacking' Bill powers could be used beyond intended scope
- Human rights lawyers ask Australia's 'hacking' Bill be redrafted
- Australia's new 'hacking' powers considered too wide-ranging and coercive by OAIC
- Twitter deems Australia's account takeover warrant as antithetical to democratic law
- AWS asks new Australian computer warrant provide immunity for account takeovers
- Surveillance Bill to hand AFP and ACIC a trio of new computer warrants
- Australia's tangle of electronic surveillance laws needs unravelling