Legislation to boost New South Wales Police covert searching and computer hacking
powers looks set to go ahead after facing almost no opposition in the lower
house of the NSW Parliament earlier this week.
NSW shadow Attorney General and Minister for Justice, Greg Smith, who led the
opposition's stance on the Law Enforcement (Powers and Responsibilities)
Amendment (Search Powers) Bill 2009, has given his party's "in principle"
agreement to pass the Bill.
Key powers under the Bill include remote access to a suspect's computer
network, the right to remove a suspect's computer for between seven to 28 days
for forensic investigation, and the right to use an adjoining property without
notice or impersonate anyone in order to gain physical access to a target's
The opposition's major amendment to the Bill was to reduce the three-year
extension period on the six-month time frame police would have to notify the
suspect of covert access to their equipment.
"The opposition will seek to amend that three-year extension to 18 months,"
Police will need to be granted a warrant by a Supreme Court judge who has
been declared suitable by the Attorney General under the bill. Privacy advocates
have raised concerns that the bill had been structured in a way that would facilitate
Shadow Attorney General Smith said the powers to impersonate anyone
"undoubtedly will attract much criticism" and warned "it might be argued that it
does not cover occupiers of adjacent premises".
Security vendors have recently vowed
to block attempts by police to hack their customers' computers. However,
Declan Ingram, Practice Manager at Australian security consultancy, Securus
Global told ZDNet Asia's sister site ZDNet.com.au while law enforcement "don't have any magical
back doors into systems", if police gain physical access to a target's computer,
security software won't protect them.
"Physical access is game over," Ingram said.
Mandating remote access to computers, according to Mikko Hypponen, chief
research officer for Finnish security company F-Secure, would address another
problem police have in collecting digital evidence: encryption.
"Remote access is used exactly to fight hard drive and communication
encryption. You can't bypass those unless you're allowed to hack the computer
itself; then you can access the data even if it's encrypted in transit or when
the computer is not in use," he told ZDNet.com.au.
The chief technology officer of counter-espionage firm ESD Australia, who
wished to remain anonymous, said that encrypted communications protected by SSL
connections, Skype, or anything transferred over a Virtual Private Network (VPN)
would be difficult for police to access.
"This sort of information can be compromised by a direct 'hack' or a virus on
a computer, which may also monitor screenshots, keys pressed or even open
'backdoors' to a compromised computer," he said.