Aust police hacking bill passed

Legislation to boost New South Wales Police computer hacking powers set to go ahead after almost no opposition in the lower house of the state parliament.
Written by Liam Tung, Contributing Writer

Legislation to boost New South Wales Police covert searching and computer hacking powers looks set to go ahead after facing almost no opposition in the lower house of the NSW Parliament earlier this week.

NSW shadow Attorney General and Minister for Justice, Greg Smith, who led the opposition's stance on the Law Enforcement (Powers and Responsibilities) Amendment (Search Powers) Bill 2009, has given his party's "in principle" agreement to pass the Bill.

Key powers under the Bill include remote access to a suspect's computer network, the right to remove a suspect's computer for between seven to 28 days for forensic investigation, and the right to use an adjoining property without notice or impersonate anyone in order to gain physical access to a target's computer.

The opposition's major amendment to the Bill was to reduce the three-year extension period on the six-month time frame police would have to notify the suspect of covert access to their equipment.

"The opposition will seek to amend that three-year extension to 18 months," Smith said.

Police will need to be granted a warrant by a Supreme Court judge who has been declared suitable by the Attorney General under the bill. Privacy advocates have raised concerns that the bill had been structured in a way that would facilitate "judge shopping".

Shadow Attorney General Smith said the powers to impersonate anyone "undoubtedly will attract much criticism" and warned "it might be argued that it does not cover occupiers of adjacent premises".

Security vendors have recently vowed to block attempts by police to hack their customers' computers. However, Declan Ingram, Practice Manager at Australian security consultancy, Securus Global told ZDNet Asia's sister site ZDNet.com.au while law enforcement "don't have any magical back doors into systems", if police gain physical access to a target's computer, security software won't protect them.

"Physical access is game over," Ingram said.

Mandating remote access to computers, according to Mikko Hypponen, chief research officer for Finnish security company F-Secure, would address another problem police have in collecting digital evidence: encryption.

"Remote access is used exactly to fight hard drive and communication encryption. You can't bypass those unless you're allowed to hack the computer itself; then you can access the data even if it's encrypted in transit or when the computer is not in use," he told ZDNet.com.au.

The chief technology officer of counter-espionage firm ESD Australia, who wished to remain anonymous, said that encrypted communications protected by SSL connections, Skype, or anything transferred over a Virtual Private Network (VPN) would be difficult for police to access.

"This sort of information can be compromised by a direct 'hack' or a virus on a computer, which may also monitor screenshots, keys pressed or even open 'backdoors' to a compromised computer," he said.

Editorial standards