Australian Federal Police Commissioner labels cyber a 'genuinely wicked problem'

The issue of online crime cannot be solved simply by regulation or legislation, the head of the AFP has said.
Written by Chris Duckett, Contributor

While the internet is an overwhelming force for positive change, it remains one of the largest asymmetric threats faced, Australian Federal Police (AFP) Commissioner Andrew Colvin said on Wednesday.

"Not only can it be accomplished by a lone actor anywhere in the world, the blurred lines of attribution between criminal, commercial, and state make this a genuinely wicked problem," he said.

Speaking to the National Press Club, Colvin said the agency would always be playing catchup to fight online crime, to an extent, and it needed to be solved with partnerships.

"Technology presents challenges to governments like almost never before," Colvin said. "It is a realm that we cannot simply legislate or regulate to control -- we must work with the industry who have their hands on the levers, and invariably, they are in the private sector."

The Commissioner said cybercrime is pervasive and hits all levels of society.

"We find ourselves in an environment where we are trusting the internet with our personal information, our social networks and -- incredibly, when you think about it -- our money," he said.

Colvin called for the use of traditional and non-traditional policing capabilities to ensure criminals cannot hide behind encryption to avoid the law.

"Prolific growth in the use of encryption technology is an everyday reality for investigators and we cannot afford for this to remain an obstacle."

Despite Colvin stating legislation cannot be a silver bullet, the Federal Police were very supportive of the introduction of Australia's metadata retention laws. The laws mandate the collection of customers' call records, location information, IP addresses, billing information, and other data stored for two years by telecommunications carriers, accessible without a warrant by law-enforcement agencies.

Authorities do need a warrant to access the metadata of a journalist for the purposes of identifying a source, however.

Fronting Senate Estimates last week, Colvin said the AFP does not seek journalist metadata relating to sources as a routine matter, and has made no applications under Australia's data-retention laws to seek such information.

As such, the AFP bungled the only time it handled a journalist's metadata when it admitted to breaching the metadata laws last month.

The Commonwealth Ombudsman last week found the AFP to be handling metadata in a compliant manner, but noted a number of exceptions.

"We identified two instances where a stored communications warrant had been applied for and subsequently issued in respect of multiple persons, which is not provided for under the Act," the report said.

In response, the AFP said its warrant templates were not clear enough.

It was also noted that on six occasions, warrants were exercised by people not authorised to; in three instances, the Ombudsman could not determine whether stored communications related to the person named on a warrant; and in one instance, it could not determine who had received stored communications from a carrier.

Editorial standards