The Australian Security Intelligence Organisation (ASIO) will have the power to get metadata and obtain access to computers for more than just pure national security, according to the Inspector-General of Intelligence and Security Dr Vivienne Thom.
The warning came in Thom's response to the government's second so-called "tranche" of national security legislation seeking to prevent Australians from leaving to fight with terrorist organisations in Syria and Iraq, or subsequently returning to Australia.
Thom's office has oversight for Australia's national security organisations, and said in her submission that the proposed foreign fighters legislation rapidly expands the definition of "security" in the ASIO Act to cover people going overseas for any criminal conduct, regardless of whether there is political or ideological motivation behind the conduct.
"The definition of 'security' in the ASIO Act is central to ASIO's functions, and underpins the tests for when various ASIO powers such as warrants and metadata authorisations can be used," Thom said.
"The effect of the expansion of the definition of security is that ASIO will have the legislative authority to use its powers to gather intelligence about criminal conduct overseas that is not associated with terrorism or activity that would ordinarily be described as relevant to national security."
Under the current legislation, security issues ASIO can use to obtain warrants for computer access or to make requests without a warrant for metadata include specific items such as espionage, sabotage, politically motivated violence, and acts of foreign interference.
The proposed legislation, Thom said, removes the "politically motivated violence" definition, and replaces it with a number of offences including entering or remaining in a declared area, recruiting a person to serve with an army in a foreign country, and entering a foreign country with the intention of engaging in hostile activities.
"Some of these offences seem to be quite broad," Thom said.
"For example, going overseas to commit an assault as part of a family dispute or to rob a bank could come within the definition of 'security' and be a legitimate focus for ASIO attention. Such conduct, while serious, has not previously been considered security related."
This would mean that although the legislation is targeting those going to Syria and Iraq today, the effect of the legislation would grant ASIO a much broader scope of who it can target for metadata access or requesting a warrant for computer access.
"The definition of 'security' underpins when ASIO can obtain search or computer access warrants, and also when ASIO employees can authorise access to telecommunications metadata. The definition of security also regulates when a person can be assessed as a 'risk to security' for the purpose of a visa security assessment or other security assessments," Thom said.
The first tranche of legislation that passed Parliament earlier this month now allows ASIO to access an unlimited amount of devices with a single warrant, leading to some experts questioning whether the law allows the spy agency to access the entire internet with a single warrant.
The Australian Privacy Commissioner Timothy Pilgrim said in his submission that the legislation will allow SmartGate systems being rolled out in Australian international airports to collect biometric and other personal information. He said that the collection of the biometric data must be in compliance with the Australian Privacy Principles, which state that sensitive information must only be collected with the consent of the individuals, unless collection is authorised or required by law.
The third tranche of legislation forcing telecommunications companies to retain an as-yet-undefined set of customer data for government agencies to access without a warrant could be entered into parliament as soon as the end of October.