Human rights lawyers ask Australia's 'hacking' Bill be redrafted

The powers given to two law enforcement bodies within three new computer warrants need further work, representatives from the Human Rights Law Centre and the Law Council of Australia say.

Human Rights Law Centre and the Law Council of Australia have asked that the federal government redraft the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, calling its contents "particularly egregious" and "so broad".

The Bill, if passed, would hand the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) three new computer warrants for dealing with online crime.

"Sweeping state surveillance capacity stands in stark contrast to the core values that liberal democracies like Australia hold dear," Human Rights Law Centre senior lawyer Kieran Pender declared to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) on Wednesday.

"In the past two decades, the surveillance capabilities of Australian law enforcement and intelligence have rapidly expanded, every increase in state surveillance imposes a democratic cost."

According to Pender, each time further surveillance powers are contemplated, three questions should be asked: Are the proposed powers strictly necessary, carefully contained, and fully justified.

"We believe that the Bill in its present shape does not satisfy those criteria," he said.

"While many of the expansions made to surveillance powers in this country in recent years have been troubling, this Bill stands out as particularly egregious because its scope encompasses any and every Australian."

The first of the warrants is a data disruption one, which according to the Bill's explanatory memorandum, is intended to be used to prevent "continuation of criminal activity by participants, and be the safest and most expedient option where those participants are in unknown locations or acting under anonymous or false identities".

The second is a network activity warrant that would allow the AFP and ACIC to collect intelligence from devices that are used, or likely to be used, by those subject to the warrant.

The last warrant is an account takeover warrant that would allow the agencies to take control of an account for the purposes of locking a person out of the account.

"The powers offered by the Bill are extraordinarily intrusive, the explanatory memorandum and commentary by the minister indicate that powers are intended to only be used in cases of the most severe wrongdoing, yet the Bill does not reflect that," Pender said.

He believes the Bill's relevant offence threshold of three years imprisonment is too low and should be increased; and that the definitions provided by the network activity warrants are so expansive as to be practically unlimited in scope.

"We would urge the committee to recommend that these warrants be redrafted to prevent their application to individuals that have no involvement whatsoever in the relevant offence, otherwise, every single Australian is at risk of having their online activities monitored by the Federal Police even where they're not suspected of having done anything wrong," he said.

As noted in its submission on the Bill, the OAIC believes the Bill's definition of a criminal network of individuals has the potential to include a significant number of individuals, including third parties not the subject or subjects of the warrant who are only incidentally connected to the subject or subjects of the warrant.

David Neal from the Australian Law Council further expanded on the risk posed to those peripheral to the individual/s that are the subject of a warrant.

"[The definition is] so broad that as soon as one individual suspected of a relevant offence, users, for example of WhatsApp, in theory, this Bill will allow warrant in regards to anyone who uses WhatsApp because they're then an electronically linked group of individuals with that one person," he said.

"Now, you know, someone defending the Bill might say, Well, you know, there are sort of all these other criteria that go to that, and we accept that to an extent, although I think those criteria needs to be more robust."

Representatives from both organisations agreed the broad definitions within the Bill could exacerbate the risk of abuse and misuse.

"There's all of these channels that are totally going to be sort of swept pass potentially under this under this Bill, and give rise to concerns about abuse," Neal said.

In its submission to the PJCIS, the Law Council made a total of 57 recommendations on how to make the Bill more fit for purpose.

"The appropriate course of action we respectfully submit is for the committee to recommend that the government substantially redraft this bill before it returns to Parliament," Pender declared.

MORE ON THE BILL