New powers could give ASIO a warrant for the entire internet

The broad definition of a 'network' in new national security legislation could give Australia's top spy agency access to just about every computer on the internet, according to legal experts.
Written by Josh Taylor on

New national security legislation designed to make it easy for the Australian Security Intelligence Organisation (ASIO) to tap, access, and disrupt target and third-party computers and networks is so broad that it could in effect give ASIO access to every computer on the internet, according to legal experts.

Attorney-General George Brandis introduced legislation into the parliament last month that would expand the powers of ASIO, and its ability to access computers or computer networks under warrant as part of intelligence gathering, including the ability to access third party computers in order to gain access to a target computer under a warrant.

Two legal experts appearing before the parliamentary joint committee on intelligence and security investigating the legislation yesterday warned that the drafting of the legislation could potentially mean that almost any computer in the world could be accessed.

"I guess our major concern is more the situation where, say, computer networks could extend to any computer located on university premises where a person is studying, or all the computers where a person otherwise might work. But our main concern is that that idea of a network is not defined by even such a physical restriction as that," University of New South Wales law lecturer Keiran Hardy said.

"Some requirements like having reasonable grounds to believe that the person had access to other computers, or a kind of last-resort provision that other means of obtaining that intelligence, aside from accessing multiple computers, might in some way sensibly limit that, whereas there is nothing in the legislation so far to even explain what the potential limits of that definition might be."

UNSW's Professor George Williams said it could extend as far as the entire internet.

"I suppose the short answer is: the internet is a computer network, and it is commonly understood as such, and that is why there is some understandable confusion that attaches to these words, because clearly it ought not to be directed at that. But, if that is the case, you would want to see text in the legislation making that clear," he said.

At UNSW alone, Williams said, a computer network would cover 55,000 people, and slammed the drafting of the legislation for not adopting the definition of a network that was recommended by the committee in 2012, that simply expanded the definition under a warrant to include multple computers operating in a network.

Electronic Frontiers Australia's executive officer Jon Lawrence also indicated that the proposal could cover the entire internet.

"It is quite arguable that the definition could be applied to the entire internet, given the way the legislation is currently worded. That will need some additional work to tie that down to what we believe the department is actually proposing."

EFA concerns about a right to privacy were dismissed by Liberal MP Philip Ruddock.

"These issues that we are dealing with, they are giving organisations that are about identifying terrorist bodies reasonable powers to be able to protect people's right to life in advance. We have always operated on the basis that we wait until something happens and then try to prosecute an offence and hope that, if we prosecute somebody successfully, it may deter others. That has always been the traditional way," he said.

"We are now looking at how you find out what people are thinking about even before they do it, and it is with a view to trying to protect people's right to life. When you are developing a proportionality test, I want to know why privacy is so much more important, proportionally, than somebody's right to life."

At a hearing on Friday last week, ASIO head David Irvine and the Attorney-General's Department First Assistant Secretary for National Security Law and Police, Jamie Lowe defended the broadening of the definition of networks and computers under the legislation as necessary for ASIO's work.

"It is more efficient, and better reflects the way computers are now used, for ASIO computer-access warrants to cover computer networks and to be able to specify the computers, the systems or the networks to which access is authorised by reference to a specified person or premises rather than a reference to the specific computer," Lowe said.

ASIO could not access the content on third party computers, and Lowe said that the impact on third party computers accessed to reach target computers would be limited.

"I do not think I would link it to observable, but material and immaterial have a normal usage in everyday language. Whether it is observable or not may be an indication, but I would not link it specifically to that," she said.


Apple politely explains why iPhone cases are a waste of money
Apple iPhone 13 Pro Max

Apple politely explains why iPhone cases are a waste of money

The 8 best iPhone models of 2022

The 8 best iPhone models of 2022

Delta Air Lines just made a callous admission that customers may find galling

Delta Air Lines just made a callous admission that customers may find galling