NSW police corruption body wants access to encrypted communications
The Law Enforcement Conduct Commission (LECC) has asked for inclusion to the list of organisations able to access encrypted communications under Australia's new laws, unsure of the rationale behind its exclusion.
The LECC was established in 2017 to investigate, and oversee, law enforcement misconduct in New South Wales. The NSW Police Force is the largest in the country, with 20,725 members.
In its submission [PDF] to the Parliamentary Joint Committee on Intelligence and Security's (PJCIS) Inquiry into Australia's encryption laws, the LECC said it relies significantly on telecommunications interception warrants to investigate serious offences allegedly committed by NSW Police Force officers.
It said that last year, 93 percent of IP communications intercepted by virtue of LECC warrants were encrypted. It also said its digital forensics capability is hindered by the use of encryption to secure devices and digital storage.
"The legislative access to 'designated communications providers' provided within Schedule 1 of the Act would assist the LECC's investigation of serious offences," it wrote.
Schedule 1 of Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 allows police to investigate "prescribed offences", which includes all offences that attract a penalty of at least three years imprisonment.
The LECC has argued the rationale provided for its exclusion is insufficient.
Given the "wide array" of powers police have, the LECC said the need for "vigorous oversight mechanisms" is evident.
"Elements that allow for an effective oversight mechanism must include the power and capacity to conduct independent investigations and access to a variety of covert and surveillance techniques," the LECC wrote.
"Particularly as the nature of crime and misconduct expands to include methods enabled by technological advances, such as encryption tools, law enforcement agencies, including the LECC, must also expand their powers to combat this activity effectively.
"The exclusion of the LECC within Schedule 1 of the Act may well encourage corrupt police to use encrypted communications with confidence and encourage police corruption more broadly."
The encryption laws passed on the last evening of Parliament for 2018, following the capitulation of the Labor opposition, which dropped its own amendments and waved the legislation through the Senate under the belief Parliament will consider the amendments when it resumes next month.
The government successfully had its 67 pages of amendments added to the Bill in the lower house and the PJCIS a week later opened a review of the new laws and is due to report by April.
Under the new laws, Australian government agencies will be able to issue three kinds of notices:
- Technical Assistance Notices (TAN), which are compulsory notices for a communication provider to use an interception capability they already have;
- Technical Capability Notices (TCN), which are compulsory notices for a communication provider to build a new interception capability, so that it can meet subsequent Technical Assistance Notices; and
- Technical Assistance Requests (TAR), which are voluntary requests to use existing capabilities, but have been described by experts as the most dangerous of all.
It was revealed in a submission from the Department of Home Affairs (DHA) that federal law enforcement and national security have already begun using the powers contained within the encryption laws.
"The department has also been advised by Commonwealth law enforcement and national security agencies that the powers in the Act have been used to support their work," Home Affairs said, noting in the same paragraph that it was working closely with these agencies to facilitate the implementation of the Act.
In its submission, Home Affairs said it delivered training to the police forces of NSW and Victoria, specifically on what the new powers include.
The on-site training, DHA said, highlighted the legal processes that agencies must satisfy while using their new powers, as well as the administrative requirements of seeking approval from the Australian Federal Police Commissioner for the use of TANs.
It also included what "strict thresholds and safeguards" must be met, as well as operational use cases.
"Further training will be delivered to other state and territory police forces in February 2019," the department wrote.
With the passage rushed through before the end of 2018, the Greens have called upon the government to provide data on the potential security threats that were identified and foiled since this time.
"Scott Morrison said he wanted to keep us all safe, well I want to know just how dangerous Christmas was this year for the average Australian," Greens Digital Rights spokesperson Senator Jordon Steele-John said.
"Either we've seen an unprecedented spike in suspicious activity over Christmas and New Year -- as the government claimed we would -- or our own security agencies have already succumbed to the the dangerous misuse and mission creep of these anti-encryption powers.
"This is massive government overreach and I'm yet to see a skerrick of evidence to justify the need for these powers. They makes a mockery of our right to privacy, leave us more vulnerable to cyber espionage and permanently weaken the existing protections we all rely on to stay safe and secure online."
READ MORE
- Australian industry groups issue wish list of encryption law changes
- Here we go again: PJCIS opens review of Australia's encryption laws
- Australia's encryption laws are 'highly unlikely' to dragoon employees in secret
- Australia's encryption laws will fall foul of differing definitions
- Australia's encryption laws are a cyber cane toad: Husic
- What's actually in Australia's encryption laws? Everything you need to know
- Why Australia is quickly developing a technology-based human rights problem (TechRepublic)