New South Wales Police Force (NSWPF) have used Australia's controversial Assistance and Access laws on a foreign operator, in an effort to "determine its capability to assist police".
Responding to the Parliamentary Joint Committee on Intelligence and Security and its review of the amendments made to the encryption laws, NSW Police said issuing a Technical Assistance Request (TAR) to the overseas provider could not have happened without the Telecommunications and Other Legislation Amendment (Assistance and Access) Act (TOLA Act), since the provider would have previously informed its account holders of the request.
"The TOLA regime permitted NSWPF to make those enquiries using accompanying non-disclosure provisions. NSWPF was able to obtain information about some of the provider's capability which was previously not known," it said.
NSW Police said a combination of privacy protections, no profit/no loss costs agreements, and protection from civil liability had allowed the force to make requests it had previously not been able to.
In a separate question, NSW Police said an overseas provider could not complete the requirements of the request issued.
"A TAR (technology assistance request) was served on the provider, requesting the provision information that was available to the provider, referenced to times and dates identified during the period of a Telecommunications Interception Warrant," it said.
"The provider responded they were unable to provide most of the requested information as they did not have access to the information sought.
"The provider indicated they had the capability of providing some of the information sought, however, this information would not be provided due to laws within their jurisdiction prohibiting disclosure to overseas authorities."
Of the 14 TARs issued thus far by NSW Police, this was the only one to not be "complied with to the extent a provider was capable of doing so".
By contrast, Australian providers were much more welcoming of the new powers handed to Australian law enforcement bodies.
"Two Australian-based [providers] expressly welcomed the non-disclosure and indemnity components of a TAR. Although these providers assisted NSWPF in the past without the need for a TAR, the amount of information provided, and the extent of the providers' assistance was greater under a TAR than was traditionally sought or provided," it said.
One Australian provider did ask that a request made under section 313 of the Telecommunications Act be requested under the TOLA regime instead.
Overall, NSW Police said nine different communications providers had been handed TARs from it.
The information provided in its response to the committee built upon its appearance before the committee in August.
NSW Police said at the time, its 13 TARs were related to investigations into murder, armed robbery, and commercial drug supply and importation. Since then, it has issued one further TAR, but has seemingly not extended the crimes investigated.
At the time of writing, its response to the committee -- sometime after August 14 -- NSW Police had issued four TARs that were in force for 20 days, one TAR issued on August 14 but without a timeframe given, with the remaining nine TARs having expired. These requests were in force for between 27 and 82 days, NSW Police said.
Further, it said all requests were issued with an expiry date, and no requests for extended, or varied.
Since 6 December 2018, NSW Police said it had made 367 requests under section 313 of the Telecommunications Act.
Under the TOLA Act, Australian law enforcement are able to issue voluntary TARs, as well as compulsory Technical Assistance Notices and Technical Capability Notices to compel providers to assist them. NSW Police said in August it had not issued any compulsory notices.
- NSW Police says domestic carriers complying with encryption laws but internationals are not
- AFP used voluntary powers in Australia's encryption laws three times in 2019-20
- Atlassian says encryption-busting law has damaged Australia's tech reputation
- IGIS still calling for more staff to provide oversight of ASIO's encryption-busting powers
- The disappointment of Australia's new cybersecurity strategy
- INSLM recommends taking encryption-busting approvals power from Australian Ministers
- National Security Legislation Monitor won't be recommending Encryption Bill repeal