Police granted powers to install spyware and Trojans

The Surveillance Devices Act allows both Federal and State police to use keylogging and tracking software when investigating Commonwealth offences that carry a maximum sentence of three years, according to the Sydney Morning Herald.

Neil Campbell, the national security manager of IT services company Dimension Data, who previously spent six years working with the with the Australian Federal Police Computer Crime Team, said the laws needed updating because of confusion when dealing with new technologies.

"If the police intercept SMS messages that have not yet been delivered, should that be classified as a telephone interception or as a regular search? Getting a search warrant is relatively easy -- you need to show reasonable grounds that executing the search will provide evidence as to the commission of an offence but getting an interception warrant is difficult," said Campbell.

However, Campbell said the law may clarify the situation for the Police but there needs to be a provision for companies that monitor the activities of their employees, which could fall foul under the Telecommunications Interception Act, which was written before the Internet age.

"If you are a corporate security admin and it is your job to protect the employees in accordance with various workplace regulations, such as the Sex Discrimination Act. Companies need to protect employees from malicious and obscene content but at the same time the Telecommunications Interception Act doesn't address appropriately the issue of data interception in a corporate environment.

"There is the potential that this activity is interpreted as an interception. But I don't think this has been sufficiently tested in court," said Campbell.

Additionally, Campbell said the police may find it difficult to install spyware onto a suspected criminal's computer, especially if the suspect is competent with IT security practices.

"It is going to be very hard to use spyware for monitoring the activities of a paranoid tech-savvy criminal. How do they get it on the machine? Do they physically install it?" asked Campbell.

Adam Biviano, senior systems engineer at antivirus firm Trend Micro, said that security tools have quite often been in conflict with monitoring techniques and criminals have been using technologies such as encryption to make the monitoring of communications very difficult.

"Tech-savvy criminals will be watching for this kind of thing, especially if they know that law enforcement agencies are using these techniques. They can look at process lists, what is using memory on their PC and what applications are running. If they know enough about their computer they will be able to detect the [spyware] programs," said Biviano.