Senators concerned 'hacking' Bill powers could be used beyond intended scope

Senators are concerned that they are yet to hear a convincing argument as to why the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 has omitted definitions for the categories of offences it would be used for by two of Australia's law enforcement bodies.

The Bill, if passed, would hand the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) three new computer warrants for dealing with online crime.

The first of the warrants is a data disruption one; the second is a network activity warrant; and the third is an account takeover warrant.

With representatives from the Department of Home Affairs, the AFP, ACIC, and Australian Signals Directorate facing the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and its review of the Bill, Labor Senator Kristina Keneally on Wednesday sought to confirm whether the Bill would not be used to target low-level offences.

"What I'm seeking to understand here … the Bill outlines a number of crimes -- child abuse and exploitation, terrorism, the sale of illicit drugs, human trafficking, identity theft, and fraud, assassinations, and the distributions of weapons -- as the examples of the crimes that would be prosecuted," she asked.

"What safeguards beyond just pointing to capacity constraints or the good intentions of government can you point to that would assure this committee that these three warrants would not be used for other types of crime, other categories of crime … considered by the community to be lower level offences?"

Keneally pointed to previous legislation, such as the Telecommunications (Interception and Access) Act 1979 (TIA Act), and noted the PJCIS has yet again been asked to take at face value that the latest legislation under consideration would not extend to minor offences despite hearing similar arguments in the past in relation to the TIA Act.

It was previously revealed that three councils in NSW, one in Queensland, the RSPCA, the Environment Protection Authority, and state coroners, to name a few, accessed metadata under Section 280 of the Telecommunications Act 1997.

The Communications Alliance previously labelled this as "examples of entities that have managed to subvert the intended scope of the legislation".

"There's the safeguards built into the legislation. If you look at data disruption warrant for example, the issuing officer has to be satisfied that the activities authorised for the warrant are justified and proportionate with regard to the offences being targeted," AFP deputy commissioner Ian McCartney said.

Keneally was not convinced that in a few years' time it wouldn't emerge that the warrants were issued for a range of other offences, like they were with the data retention legislation, simply because they attract a three-year threshold.

Pointing to the scenario of an outlaw motorcycle gang, Police commissioner Reece Kershaw said in such a situation, with the peripheral and crime-adjacent activities, it makes it very difficult "if you're going to attack the outer perimeter of these organised crime networks" to narrow down or define the scope.

"These powers will assist us to dismantle those networks, especially now," he said.

Home Affairs Electronic Surveillance Reform Taskforce acting first assistant secretary Andrew Warnes said one of the first considerations of the ATT member or eligible judge when granting a warrant would be the nature and gravity of the conduct constituting the kinds of offences in relation to which the information would be obtained.

"We've then also added additional safeguards to say, 'That's not enough just to go and get a warrant because an offence is three years', it has to be of such the nature and gravity in terms of the conduct constituting those offences, that information can be sought," Warnes explained.

"And then they have to give consideration to whether the access to that data will assist in the collection of intelligence, that is actually then relevant to the protection, detection, frustration of those offences and the intelligence value of that."

The approver, Warnes said, would also have to make sure that what is authorised by the warrant is proportionate to the likely intelligence value of any information sought to be obtained. They would also have to consider whether the information could be garnered using alternative or less intrusive means.

"All of that together makes it very difficult to envisage a circumstance where you could have an offence that is subjectively considered not serious three-year offence," he continued.

Keneally said she heard similar assurances when the TIA Act was being probed.

"It does raise a question to me as to why the government is not willing, if they are, if you are upfront in saying we are not going to use these powers to investigate subjectively low-level offending, why that can't be prescribed in legislation to give the community that assurance," she said.

MORE ON THE 'HACKING' BILL

• Human rights lawyers ask Australia's 'hacking' Bill be redrafted
• Australia's new 'hacking' powers considered too wide-ranging and coercive by OAIC
• Twitter deems Australia's account takeover warrant as antithetical to democratic law
• AWS asks new Australian computer warrant provide immunity for account takeovers
• Surveillance Bill to hand AFP and ACIC a trio of new computer warrants
• Australia's tangle of electronic surveillance laws needs unravelling