Twitter deems Australia's account takeover warrant as antithetical to democratic law

Raises concerns with the new warrant, which would give two of Australia's law enforcement bodies access to data regardless of the location of the server.

Twitter has labelled one of the three proposed new computer warrants handing the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) new powers for data access as antithetical to democratic law.

Twitter's remarks were made as part of the Parliamentary Joint Committee on Intelligence and Security (PJCIS) review into the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, which, if passed, would hand three new warrants for dealing with online crime to the two law enforcement bodies.  

The social media giant focused on the Account Takeover Warrant that would allow the agencies to take control of an account for the purposes of locking a person out of the account.

"As currently written, the Account Takeover Warrant would be divorced from standard due process requirements. It would be antithetical to core legal principles enshrined in democratic law and procedural fairness," it wrote in a submission [PDF] to the PJCIS.

"Twitter is concerned that the proposed Bill will allow law enforcement direct access to data regardless of the location of the server, without requiring knowledge of such access being provided to the service provider, and in the case of Account Takeover Warrants, absent the agreement of an appropriate consenting official of the relevant foreign country where the warrant would be enforced."

It highlighted that, as currently drafted, the Account Takeover Warrant could also apply extraterritorially, but it does not have the requirement to obtain the agreement of a consenting official in a foreign country, nor does it provide notice to the service provider who is offering the service.

"Therefore, the Account Takeover Warrant will apply extraterritorially with Australian law enforcement being authorised to take control of an online account regardless of where the account data is located and without consent from foreign governments or officials," it said.

Twitter has labelled it a "covert warrant" that would allow the AFP or the ACIC to take exclusive control of online accounts without the safeguards afforded by other warrant processes. It added that the scope regarding what activities are ultimately authorised under an Account Takeover Warrant still remain unclear.   

The company also revealed in its submission that Australia has filed 259 information requests from the period spanning January 2012 through June 2020, relating to a total of 581 accounts. Of those requests, Twitter has reported 47.5% compliance.

This represents less than 1% of global information requests, from 93 countries, received by Twitter to date.

Twitter said it may disclose account information to law enforcement officials in response to a valid emergency request; it also accepts government requests to preserve account information.

See also: Facebook and Google refuse 1 in 5 Australian law enforcement data access requests

The Department of Home Affairs also provided a submission [PDF] to the PJCIS, saying the proposed Bill provides for an important boost in power for the two law enforcement bodies.

"Cyber-enabled crime, often enabled by the dark web and anonymising technologies, presents a direct challenge to community safety and the rule of law. On the dark web, criminals are able to carry out the most serious of crimes, including exchanging child abuse material, planning terrorist attacks, and buying and selling illegal drugs and weapons, with a significantly lower risk of identification and apprehension," it wrote.

"The Bill contains the necessary safeguards, including oversight mechanisms and controls on the use of information to ensure that the AFP and the ACIC use the powers in a targeted and proportionate manner to minimise the potential impact on legitimate users of online platforms."

READ MORE ABOUT THE BILL

AWS asks new Australian computer warrant provide immunity for account takeovers

The cloud giant is also asking the government for clarification on new legislation that it asked for nearly three years ago on previous Bills.

Surveillance Bill to hand AFP and ACIC a trio of new computer warrants

Refusal to assist authorities could land people with 10 years in jail.