Australia weighing ‘extraordinary’ powers to identify, disrupt dark web cybercriminals

Legal experts urge caution as the government proposes new police powers for dark web takedowns, social media takeovers.

swatting swat team raid police by onfokus getty images
Onfokus / Getty Images

Australian privacy, legal, and digital rights organisations have just weeks to comment on proposed federal legislation that would, among other things, let federal investigators take over suspects’ social media accounts as part of investigations into cybercriminal activity on the dark web.

Introduced last month by Home Affairs Minister Peter Dutton, the proposed Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 (I&D Bill) introduces three new warrants designed to help Australian Federal Police (AFP) and Australian Criminal Intelligence Commission (ACIC) investigators to investigate and disrupt malicious online cybercriminal campaigns.

What the new warrants would allow

The new types of warrants outlined by the Department of Home Affairs include the data disruption warrant allowing investigators to access computers and “perform disruption activities [such as modifying, adding, copying, or deleting data on remote systems] for the purpose of frustrating the commission of criminal activity”.

The network activity warrant would allow AFP and ACIC officers to “collect intelligence” about criminal networks operating online, while the account takeover warrant would allow investigators to take over a person’s online account “for the purpose of gathering evidence of criminal activity”.

The new legislation, the government’s explanatory memorandum says, “addresses gaps in the legislative framework to better enable the AFP and the ACIC to collect intelligence, conduct investigations, [and] disrupt and prosecute the most serious of crimes” such as child abuse and exploitation, terrorism, and drug and human trafficking.

Although existing electronic surveillance powers are “useful for revealing many aspects of online criminality”, the memorandum says, they “are not suitably adapted to identifying and disrupting targets where those targets are actively seeking to obscure their identity and the scope of their activities.”

“On the dark web, criminals carry out their activities with a lower risk of identification and apprehension,” the memorandum says, noting that “many anonymising technologies and criminal methodologies can be combined for cumulative effect. … It is technically difficult, and time- and resource-intensive, for law enforcement to take effective action. … Without the critical first step of being able to identify potential offenders, investigations into serious and organised criminality can fall at the first hurdle.”

Australia’s increasingly intrusive laws raise concerns

Australian authorities have long invoked the spectre of online child abuse to justify increasingly intrusive laws in areas such as telecommunications data retention and the mandatory decryption of encrypted communications, as embodied in the troubled Telecommunications Legislation Amendment (Assistance and Access) (TOLA) Act 2018.

Between July 2018 and September 2020, Dutton said in his speech introducing the legislation, AFP investigations have led to 302 arrests and the removal of 229 children—including 113 in Australia and 116 overseas—from harm.

Despite this, the government’s Australian Centre to Counter Child Exploitation (ACCCE)—which has intercepted more than 250,000 child abuse files in the previous 12 months—had noted a 163% year-on-year increase in downloads of child-abuse material from dark websites during the June 2020 quarter. The AFP received 17,905 reports of child exploitation in 2018, with each potentially containing hundreds or thousands of images and videos.

“This bill will allow the AFP and ACIC to shine a light into the darkest recesses of the online world and hold those hiding there to account”, Dutton said.

Observers were quick to call for caution around the new legislation’s operation, with the Law Council of Australia warning that the “extraordinary” proposed powers provided unprecedented powers for authorities “to engage in offensive cyberactivities and online account takeovers.”

Law Council president Pauline Wright called for close examination of the stated operational case, criteria, thresholds, and process for issuance of warrants, and called for arrangements for independent oversight and review. “There must not be any repetition of the regrettable circumstances that led to the rushed passage of the TOLA,” she said, “where multiple post-enactment reviews of that legislation identified a need for major amendments to fix numerous, serious defects.”

An analysis by law firm Herbert Smith Freehills noted that Australia’s “complex web of overlapping regulations” was due for an overhaul in the wake of the recent Richardson Report, which concluded that the “undue complexity, and lack of inbuilt transparency and oversight” meant Australia’s intelligence-gathering legislation should be thrown out and completely rewritten.

“Even if the Surveillance Bill passes Parliament in its current form, it is likely that this will be further captured and refined as part of these reform processes,” the firm’s analysis noted. “This would be cause for significant concern amongst industry participants, and reinforces the need to engage consistently with the government consultation process in the coming years to ensure that the electronic surveillance legislation in Australia is appropriate, internally consistent and coherent, and adapted to the risks that it seeks to address.”

Submissions to the enquiry are due by 12 February, with Dutton asking the Parliamentary Joint Committee on Intelligence and Security to deliver its report by early March.

Copyright © 2021 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)