Australian law enforcement now requires service providers to grant access to data and content


from finally-see-the-‘or-else’-part-of-the-applied-law department

We’re all familiar with the term ‘football’, but our definitions vary widely. For those who live in the United States, it is a sport that offers beer ads and concussions with similar frequency. For most other countries in the world, it is a sport that delivers riots and tie scores with similar frequency. In Australia, the definition does not necessarily follow the description. ‘Football’ is still ‘soccer’, but the sport that most closely resembles football is called ‘rugby’. And the sport’s resemblance to American football is negligible at best. Rugby most resembles competing gangs of attackers fighting for an overvalued soccer ball with the goal of securing it and doing things that somehow cause points.

Thank you for coming to my inaugural and final TED talk.

This introduction is meant to draw you in so that I can talk about something far less violent, but no less important, than world sport. [Gestures vaguely.] We’re talking about the “Australian Rules” Internet. It would be the same Internet that most of us use. The connections are made. Information is spreading. Some of them end up on personal devices (like cell phones) and IoT gadgets (Pelotons, thermostats, in-car navigation systems). Origin and destination are pretty much irrelevant. Wherever it is, the Australian government wants access to it.

Perhaps due to its isolation down under, the Australian government has made incredible inroads in recent months with the intent of undermining the encryption that protects millions of its citizens from criminals and the shady people they have elected. It’s almost gone now. The Australian government has (technically) not required encryption backdoors. Instead, it demanded the next best thing: on-demand access to content. If this request results in a backdoor, well, the government can hardly be blamed for the actions of the platforms and service providers. All the government has done is require access to content. That it’s locked and requires the use of a possibly universal key can’t be the government’s fault, can it? Perhaps these companies shouldn’t have worked so hard to protect information and communications from criminals while providing the same protections to the 99.5% non-criminals who make up their user bases.

The Australian government has a bunch of new powers – ones the federal police were immediately willing to take advantage of. On top of that, there’s a slew of new data retention demands being imposed on all sorts of companies and tech providers that force them to record user information that they may never have recorded or preserved in the past.

It’s bad. And here’s how things are working for Australians now, as Chris Duckett reports for ZDNet.

When it comes to Australian encryption lawsit can now be said publicly that two of the three weapons were used, following the publication of the Telecommunications (Interception and Access) Act 1979 — Annual Report 2020-21 this week.

In previous years, agencies had only used voluntary technical support requests (TAR) for service providers to help, but the latest report shows that NSW Police over the past year have also turned to the first of the mandatory notices available.

This request, used in a homicide investigation, is the first use of a mandatory Technical Support Notice (TAN) to force a vendor to use a capability they already have. Notices for assistance issued by state law enforcement are reviewed by the Commissioner of the Australian Federal Police (AFP).

The Australian government is done asking. Now that’s telling. The government may have relaxed its new powers by requiring providers to ‘voluntarily’ comply with requests for assistance, but it is now exercising its mandatory side. May be too much Bartelby are employed in local technology companies. Maybe the government is just tired of asking for compliance. Either way, we can probably expect Australian law enforcement to be much less polite in the future when seeking information, data or communications from tech companies.

Requests and requests for data under the new law are routed through the Administrative Appeals Tribunal. That court issued 2,900 of the 3,500 warrants under that law, as ZDNet reports. But it appears that the agency that got the very first mandatory request is not the most trusted of Australian law enforcement agencies. New South Wales police seem particularly terrible at exercising their new powers, racking up a success rate that approaches that of unsolicited spam.

AAT membership number, just under 1,700 warrants were sought by NSW Police, with the force only securing 72 Federal Court judges. Similarly, AFP had 590 mandates approved by AAT members out of a total of 653.

It’s not encouraging. While this request may have targeted a serious crime (homicide), NSW Police’s scattered approach suggests they are trying to turn this supposedly limited power into an all-purpose investigative tool. Fortunately, it appears the Appeals Tribunal is still acting as a strong check against NSW police abuse.

That being said, the ZDNet article notes that it is not terrorists, murderers and child molesters who are targeted by the new powers. Contrary to what was announced during the arguments for the proxy encryption backdoors, the new powers are mainly used to fight against the most banal of criminal activities: “drug-related offences”. It’s the kind of crime that law enforcement has been fighting for years without the need for encryption backdoors.

Even ignoring the open question of the effectiveness of the decades-long War on Drugs, was it really necessary to give the government the power to require encryption backdoors to fight it? That it is used to do regular police work is not surprising. Nor is the fact that advocates of the law presented a whole different parade of horribles when pushing for the legislation. But what should be happening now is the call for this particular bullshit by lawmakers who opposed the new powers. And this call must be strong, frequent and persistent. The government should not be allowed to get away with shouting “terrorism!” just so he can use new powers to do regular police stuff.

Filed Under: australia, backdoors, encryption, new south wales, nsw, police


Comments are closed.