Revised Explanatory Memorandum
Circulated by authority of the Minister for Home Affairs, the Honourable Karen Andrews MPGENERAL OUTLINE
1. The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 amends the Surveillance Devices Act 2004 (SD Act), the Crimes Act 1914 (Crimes Act) and associated legislation to introduce new law enforcement powers to enhance the ability of the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) to combat online serious crime.
2. Cyber-enabled serious and organised crime, often enabled by the dark web and other anonymising technologies, such as bespoke encrypted devices for criminal use, present a direct challenge to community safety and the rule of law. For example, on the dark web criminals carry out their activities with a lower risk of identification and apprehension. Many anonymising technologies and criminal methodologies can be combined for cumulative effect, meaning it is technically difficult, and time and resource intensive, for law enforcement to take effective action. Just as online criminals are constantly changing their operations and reacting to new environments, the law must adapt in order to give law enforcement agencies effective powers of response.
3. Existing electronic surveillance powers, while useful for revealing many aspects of online criminality, are not suitably adapted to identifying and disrupting targets where those targets are actively seeking to obscure their identity and the scope of their activities. Without the critical first step of being able to identify potential offenders, investigations into serious and organised criminality can fall at the first hurdle. Being able to understand the networks that criminals are involved in and how they conduct their crimes is also a crucial step toward prosecution.
4. This Bill addresses gaps in the legislative framework to better enable the AFP and the ACIC to collect intelligence, conduct investigations, disrupt and prosecute the most serious of crimes, including child abuse and exploitation, terrorism, the sale of illicit drugs, human trafficking, identity theft and fraud, assassinations, and the distribution of weapons.
5. The Bill contains the necessary safeguards, including oversight mechanisms and controls on the use of information, to ensure that the AFP and the ACIC use these powers in a targeted and proportionate manner to minimise the potential impact on legitimate users of online platforms.
6. The Bill introduces three new powers for the AFP and the ACIC. They are:
- •
- Data disruption warrants to enable the AFP and the ACIC to disrupt data by modifying, adding, copying or deleting in order to frustrate the commission of serious offences online
- •
- Network activity warrants to allow agencies to collect intelligence on serious criminal activity being conducted by criminal networks, and
- •
- Account takeover warrants to provide the AFP and the ACIC with the ability to take control of a person's online account for the purposes of gathering evidence to further a criminal investigation.
7. The Bill also introduces sunset provisions for warrants and emergency authorisations under the Bill.
Schedule 1: Data disruption warrants
8. Schedule 1 amends the SD Act to introduce data disruption warrants. These warrants will allow the AFP and the ACIC to disrupt criminal activity that is being facilitated or conducted online by using computer access techniques.
9. A data disruption warrant will allow the AFP and the ACIC to add, copy, delete or alter data to allow access to and disruption of relevant data in the course of an investigation for the purposes of frustrating the commission of an offence. This will be a covert power also permitting the concealment of those activities. Whilst this power will not be sought for the purposes of evidence gathering, information collected in the course of executing a data disruption warrant will be available to be used in evidence in a prosecution.
10. The purpose of the data disruption warrant is to offer an alternative action to the AFP and the ACIC, where the usual circumstances of investigation leading to prosecution are not necessarily the option guaranteeing the most effective outcome. For example, removing content or altering access to content (such as child exploitation material), could prevent the continuation of criminal activity by participants, and be the safest and most expedient option where those participants are in unknown locations or acting under anonymous or false identities. Under these circumstances, it may be prudent for the AFP or the ACIC to obtain a data disruption warrant.
11. Applications for data disruption warrants must be made to an eligible Judge or nominated Administrative Appeals Tribunal (AAT) member. A data disruption warrant may be sought by a law enforcement officer of the AFP or the ACIC if that officer suspects on reasonable grounds that:
- •
- one or more relevant offences are being, are about to be, or are likely to be, committed, and
- •
- those offences involve, or are likely to involve, data held in a computer, and
- •
- disruption of data held in the target computer is likely to substantially assist in frustrating the commission of one or more of the relevant offences previously specified that involve, or are likely to involve, data held in the target computer.
12. An eligible Judge or nominated AAT member may issue a data disruption warrant if satisfied that there are reasonable grounds for the suspicion founding the application for the warrant and the disruption of data authorised by the warrant is reasonably necessary and proportionate, having regard to the offences specified in the application. The issuing authority will consider, amongst other things, the nature and gravity of the conduct targeted and the existence of any alternative means of frustrating the commission of the offences.
13. Information obtained under data disruption warrants will be 'protected information' under the SD Act and be subject to strict limits for use and disclosure. Consistent with existing warrants in the SD Act, compliance with the data disruption warrant regime will be overseen by the Commonwealth Ombudsman.
14. It is anticipated that the Australian Signals Directorate (ASD) may provide assistance to the AFP and the ACIC in relation to data disruption. This would be facilitating through ASD's existing functions under paragraph 7(1)(e) of the Intelligence Services Act 2001 (the IS Act) and the information sharing provisions in the SD Act. ASD's assistance under paragraph 7(1)(e) of the IS Act will be overseen by the IGIS, consistent with other ASD powers.
15. If an ASD officer is seconded to the AFP or the ACIC, they would only have access to the powers and functions of an AFP or ACIC staff member, and not those available to an ASD staff member. In this scenario, the use of those powers and functions would be subject to oversight by the Ombudsman, consistent with other powers of the AFP or ACIC.
16. This is because oversight agencies oversee the activities of an agency, not an individual. Oversight arrangements are determined by reference to the agency which is exercising the powers.
Schedule 2: Network activity warrants
17. Network activity warrants will allow the AFP and the ACIC to collect intelligence on criminal networks operating online by permitting access to the devices and networks used to facilitate criminal activity.
18. These warrants will be used to target criminal networks about which very little is known, for example where the AFP or the ACIC know that there is a group of persons using a particular online service or other electronic platform to carry out criminal activity but the details of that activity are unknown. Network activity warrants will allow agencies to target the activities of criminal networks to discover the scope of criminal offending and the identities of the people involved. For example, a group of people accessing a website hosting child exploitation material and making that material available for downloading or streaming, will be able to be targeted under a network activity warrant.
19. Intelligence collection under a network activity warrant will allow the AFP and the ACIC to more easily identify those hiding behind anonymising technologies. This will support more targeted investigative powers being deployed, such as computer access warrants, interception warrants or search warrants.
20. Network activity warrants will allow the AFP and the ACIC to access data in computers used, or likely to be used, by a criminal network over the life of the warrant. This means that data does not have to be stored on the devices, but can be temporarily linked, stored, or transited through them. This will ensure data that is unknown or unknowable at the time the warrant is issued can be discovered, including data held on devices that have disconnected from the network once the criminal activity has been carried out (for example, a person who disconnected from a website after downloading child exploitation material).
21. The AFP and the ACIC will be authorised to add, copy, delete or alter data if necessary to access the relevant data to overcome security features like encryption. Data that is subject to some form of electronic protection may need to be copied and analysed before its relevancy or irrelevancy can be determined.
22. Applications for network activity warrants must be made to an eligible Judge or nominated AAT member. A network activity warrant may be sought by the chief officer of the AFP or the ACIC (or a delegated Senior Executive Service (SES) member of the agency) if there are reasonable grounds for suspecting that:
- •
- a group of individuals are using the same electronic service or are communicating by electronic communications to engage in, facilitate or communicate about the engagement in, or facilitation of, criminal activity constituting the commission of one or more relevant offences, and
- •
- access to data held in computers will substantially assist in the collection of intelligence about those criminal networks of individuals in respect of a matter that is relevant to the prevention, detection or frustration of one or more kinds of relevant offences.
23. There are strict prohibitions on the use of information obtained under a network activity warrant. Information obtained under a network activity warrant is for intelligence only, and will not be permitted to be used in evidence in criminal proceedings, other than for a breach of the secrecy provisions of the SD Act. Network activity warrant information may, however, be the subject of derivative use, allowing it to be cited in an affidavit on application for another investigatory power, such as a computer access warrant or telecommunications interception warrant. This will assist agencies in deploying more sensitive capabilities, with confidence that they would not be admissible in court.
24. The Inspector-General of Intelligence and Security (IGIS) will have oversight responsibility for network activity warrants given their nature as an intelligence collection tool. This approach departs from the traditional model of oversight by the Commonwealth Ombudsman of the use of electronic surveillance powers by the AFP and the ACIC. However, the approach is consistent with the oversight arrangements for intelligence collection powers available to other agencies, including the Australian Security Intelligence Organisation (ASIO) and the ASD.
25. The Bill also provides that the IGIS and the Commonwealth Ombudsman will be able to share information where it is relevant to exercising powers, or performing functions or duties, as an IGIS or Ombudsman official. This ensures that where a matter may arise during an inspection that would more appropriately be dealt with by the other oversight body, a framework is in place for the transfer of network activity warrant information, allowing efficient and comprehensive oversight to occur.
Schedule 3: Account takeover warrants
26. The Bill inserts account takeover warrants into the Crimes Act. These warrants will enable the AFP and the ACIC to take control of a person's online account for the purposes of gathering evidence about serious offences.
27. Currently, agencies can only take over a person's account with the person's consent. An account takeover power will facilitate covert and forced takeovers to add to their investigative powers.
28. An AFP or ACIC officer may apply to a magistrate for an account takeover warrant to take control of an online account, and prevent the person's continued access to that account. Before issuing the account takeover warrant, the magistrate will need to be satisfied that there are reasonable grounds for suspicion that an account takeover is necessary for the purpose of enabling evidence to be obtained of a serious Commonwealth offence or a serious State offence that has a federal aspect. In making this determination, the nature and extent of the suspected criminal activity must justify the conduct of the account takeover.
29. This power enables the action of taking control of the person's account and locking the person out of the account. Any other activities, such as accessing data on the account, gathering evidence, or performing undercover activities such as taking on a false identity, must be performed under a separate warrant or authorisation. Those actions are not authorised by an account takeover warrant. The account takeover warrant is designed to support existing powers, such as computer access and controlled operations, and is not designed to be used in isolation. Strict safeguards will be enforced to ensure account takeover warrants are exercised with consideration for a person's privacy and the property of third parties. There are strong protections on the use of information collected under the power.
30. The Bill will require the agencies to make annual reports to the Commonwealth Ombudsman and the Minister for Home Affairs on the use of account takeover warrants during that period. There are also annual reports to the Minister for Home Affairs that are required to be tabled in Parliament.
Schedule 3A: Reviews
31. Schedule 3A will introduce a legislative basis for independent and parliamentary review of powers contained in the Bill.
32. In particular, the Independent National Security Legislation Monitor must commence review the operation, effectiveness and implications of Schedules 1, 2 and 3 of the Bill within three years of the day that it receives Royal Assent, and the Parliamentary Joint Committee on Intelligence and Security (PJCIS), if it resolves to do so, is to commence its review as soon as practicable after four years from the day it receives Royal Assent.
Schedule 4: Controlled operations
33. Schedule 4 will introduce minor amendments to Part IAB of the Crimes Act to enhance the AFP and the ACIC's ability to conduct controlled operations online.
34. In particular, the Bill amends the requirement for illicit goods, including content such as child abuse material, to be under the control of the AFP and the ACIC at the conclusion of an online controlled operation.
35. This is intended to address how easy data is to copy and disseminate, and the limited guarantee that all illegal content will be able to be under the control of the AFP and the ACIC at the conclusion of an online controlled operation.
36. This amendment will not change the overall intent of the controlled operations, which is to allow for evidence collection.
Schedule 5: Minor corrections
37. Schedule 5 will make minor technical corrections to the SD Act and the Telecommunications (Interception and Access) Act 1979.
ABBREVIATIONS used in the Explanatory Memorandum
AAT Administrative Appeals Tribunal
AIC Australian Intelligence Community (comprising ASIO, ASIS, ASD, AGO, DIO and ONI)
ACIC Australian Criminal Intelligence Commission (established as the Australian Crime Commission in the ACC Act)
ACC Act Australian Crime Commission Act 2002
ACLEI Australian Commission for Law Enforcement Integrity
AFP Australian Federal Police
AFP Act Australian Federal Police Act 1979
AGO Australian Geospatial-Intelligence Organisation
AHRC Australian Human Rights Commission
AHRC Act Australian Human Rights Commission Act 1986
ASD Australian Signals Directorate
ASIO Australian Security Intelligence Organisation
ASIO Act Australian Security Intelligence Organisation Act 1979
ASIS Australian Secret Intelligence Service
CEO Chief Executive Officer
Crimes Act Crimes Act 1914
Criminal Code Schedule 1, Criminal Code Act 1995
DIO Defence Intelligence Organisation
IGADF Inspector-General of the Australian Defence Force
IGIS Office of the Inspector-General of Intelligence and Security
IGIS Act Inspector-General of Intelligence and Security Act 1986
IC Act Australian Information Commissioner Act 2010
Inspector-General The individual holding the statutory position of Inspector-General of Intelligence and Security, under section 6 of the IGIS Act
Integrity bodies The Ombudsman, the Australian Human Rights Commission, the Information Commissioner, the Integrity Commissioner, and the Inspector-General of the Australian Defence Force
IS Act Intelligence Services Act 2001
LEIC Act Law Enforcement Integrity Commissioner Act 2006
NIC National Intelligence Community (comprising ASIO, ASIS, ASD, AGO, DIO, ONI, the ACIC, and the intelligence functions of the AFP, AUSTRAC and the Department of Home Affairs)
Ombudsman Commonwealth Ombudsman
Ombudsman Act Ombudsman Act 1976
ONI Office of National Intelligence
PJCIS Parliamentary Joint Committee on Intelligence and Security
PID Public interest disclosure
PID Act Public Interest Disclosure Act 2013
Privacy Act Privacy Act 1988
SD Act Surveillance Devices Act 2004
TIA Act Telecommunications (Interception and Access) Act 1979
TOLA Telecommunications and other Legislation Amendment (Assistance and Access) Act 2018
FINANCIAL IMPACT
38. Nil, as all financial impacts for the 2021-2022 financial year will be met from existing appropriations. Any ongoing costs will be considered in future budgets.