This article is more than 1 year old

Australia gave police power to compel sysadmins into assisting account takeovers – so they plan to use it

Soon, authorities intend to flush out CSAM and the creeps who share it. After that … privacy types are worried

Australia's Federal Police force on Sunday announced it intends to start using new powers designed to help combat criminal use of encryption by taking over the accounts of some social media users, then deleting or modifying content they've posted.

The law also requires sysadmins to help those account takeovers.

The force (AFP) stated its intentions in light of the late August passage of the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021, which was first mooted in December 2020. While the Bill was subject to consultation, few suggestions were incorporated and in August the Bill sped through Australia's Parliament after two days of superficial debate with many suggested amendments ignored.

As detailed in its explanatory memorandum, the Bill was aimed squarely at helping investigators to act against users of encrypted services.

"Cyber-enabled serious and organised crime, often enabled by the dark web and other anonymising technologies, such as bespoke encrypted devices for criminal use, present a direct challenge to community safety and the rule of law," the memorandum states. "For example, on the dark web criminals carry out their activities with a lower risk of identification and apprehension."

Encryption, the memorandum adds, makes it "technically difficult, and time and resource intensive, for law enforcement to take effective action."

The AFP will be relentless in using the law and its powers to remove unlawful content from the dark web and other forums

Australian legislators think local law enforcement agencies need "effective powers of response" that reflect the environment in which they now operate. Those tools were delivered in the form of three new types of warrant, namely:

  • Data disruption warrants that allow the AFP and the Australian Criminal Intelligence Commission (ACIC) "to disrupt data by modifying, adding, copying or deleting in order to frustrate the commission of serious offences online";
  • Network activity warrants that "allow agencies to collect intelligence on serious criminal activity being conducted by criminal networks";
  • Account takeover warrants "to provide the AFP and the ACIC with the ability to take control of a person's online account for the purposes of gathering evidence to further a criminal investigation".

Once the AFP or ACIC have such a warrant – or an emergency authorisation that allows the powers of the law to be used without a warrant – they can compel sysadmins to help.

As the exploratory memorandum explains, once the AFP or ACIC have their warrant they could "become aware of a system administrator who has knowledge of how to access the forum but is not necessarily involved in the conduct on the forum.

"The AFP or the ACIC could use this knowledge by obtaining an assistance order … and compelling the administrator to assist them by providing access.

"Assistance orders only compel individuals, including the target, to provide access to computers or devices to assist in disruption, in the same manner as a search warrant compels individuals to provide access to a premises to assist in a search," the memorandum states. The orders do not remove the right to freedom from self-incrimination.

Yes, dear reader, if granted those warrants mean the AFP and ACIC can take over an account and delete or modify content created by the accountholder. And if they can't do that themselves, sysadmins are required to assist.

It's impossible to argue against the strongest possible action against those who create or consume child sex abuse material.

But the new law has found some critics. An advisory report [PDF] written by the bi-partisan Parliamentary Joint Committee on Intelligence and Security offered 34 recommendations – among them that sysadmins who are the subject of an assistance order can't be imprisoned as a way of enforcing the order.

Australia's Information Commissioner recommended many amendments, most on grounds that the law endangers the privacy of those not targeted by investigations, or could result in the removal or disruption of resources on which users rely.

Those recommendations were largely ignored.

Digital Rights Watch labelled the law dangerous because it is exercised without targets being informed they are the subject of a warrant. Australia's Human Rights Law Centre expressed the opinion that the Bill's powers are "unprecedented and extraordinarily intrusive" and "should have been narrowed to what is strictly necessary and subject to robust safeguards" as the Joint Committee recommended.

CompSci Academics James Jin Kang and Jumana Abu-Khalaf, both of Edith Cowan University, opined that the law could, unhelpfully, see the AFP or ACIC use zero-day exploits to enact warrants – weakening security for all.

A common theme among critics is that Australia already has plenty of laws that allow the AFP to access systems, and even compel service providers to circumvent encryption, making the new law excessive. Another scenario of concern is "forum shopping" whereby investigators could be denied access to use of one law by a judge, so turn to another judge and try a different law that delivers essentially the same outcome.

The AFP seems not to be bothered by the debate: its announcements stated it will "be relentless in using the law and its powers to remove child sex abuse material and unlawful content from the dark web and other forums". ®

More about


Send us news

Other stories you might like