This is how much access Australian police already have to your data

The Australian government now wants further powers to access encrypted communications, but does it need them?

Police and intelligence agencies already have significant abilities to access data about our emails, phone calls and text messages if we’re suspected of committing a crime, although it can be difficult to tell exactly what they’re doing with them.

The government argues existing interception capabilities are inadequate to protect national security. According to Attorney-General George Brandis, backdoor access to encrypted communications would redress the “degradation of our intelligence capability” to prevent terrorism.

Many Australians are unaware of current police and intelligence powers when it comes to accessing our data. As the government lobbies for new levels of access, that needs to change.

‘Backdoor’ access

The government’s proposal to compel technology companies to provide access to encrypted messaging services is modelled on laws passed by other members of the Five Eyes surveillance alliance, of which Australia is a member.

Deputy US Attorney-General Rod Rosenstein recently announced the Department of Justice intends to demand interception of encrypted communications. New Zealand already requires technology companies to grant access. In the UK, authorities may force decryption where it is technologically feasible.

As with our allies, it is unclear if Australia’s laws will require so-called “backdoor” vulnerabilities to be built into messaging applications like Facebook Messenger or WhatsApp.

They could compel access via decryption keys or they might enable remote access to devices for interception of communications “at the ends”.

In response, cryptographers argue it is not mathematically possible to access end-to-end encrypted messages via interception without undermining online privacy for everyone.

The current state of telecommunications surveillance

The government already has various powers to access metadata, the contents of digital conversations and computer networks.

The Attorney-General’s Department recently released its annual report on telecommunications surveillance.

Thanks to the Telecommunications (Interception and Access) Act (TIA Act), law enforcement and other agencies can access stored communications with a warrant. This can include “email, SMS or voice messages stored on a carrier’s network”. In other words, the contents of any communication not encoded via encryption.

Agencies may also apply for “preservation notices” to compel telecommunications companies to preserve data.

During the 2015-16 financial year, there were 712 warrants issued for access to stored communications. Data is not available about the types of offences these warrants were used for. It is also not clear how the telecommunications information was used in investigations.

Applications for stored communications warrants (issued)

Agency 2014-2015 2015-2016
ACC 4 2
ACCC 4
AFP 94 80
ASIC 1
CCC (QLD) 3
CCC (WA) 5
DIBP 10 1
NSW CC 3 4
NSW Police 290 345
NT Police 16 11
PIC 7 16
QLD Police 123 132
SA Police 38 19
TAS Police 29 17
VIC Police 40 41
WA Police 38 35
Total 696 712

Source: Telecommunications (Interception and Access) Act 1979 Annual Report 2015–16

The issue of metadata retention

A controversial 2015 amendment to the TIA Act requires telecommunication service providers to retain metadata for two years.

This allows authorised law enforcement agencies warrantless access to information about digital communications such as the recipient or time sent, but not their content.

However, some agencies that aren’t meant to be able to access metadata are still making requests under different legal regimes, according to the Communications Alliance, and there have already been reported breaches where an Australian Federal Police officer accessed a journalist’s metadata without an appropriate warrant.

The 2015-16 financial year was a grace period for service providers to comply with retention requirements. During this time, there were 332,639 authorisations by criminal law-enforcement agencies.

Authorisations occurred most for drugs or homicide investigations. It’s possible this may indicate police are relying on ready access to metadata rather than pursuing traditional investigatory methods.

Leave a Reply

Your email address will not be published. Required fields are marked *