A new law gives Australian police unprecedented powers for online surveillance, data interception and altering data. These powers, outlined in the Surveillance Legislation Amendment (Identify and Disrupt) Bill, raise concerns over potential misuse, privacy and security.
The bill updates the Surveillance Devices Act 2004 and Telecommunications (Interception and Access) Act 1979. In essence, it allows law-enforcement agencies or authorities (such as the Australian Federal Police and the Australian Criminal Intelligence Commission) to modify, add, copy or delete data when investigating serious online crimes.
The Human Rights Law Centre says the bill has insufficient safeguards for free speech and press freedom. Digital Rights Watch calls it a “warrantless surveillance regime” and notes the government ignored the recommendations of a bipartisan parliamentary committee to limit the powers granted by the new law.
What’s more, legal hacking by law enforcement may make it easier for criminal hackers to illegally access computer systems via the same vulnerabilities used by the government.
The bill introduces three new powers for law-enforcement agencies:
- “data disruption warrants” allow authorities to “disrupt data” by copying, deleting or modifying data as they see fit
- “network activity warrants” permit the collection of intelligence from devices or networks that are used, or likely to be used, by subject of the warrant
- “account takeover warrants” let agencies take control of an online account (such as a social media account) to gather information for an investigation.
There is also an “emergency authorisation” procedure that allows these activities without a warrant under certain circumstances.