Home Affairs reveals Australian authorities already using new encryption powers
The Department of Home Affairs (DHA) has used its submission to the Parliamentary Joint Committee on Intelligence and Security’s (PJCIS) Inquiry into Australia’s encryption laws to discuss how it implemented, or agreed to at least in part, all 17 recommendations made in December, prior to the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 being pushed through Parliament.
It also used its submission [PDF] to disclose that it had “been advised” that federal law enforcement and national security have already begun using the powers contained within.
“The department has also been advised by Commonwealth law enforcement and national security agencies that the powers in the Act have been used to support their work,” Home Affairs said, noting in the same paragraph that it was working closely with these agencies to facilitate the implementation of the Act.
Under the new laws, Australian government agencies will be able to issue three kinds of notices:
- Technical Assistance Notices (TAN), which are compulsory notices for a communication provider to use an interception capability they already have;
- Technical Capability Notices (TCN), which are compulsory notices for a communication provider to build a new interception capability, so that it can meet subsequent Technical Assistance Notices; and
- Technical Assistance Requests (TAR), which are voluntary requests to use existing capabilities, but have been described by experts as the most dangerous of all.
In its submission, Home Affairs said it delivered training to the police forces of New South Wales and Victoria, specifically on what the new powers include.
The on-site training, DHA said, highlighted the legal processes that agencies must satisfy while using their new powers, as well as the administrative requirements of seeking approval from the Australian Federal Police Commissioner for the use of TANs.
It also included what “strict thresholds and safeguards” must be met, as well as operational use cases.
“Further training will be delivered to other state and territory police forces in February 2019,” the department wrote.
DHA is also “engaging” with tech firms to ensure everyone understands the new laws.
“The department continues to engage with agencies across Australia, small and large domestic communications providers, multi-national companies operating in Australia, and industry representative groups to develop comprehensive guidance and training material to ensure the operation of key measures in the Act is well understood, and that stakeholders can discharge their obligations,” the submission continues.
Despite agencies using the new powers already, the department is still hunting for an “expert” to fill the role of independent assessor, as required in the legislation.
“The department has begun to create a pool of legal and technical experts that may be appointed upon when required to review the requirements in a notice,” it explained.
The encryption laws passed on the last evening of Parliament for 2018, following the capitulation of the Labor opposition, which dropped its own amendments and waved the legislation through the Senate under the belief Parliament will consider the amendments when it resumes next month.
The government successfully had its 67 pages of amendments added to the Bill in the lower house and the PJCIS a week later opened a review of the new laws and is due to report by April.
A day before the laws were passed, the PJCIS tabled its report on the Bill, complete with 17 recommendations.
DHA in its submission said the amendments it agreed to “further ensure the Act strikes an appropriate balance between maintaining privacy and the integrity of networks and devices, and ensuring that agencies can continue to protect the Australian community”.