AFP used voluntary powers in Australia’s encryption laws three times in 2019-20
The Australian Federal Police (AFP) used the non-compulsive Technical Assistance Requests (TARs) three times between 1 July 2019 and 30 June 2020.
Writing in a supplementary submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and its review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (TOLA Act), the AFP said the three requests were related to “serious computer offences and other serious crime types”.
At the same time, the AFP reiterated numbers first published in January that it had issued five TARs in the 2018-19 period. Over the same twelve months, NSW Police had used the voluntary powers two times.
Technical Assistance Requests are voluntary requests for designated communications providers to use their existing capabilities to access user communications, while the TOLA Act also allows for Technical Assistance Notices (TANs) and Technical Capability Notices (TCNs), which are compulsory notices to compel communications providers to use or create a new interception capability, respectively.
“Our experience is that Schedule 1 of TOLA has accelerated cooperation from industry, with providers increasingly willing to assist due to TOLA providing legal certainties and assurances regarding the commercial scope and impact of requests,” the AFP said in its submission.
“The fact the AFP has not sought any TANs or TCNs to date, does not indicate these provisions are not required. Rather, it demonstrates the effectiveness of TOLA’s tiered approach.”
The AFP also stated between December 2018 and 30 June 2019 that it had obtained seven computer access warrants, two of which received extensions, and between 1 July 2019 and 30 June 2020, it had gained 16 computer access warrants.
“In addition to the refused application in 2018-2019, a further two applications in the same matter were also refused,” it said. “However, the warrant was ultimately issued during the 2019-2020 reporting period.”
In a report into the encryption laws, the then-Independent National Security Legislation Monitor Dr James Renwick recommended an independent body be established to oversee the issuance of warrants related to the TOLA Act.
TANs and TARs can currently be approved by the head of the requesting law enforcement or intelligence agency. TCNs must be approved jointly by the attorney-general and the minister for communications.
Earlier on Thursday, the Australian government handed down its 2020 Cyber Security Strategy, which would see law enforcement agencies handed powers to target “criminal activity on the dark web”.
“The Australian government will confront illegal activity, including by using our offensive cyber capabilities against offshore criminals, consistent with international law,” it said. “The Australian government will continue to strengthen the defences of its networks, including against threats from sophisticated nation states and state-sponsored actors.”
Continuing to paint encryption as a tool used by criminals, the strategy said the government would “ensure” law enforcement has powers to tackle cyber crime.
“If our law enforcement agencies are to remain effective in reducing cyber crime, their ability to tackle the volume and anonymity enabled by the dark web and encryption technologies must be enhanced,” it said.