Government granted access to your online accounts

There’s a very good chance that most people reading this article would have had absolutely no idea about the contents contained therein. In fact, even the majority of criminal lawyers, whose business it is to stay updated with developments in the law, were not aware and still aren’t aware of the extraordinary law that was recently introduced.

On 25 August 2021 the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 passed through parliament in an extremely short time. While it was introduced in December 2020, the Bill was not discussed until it passed both houses of parliament within the space of 24 hours, on 24 and 25 August 2021.

The legislation gives extraordinary powers to federal law enforcement authorities – the Australian Federal Police (AFP) officers and the Australian Criminal Intelligence Commission (ACIC) – through three types of warrants:

Data disruption warrants (DDWs) which enable the AFP and the ACIC to modify, add, copy, or delete data for the purposes of frustrating the commission of serious offences online;
Network activity warrants (NAWs), which permit access to devices and networks used by suspected criminal networks for intelligence gathering purposes; and
Account takeover warrants (ATWs), which provide the AFP and the ACIC with the ability to take control of a person’s online account for the purposes of gathering evidence to further a criminal investigation.

In order to get a warrant, AFP and ACIC officers can apply to an “eligible Judge” or, more worryingly, a nominated member of the Administrative Appeals Tribunal (AAT) — which is concerning, considering existing warrants which allow police to review the contents of a suspect’s phone need a Magistrate’s explicit authorisation.

When considering whether to issue a warrant, the member or Judge may consider the likelihood of interfering with or preventing any offence under Chapters 5 and 7-10 of the Criminal Code (Cth) or any activities which are against the “security” or “proper administration” of the Commonwealth. In addition, they can consider offences which have the potential to cause serious violence or harm to a person, which cause or have the potential to cause a “danger” to the community, or which cause or might cause substantial damage to or loss of data, property or critical infrastructure.

Submissions on the legislation

The Office of the Australian Information Commissioner (OAIC) submission on the new legislation was effectively that, while law enforcement is important, the powers were effectively too wide-ranging and coercive in nature. Their submission noted that:

These powers may adversely impact the privacy of a large number of individuals, including individuals not suspected of involvement in criminal activity, and must therefore be subject to a careful and critical assessment of their necessity, reasonableness and proportionality. Further, given the privacy impact of these law enforcement powers on a broad range of individuals and networks, they should be accompanied by appropriate privacy safeguards.

A number of recommendations were made for changes to be made to the proposed legislation, one of which was that only Judges be permitted to issue warrants — which was, concerningly, not one of the suggestions incorporated in the final version of the legislation.

Impacts on privacy

While the authorising AAT member or Judge has to consider a number of matters before issuing a warrant, they have the power to issue warrants which abrogate things such as a journalists’ right to confidential sources, as well as being able to interrupt accounts and cause a “temporary” loss of money or digital currency. This is despite Australia being a signatory to the International Covenant on Civil and Political Rights, which provides at Article 17 that:

No one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation, and that everyone has the right to the protection of the law against such interference or attacks.

The legislation is said to “permissibly limit” those rights because it achieves “legitimate objectives” which are not arbitrary — that is, the protection of public safety by providing law enforcement agencies with additional powers to combat serious online crime.

Police, under the warrants, have power to enter homes or business premises to access targeted computers, remove them, and modify or delete data before returning them — all without the targeted person ever knowing. Such access can even occur outside Australia, or onboard a boat or airplane, if the AAT member of Judge allows it. In addition, NAWs allow for the use of covert surveillance devices to be used to monitor a suspect.

Other impacts

The data disruption warrants also provide AFP officers with the power to force network administrators (or someone with knowledge of that particular computer or network) to comply with their warrants, and hand over access to data and accounts, otherwise they face up to 10 years in jail (ironically titled an “assistance order”). And while such a person isn’t held civilly liable for their actions, forcing someone to do the police’s job for them seems entirely coercive in nature.

Final thoughts

The slow but inevitable erosion of our right to privacy and freedom of speech in the name of democracy is becoming increasingly transparent. The ability for police to intercept and modify your data when they consider it is against the “security” or “proper administration” of the Commonwealth is a scary, but now completely real, scenario.

If you’re needing advice or assistance with legal matters; Cridland & Hua are the specialists amongst Brisbane Law Firms. Contact us today.

    Back to all articles