AFP says new encryption laws have helped coerce suspects into unlocking devices – The Guardian

Space



AFP says new encryption laws have helped coerce suspects into unlocking devices

Australian federal police says threat of tougher penalties successfully used in drug and child exploitation investigations







Australian federal police headquarters

Police have already used the threat of higher penalties contained in encryption legislation to coerce criminal suspects to unlock digital devices such as phones.

Although the home affairs department is still consulting with industry on how to implement new powers to build backdoors into devices, the doubling of penalties for people refusing to unlock their own devices is already having an effect, the Australian federal police has told a parliamentary inquiry.

The department has supported many bipartisan amendments to strengthen safeguards in the act but complained it has “serious concerns” about the role given to the AFP to approve state police’s exercise of new powers and a carve-out that prevents anti-corruption bodies from accessing them.

The parliamentary joint committee on intelligence and security is still scrutinising the legislation, which passed parliament in December, including amendments proposed by Labor and backed by the tech giants and other industry stakeholders.

The AFP submitted that new powers have had “significant operational benefit” and revealed that technical assistance requests – which ask industry to voluntarily help law enforcement agencies – “are being sought in support of active AFP investigations into serious commonwealth crime”.

The AFP declined to say whether compulsory notices have been issued, citing secrecy provisions, but offered to assist the committee in private.

The AFP gave two examples where suspects helped unlock their digital devices, after the encryption bill doubled penalties from five to 10 years imprisonment for those who refuse to do so after police gain a warrant.

One was a case of investigating importation of illegal drugs from the dark web; the second related to the distribution and possession of electronic child exploitation material.

After a bipartisan PJCIS recommendation, the government introduced a section requiring the AFP commissioner to approve technical assistance notices issued by state and territory law enforcement agencies.

The AFP commissioner is required to “apply the same statutory criteria, and go through the same decision making process” as the agency whose decision is being checked.

The department warned that amendment had caused “serious concerns” about “the sovereignty of co-equal policing agencies” and the propriety of federal control over state bodies.

It said the role required sensitive information to be shared outside of joint operations, would require the AFP commissioner to “second-guess” operational decisions, and require expert knowledge of state operations. The department noted many of the crimes under investigation were state-based with no connection to the federal sphere.

The department warned the role could cause “structural conflict” and state and territory police might be less willing to exercise their new powers.

The AFP said it “could interfere with the independent operational decision-making processes of policing agencies and may be unworkable”.

The department suggested that the AFP’s role should be limited to coordinating the use of new powers, to ensure consistency in the way they are applied without needing to approve decisions.

The department noted that the government had also excluded state and territory independent commissions against corruption from accessing new powers to break encryption, despite the fact they investigate “serious misconduct and criminal activity”.

“There is an inconsistency in entrusting these commissions with intrusive interception and surveillance powers but preventing them from obtaining the incidental powers to facilitate these activities and others through technical assistance,” it said.

Industry has criticised the encryption law, arguing it is still unclear what the safeguard against being required to build “systemic weaknesses” means.

The department said the safeguard against backdoors in a “whole class of technology” would mean that companies could not be compelled to build weaknesses in all instances of a particular model of mobile phone, operating system, or form of encryption. It also prohibits weaknesses that would jeopardies other users security.

Leave a Reply

Your email address will not be published. Required fields are marked *