Surveillance Legislation Amendment (Identify and Disrupt) Act 2021 (the Act) introduced three new powers for the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) to identify and disrupt serious online criminal activity. The powers will help the AFP and the ACIC to deal with cyber-enabled crime in the digital era.
Criminals are using the dark web to:
- buy and sell stolen identities
- trade illicit commodities
- deal in child abuse material
- organise and engage in other criminal activities.
Encryption and anonymising technologies allow criminals to hide their identities and activities from law enforcement agencies. An obstacle to investigating these crimes has been attributing criminal activity to particular individuals, organisations, premises or devices, especially on the dark web, or where an offender is using a dedicated, encrypted communications platform.
New powers for the AFP and ACIC
The Act introduced three new powers for the AFP and the ACIC to collect intelligence, conduct investigations, disrupt and prosecute serious criminal online activity:
Data disruption warrants allow the disruption of data through modification and deletion of data to frustrate the commission of serious offences, such as the distribution of child abuse material.
Network activity warrants allow the collection of intelligence on serious criminal activity carried out by criminal networks operating online.
Account takeover warrants allow the control of a person’s online account to gather evidence about criminal activity to further a criminal investigation.
Oversight, safeguards and accountability
The powers are accompanied by strong safeguards, including oversight and controls on the use of information. This ensures the AFP and the ACIC use these powers in a targeted and proportionate manner. The safeguards minimise the potential impact on the privacy of individuals and legitimate users of online platforms. There are strong protections on the use and disclosure of information collected under these warrants. The AFP and the ACIC are also subject to strict record-keeping and destruction requirements.
The Commonwealth Ombudsman is responsible for overseeing the use of data disruption warrants and account takeover warrants. This is consistent with the Commonwealth Ombudsman’s current oversight of the AFP and the ACIC’s use of electronic surveillance powers. The Inspector-General of Intelligence and Security (IGIS) oversees network activity warrants, given their nature as an intelligence collection tool.
The operation, effectiveness and implications of these powers will be subject to review by the Independent National Security Legislation Monitor and the Parliamentary Joint Committee on Intelligence and Security, and will sunset after five years.
The following pages contain further detail about the three new powers:
The following page explains how the new powers interact with current frameworks for the communications industry to assist agencies with investigations and operations.