Law enforcement agencies were issued six warrants to covertly monitor and alter suspects’ data last year, marking the first use of controversial hacking powers.
The new warrants allow the authorities to disrupt the data of suspected offenders, access their devices and networks to identify them, and covertly take over their accounts to gather evidence.
The newest warrants were among nearly 800 surveillance device warrants issued in the year, with fewer than one per cent of applications refused.
The new hacking powers were created through the controversial Identify and Disrupt bill that passed Parliament with bipartisan support last year, handing unprecedented powers to the Australian Federal Police (AFP) and Australian Criminal Intelligence Commission (ACIC).
The agencies can apply for ‘data disruption’, ‘network activity’, or ‘account takeover’ warrants in relation to a “relevant offence” — typically an offence with a maximum penalty of at least three years imprisonment.
The disruption warrant allows authorities to modify and delete data to impede the commission of an offence. Network activity warrants allow the collection of intelligence gathered online, while takeover warrants allow the authorities to secretly assume control of person’s online account to gather evidence.
Mandatory annual reporting on surveillance warrants issued last financial year and the reason for them was tabled in Parliament on Wednesday, confirming the first use of the warrants.
It showed two data disruption in warrants were issued to the AFP during 2021-22 to target offences relating to “dishonestly obtaining or dealing in personal financial information” and “unauthorised access, modification or impairment of data with intent to commit a serious offence”.
The AFP and ACIC each obtained a network activity warrant.
ACIC’s was to “target offences such as serious drug offences, telecommunications offences, money laundering offences, and criminal association and organisation offences”. The agency had this warranted extended because of the “complex” nature of its investigation.
The AFP network monitoring warrant was to “target offences such as serious drug offences, firearms offences, and the offence of dealing with proceeds of crime”. This warrant was extended twice because of “nature of the investigation” requiring ongoing access.
The AFP has also disclosed in its annual report it was issued two account takeover warrants, which allow the agency to covertly take control of take control of a person’s online account. The warrants related to offences of child abuse material, according to the annual report.
ACIC did not report any account takeover warrants in its annual report.
The disclosures offer little information about the use of the identify and disrupt powers critics say are extraordinary in scope and accessed under too low a threshold.
The initial legislation was heavily criticised by the Parliamentary Joint Committee on Intelligence and Security, which recommended 33 changes.
The then-Coalition government moved 60 amendments in response but resisted key recommendations for a higher threshold in the issuing of warrants in terms of the crimes they can be applied for, and for warrants to only be approved by a judge, rather than a member of the Administrative Appeals Tribunal.
A petition calling for the new laws to be repealed in October last year was presented to then Home Affairs minister Karen Andrews with more than 1700 signatures. Ms Andrews defended the laws saying they stuck the balance between individual privacy and “the rule of law on which our democracy is based”.
During 2021-22, law enforcement agencies requested 796 total surveillance device warrants to track suspects, monitor computers, listen in on conversations and observe activity. Just seven were rejected. All 217 warrant extensions were approved in the year.
Do you know more? Contact James Riley via Email.