The controversial anti-encryption powers have not been used once to fight terrorism, despite government using this as the justification to rush the legislation through Parliament a year ago.
The revelations about the specific uses of the encryption powers come as Labor amendments aimed at “fixing” the legislation are set to be debated in Parliament this week.
The Assistance and Access Act, which gives Australian authorities and agencies the power to compel tech companies and their employees to provide access to encrypted data, was passed on the last Parliamentary sitting day of 2018.
Under the new powers, authorities can issue a technical assistance request to a technology company, which voluntarily asks them to help provide access to data using existing capabilities.
They can also issue technical assistance notices and technical capability notices, which compel a company to provide assistance and build new capabilities to do so.
The Department of Home Affairs’ annual report, released last week, revealed that these powers had been used seven times to July 2019 – five times by the Australian Federal Police, and twice by New South Wales Police.
And an answer to a Senate Estimates question on notice further revealed that the powers have been used a total of 25 times up to last November.
All of the uses so far related to technical assistance requests, meaning the tech companies have been asked to voluntarily assist authorities.
The annual report detailed the reasons why these requests have been made too.
The AFP used the encryption powers six times for cybercrime offences, twice for organised crime offences, five times for telecommunications offences and once for theft, while NSW Police used them once for a homicide and once for drug offences.
The encryption powers were not used at all for “terrorism offences” in the financial year ending June 2019. The Senate Estimates answer provided by Home Affairs did not detail the reasons behind the 18 technical assistance requests that were issued in the second half of last year.
The lack of use of the encryption-busting powers for terrorism offences comes despite the federal government continually claiming that they needed to be passed before Parliament rose at the end of 2018 to protect Australians from potential terrorist attacks over the Christmas and New Year period of that year.
In the lead up to the final vote, the Coalition accused Labor of “running a protection racket” for terrorists, while Prime Minister Scott Morrision also said the Opposition was taking the side of terrorists because it initially wanted more consideration of the legislation.
“Labor are quite happy for terrorists and organised criminals to chat on WhatsApp, leaving our security agencies in the dark. There is no excuse for this type of weakness,” Mr Morrison said in December 2018.
Labor eventually caved and supported the encryption legislation unamended on the last sitting day of 2018 and it has remained that way ever since.
There is a significant disconnection between the justification given for the new powers and their use in practice, according to Deakin University senior lecturer Dr Monique Mann.
“At the end of 2018 the arguments the government was mounting in relation to an urgent need to pass legislation over Christmas was for the prevention of terrorist attacks. The recent reports show that the powers were exercised seven times for non-terrorism offences,” Dr Mann told InnovationAus.
“There’s a disconnect between the rationale used for supporting the powers’ introduction and what they’re being used for, and that’s quite concerning. The urgency with which Labor and the government ran through these ill-considered laws was a real failure of the proper Parliamentary process.”
Authorities have only issued voluntary notices as well and haven’t yet utilised new powers to compel tech companies to provide access to communications. This may mean that the companies that have been issued requests are readily complying with them, Dr Mann said.
“That might be indicative that the designated communications providers are folding to the requests and not actually requiring a technical assistance notice from law enforcement. If they do comply then they are offered civil immunity from the consequences of that compliance,” she said.
“If a smartphone is bricked then that provider isn’t liable for those damages. The fact that they haven’t escalated beyond that to the notices indicates potentially that they’re complying in the first instance.”
After supporting the encryption legislation unamended at the end of 2018, the Opposition introduced its own amendments to “repair” the powers at the end of last year.
The amendments introduce a number of “fixes” in line with the Parliamentary Joint Committee on Intelligence and Security’s report on the bill, including the introduction of judicial oversight.
“It’s a very interesting experience where you pass legislation that you look to amend later. Perhaps it would have been better for these amendments to be debated as part of the Parliamentary process at the end of 2018,” Dr Mann said.
Labor has attempted to force the Coalition to support the amendments by arguing that they are needed for Australia to secure a fast-tracked data-sharing agreement with the US. But the government has denied they are necessary and will likely reject them when they are debated in Parliament.