Australia’s newest mass surveillance laws deal a damaging blow to digital rights. 

Both houses of parliament have passed a bill that gives three new powers to the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC).

The powers are contained in Data Disruption Warrants, Account Takeover Warrants and Network Activity Warrants. 

A Data Disruption Warrant allows the agencies to “add, copy, delete or alter” data on devices. Also, while it is called a ‘warrant’, there is an emergency authorisation process that means it can be issued without being approved by a superior court judge. This makes it more like a warrantless regime. 

In fact, these ‘warrants’ can be issued for any device, no matter the owner, if that device is “likely connected” to a suspected offence, or if it contained information that could “assist” in an investigation. 

The new Account Takeover Warrant enables law enforcement to take control of an account and lock the account holder out of it covertly and without consent.

The agencies can remove two-factor authentication and use one account to gain access to others, allowing a law enforcement officer to impersonate a person or use their accounts to monitor activity and gather information. These can also be issued under an emergency authorisation, overseen by a magistrate.

Network Activity Warrants allow the AFP and ACIC to access networks where there is suspicion of “serious” online offences, and to “overcome security features like encryption”.

ACIC does not believe there are any legitimate uses of encryption.

Australia’s Human Rights Law Centre raised alarm at the definitions used under this power, which it says are so broad they enable widespread surveillance across social media and messaging platforms. 

If someone is suspected of using a messaging app like Telegram for example, the power would allow the AFP and ACIC access to all of Telegram, not just that person’s account.

Evidence gathered this way cannot be used in court, but it can inform further warrants and concerningly, allows for mass network surveillance.

The erosion of Australian privacy has been accelerating since 2018, when the Australian government passed the Assistance and Access Act, also known as TOLA. 

TOLA contains some of the broadest powers for law enforcement to intercept and monitor encrypted communications in the world, matched only by the UK’s Investigatory Powers Act, which is under ongoing challenges in the UK Courts over its infringement on privacy.

The Australian Government does not have the same appetite for defending the right to privacy, and so is unlikely to allow such court challenges in Australia.

Following TOLA, the Australian government added two new pieces of legislation to expand its mass surveillance mandate; the International Productions Order (IPO) Bill and the Identify and Disrupt Bill.

Both of these bills flew through both houses of parliament in a single day. 

None of the new regime appears geared at investigations of political corruption.