Jump to content

Australian Surveillance Bill allows Law Enforcement to Add to, Modify, or Delete Anyone's Data, and Take Over Their Online Accounts

Message added by WkdPaul,

Keep all discussion civil and on-topic ; about the implication of the bill, and not the political side of it, political discussions has a site-wide ban, and political / inflammatory replies will be removed without notice.

Summary

Last week, the Australian Parliament passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, rushing the bill through in only 24 hours. This revision to the Australian government's data surveillance laws allows law enforcement to modify, add to, copy, or delete data of anyone, so long as they are a suspect in an investigation, as well as quietly taking control over the person's online accounts. In addition, it compels Australian businesses, sysadmins, etc. to comply with any such requests, who could face up to 10 years imprisonment if they fail to do so. While these new powers do require a warrant to use in most cases, the warrants are not issued by judges; additionally, there is an "emergency authorization" procedure that allows these requests to be executed without any warrant at all.

 

Quotes

Quote

The bill introduces three new powers for law-enforcement agencies:

  1. “data disruption warrants” allow authorities to “disrupt data” by copying, deleting, or modifying data as they see fit
  2. “network activity warrants” permit the collection of intelligence from devices or networks that are used, or likely to be used, by subject of the warrant
  3. “account takeover warrants” let agencies take control of an online account (such as a social media account) to gather information for an investigation.

There is also an “emergency authorization” procedure that allows these activities without a warrant under certain circumstances.

Quote

...there is no judicial oversight. A data disruption or network activity warrant could be issued by a member of the Administrative Appeals Tribunal, a warrant from a judge of a superior court is not needed.

Quote

When presented with such warrant from the Administrative Appeals Tribunal, Australian companies, system administrators etc. must comply, and actively help the police to modify, add, copy, or delete the data of a person under investigation. Refusing to comply could have one end up in jail for up to ten years, according to the new bill.

Required hacking activities could include: altering, copying and deleting data; intercepting and modifying communications; surveilling networks; and changing account credentials.

Quote

Politicians justify the need for the bill by stating that it is intended to fight child exploitation (CSAM) and terrorism. However, the bill itself enables law enforcement to investigate any "serious Commonwealth offence" or "serious State offence that has a federal aspect".

In fact, this wording enables the police to investigate any offence which is punishable by imprisonment of at least three years, including terrorism, sharing child abuse material, violence, acts of piracy, bankruptcy and company violations, and tax evasion.

My thoughts

Everything about this law screams 'bad idea', especially since the parliament went to the trouble of rushing it through in only 24 hours. The warrants required to execute the powers of this law can be authorized outside of the judicial system, and can be circumvented altogether by an "emergency authorization". I see almost no way that bad actors won't take advantage of these powers: they would enable the destruction or planting of evidence, as well as the ability to stalk someone at a level impossible in much of the world. The powers afforded by this law are far too broad and have nowhere near enough checks on them.

 

 

Sources

https://tutanota.com/blog/posts/australia-surveillance-bill/

https://thenextweb.com/news/new-surveillance-laws-authorities-power-change-social-media-posts-syndication

Link to comment
Share on other sites

Link to post
Share on other sites

Maybe with some luck, we’ll see a rapid shift to a decentralized platform? Would pretty much make this law entirely moot as there would be no single entity to serve an order to. 
 

I don’t see a ton of coverage on this though interestingly. Any additional sources?

My eyes see the past…

My camera lens sees the present…

Link to comment
Share on other sites

Link to post
Share on other sites

Quote

The Human Rights Law Centre says the bill has insufficient safeguards for free speech and press freedom. Digital Rights Watch calls it a “warrantless surveillance regime” and notes the government ignored the recommendations of a bipartisan parliamentary committee to limit the powers granted by the new law

Oh media how I love that you intentionally mislead and lie. If it was rushed through in only 24 hours then how on earth did it go through a review committee?

 

The mentioned privacy advocacy groups will of course do their thing, as they should, and they have some good points.

 

However Australia does have oversight of these activities, they have Oversight Committees as well as the Attorney General Office. To say there isn't any, media narrative twisting at it's finest.

 

Don't believe everything you read and someone's opinion on what "might happen" may not have any legal backing basis, and this law cannot be used to compel anyone to commit a computers and telecommunications crime, what a load of crap.

Link to comment
Share on other sites

Link to post
Share on other sites

I do not follow Australian politics, but under what guise has this been passed? What bogey man is being used to justify this? As far as I know, and admittedly its not much when it comes to Australia's government, they do not have bad crime, and guns are not everywhere. So how did this pass?

Link to comment
Share on other sites

Link to post
Share on other sites

It's amusing, i ready through the amendment to the bill and every single youtuber who has covered this that i have seen have all misinterpreted the bill, whether that be intentionally, or 1 person made a video on and and then it was just a game of telephone all the way up the line.

 

it's no where near the levels that people are trying desperately to make it out to be.

🌲🌲🌲

 

 

 

◒ ◒ 

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Arika S said:

It's amusing, i ready through the amendment to the bill and every single youtuber who has covered this that i have seen have all misinterpreted the bill, whether that be intentionally, or 1 person made a video on and and then it was just a game of telephone all the way up the line.

 

it's no where near the levels that people are trying desperately to make it out to be.

Valid concerns would get a lot more traction if they weren't railroaded by all the other crap and fud. I'll put almost the entirety of the blame on media reporting though, that's simply where most have to get their information from or at least will be the only so it's really on them to report correctly and ethically.

 

I don't like a lot of things Aus has done or is doing but you certainly are everyone's favorite punching bag right now.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Zodiark1593 said:

I don’t see a ton of coverage on this though interestingly. Any additional sources?

https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6623

Full 160 pages of the bill (as passed by both houses):

https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r6623_aspassed/toc_pdf/20144b01.pdf;fileType=application%2Fpdf

 

VGhlIHF1aWV0ZXIgeW91IGJlY29tZSwgdGhlIG1vcmUgeW91IGFyZSBhYmxlIHRvIGhlYXIu

^ not a crypto wallet

Link to comment
Share on other sites

Link to post
Share on other sites

57 minutes ago, leadeater said:

Oh media how I love that you intentionally mislead and lie. If it was rushed through in only 24 hours then how on earth did it go through a review committee?

By the sounds of it, the general bill was there and the committee reviewed it and gave recommendations...the trick is though after those recommendations (which apparently weren't implemented) they made amendments and voted on the bill.  A similar thing happened here (in the sense of a bill trying to get pushed through)...it goes to a committee but then the governing party makes last minute changes (good or bad) without any further review.

 

1 hour ago, leadeater said:

However Australia does have oversight of these activities, they have Oversight Committees as well as the Attorney General Office. To say there isn't any, media narrative twisting at it's finest.

While there might be oversight committees, reading through the bill it seems to me as though it things can have quite loose standards.  (Also, it's just a magistrate that they need signing off on a warrant)

 

To this topic

For myself the concerning thing would be that effectively this could be used to target someone, just suspected of a crime (but no proof) and the fact that someone wouldn't be alerted to the fact it occurs (even if no crime was found)...like everytime I see wording like follows makes me concerned about how much things could be abused.

 

Quote

an investigation into those offences is being, will be, or is likely to be, conducted;

So that itself erodes it quite a lot...if there isn't an active investigation then a warrant should not be granted

 

I get what the bill is trying to do, but I do think it's loosely worded and doesn't address some real concerns.  It seems as though it just will be open for abuse.

3735928559 - Beware of the dead beef

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, wanderingfool2 said:

While there might be oversight committees, reading through the bill it seems to me as though it things can have quite loose standards. 

same as all legislation. If people read through half of the bills that they think are put in place to protect them, they would actually find most of them are vague as hell and easy to get around.

🌲🌲🌲

 

 

 

◒ ◒ 

Link to comment
Share on other sites

Link to post
Share on other sites

8 hours ago, wanderingfool2 said:

By the sounds of it, the general bill was there and the committee reviewed it and gave recommendations...the trick is though after those recommendations (which apparently weren't implemented) they made amendments and voted on the bill.  A similar thing happened here (in the sense of a bill trying to get pushed through)...it goes to a committee but then the governing party makes last minute changes (good or bad) without any further review.

Such is how, and is part of the problems with, democratic and parliamentary processes work. Nobody is actually compelled to do anything with the recommendations and as long as you've covered all the requirements to bring a bill to vote then you can just do that and get it passed if you have enough votes.

 

If the opposed MPs, media and advocacy groups wanted to stop these amendments then they needed to be making noises about it when it was under review so they could get the required public pressure to influence the situation. It really does no good to be complaining after the fact when far as I can tell they did in fact have time beforehand to raise public concerns.

 

I just found the framing used to be rather interesting, 24 hours (plus an entire review process).

 

8 hours ago, wanderingfool2 said:

For myself the concerning thing would be that effectively this could be used to target someone, just suspected of a crime (but no proof) and the fact that someone wouldn't be alerted to the fact it occurs (even if no crime was found)...like everytime I see wording like follows makes me concerned about how much things could be abused.

Yea that's some of the things I don't agree with. Cases should be under consistent review with mandatory requirement to inform any person that they were investigated or were included within any such evidence gathering activity, after it is deemed it will not compromise the case with a maximum length of time so it just can't be extended forever.

 

You could put in an Official Information Act requests to find out but how would you even know to ask?

 

Legally requiring service providers to give access to accounts now that's quite a new and different thing. I can't help feel that's targeted at the likes of Apple/Facebook/Twitter etc as a way to get access to encrypted data. it's a whole lot easier when you are just handed access outright like that. How is that even going to work in practice? Say you have MFA enabled, does that mean it's going to be forcibly disabled? Or is silent delegated access going to be given so no passwords get changed or any MFA settings. If a delegated access system is going to be implemented so at any time an account can be accessed that's a very hefty blow to any privacy marketing points a company wants to tout.

 

Not every criminal is are computer wiz, in fact a lot of the work is being done by the security and privacy the platforms they use offer. However things like this is quite likely to increase the usage of data encryption at rest and not relying on the privacy and security of that offered by Apple/iCloud/Google/Microsoft/Dropbox etc. Doing that is a easy way to defeat the whole getting access to an account, not for every situation of why you'd want to gain access though.

 

I can think of quite a useful situation for wanting to gain access to an account on some platform. Take CSAM images or videos, these could be replaced or added with digital signatures embedded in to them that systems like Apple's image/photo scanning could look for and flag any person that has these now tracked files. Something like this could be useful to see the spread of these and identify (or help to) the people involved. But you need a law to both allow this to happen and also allow it as evidence.

 

I can see what they are trying to achieve but I just don't think it's really going to be all that effective without proper buy-in from the tech companies and service providers and I just don't see that happening. Most of them will fight tooth and nail to not have to make any system changes or hand over data. I simply don't see anyone being all that willing to play ball here.

Link to comment
Share on other sites

Link to post
Share on other sites

53 minutes ago, leadeater said:

I can see what they are trying to achieve but I just don't think it's really going to be all that effective without proper buy-in from the tech companies and service providers and I just don't see that happening. Most of them will fight tooth and nail to not have to make any system changes or hand over data. I simply don't see anyone being all that willing to play ball here.

That's certainly a best case scenario, but given that tech companies already work with other surveillance states (i.e. China), this new law isn't that large a bridge for them to cross; I wouldn't be surprised if Apple, Google, etc. quietly comply with these requests.

Link to comment
Share on other sites

Link to post
Share on other sites

7 minutes ago, Hyperspeed1313 said:

That's certainly a best case scenario, but given that tech companies already work with other surveillance states (i.e. China), this new law isn't that large a bridge for them to cross; I wouldn't be surprised if Apple, Google, etc. quietly comply with these requests.

None of them are really all that keen and lets just say Australia has a much smaller stick to wave and smack people with, Apple as a company has nearly double the "GDP" of Australia lol.

 

Not that any of these companies will be willing to throw away Australia as a market so ultimately they will have to comply with local laws but they'll fight and delay anything as much as they can. It's what they have always done in regards to Australia and their laws.

Link to comment
Share on other sites

Link to post
Share on other sites

12 hours ago, Hyperspeed1313 said:

“data disruption warrants” allow authorities to “disrupt data” by copying, deleting, or modifying data as they see fit

Ummm, "modifying data as they see fit"? What does that include, both in terms of "data" and "modifying"? I don't know the details of the bill, but this sounds rather sensitive to fraud or framing people. Isn't this effectively like a moderator here now editing my comment to say something against the rules and banning me for that?

 

inb4 ban hammer landing

 

Said moderator adding incriminating evidence against @tikker /s (skiiwee29)

Crystal: CPU: i7 7700K | Motherboard: Asus ROG Strix Z270F | RAM: GSkill 16 GB@3200MHz | GPU: Nvidia GTX 1080 Ti FE | Case: Corsair Crystal 570X (black) | PSU: EVGA Supernova G2 1000W | Monitor: Asus VG248QE 24"

Laptop: Dell XPS 13 9370 | CPU: i5 10510U | RAM: 16 GB

Server: CPU: i5 4690k | RAM: 16 GB | Case: Corsair Graphite 760T White | Storage: 19 TB

Link to comment
Share on other sites

Link to post
Share on other sites

10 hours ago, Arika S said:

same as all legislation. If people read through half of the bills that they think are put in place to protect them, they would actually find most of them are vague as hell and easy to get around.

The issue is that this is in relation to taking over the account of someone, and in effect also creating a gag order.

 

3 hours ago, leadeater said:

If the opposed MPs, media and advocacy groups wanted to stop these amendments then they needed to be making noises about it when it was under review so they could get the required public pressure to influence the situation. It really does no good to be complaining after the fact when far as I can tell they did in fact have time beforehand to raise public concerns.

While what I am about to say might not have happened (I don't really have time to look all into it), what could and I'm assuming has happened here is that it did go through the committee, recommendations were made, then amendments were made and tabled for vote.  They key part being that any further amendments would have only been given 24 hours to actually look at the amendments and protest against it.

 

The key I think being that the amendments could very well have been not public and not set to oversight until the 24 hours before, thus preventing any proper public pressure.  I haven't looked at the bill though to see what the differences between the bit that was under review and the one with the amendments were.  Ideally though, what should have happened would be the committee makes recommendations, final amendments are made, all parties are able to review in a reasonable time (and make media attention) not 24 hours.

 

I haven't really looked into what it was prior to the amendments, but in a hypothetical if the amendments were only shown when the final bill was tabled and they included the terms "likely to be" and other loosening terms then I can understand how having only 24 hours to review and vote on such changes can be challenging.

 

2 hours ago, tikker said:

Ummm, "modifying data as they see fit"? What does that include, both in terms of "data" and "modifying"? I don't know the details of the bill, but this sounds rather sensitive to fraud or framing people. Isn't this effectively like a moderator here now editing my comment to say something against the rules and banning me for that?

From what I've read (but I glanced over a lot of it), the modifying of data is a lot more strictly controlled and is used in the event of an emergency (i.e. something like they an email coming in that says "terminate the targets", they would be able to modify it to prevent the act from happening).

 

On a side note, where encryption of data is done via user passwords...I could see this bill being troublesome.  Given in effect they could require some sort of logging of the password to gain access to the account.

3735928559 - Beware of the dead beef

Link to comment
Share on other sites

Link to post
Share on other sites

22 hours ago, Zodiark1593 said:

Maybe with some luck, we’ll see a rapid shift to a decentralized platform? Would pretty much make this law entirely moot as there would be no single entity to serve an order to. 
 

I don’t see a ton of coverage on this though interestingly. Any additional sources?

That's just asking for a police warrant for your home.

Specs: Motherboard: Asus X470-PLUS TUF gaming (Yes I know it's poor but I wasn't informed) RAM: Corsair VENGEANCE® LPX DDR4 3200Mhz CL16-18-18-36 2x8GB

            CPU: Ryzen 9 5900X          Case: Antec P8     PSU: Corsair RM850x                        Cooler: Antec K240 with two Noctura Industrial PPC 3000 PWM

            Drives: Samsung 970 EVO plus 250GB, Micron 1100 2TB, Seagate ST4000DM000/1F2168 GPU: EVGA RTX 2080 ti Black edition

Link to comment
Share on other sites

Link to post
Share on other sites

Legally speaking, this is an aberration. They're literally allowing fabrication and tampering of the evidence. It is even worse as they're allowed to do so during the investigation.

Link to comment
Share on other sites

Link to post
Share on other sites

I just looked through a huge number of Mass surveillance laws in Australia.

I am sorry to tell you,but Australians - You have no privacy.

 

Australian law gives authorities a lot of power over your data.

Also there is a history of wide use of those laws:

Quote

In 2013 it was reported that under Australian law state, territory and federal law enforcement authorities can access a variety of 'non-content' data from internet companies like Telstra, Optus, and Google with authorization by senior police officers or government officials rather than judicial warrant, and that "During criminal and revenue investigations in 2011-12, government agencies accessed private data and internet logs more than 300,000 times."[7]

 

Google's transparency report shows a consistent trend of growth in requests by Australian authorities for private information, constantly rising approximately 20% year-on-year. The most recent published volume for the period ending December 2013 indicates a volume of around four individual requests per calendar day.[8]

Quote

In August 2014 it was reported[13] that law-enforcement agencies had been accessing Australians' web browsing histories via internet providers such as Telstra without a warrant (Optus confirmed that they cooperate with law enforcement, and Vodafone did not return a request for comment). 

Source: https://en.wikipedia.org/wiki/Mass_surveillance_in_Australia

 

There is a lot more from where it came from...

A PC Enthusiast since 2011
AMD Ryzen 7 5700X@4.65GHz | GIGABYTE GTX 1660 GAMING OC @ Core 2085MHz Memory 5000MHz
Cinebench R23: 15669cb | Unigine Superposition 1080p Extreme: 3566
Link to comment
Share on other sites

Link to post
Share on other sites

23 minutes ago, Forbidden Wafer said:

Legally speaking, this is an aberration. They're literally allowing fabrication and tampering of the evidence. It is even worse as they're allowed to do so during the investigation.

Well that entirely depends on what is being done, how and why. I very much doubt planted evidence really is a thing nor admissible in court and the defense can file a motion as it being such that and then proof would be required as to what that evidence is.

 

Like my CSAM example, right now police do not have the powers or are allowed to use evidence from planting digital tracking into a persons account yet they are allowed to plant a GPS tracker on your car. They are allowed to honey pot you with their own websites or accounts etc but that's not always that effective where as infiltrating a known person's account who is part of a CSAM group and planting digital tracking would be more effective but far as I know that isn't allowed until these amendments were passed.

 

Just because a piece of legislation allows them to do certain types of acts that doesn't actually mean they have unlimited exercise of those powers. Police can already just throw a bag of cocaine in your car, claim it is yours and log it as evidence and charge you with possession but that doesn't mean they do it or get away with it does it. Now of course there is plenty of historical examples of police corruption and evidence tampering or planting which has lead to tighter scrutiny and less of it, I mean even here in my country there was quite a big problem with that in the 80's but today, no. 

Link to comment
Share on other sites

Link to post
Share on other sites

As an Australian myself I'm extremely concerned. Who the hell let this through, and most importantly, why? This not only allows for easy police corruption and evidence tampering, and allows the police to potentially stalk innocent people. The fact that it past through parliament in less than 24 hours is also a concern, something very suspicious is going on here and I don't like it. Everything about this law screams "extremely concerning," I hope more people in Australia know about this, I'm sure they don't want it either.

Link to comment
Share on other sites

Link to post
Share on other sites

On 9/10/2021 at 2:27 PM, leadeater said:

Don't believe everything you read and someone's opinion on what "might happen" may not have any legal backing basis

 

To be fair, i think people have grounds to be concerned, the authorities swore black and blue that the covid contact tracing app/data would only ever be used for health purposes but they have actually been using it to solve crimes, i think i read that there were maybe a dozen cases where they accessed or attempted to access the contact tracing data in order to arrest people, sometimes they were successful and other times a judge stopped them but it demonstrates that you can't just trust them to do the right thing. 

Link to comment
Share on other sites

Link to post
Share on other sites

45 minutes ago, vodka98 said:

As an Australian myself I'm extremely concerned. Who the hell let this through, and most importantly, why? This not only allows for easy police corruption and evidence tampering, and allows the police to potentially stalk innocent people. The fact that it past through parliament in less than 24 hours is also a concern, something very suspicious is going on here and I don't like it. Everything about this law screams "extremely concerning," I hope more people in Australia know about this, I'm sure they don't want it either.

was this bill bipartisan? did any mp complain?

Link to comment
Share on other sites

Link to post
Share on other sites

On 9/10/2021 at 7:28 AM, clumsypeeqok said:

I do not follow Australian politics, but under what guise has this been passed? What bogey man is being used to justify this? As far as I know, and admittedly its not much when it comes to Australia's government, they do not have bad crime, and guns are not everywhere. So how did this pass?

Kinda in the same place, what's there to even scare people with? I guess it's just good old crime ... that's just disappointing shouldn't be this easy to pass.

If you want to reply back to me or someone else USE THE QUOTE BUTTON!                                                      
Pascal laptops guide

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×