Australia’s Department of Home Affairs has published its latest six-monthly Telecommunications (Interception and Access) Act annual report which shows a spike in the number of times law enforcement agencies in the country have used their new anti-encryption powers.
In December 2018, much to the despair of tech leaders in Australia and around the world, the country’s Parliament passed the Assistance and Access Act 2018. This law hands the countries police and law enforcement bodies sweeping powers to seek access to encrypted communications from providers.
Official TAR data so far
One of these new powers is known as a Technical Assistance Request (TAR). This allows law enforcement to request help from service providers in the form of either handing over data or asking for other forms of assistance.
According to this report, seven TARs have been authorised so far. Five of these were awarded to the Australian Federal Police while two more were given to New South Wales Police.
The report was vague of the details of cases where TARs had been authorised but did say that they were used mainly for cybercrime and telecommunications offences. Other crimes thought to have been covered include murder, organised crime, and drug offences.
These seven TARs are believed to date from the first six month period after the Assistance and Access Act was passed meaning that it is slightly misleading to suggest this figure accurately reflects the number of TARs issued so far.
Up-to-figure shows a big spike
On being questioned about a more up-to-date figure, the Department of Home Affairs confirmed that. In fact, there had been 25 TARs issued so far.
This figure means that in the second half of 2019, a total of 18 new TARs were issued. That is a significant increase in the use of this power over the first quarter.
No details have been provided yet on the nature of the cases that have been subjected to these TARs. That is likely to be provided in the next bi-annual report which can be expected in July.
But the figures show that despite the anti-encryption legislation in Australia still being relatively young, law enforcement is already turning to it more and more often as an alternative to traditional police work.
It is a trend we can expect to see continue over the coming years and as the law becomes more established, the likelihood of law enforcement agencies striking any sort of balance between privacy rights and these new powers seems increasingly remote.
Usage of other powers
The Assistance and Access Act also created two other powers; Technical Assistance Notices (TANs) and Technical Capability Notices (TCNs).
These are compulsory notices to compel communications providers to use or create a new interception capability, respectively. In other words, these are the tools that empower Australian law enforcement agencies to force encrypted communications providers to give them a back-door into their platforms.
A TCN can only be issued with the approval of the Australian Attorney-General while TANs and TARs can be issued by the agencies themselves. This in itself is hugely controversial but reassuringly, the Department of Home Affairs reveals that no TANs or TCNs were issued during the first six months of the legislation coming into force.
It is still not clear whether any have been issued since the middle of last year, although it seems unlikely. The majority of popular encrypted communication tools in Australia are run by international companies who have long resisted calls for backdoors around the world.
Quite how these companies will react if they are issued with a TCN is unclear but it seems very unlikely that they will willingly comply. Rather, there is likely to be a protracted legal battle first, which will bring the whole issue into the public domain. Some may even choose to withdraw from the Australian market altogether rather than comply.
How to stay safe from Australia’s anti-encryption legislation
The lack of certainty over how big tech companies will react when Australian law enforcement agencies do eventually seek to break their encryption is one of the main reasons why it is important for every Australian internet users to take steps to protect their own internet data from possible state snooping.
The best way to do that is with a VPN.
The majority of premium VPNs have already made it clear that they will not comply with any requests to break their encryption. With many of them being based in offshore locations where privacy laws allow them to guarantee user privacy, there is no risk of them capitulating.
With a VPN, not only can Australian government surveillance agents not see what you are doing online, but neither can your ISP, which also keeps a record of everything you do online.
A VPN offers security and privacy guarantees that no other online tool. And in the current climate of surveillance in Australia, this is absolutely essential.