independent national security legislation monitor€¦ · web viewtelecommunications (interception...
TRANSCRIPT
LECC I · C · A · C Law Enforcement Conduct Commission
24 September 2019
Dr James Renwick CSC, SCIndependent National Security Legislation Monitor3-5 National Circuit, Barton ACT 2600 Canberra ACT
Dear Dr Renwick
I N DE PE ND E NT CO M M I SSIO NAGAIN ST C OR RU PTI ON
40190/31
Review of the Telecommunications and Other Legislation Amendment
(Assistance and Access) Act 2018
Thank you for the invitation to inform your review. We understand the focus of
your review is
"the operation, effectiveness and implications of amendments made by the
Act , and whether it:
(i) contains appropriate safeguards for protecting the rights
of individuals, and
(ii) remains proportionate to any threat of terrorism or threat to national
security, or both; and
(iii) remains necessary."
The Law Enforcement Conduct Comm ission (LECC) is an independent body
exercis ing royal commission powers to detect, investigate and expose misconduct
and maladministration within the NSW Police Force (NSWPF) and the NSW Crime
Commission (NSWCC). Furthermore, the LECC oversees NSWPF and NSWCC
investigations of alleged misconduct by officers of those agencies.
The NSW Independent Commission Against Corruption (ICAC) was established by
the NSW Government in 1988 under the Independent Commission Against
Corruption Act 7988 (NSW) for the purpose of investigat ing , exposing and
preventing corrupt conduct. in and affecting the NSW public sector.
This is a joint submission between the LECC and the ICAC and these agencies will
henceforth be referred to as ".t he Commissions".
The Commissions are declared "Agencies" for the purposes of the
Telecommunications (Interception and Access) Act 1979 (Cth) (TIA Act) allowing
them to apply for, and be issued, telecommunications interception warrants. The
Commissions are also criminal law enforcement agencies for the purpose of the
TIA Act allowing them to access telecommunications data in support of criminal
investigations.
Both of the Commissions rely heavily on telecommunications interception
warrants to inv·est igat e serious offences allegedly committed by NSWPF officers
and those involved in corruption.
In addition, both Commissions operate digital forensics capabilities to examine
data on seized devices that have been lawfully obtained via search warrants or
by
· the use of coercive powers, in support of criminal investigations.
The Commissions ability to gather evidence relating to criminal and corrupt
activity is being diminished through advances in communications technology.
The migration of communications from traditional voice and text to IP-based
communications combined with the proportion of these communications being
· encrypted is having a real and measurable impact on traditional methods to
gather evidence such as telecommunications interception. In addition, the wide
choice of encrypted communication options from overseas providers allows for
easy access to secure communications and devices to conduct criminal activity.
The Commissions affirm that the provisions of the Telecommunications and Other
Legislation Amendment (Assistance and Access) Act 2018 remain necessary.
Further, the Commissions support the inclusion of anti-corruption commissions as
proposed by the Telecommunications and Other Legislation Amendment
(Miscellaneous Amendments) Bill 2079.
2
Background
In September 2018, the Telecommunications and Other Legalisation Amendment
(Assistance and Access) Bill 2078 (the Bill) was referred to the Parliamentary Joint
Committee on Intelligence and Security (PJCIS) for inquiry and review. The
Commissions contributed submissions in support of the Bill. These submissions
contain information relevant for your review and are annexed below at Annexures
1 and 2.
On 6 December 2018 the PJCIS tabled a brief report recommending a series of
amendments in response to pressing issues raised during the 2018 Bill Review.
Within this review, Recommendation 3 put forward that State and Commonwealth
anti-corruption bodies be excluded from the scope of Schedule 1. At the time, no
explanation for the exclusion was given .
Royal Assent was received on 8 December 2018 and the Bill . became the
Telecommunications and Other Legislation Amendment (Assistance and Access)
Act 2078 (the Act).
On 17 December 2018 the PCJIS invited submissions for a second review. The
ICAC coordinated a joint submission on behalf of the State and Commonwealth
investigative commissions. All commissions contributed and co-signed the
submission, the contents .o f which are relevant for your review and is annexed
at Annexure 3. The LECC also submitted to the second review, the contents of
which are relevant for your review and is annexed at Annexure 4.
In April 2019 the PJCIS released a report on their Review of the
Telecommunications and Legislation Amendment (Assistance and Access) Act
2078, (the April Report). Mr Andrew Hastie MP, the Committee Chair and then Hon
Mark Dreyfus QC (in his capacity as a member of the Committee) reported that the
Committee unanimously supported the extension of the industry assistance
powers provided for in the Act to Commonwealth and state anti-corruption
bodies.1 On 13 February 2019 the Government introduced into the senate the
1 Mr Andrew Hastie MP, Chair of the Parliamentary Joint Committee on Intelligence and Security, House of Representatives Hansard, Canberra, 12 February 2019, p. 76; the Hon. Mr Mark Dreyfus QC MP, Memb er, Parliamentary Joint Committee on Intelligence and Security, House of Representatives
3
Telecommunications and Other Legislation Amendment (Miscellaneous
Amendments) Bill 2079 to give effect to such an amendment. However, due to the
2019 Federal election, this Bill lapsed when Parliament prorogued.
Operational effectiveness and implications of the amendments made by the .
.8..£t.
The Commissions are unable to comment on the operational effectiveness of the
Act due to their current exclusion from Schedule 1.
Neither Commission has exercised the powers of Schedule 2. Schedule 2 powers
are reserved for the investigation of federal offences, which are rarely investigated
by the Commissions. Schedule 3 powers fall outside the
Commissions' jurisdictions.
Contains appropriate safeguards for protecting the rights of individuals
If reinstated, the Commissions would use these powers for targeted assistance
relating to criminal activity. Any assistance relating to encrypted content or access
to data, under Schedule 1, would be for content or data alread.y law full y obtained.
The legislation would require that Technical Assistance Requests and Technical
Assistance Notices would only be issued by the Chief Comm iss.ion ers of the
Com missions . The Chief Commissioners of the Commissions are former Supreme
Court judges and therefore well qualified and experienced in applying appropriate
legal consideration when issuing such instruments. Requiring the authority of the
Chief Officer of agencies or the Attorney General, in the case of Technical
Capability Notices, provides a robust safeguard within the legislation. The
Commissions also support legislative oversight of these powers by the
Commonwealth Ombudsman.
The LECC's function would also bolster the safeguards within this legislation.
The LECC's criminal investigation function of the NSWPF and NSWCC would
allow it to investigate any criminal breaches of the Act by those agencies.
Hansard, Canberra, 12 February 2019, p. 76.
4
Remains proportionate to any threat of terrorism or threat to national security,
or both
Given the relevant jurisdictions, the Commissions make no comment on this issue.
Remains necessary
Legislative access to 'designated communications providers' provided within
Schedule 1 of the Act would assist the Commissions' investigation of criminal
offences :
The prevalence of encrypted content collected under such warrants has risen
significantly over the last five years. This was shown when an ICAC warrant was
granted in 2013 for 90 days, where 20% of the data intercepted was encrypted. In
a recent investigation, an ICA C warrant was granted for 90 days in which 91% of
the data captured was encryp ted. A similar trend can be seen for the LECC in that
59% of the IP session data intercepted in 2013 was encrypted, which has since
increased to 93% in 2018.
The four annexed submissions to the PJCIS outline the Commissions position as to
why this legislation is necessary. These viewpoints a_re maintained and relevant to
your review.
Yours sincerely
The Hon M F Adams QC Chief CommissionerLaw Enforcement Conduct Commission
The Hon Peter Hall QC Chief CommissionerIndependent Commission Against Corruption
5
Annexures
1. Law Enforcement Conduct Commission Submission to the PJCIS 2018
2. Independent Commission Against Corruption Submission to the PJCIS
2018
3. Joint Submission of Investigative Commissions to the PJCIS 2019
4. Law Enforcement Conduct Commission Submission to the PJCIS 2019
6
Annexure 1- LECC Submission to PJCIS 2018
LECCLaw EnforcementConduct Commission
Submission to the Parliamentary JointCommittee _for Intelligence and Security
Telecommunications and Other Legislation Amendment (Assistance and Access) Bill
The Law Enforcement Conduct CommissionThe Law Enforcement Conduct Commission (LECC) is a statutory agency established under section 17 of the Law Enforcement Conduct Commission Act 2076 (NSW) for the oversight of law enforcement in New South Wales (NSW). The LECC commenced operations on 1 July 2017 and replaced the Police Integrity Commission (PIC), the Police Compliance Branch of the NSW Ombudsman's office and the Inspector of the Crime Commission.
In light of the PIC's transition into the LECC and for the purposes of this submission, the PIC and the LECC will henceforth be referred to as "the Commission".
The Commission is an independent body exercising royal commission powers to detect, investigate and expose misconduct and maladministration within the NSW Police Force (NSWPF) and the NSW Crime Commission (NSWCC). The Commission also has the power to independently oversight and monitor the investigation of critical incidents by the NSWPF if it decides that it is in the public interest to do so. Furthermore, the Commission oversees NSWPF and NSWCC investigations of alleged misconduct by officers of those agencies.
The Commonwealth Attorney General has declared the Commission to be an "Agency" for the purposes of the Telecommunications (Interception and Access) Act 7979 (Cth) (TIA Act) allowing it to apply for,· and be issued, telecommunications interception warrants. The commission operates equipment to faci lit at e. the lawful interception of communications by virtue of such warrants.
The Impact of Encryption on Telecommunications Interception Conducted by the CommissionTelecommunications interception is a cost-effective and powerful tool reserved for the investigation of serious criminal offences. The interception of communications under warrant has enabled the Commission to collect vital, and often compelling, evidence used within hearings and prosecutions. In addition, the Commission has regularly disclosed lawfully intercepted information to the NSWPF to assist in the management of the officers implicated in misconduct. ·
The Commi$sion was issued with 162 telecommunications interception warrants over the last five years as indicated in the table below.
2013 - 2014 352014 - 2015 482015 - 2016 602016 - 2017 22017 - 2018 17Total 162
Table 1: Telecommunications interception warrants issued by financial year.
2
The application of interception powers permits the collection of communications in various categories such as telephone calls, text messages, messaging applications, emails, social media, chat sessions, and other online activity. Changes in communication technologies have caused two significant changes within the lawful interception environment:
1. The migration of communications from traditional telephone calls and textmessages to Internet Protocol (IP) based communications; and
2. The increased proportion of IP based communications being encrypted.
Whilst the majority of telephone calls and text messages remain unencrypted and intelligible to agencies, the vast majority of IP based comm unicat ions . are now encrypted by default (this includes messaging applications, email, and social media) . The Commission is technically unable to decrypt these communications.
It is a well-known fact that in society's rapidly changing technological land_scap e, encryption of communications has increased and continues to rise. "Rapid developments in communications technology present both opportunities and challenges for our agencies," former Prime Minister Malcom Turnbull said in a national security statement delivered in the wake of terrorist attacks in Paris. 1
Encryption presents challenges for Australian law enforcement and security agencies in. continuing to access data essential for investigations to keep all Australians safe and secure . The Commission supports privacy principles and encourages · people to take· measures to protect their own privacy generally. However, for the investigation of serious criminal offences, the Commission depends on Telecommunications Interception as. a primary tool in investigations for the collection of evidence.
The deployment of telecommunications interception and surveillance devices by law enforcement agencies, including the Commission, yields high returns in evidence collection. There are, however, significant gaps in collection which can be easily exploited by the Commission's targets to conduct corrupt activity. Australia's national cyber security strategy, .launched in April 2016, noted that there is "a growing trend for groups and individuals to use_ encryption to hide illegal activity and motivate others to join their cause". Police targets, in particular, will modify their activities to avoid interception as they are well versed in law enforcement methods.
Resultantly, the evidentiary value of Telecommunications Interception material has diminished over the last decade with the rise of encrypted social media and messaging applications.
An Analysis of IP Based Communications Intercepted under Commission WarrantsThe statistics in this section have been extracted directly from the Commission's Telecommunications Interception System.
In the current electronic communications environment, there are many mainstream and encrypted alternatives to traditional voice or SMS communication. There has been an
1 Pearce, Rohan 2015, 'Encrypted comms present a challenge for ASIO, Turnbull says', Computerworld,https:/ / www.computerworld .com.au/ article/ 589586/ encrypted -comms-present-challenge-aslo-tu rnbulI-says/
, 3
II s;le d e(9·
ChatSoc ur,
oD
oC
B0
T• rIIrnHo tm a. il
®
Year
20172018(uptoJune 30)
201620152014
100 %90%80%70%59%60%
50%·· ···········40%,(.._.)30%Q)20 %0.10%0%
2013
Q)
0
c
rroo.".O...
93%97by the Commission by year %
Percentage of encrypted IP sessions intercpted
evident rise on Commission intercepts of targets using voice and messaging applications which have end-to-end encryp t ion. Some of these applications are illustrated below.
Figure 1: Examples of encrypted communications detected on Commission intercepts.
The trend line within figure 2 below illustrates the gradual increase of encrypted IP sessions intercepted by the Commission each year, rising to over 90 per cent in the last 18 months.
Figure 2: The percentage of encrypted IP sessions intercepted under warrant by the Commission by year.
The following figure 3 demonstrates the current encryption landscape. It illustrates how the vast majorit of IP data intercepted under warrants by the Commission in 2018 is encrypted.
4
Encrypted v Unencrypted data across investigations in 2018
UnencryptedEncrypted
000'Cj
<.,qf$vo/ ,-_rt?1>,o'?-
0C::J0«_'lf
e,!-.'lf--,,::-.'lf
e,qii0°+ . if"
- ":!Yo 'vo"-,._;,,vc.:,"?" c,1> ,o.s if· . <;Je,c,0 · .fi C,:?0'.rff-e,0CJ._.,
o0
-oei'0-
-"'cf.-o . c,ei0 e,0Qq
IIII1·I
400003500030000250002000015000100005000
0
Data use in encrypted applications
Figure 3: The proportion of encrypted and unencrypted IP sessions intercepted by the Commission in 2018.
The Commission's targets make considerable use of encrypted communications. A statistical analysis of interception activity on a recent investigation provides an example of the extent of encryption encountered in the current communications environment. In this Operation, 94 per cent of communications were encrypted.
Figure 4: Encrypted sessions is by Commission targets in a recent investigation.
Figure 4 illustrates the vast array of encrypted applications that were used as a means of communication between Operation targets. It also shows the number of encrypted sessions from well-known applications that were used by the targets within this Operation. In this case, 15 different applications were used to varying degrees.
The communication providers depicted in figure 4 are likely being used by Commission targets to further criminal activity in Australia. Commission targets are police officers or persons facilitating misconduct by police. The communication providers are based overseas and are not subject to Australian interception laws.
5
I
The Impact of Encryption on Digital Forensic Examinations Conducted by the CommissionAnother important tool in modern investigations is digital forensics. In many instances digital evidence obtained from computers, smart phones, storage devices and other equipment provides direct evidence in support of criminal investigations.
The Commission maintains a contemporary digital forensics capability which includes a dedicated lab, systems and equipment. The extraction of digital evidence from networks, hard drives and smartphones etc can also be defeated by encryption. Certain applications and operating systems can partially or fully encrypt the storage component, or the entire device being examined .
Currently, the Commission's Digital Forensic capabilities are not hindered to the same extent by encryption as with interception. However, it is anticipated that the use of encryption to secure devices and digital storage will increase as time goes on. A legal framework to request technical assistance from technology providers for the investigation of criminal offences could greatly assist on a case-by-case basis.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 - Schedule 1The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Cth) (the Bill) proposes to provide interception agencies with lawful avenues to seek or require assistance from communication providers operat .ing in Australia.
The Commission supports the proposed changes within Schedule 1 and makes the following comment.
It is the view of the Commission that the proposed changes in Schedule 1 will not result in comprehensive decryption of intercept product. Although, defining Designated Communication Providers (DCPs) (s317C) in addition to "listed acts or things" (s317E), is a significant legislative change which will allow lawful avenues for the Commission to seek assistance in particular circumstances.
It is important to note that the Bill does not propose to extend the jurisdiction of Australian interception warrants to DCPs. Any further assistance relating to encrypted content provided under Schedule 1 would be for content already lawfully obtained by the Commission.
It is the Commission's view that proposed definitions for DCPs and "listed acts or things" provides for practical avenues to request assistance in support of both interception and digital forensics operi3t io ns.
It is also the Commission's view that the practical application of assistance through Technical Assistance Requests (s317G), Technical Assistance Notices (s317L) and Technical Capability Notices (s317T) provide a flexible and graduated framework depending on the type of assistance sought.
In many cases the Commission may seek technical advice relating to devices or services only, and this particularly relates to digital forensics. This advice would be practically
6
requested through a Technical Assistance Request. This procedure seems reasonable and efficient.
A Technical Assistance Notice is a compulsory order to the DCP. This provides an · effective method for the Commission to gain assistance. It is noted that this assistance will not extend behind the current capability of the provider. To issue a Technical Assistance Notice under s317P the Chief Officer must be satisfied that the requirements imposed by the notice are reasonable and proportionate, and compliance with the notice is practicable and technically feasible. The Commission believes this is a fair and rational test where a two-step process provides a strong safeguard against technical assistance requests that are unduly burdensome on telecommunication providers.
The Chief Officer's satisfaction of reasonableness and proportionality must be formed on a correct understanding of the law, and must not take into account a consideration which a court can determine in retrospect 'to be extraneous to any objects the legislature could have had in view'. Given the C:hief Officer of the Commission is a former Supreme Court judge who would be very familiar with the application of such a test, the parliamentary committee can be assured that requests would not be considered lightly and there are strong protections in place to ensure that interception powers are exercised as intended.
The following case study is a real example of how the proposed changes in Schedule 1 would have assisted the Commission recently.
Case StudyIn April 2016 the Commission received a number of complaints, which alleged that NSW Police officers created, shared and engaged with offensive material targeted at a NSW Member of Parliament (NSW MP). In response to these complaints, the Commission established Operation Colchester.
The investigation found evidence which indicated that racist, sexist and abusive comments were made about the NSW MP through personal Facebook accounts of serving NSW Police officers. Attempts were made by the Commission to obtain IP addresses directly from Facebook in order to identify who operated the Facebook accounts.
An initial request for information citing the relevant sections of the TIA Act was made to Facebook in April 2016. At this t ime· it was also observed that Facebook would keep information for 90 days if a person deletes their account. This response was rejected due to insufficient information, however Facebook did note that one of the target's accounts had been deleted.
A second request was made to Facebook in May 2016 which Facebook took one month to respond to and was also rejected. Facebook instead requested a Mutual Legal Assistance Treaty (MLAT) request in order to be able to assist. The commission made this request but by late August was unable to gather this evidence. A decision was made to go to the Commonwealth Department of Public Prosecution (CDPP) as there were concerns that waiting for the MLAT process to complete would not allow a timely investigation.
The Commission sought advice from the CDPP as to whether two officers could be prosecuted for their Facebook posts pursuant to section 474.17 of the Criminal Code 7995
7
(Cth). The COPP advised that there was insufficient evidence to prosecute either of the officers and cited the lack of identifying IP addresses is an important evidentiary deficiency.
As Facebook was based offshore, the Commission had no way of compelling the production of information it was seeking.
Within the proposed amendments, the designation of Facebook is a DCP and the lawful avenues of both technical assistance requests and technical assistance notices would have provided the commission with practical and lawful ways to gather this evidence in support of a prosecution.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 - Schedule 2 - 5The proposed amendments in Schedule 2 - 5 relate to Commonwealth law and are very unlikely to be used by the Commission. The Commission does support the changes in principle however, and makes the following comments.
The proposed amendments in Schedule 1 will assist the Commission. It should be recognised, however, that these additional powers will not provide a holistic solution to encrypted, intercepted material. In combination with the amendments in Schedule 1, proposed amendments in Schedules 2 and 3 provide other practical avenues to gather evidence within the current technological landscap e.
The proposed amendments to the Surveillance Devices Act 2004, will assist, agencies obtain evidence through surveillance device warrants as opposed to interception warrants. By doing so an alternate means to collection pre or post encryption is p ossib le.
The inclusion of a Computer Access Warrant in Schedule 2, is a potential avenue to collect evidence which is encrypted in transit.
The definitions and legal avenues concerning "account-based data" in Schedule 3 also provide practical means to gather digital evidence under a search w rrant. In the modern technological environment, an individual's data is no longer stored purely on devices seized within search warrants. It is likely that the storage of incriminating information would be well hidden via encryption or an online location. This is similar to methods used within criminal activity where incriminating physical evidence is hidden to avoid detection by law enforcement agencies.
ConclusionThe Commissions ability to gather evidence relating to police misconduct or corrupt activity is being diminished through advances in communications technology.
The migration of communications from traditional voice and text to IP-based communications combined with the proportion of these communications being encrypted is having a real and measurable impact on traditional methods to gather evidence such as telecommunications interception. In addition, the wid choice of encrypted communication options from overseas providers allows for easy access to secure
8
communications to conduct criminal activity.
The Commission fully supports the amendments proposed within the Bill.
It is understandable that the Australian community may hold concerns when granting further powers to law enforcement agencies. It should be noted that these powers are reserved for targeted assistance relating to criminal activity and do not allow for widespread collection of innocent part ies. ·
The Commission supports the proposed amendments as it will greatly assist in the investigation of misconduct by police. Whilst the Bill does provide additional powers to police, it also provides additional powers to oversight bodies like the Commission to assist in the investigation of police where they misuse their powers or engage in criminal or corrupt act ivit y.
9
0
l · ( } A · C I ND EPEN DEN T COM M ISSI ON AGAI N ST CO RRUPT IO
N
N E W O U T H VI A i. E S
Committee SecretaryParliamentary Joint Committee on Intelligence and Security PO Box 6021, Parliament HouseCanberra ACT 2600
BY EMAIL: T OLAbill@a ph. gov. a u
Dear Chair,
I refer to the Parliamentary Joint Committee on Intelligence and Security's review of the Telecommunication and Other Legislation Amendment (Assistance and Access) Bill 2018 ("the Bill).
The Independent Commission Against Corruption of New South Wales ("the Commission") supports the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 ("the Bill"). Over the past two years, the Commission has witnessed a significant increase in the use of encrypted communications. This widespread use has frustrated Commission investigations, restricting the amount of lawfully Intercepted information available, when intercepting telecommunications services under the Telecommunicati6ns (Interception
· and Access) Act 1997. The powers within the proposed Bill would assist the Commission inovercoming technical obstacles related to its principal functions, to investigate and expose corrupt conduct in the NSW public sector..
The Commission recently completed an Investigation into serious fraud, an offence punishable by imprisonment for a maximum period of 10 years: In that investigation, the Commission sought a number of interception warrants issued under section 46 of the Telecommunications (Interception and Access) Act 1997. During the course of the investigation, it became clear that two parties would utilise standard telecommunications systems to make voice calls and SMS when initiating discussions. When the topic of discussion turned to the serious fraud, the two parties would agree to move communications to an encrypted third party application. The movement of communications to an encrypted form frustrated the investigation, necessitating the extension of interception warrants and an increase in expenditure. If the Commission was able to request voluntary assistance from a designated communications provider, detailed in part 317C of the Bill, communications between these two parties may
· have been obtained earlier in the investigation. With industry assistance, the Commission would not require an extension of interception warrants, lessening the Impact on privacy of the parties.
In another recent investigation Into serious fraud, the Commission had reason to believe a party was receiving corrupt payments via a financial transaction mechanism built into a mobile application. The Commission had obtained an interception warrant, but from the informationcollected under Intercept, the Commission was unable identify individual transac tions. In this investigation, the Commission may have made a voluntary request to a designated communications provider to complete a listed act or thing under part 317E of the Bill. Thelisted act or thing would have assisted the Commission identify a payment gateway service and strengthened our position when seeking assistance from overseas banking institutions.
Le, ! 7 . 2:'>5 F <l ,,hd h h :c:. S\'d r, w r--.iS\f\/ 'WOO : CPO Box SOO Sydnc,•, NSW 2001 l ABi· 17 CJ ,,i 10? ,HO·r o: 8'281 5(;QL) i F 02 · ), () 1 53 64 l: ,c 1., c, • }ic ,; i:, 1 1l \ .VL. ; c v, 1 1 U \N \V\V 1C,--\C. 1\ \ V.g u v (i U
The increase and widespread use of encrypted communications continues to inhibit the Commission in investigating and exposing corruption In the New South Wales public sector. The powers within the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 would assist the Commission to overcome these inhibitions.
please do not hesitate to contact-
Yours sincerely
The Hon Peter Hall QC Chl f Commissioner/ 71-october 2018
An nex ur e 3 - Jo int Subm ission Ja nu a ry 2 019
Joint Submission of Investigative Commissions re the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018
1. This is a Joint Submission to the Parliamentary Joint Committee on Intelligence and
Security ("the Committee") in relation to the Telecommunications and Other Legislation Amendment (As. si stance and Access) Act 2018 (the "Assistance
and Access Act 2018") by the following agencies (the "Investigative Commissions"):
(i) the New South Wales Independent Commission Against Corruption
(ii) the Independent Broad-based Anti-corruption Commission, Victoria
(iii) the Independent Commissioner Against Corruption, South Australia
(iv) the Office of· the Independent Commissio'ner Against Corruption,
Northern Territory
(v) the New South Wales Crime Commission
(vi) the Corruption and Crime Commission, Western Australia
(vii) the Crime and Corruption Commission, Queensland
(viii) the Australian Commission for Law Enforcement Integrity
(ix) the Law Enforcement Conduct Commission, New South Wales.
2. This joint submission addresses the exclusion of the Investigative Commissions from
the Assistance and Access Act 2018 and recommends that the Investigative
Commissions be included in that Act to enable them to secure assistance from
telecommunications providers to access encrypted telecommunicati c;ms.
3. This submission is made for the purposes of th_e Committee's current review of
the Assistance and Access Act 2018, which review is being conducted with specific
reference to the amendments to the Telecommunications and other Legislation
Amendment (Assistance and Access) Bill 2018. Those amendments included the .
exclusion of the Investigative Commissions from the scope of Schedule 1 of the Bill,
which, but for the exclusion, would have included them among those interception
agencies that could seek assistance from telecommunications providers to access
encrypted telecommunications .
Sensitive 1
4. There are four separate, but related matters for considera tion:
1. The statutory powers of the Investigative Commissions to intercept
telecommunications under the provisions of the Telecommunications
(Interception and Access) Act 1979 (the " TIA Act").
2. The essential importance of telecommunication interception to the
investigative work of the Investigative Commissions.
3. The degradation of Tl capacity under interception warrants issued
under the TIA Act by the widespread use of encrypted devices.
4. The exclusion of the Investigative Commissions from the Assistance
and Access Act 2018. Such exclusion runs contrary to both the
legislative intention and purpose of the TIA Act and the substantive
scheme established by that Act.
Warrants authorising agencies to intercept telecommunications
5. Each of th.e Investigative Commissions, other than the Independent Commissioner
Against Corruption, Northern Territory is an "interception agency" within the meaning
of the TIA Act: Part 2-5 - Warrants authorising agencies to intercept
telecommunications, Division 2, Declaration of State Law Enforcement
Authorities as Agencies, and s.5 definition of an agency. The process for the listing
of the Independent Commissioner Against Corruption, Northern Territory as an
"interception agency" is currently being attended to by the Northern Territory
Department of Attorney General and Justice and is well-advanced. The necessary
amendments to the Telecommunications (Interception) Northern Territory Act were
made in 2018
6. The provisions of part 2-5 of chapter 2 of the TIA Act gave effect to the federal
legislative intention of meeting the investigative needs of specified Federal and State
agencies to undertake the lawful interception of telecommunications in relation to, or
made in the course of, activities that involve "serious offences" (s5D of the TIA Act).
"Serious offences" include (amongst other pffences) an offence punishable by
imprisonment for life, or for a period, or maximum period, of at least 7 years(s5O(2)(a))
Sensitive 2
where, inter alia, the particular conduct constituting the offence involved, involves or
would involve, as the case requires:
• trafficking in prescribed substances s5D(2)(iv)
• serious fraud:.s5D(2)(b)(v)
• serious loss to the revenue of the Commonwealth, a State or the Capital
Territory: s5D (2)(b)(vi)
• bribery or corruption by:
A. an officer of the Commonwealth;
B. an officer of the State; or
C. an officer of a Territory : s5D (2)(b)(vii).
7. See also s5D (3) (a) to (d).
The Assistance and Access Bill 2018
8. All of the Investigative Commissions, except the Independent Commissioner Against
Corruption, Northern Territory, were included in the Telecommunications and other
Legislation Amendment (Assistance and Access) Bill 2018 ("The Bill"). However,
without notice, in December 2018 they were all excluded from the scope of Schedule
1 of the Bill. This was said to have been done on the Committee's recommendation,
(Recommendation 3). That recommendation is set out in the Committee's Advisory
Report on the Telecommunications and Other Legislation Amendment (Assistance
and Access) Bill 2018 ("the Advisory Repo rt"). The recommendation was not based
on or made in light of any input by specific law enforcement agencies, notice of the
exclusion not having been provided to interested parties (namely the Investigative
Commissions). The basis for that exclusion has not yet been disclosed to or discussed
with the Investigative Commissions. The circumstances of the exclusion of the
Investigative Commissions are accordingly of considerable concern.
Sensitive 3
9. Schedule 1 to the Bill · as originally drafted expressly included the Investigative
Commissions, other than the Independent Commissioner Against Corruption, Northern
Territory. That was entirely consistent with, and complemented, the provisions of the
TIA Act. Indeed, the Bill as drafted supported the operation of the warrant provisions
in the TIA Act. Their subsequent removal from the Assistance and Access Act 2018 is
::entirely inconsistent with, indeed, incompatible with, the legislati1;1e intent and the
purpose of the TIA Act [in particular in that respect with the provisions of Part 2-5,
Divisions 3 and 4, of the TIA Act, Warrants authorising agencies to intercept
te/ecomm unications .] .
10. The action taken to exclude the Investigative Commissions from the Assistance and
Access Act 2018, and the ready availability and use of encrypted services, will produce
an outcome that is contrary to the public interest. Together, those matters will operate. .
conjointly to ensure that the barrier or protection for those using such services and who
participate in organised crime activities and corruption will continue.
Problems with the Advisory Report
· 11. Telecommunication interception and access to stored communications play a central
role in covert investigations.
12. . The use of warrants to intercept and access stored communications is independently
overseen by the.Commonwealth Ombudsman and equivalent state bodies.
13. Bribery and corruption offences, whether at the Federal or State levels, have long
been included under the TIA Act as serio.us offences involving as they do the ultimate
abuse of public office.
14. It has been accepted that warranted interception and other powers under the TIA Act
(as well as the coercive powers conferred by State legislation) are essential for the
effective investigation of organised criminal activities as well as of corrupt conduct by
public officials and by others who may be implicated in corrupt dealings.
15. In relation to organised crime, it has been observed:
" . . . agencies continue to report that telecommunications interception effectively
enables investigators to identify persons involved in and the infrastructure of
Sensitive 4
organised criminal activities. In some cases, the weight of evidence obtained
through telecommunications interception results in defendants entering guilty
pleas, eliminating the need for the intercepted information to be admitted into
evidence: 2016-17 Telecommunications (Interception and Access) Act 1979
Annual Report (Executive Summary at p vii)".
16. For the Investigative Commissions the emergence of new and sophisticated forms of
corruption continue to pose new ch_allenges. They include new forms of the
contracting out and delivery of government services, including public/private
partnerships and joint ventures entered into between governments and entities in the
private sector.
17. The detection and exposure of organised crime and corruption is a difficult and
challenging investigative task. Secrecy is the core of such criminal activity and corrupt
conduct and the parties to such conduct have a common interest in maintaining that
secrecy. There is invariably no other witness to the conduct. Few paper trails are left
and sometimes false ones are created. The persons involved are often experienced
and astute in avoiding the proper processes or protocols designed to prevent crime
and corruption.
18. It is well-accepted that ordinary police powers of investigation are insufficient for the
effective investigation of corruption. Hence the decisions of governments in every
state of Australia (and recently t_he Northern Territory) to establish and equip
specialist anti corruption investigative agencies with the full range of coercive powers
including interception powers.
19. Given the nature of the specialised investigative work of crime commissions and of
anti-corruption commissions, telecommunication interception has proven to be a very
valuable and cost effective investigative technique particularly as a complement to
other methods of investigation and intelligence-gathering. However, as discussed in
this submission, the development of encrypted services has blunted it as an
investigative tool.
20. It does not appear that, in making recommendation 3 in the Advisory Report, the
Committee has considered these matters.
Sensitive 5
The threat posed by the encryption of telecommunications
21. The value and importance of telecommunications interception to law enforcement
agencies is well-established. Indeed, there has been a continuing increase in its use
by crime and anti-corruption agencies. It is important to emphasise, however, that the
growth, availability and use of telecommunications interception powers has
consistently been paralleled by an increase in the level of accountability and privacy
protection provided under the TIA Act. In that way a balance has been maintained
between the investigative requirements of law enforcement agencies and other eligible
agencies and privacy considerations.
The Threat of Encryption to Interception Capability now a Reality
22. Many years ago (in 1994) a warning was sounded in a report on a review on
telecommunications interception (the Barrett Review): ". . . whilst
telecommunication interception will continue to be an important investigative tool,
there is a need to be on the alert as to its continued viability in the longer term, as.
. . the capability of this technique is coming under increasing challenge. This is largely
due to the unregulated release of new communication technologies, which are not
easily intercepted, onto the domestic market . . . digital telephony and encryption have
been identified as the biggest current threats to interception in the United States and
Canada (Barrett Review 1994; pg.4)1 . These technologies are not so established in
Australia, but time will see their increasing use". 2. Subsequent events have shown
that to have been a prescient obse rvation.
23. The Barrett Review identified the shift from analogue to digital telephony and the wider
availability of encryption as constituting, in time, a threat to the effectiveness of
telecommunications interception [0.7]. As the above extract from the review indicates,
1 sersitive· In July 1993 the Security Committee of Federa Cabinet requested Mr Pat Barrett, Deputy Secretary, Department of Finance to review the long-term cost-effectiveness of telecommunications interception. The 'Barrett Review' report was delivered in March 1994.2 Cited in Telecommunications Interception and Criminal Investigation in Queensland; A Report January1995, Criminal Justice Commission (RS O'Regan QC, Chair Person at pg. 12).
6
it was not possible in 1994 to be definitive about the impact such changes in
telecommunications technology would have on Tl capabilities, but the Review Report
observed : "they do indicate that software solutions wilt increasingly be needed to
perform interception" [3.2.4].
· 24. The Barrett Review report also noted: "there is no legislative constraint on f.he
manufacture and use of encryption devices in Australia, but the "agencies" do not
currently consider encryption as a significant threat to interception, at feast in the
foreseeable future" [3.3.2]. The Review additionally recommended that developments
in the US and other countries should be carefully monitored "to advise the
Government of any degradation of Tl capacity".
25. As at 2019, the "threat" has materialised to a level that called for a legislative initiative
such as that contained in the Assistance and Access Bill 2018.
26. The predicted threat or "degradation" of Tl capabilities foreshadowed by the Barrett
. Review significantly impacts and reduces the capabilities of each of the Investigative
Commissions (as well as to other agencies).
27. Both Federal and State legislatures have long accepted the need to ensure that crime
and anti-corruption commissions maintain the capacity, in the public interest, to
investigate the specialised areas of "organised crime" and "corruption".
28. It is totally unacceptable from the community and law enforcement points of view that
lawful telecommunications interception by specialised .agencies is now degraded
virtually to the point of extinction through the widespread availability and use of
encrypted services.
29. The inclusion of all agencies specified in Schedule 1 to the 2018 Bill provides a
counter solution to the problem.
30. It is accordingly respectfully submitted on behalf of the Investigative Commissions that
that be done as a matter of urgency in the public interest.
Sensitive 7
The Increased Use of Encryption as a Barrier to Lawful Interception
31. The problem of interference with investigations of serious criminal offences through
the use of encrypted services is now widely acknowledged.
·32 . The Advisory Report on the Telecommunications and Other Legislation Amendment
(Assistance and Access) Bill 2018 acknowledged the problem of the interference and
hampering of investigation of serious criminal activities through the· use of encrypted
communications :
1.9 The Committee accepts that there is a genuine and immediate need for
agencies to have tools to respond to the challenge of encrypted
communications. The absence of these tools results in an escalation of
risk and has been hampering agency investigations over several years.
As the uptake of encrypted messaging applications increases, it is
increasingly putting the community at risk from perpetrators of serious
crimes who are able to evade detection.
33. The Independent Commission Against Corruption (NSW) has witnessed ari increase
in the use of encrypted communications over the past five years. In an investigation
undertaken by the Commission in 2013, a telephone interception warrant was granted
for a period of 90 days. In that period, 20% of intercepted communications (IP
sessions and.traditional voice and SMS communications) were encrypted. In a recent
investigation, the Commission was granted a telephone interception warrant for a
period of 90 days. In that period, 91% of communications sent or received on a
standard mobile device were encrypted. The other investigativeCommissions are in
a position to ·provide similar examples. They report similarly dire statistics on the
. prevalence of encrypt. ed communications being intercepted. In its submission to the
Parliamentary Committee, the Department of Home Affairs estimated that by 2020 all
electronic communications of investigative value will be encrypted.
34. In recent years the Corruption and Crime Commission (WA) has investigated the
trafficking of contraband into prisons by prison guards, the provision of firearms to
organised crime groups by a police officer, and the disclosure of sensitive information
to a member of an extremist group by a police officer. The Commission has observed
that during these operations, targets and their associates not only used encrypted
Sensitive ·s
communication media, to which crucial information has no doubt been lost, but also
actively ·encouraged their associates to communicate via encrypted services in order
to avoid detection. The intelligence and evidence collected via intercepted
telecommunications is of immeasurable value to the Commission's operations. As
encryption becomes increasingly ubiquitous and intercepted communications
increasingly impenetrable, the Commission believes the effectiveness of Intercept
Warrants as they currently exist will be severely compromised. The likely result of this
will be longer, less effective, more expensive investigations , and the potential erosion
of the privacy of targets more than is strictly necessary .
35. The New South Wales Crime Commission ('NSWCC') was constituted 'to reduce the
incidence of organised and other serious crime' (s. 3 Crime Commission Act 2012
(NSW), ('NSWCC Act'). - The NSWCC investigates matters relating to serious and
organised crime within New South Wales that have been referred to it by its
Management Committee for investigation . Whilst the NSWCC is not precluded from
investigating corruption-type offences, the principal functions of the NSWCC, as set
out in subs. 10 (1) NSWCC Act, include:
• to investigate matters relating to a relevant criminal activity or serious
crime concern referred to the Commission by the Management Committee
for investigation;
• to investigate matters relating to the criminal activities of criminal groups
referred to the Commission by the Management Committee for
investigation;
• to assemble evidence that would be admissible in the prosecution of a
person for a relevant offence arising out of any such matters and to
furnish any such evidence to the Director of Public Prosecutions;
• to furnish evidence obtained in the course of its investigations (being
evidence that would be admissible in the prosecution of a person for an
indictable offence against the law of the Commonwealth or another State
or Territory) to the Attorney General or to the appropriate authority in the
jurisdiction concerned;
• with the approval of the Management Committee, to work in co-operation
with such persons or authorities of the Commonwealth, the State or
another State or Territory (including any task force and any member of a
task force) as the Commission considers appropriate.
Sensitive 9
37. The most frequent types of offences referred to the NSWCC include organised
murder, the supply/manufacture prohibited drugs, money laundering and work jointly
with the NSW Police Force and Commonwealth partners in the Joint Counter
Terrorism Team arrangement preventing and investigating terrorism.
38. The N$WCC works closely in conjunction/co-operation with other State and Federal
law enforcement agencies. who were not excluded from the Assistance and Access
Act 2018, including the New South Wales Police Force (being the Police Force of a
State) and the Australian Federal Police (comprising 'interception agencies', as
defined in s. 317B Telecommunications Act 1997). As an investigative tool often used
to base deeper investigation into serious and organised crime, the use of
telecommunications interception is often stunted as much of the material, or potential
material obtained, is encrypted. Organised and serious crime has grown dramatically
over the last few years. The proliferation, complexity and variety of organised crime
activities are facilitated in large part by technology and encrypted communications,
which are proving virtually impenetrable to law enforcement agencies. Current and
emerging technologies impede investigations and make analysis of criminal activities
and associations much more complex and resource intensive than in the past.
39. The exclusion of the NSWCC from the Assistance and Access Act 2018 has the
potential to threaten the capacity for the NSWCC to maintain such working
relationships, as not only is the NSWCC excluded from utilising the new provisions,
but the NSWCC is - and all of the investigative Commissions are - generally precluded
from having technical assistance notice information, technical capability notice
. information or technical assistance request information disseminated to iUthem,
unless it is within the performance of the functions, or the exercise of the powers by,
one of the interception agencies. Clearly, the powers and functions of the NSWCC
(and all of the Investigative Commissions) differ to those of the interception agen cies.
40. The Explanatory Memorandum stipulated that the Telecommunications and other
Legislation Amendment (Assistance and Access) Bill 2018 would amend the TIA Act
and related legislation to introduce measures to better deal with the challenges posed
by ubiquitous encryption. The NSWCC strongly supports and recommends that all of
the Investigative Commissions be included in the Assistance and Access Act 2018 to
Sensitive 10
VUlJI 111 v v 1.,_., • -- •
enable them to secure assistance from telecommunications providers to access
encrypted telecommunications, to assist each of the Investigative Commissions to
better deal with the challenges posed by ubiquitous encryption.
41. The Crime and Corruption Commission QLD (the CCC) has reported a substantial
increase in the rate of encryption over a six year period. The statistical information
gathered by the CCC Qld clearly demonstrates this trend. The following table provides
information gathered across all telecommunications interception warrants issued to
the CCC Qld during 2013 to 2018. Traditional voice communications and text
messages have been excluded from these statistics which are based on an analysis of
all intercepted internet traffic over the period.
Year Percentage of intercepted data (IP sessions) that is encrypted
Percentage of intercepted emails that are encrypted
2013 29.52% 0%2014 40.41% 0.44%2015 59.71% 61.93%2016 56.54% 87.38%2017 74.44% 99.95%2018 94.32% 99.58%
42. Some agencies covered by this submission have also provided direct submissions for
this review which provide further details of how these technical assistance measures
impact them.
Concluding Statement
43. The impact of encrypted technology plainly requires an urgent response.
44. The development and formulation of federal government telecommunications policy
and the frequently amended Telecommunications (Interception and Access) Act 1979,
and its statutory predecessors have consistently endorsed the capability of authorised
interception agencies, including the lnves ti_gative Commissions, to undertake lawful
interception of telecommunications. Such availability through the issue of interception
warrants has been made subject to stringent conditions thereby safeguarding privacy
considerations .
Sensitive 11
UUlJI I lh..> v 1 ,, , ._ ,
45. Maintaining the fight against organised crime and identifying and exposing corruption
in government and public administration requires specialised investigation capabilities
as discussed in this Joint Submission.
46. Whilst encryption to such telecommunications provides obvious benefit to law-abiding
citizens and corporations it also provides a barrier or protection for those who operate
outside the law - promoters and participants in criminal enterprises, including in
particular drug importation and drug trafficking, and those who corruptly seek to betray
the public trust that underpins good government and public administration.
47. To exclude the Investigative Commissions from the Assistance and Access Act 2018
effectively deprives those agencies of the legislatively-sanctioned use of warranted
interception under the TIA Act. That outcome is plainly completely contrary to the
intent of that Act. It is also wholly contrary to the public interest in effective law
enforcement.
48. To permit a technolog ical change or development (encryption) to defeat the public
interest in the maintenance of law and order, including in particular the social evil of
organised crime and corruption, is tantamount to a triumph for those who seek to
benefit from organised crime activities and corrupt dealings.
49. There has been no disclosed reasoned basis or justification identified for the exclusion
of the Investigative Commissions from the operation of the Assistance and Access Act
2018. This Joint Submission therefore recommends that the Committee reconsider the
exclusion of the Investigative Commissions and recommend that the Assistance and
Access Act 2018 be urgently amended to include them in Schedule 1 to that Act
Sensitive 12
The Hon Peter Hall QC Chief CommissionerNSW Independent Commission Against Corruption
_.,
The Hon Robert Redlich .QC CommissionerIndependent Broad-based Anti Corruption Commission Victoria
The Hon Bruce Lander QCIndependent Commissioner Against Corruption South Australia
The Hon Kenneth Fleming QCIndependent Commissioner Against Corruption Northern Territory
Mr. Peter Cotter AMP CommissionerNSW Crime Commission
Sensitive 13
The Hon John McKechnie QC CommissionerCorruption and Crime Commission Western Australia '
Mr. Alan MacSporran QC ChairpersonCrime and Corruption Commission Queensland
· Mr. Michael Griffin AM Integrity CommissionerAustralian Commission for Law Enforcement Integrity
The Hon Michael F Adams QC Chief CommissionerNSW Law Enforcement Conduct Commission
Sensi ive 14
·:- L EC C ······· '<-•······················· " . e=•· ..........., ·
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 mr "' " ' ' ' 8391145
Phone: 02 9321 6700 Fax: 02 9321 6799Level 3, 111 Elizabeth Street, Sydney NSW 2000
Law Enforcement Conduct Commission
29 January 2019
Postal address: GPO Box 3880, Sydney NSW 2001www.lecc.nsw.gov.au
40190/10
Committee SecretaryParliamentary Joint Committee on Intelligence and Security PO Box 6021Parliament House Canberra ACT 2600
Dear Committee Secretary,
Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2078
Thank you for the opportunity to provide a further submission to the Committee.
On 9 October 2018, the Law Enforcement Conduct Commission provided a submission to the Committee in response to the review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 ("The Bill").
The initial submission which expressed the LECC's views regarding the bill are maintained and also are relevant to the review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2078 ("the Act"). I therefore annexe the LECC's initial submission for the Committee's consideration within the review of the Act.
The key points from the initial submission were-
1. The LECC is a statutory agency established under section 17 of the Law Enforcement Conduct Commission Act 2076 (NSW) for the investigation and oversight of law enforcement misconduct in New South Wales (NSW).
2. The LECC relies significantly on telecommunications interception warrants to investigate serious offences allegedly committed by New South Wales Police Force (NSWPF) offi cers.
3. The prevalence of encrypted content collected under such warrants has risen significantly over the last five years. In 2018, 93% of IP communications intercepted by virtue of LECC warrants were encrypted.
4. The LECC's digital forensics capability is also hindered by the use of encryption to secure devices and digital storage.
5. The legislative access to "designated communications providers" provided within Schedule 1 of the Act would assist the LECC's investigation of serious offences. ·
In addition to the initial LECC submission, I request that the Committee consider the additional points raised within this submission.
- ··
111111111111/IIIIIII II
Ill8391146
The Use of Encryption to Enable Corruption
Emerging t echnolo g y, whilst providing many benefits, is changing criminalit y. The Australian National Cyber Security Strategy noted that there is a "growing trend for groups and individuals to use encryption to hide illegal activity and motivate others to join their cause" 2• The Act provides some law enforcement agencies with powers to keep up with these changing technologies.
The investigation of criminal activity conducted by police is, in many instances, more challenging than for other crim inals. Police are well versed in investigative methods, tools and surveillance t echniques . They also have access to intelligen'ce databases and other sources of intelligence such as human sources. In particular, police are aware of the sensitive capabilities involving electronic collection. Interception operations conducted under LECC warrants show that police targets currently use encryption to facilitate criminal activity.
The exclusion of the LECC within Schedule 1 of the Act may well encourage corrupt police to use encrypted communications with confidence and encourage police corruption more broadly.
As part of this review, I request that the Committee reconsider the LECC's inclusion within Schedule 1 powers of the Act, as was intended by the Bill.
- - . ...l
Chief Commissioner
2 Department of the Prime Minister, Commonwea lth of Australia (2106) Australia's Cyber Security Strategy,<htt ps:/ / w ww.pm c.gov.au/ site s/ default/files/publicatlons/austraIla s- cyb er- secu rity - strat egy .pdf>
Level 3. 111 Elizabeth Str eet, Sydney NSW 2000
www.lecc.nsw.gov.au 3