Published on the 06/02/2019 | Written by Heather Wright
Training steps up for police...
Police around Australia will be getting to grips with their new encryption powers this month, as training in the new laws ramps up, with the Department of Home Affairs saying the law has already been used by law enforcement and national security agencies.
The Telecommunications and Other Legislation Amendment (Access and Assistance) Act 2018 encryption legislation was rushed into law in early December, enabling the government to issue notices to tech companies requiring they remove encryption and other security on devices and services to provide Australian law enforcement agencies access to stored data.
The bill, the draft of which was only released in August, prompted an outcry, with questions over whether it would require the creation of backdoors and other vulnerabilities in hardware and services.
“Law enforcement and national security agencies have used the powers in the Act.”
It was rushed through both houses of Federal Parliament without amendment thanks to a desire to have the law in place to ‘address security threats over the Christmas and New Year period’
Now, a submission by the Department of Home Affairs to the Parliamentary Joint Committee on Intelligence and Security’s Inquiry says the powers of the act have already been used by Commonwealth law enforcement and national security agencies ‘to support their work’.
“The Department understands that Commonwealth law enforcement and national security agencies have used the powers in the Act to support operations and investigations,” the submission says.
It says it has delivered on-site training to the NSW and Victoria police, and is working closely with law enforcement, national security agencies and industry to help implement the act, with further training to be delivered this month to State and Territory police forces.
The law allows government agencies to issue technical assessment notices requiring communications providers use an interception capability they already have and technical capability notices, requiring a provider to build new interception capability. Both TANs and TCNs are compulsory. A third category, technical assistance requests, allows for ‘voluntary’ requests to use existing capabilities.
“The Department is steadfastly progressing with the implementation and operationalisation of the Act,” the submission notes.
“This involves continuing to support agencies and industry to ensure consistent, reasonable and clear use of powers and dedicated training exercises. The Department is also engaging with industry to dispel common misconception, build confidence and to reiterate the intended purpose and operation of the Act.”
A pool of legal and technical experts is being assembled ‘that may be appointed upon when required to review the requirements in a notice’ and former justices of the High Court, Federal Court, State Supreme Courts and District Courts have expressed ‘firm’ interest in the role of judicial assessor, the Department says. ‘Eminent academics’, cybersecurity professionals and retired judges have also been approached to seek expressions of interest for the role of independent assessor.