Published on the 26/06/2014 | Written by Newsdesk

A major overhaul of the rules governing computer searches by the Australian Security Intelligence Organisation has been foreshadowed by the Attorney General, Senator George Brandis. Responding to a question in the Senate on Wednesday about “the steps the government is taking to deal with the threat of returning foreign jihadists”, Senator Brandis said that he would introduce legislation to the Parliament in July based on a series of recommendations from the Parliamentary Joint Committee on Intelligence and Security.

The Government estimates that as many as 150 Australians are currently involved in fighting in Syria and Iraq, and claims that the changes to the legislation are necessary in order to better protect Australians from these individuals or their allies. However the legislative changes could have much broader industry ramifications dependent on the fine-print.

Senator Brandis was not explicit on what changes would be implemented, but he did indicate that many of the recommendations from Chapter Four of the Joint Committee report would be adopted.

Some of the recommendations from that Chapter are intended to bring up to date the warrant provisions available to ASIO. For example, in the past warrants were provided for physical computer searches. The advent of cloud computing and virtualisation means that data may not reside on physical computers which are used only as access devices.

The Joint Committee recommended that warrants be extended from a single physical computer to also include “computers connected to a particular person or a computer network”. In a series of submissions to the Joint Committee the ambiguity of that definition was questioned by organisations and individuals who were concerned by the extent of the data fishing expeditions that might be made possible.

Assuming this recommendation is embraced by the new legislation the wording will require careful analysis to ensure that all computers connected to a computer network are not inadvertently exposed to the provisions of the warrant.

A further recommendation is that rules regarding how ASIO can investigate data be relaxed. At present warrants preclude the agency from doing anything under a warrant that adds, deletes or alters data. There are concerns that if that condition is relaxed, and ASIO is permitted warrants that allow it to trawl for data on “computers connected to a particular person or a computer network” it could slow the performance of communications networks, even the internet at large.

Questions also remain on the role that third party computing and communications companies such as ISPs might have to play when ASIO sought to exercise its new warrants, as one recommendation from Chapter Four of the Joint Committee report calls for an exploration of how third parties might be involved in accessing warrant provisions.