AFP used anti-encryption laws three times in 2019-20

The Australian Federal Police used the government’s controversial anti-encryption laws three times last financial year to seek voluntary assistance from service providers when investigating serious crimes.

The data is contained in the force’s submission to the Parliamentary Joint Committee on Intelligence and Security review of the Assistance and Access Act, which was rushed through parliament at the end of 2018.

Under the legislation, law enforcement and national security agencies can effectively force service providers to “enable access” to a particular service, device or piece of software using a technical assistance notice (TAN) or technical capability notice (TCN).

A TAN can be used when the provider already has technical means to provide access to law enforcement, while a TCP can be used where the means does not exist and has to be built by the service provider.

But the legislation also allows law enforcement to issue technical assistance requests (TARs) to seek voluntary assistance from service providers to provide data or assistance, which has been the main approach to date.

In the submission [pdf], the AFP said three TARs relating to “serious computer offences and other serious crime types” were issued between 1 July 2019 and 30 June 2020, representing a slight fall on 2018-19 figures.

In 2018-19, which technically only covered a six-month period, the AFP issued five TARs relating to investigations into cybercrime, drug importation and the threat of trans-national serious and organised crime”.

Likely due to the cooperation of industry, the AFP said it issued no TANs or TCNs during 2019-20.

It also said that “no state or territory police forces sought the AFP Commissioner’s approval to issue TANs under the industry assistance framework”.

This was also the case in the 2018-19, as revealed in the most recent Telecommunications (Interception and Access) Act, which continues annual reporting on the Telecommunications and other Legislation Amendment (TOLA). 

“The AFP has good relationships with domestic communication providers and we are committed to proactively engaging them – recognising industry’s advice, expertise and knowledge is invaluable to our work,” it said.

“Our experience is that Schedule 1 of TOLA has accelerated cooperation from industry, with providers increasingly willing to assist due to TOLA providing legal certainties and assurances regarding the commercial scope and impact of requests.

“The fact the AFP has not sought any TANs or TCNs to date, does not indicate these provisions are not required. Rather, it demonstrates the effectiveness of TOLA’s tiered approach.”

The submission also indicates several examples where TOLA has helped the force, including an investigation into the use of remote access trojan (RAT) malware that allowed “secret control over a victim’s computer and other devices”.

“Without these powers, the AFP would have been unable to proactively investigate and capture relevant data and evidence stored in Australian and other participating countries, or identify victims and prosecute users of this malware,” it said.

“An overt search warrant would have alerted the criminals using this malware, precluding further identification, disruption and prosecution on ancillary offending being facilitated by the malware. 

“A traditional search warrant would only yield a limited subset of the customer database (noting the purchase may be made in cryptocurrency and untraceable), and this would not have assisted proactive or the targeting of investigations on the users of the malware.”

The AFP said that as at November 2019, a total of 85 warrants had been executed globally, which had resulted in 434 devices being seized and 13 arrests, though none of which have occurred in Australia.

TOLA was also used in an eight-month investigation into a distributed denial of service (DDoS) attack on government infrastructure, which was conducted in parallel with an undisclosed state police agency.

The submission also says that 16 computer access warrants were issued by the AFP under Schedule 2 of the Assistance and Access Act in 2019-20, with a further seven issued in 2018-19.