Aussie law enforcement warns telcos of 5G, IPv6 data access 'burden'

Australia's law enforcement agencies say 5G and IPv6 technologies will make it significantly more difficult to access communications and warn this could result in an "exponential burden" for telcos and government.

The technologies present a big challenge to the traditional way law enforcement accesses communications in investigations and may require a reworking of existing legislation, they say.

The comments were made in submissions to a parliamentary inquiry into the impact of new and energing technologies by the Department of Home Affairs, Attorney-General's Department, the Australian Border Force, the Australian Criminal Intelligence Commission (ACIC), and Australian Institute of Criminology.

They called out 5G, IPv6, mesh networks, and offshore storage of data as specifically problematic to their future ability to access user communications for lawful investigations.

On existing 4G networks, law enforcement agencies use the unique identifier associated with a user's device to trace an individual.

But 5G technology replaces this permanent identifier with temporary ones that are destroyed after a connection to a tower is made, removing the ability to associate the device to a person, the agencies said.

A further hindrance will be the ability for 5G users to download data from multiple sources - like wi-fi, towers, and satellite - at the same time, they said. The same issue would arise with mesh networks. 

ACIC warned this would mean a big impost for telcos as well as agencies.

"A key issue with the introduction of 5G technology is that to provide lawful access, communications providers will need to assist law enforcement agencies to reconstruct data sessions from multiple sources to allow access to a single communication event," it said in its submission.

"Whereas this is an occasional (but increasing) requirement for current 4G communications, this will almost certainly become the new normal for all data intercepted through 5G.

"Given 5G is slated to carry exponential increases in data, at far higher speeds, with far greater security that ever before, the impost and burden on both communications providers and law enforcement agencies to achieve lawful interception will be unprecedented."

Telcos are expected to launch commercial 5G services from 2019.

The Home Affairs department said IPv6 technology posed a similar problem as 5G because it would make encryption services much more easily accessible to users.

Encryption is a standard component in IPv6 and available for all connections. The technology was retrofitted into its IPv4 predecessor as an optional extra that has not been widely adopted.

Home Affairs said the increase of IP numbers in IPv6 would also make it difficult for law enforcement to match information to an individual; IPv6 has a vastly larger address space than IPv4 because its addresses have a size of 128 bits, compared to IPv4's 32-bit value.

"There are no legal regimes to regulate how these addresses will be assigned to consumers.  Consequently, a single user may have numerous IP addresses when operating online," Home Affairs said.

"For example, a person communicating on one social media platform may not necessarily use the same IPv6 address when browsing the internet, or when communicating on another social media platform."

Australian service providers are required under the country's data retention laws to keep records including IP addresses for two years on all customers.

Encryption

The agencies used their submissions to restate their arguments against encryption technologies.

Last July the federal government promised to introduce draft legislation that would force providers of end-to-end encrypted communications services to decrypt messages for law enforcement before the end of the year.

The bill has yet to arrive. In senate estimates today Home Affairs indicated the legislation was still being drafted.

The government has denied its plans equate to asking technology companies to embed backdoors in their products.

It is pursuing "voluntary agreements" with companies for data access, with the laws to serve as backup where assistance is not forthcoming.

Home Affairs claimed more than 65 percent of data intercepted by the AFP used some form of encryption, and "at least" nine out of 10 ASIO priority cases involved encryption.

Modern laws

The law enforcement agencies similarly took the opportunity to call on the government to update legislation to allow them to keep pace with technological change.

Home Affairs specifically asked for a streamlining of the Telecommunications Interception Act (TIA Act) to "reduce complexity", as well as reforms to the warrants system, oversight and accountability measures, and information sharing.

"Although the TIA Act has been subject to a number of legislative changes, it is nevertheless largely anchored to the technological environment that existed in 1979 when it was enacted," Home Affairs said.

"To the extent possible, legislative frameworks in which agencies must operate should be capable of applying to unforeseen technologies while still providing agencies appropriate clarity with regard to their powers and obligations.

"This is an opportunity to better reflect the current use of communications networks and the wider range of providers in the communications supply chain."

ACIC said legislation needed to be more flexible to adapt to the 'rapid' changes to criminal and social environments that result from technological advancements.

"The fundamental need for an appropriate balance between law enforcement powers and individual freedoms is constant but the details of what is appropriate may vary over time," it said.

"Accordingly, governments and legislatures need to keep this balance under review to ensure that it remains appropriate.

"In some cases such review may lead to the conclusion that powers once considered unduly intrusive are now justified by changes in society and in criminal methods, or that restrictions once considered reasonable now make a power effectively unusable and need to be relaxed."

ACIC is currently building a national criminal intelligence system (NCIS) that will allow for a "national and unified picture of criminal activity" to avoid duplicate efforts within agencies.

The NCIS will replace the ACID database built in 1984. It has been through a pilot program and since been funded for an "interim solution".

The federal government is separately working on a new 'national plan to combat cybercrime', to outline "shared national priorities" for law enforcement.