Govt urged to avoid TOLA repeat with dark web laws

The Law Council of Australia has urged the government not to repeat what it did with the country's encryption-busting laws by similarly trying to rush through new online account takeover powers before Christmas.

The call comes less than 12 hours after Home Affairs Minister Peter Dutton introduced the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 into the federal parliament.

The bill – which targets serious criminal activity on the dark web, but extends to all crimes that carry jail time of three or more years – is set to introduce three new powers to bolster the investigative abilities of law enforcement agencies.

It will give the Australian Federal Police and Australian Criminal Intelligence Commission the ability to take over a person’s online account, as well as to add, copy, delete or alter data under a data disruption power.

Law Council president Pauline Wright said the proposed powers were extraordinary, particularly around offensive cyber activities and account takeovers, and that proper scrutiny of the powers was necessary.

A “close inspection” of the proposal by both key stakeholders and parliament should extend to the “stated operational case, the criteria, thresholds and process for the issuance of warrants, and the arrangements for independent oversight and review," Wright said.

“The bill should not, under any circumstances, be called on for debate and intended passage in the remaining four parliamentary sitting days in 2020,” she said.

Wright stressed that there “must not be any repetition of the regrettable circumstances that led to the rushed passage of the Telecommunications Legislation Amendment (Assistance and Access) Act”.

TOLA was hurriedly waved through parliament in the dying days of 2018 on national security grounds, with the assistance of the Labor Party, much to the dismay of the tech community.

Since then, a review of the laws by the Independent National Security Legislation Monitor has called for additional safeguards to be added, including judicial review for the approval of technical notices.

Wright said the ability for a member of the Administrative Appeals Tribunal (AAT) to issue disruption warrants under the newly proposed laws is “of particular concern”, and that only superior court judges should be able to make such orders.

“The power to issue disruption warrants should not be conferred on ordinary AAT members, as is proposed in the Bill,” she said.

“In this regard, Australia is already an outlier with our 'Five Eyes' counterparts, all of whom have adopted judicial authorisation models for the issuance of surveillance warrants to their security agencies.

“The bill will serve only to widen this gap.”

The Law Council is currently reviewing the bill, which will likely need to be scrutinised by the Parliamentary Joint Committee on Intelligence and Security.