The NSW Pawnbrokers Association has raised concerns about the workability of new laws requiring dealers to collect MAC addresses of wi-fi enabled electronic devices presented at their stores.
The new laws, which come into force from June 1, will require dealers of secondhand goods to record the 12-digit electronic addresses and report them to police, regardless of whether the customer intends to retrieve the device or dispose of it.
Police want to use the addresses to track stolen goods by encouraging consumers to record the numbers as they currently do serial numbers.
NSW Pawnbrokers Association spokesman Laurie White said in the vast majority of cases the only way for dealers to find the MAC address was to have password access to a device.
In cases where customers were disposing of laptops for sale, the problem could be overcome by wiping the device and re-installing new operating system software.
However, if devices were being held in hock - where individuals can use items of value as collatoral for a loan for quick access to cash - “it does make life difficult,” White said.
“They’re averse to giving us that information if they don't have to because they don’t want us to have access in that privacy sense," he told iTnews.
“Under the regulatory arrangement we provide the information or we just can’t do the transaction. There is no exemption to that arrangement so if we don’t provide the MAC numbers as part of the transaction we’re actually committing an offence.
“Some people don’t care – the computer is just a toy or a novelty item but for others it’s a serious business tool or they use it for personal family photographs and to do banking and pay bills, and they just don’t want people having unfettered access to that information."
NSW Police confirmed the legislation makes no distinction between devices sold to for disposal or those held in hock.
White said Apple devices were particularly problematic, pointing to the FBI’s recent failed attempts to gain court orders to unlock a suspect’s device in the US.
Apple’s tight security policies and its iCloud account service meant it is now common practice for secondhand dealers to ask customers disposing of Apple products to delete their accounts either at stores or before bringing them to dealers so they can be wiped and on-sold.
However, White said, before that became common practice there were a handful of instances when dealers found themselves throwing away the devices or selling them for parts.
Stephen Wilson, founder of identity security firm Lockstep, also questioned the workability of the new regulations.
“My initial reaction is that I couldn’t imagine the police could make this terribly enforceable. The poor old pawnbroker is not exactly an IT dude and they’re not going to be running around chasing down passwords,” Wilson said.
The Office of the Australian Information Commissioner (OAIC) declined to comment directly on whether the new law was in harmony with Australian Privacy Principles.
However, a spokeswoman for the OAIC pointed iTnews to an exception under Australian privacy legislation that may assist the new regulations.
“The APPs include an exception for disclosing personal information in specific circumstances when required or authorised under Australian law or a court/tribunal order,” the spokeswoman said.
White said police were working on a technical manual for pawnbrokers to help them locate MAC addresses on common electrical devices.
However, he said they were yet to provide any legal advice around gaining access to customer passwords.
White also said police IT experts had told the NSW Pawnbrokers Association there was potential to call on ISPs to notify them when MAC addresses of suspected stolen devices appeared on their networks.
A spokeswoman for NSW Police repudiated that claim.
A spokeswoman for Optus said its regulatory division was not aware of any such plans and had not held in discussions with NSW Police.
iTnews also contacted Telstra for comment but the carrier did not respond.