Support Centre

Australia: A peek into the dark web with the proposed new surveillance legislation

The long-awaited release of the report from the Australian Government's review of intelligence legislation, together with the Government's response to that review, coincided with the introduction of proposed new surveillance legislation to the Australian Parliament in early December 2020. The Government, both in its response to the review and by introducing the new legislation, has indicated a commitment to providing Australia's law enforcement agencies with the regulatory powers it believes are necessary to tackle crime which is enabled through the dark web as well as through use of anonymising technologies. Angela Flannery, Partner at Holding Redlich, discusses the proposed surveillance legislation and how it differs from the existing legal framework in this area, alongside how the two may interact.

Michail_Petrov-96 / Essentials collection /

Comprehensive Review of the legal framework of the National Intelligence Community

Scope of Comprehensive Review

The Comprehensive Review was announced by the Attorney-General in May 2018. The terms of reference for that 18-month review required, amongst other matters, that consideration be given to reform of the legislation governing Australia's six primary national intelligence agencies1, together with legislation governing the intelligence activities of the Australian Federal Police ('AFP'), the Australian Criminal Intelligence Commission ('ACIC'), the Australian Transaction Reports and Analysis Centre, and the Department of Home Affairs.

The Comprehensive Review was completed at the end of 2019, however the Report (in unclassified form) was not publicly released until 4 December 2020. Given the broad terms of reference for the review, it was unsurprising that the unclassified public version of the Report runs to four volumes. The Government released its response to the Comprehensive Review at the same time, supporting the vast majority of its recommendations. As discussed further in this article, the Government's response highlighted its reasoning for introducing the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 ('the Identify and Disrupt Bill') to Parliament, which occurred at approximately the same time.

Australia's surveillance legislation

The Review was specifically tasked to consider Australia's investigative powers legislation, including the Telecommunications (Interception and Access) Act 1979 (Cth) ('the TIA Act') and the Surveillance Devices Act 2004 (Cth) ('the SD Act'). The TIA Act and the SD Act currently provide a complex range of powers for law enforcement and national security agencies to intercept and record communications and undertake other covert surveillance.

The primary purpose of the TIA Act is to prohibit both interception of communications (which is broadly defined to include not only voice calls but emails, texts, and the like) and access to stored communications. The general prohibitions are subject to a number of exceptions that allow law enforcement and national security agencies to require communications services providers to intercept communications and also to provide access to stored communications and telecommunications data (that is, information about a communication). For example, interception warrants may be issued by a specific category of federal judges (referred to as 'eligible judges') and particular senior Administrative Appeals Tribunal ('AAT') members for the investigation of serious offences, including offences with penalties of at least seven years' imprisonment.

The SD Act, on the other hand, grants powers to use surveillance devices to law enforcement and national security agencies (primarily Commonwealth agencies but also State and Territory agencies in limited circumstances). Surveillance may be undertaken by means of computer, listening, optical, or tracking surveillance devices. Surveillance is only permitted for investigating defined categories of serious offences, including Commonwealth offences that carry penalties of at least three years' imprisonment. Surveillance warrants under the SD Act must, except in limited circumstances, only be issued by the same categories of judges and AAT members who may issue interception warrants under the TIA Act.

Review Recommendations regarding surveillance legislation

Unsurprisingly, the Review concluded that Australia's electronic surveillance legislative framework should be simplified, given its current complexity, and also updated to reflect that it had been outpaced by technology. A primary recommendation of the Review, which the Government accepted, was that a new electronic surveillance act should be established, incorporating computer access and electronic surveillance devices powers from not only the SD Act and the TIA Act, but also the Australian Security Intelligence Organisation Act 1979 (Cth), and reflecting modern technology.

What is Australia's proposed new surveillance legislation?

On 3 December 2020, the Australian Government introduced to Parliament the Identify and Disrupt Bill. The Identify and Disrupt Bill provides for three new types of warrants:

  1. 'Data disruption warrants:' These will be able to be issued under the SD Act. Interestingly, these warrants do not have as their primary purpose the investigation of a crime. Instead, the purpose of these warrants (as the name suggests) is to prevent or disrupt defined relevant offences that involve data held in a computer. If such a warrant is obtained by the AFP or the ACIC, it will enable that agency to covertly access and disrupt the relevant data for the purposes of frustrating the commission of a relevant offence. Any information obtained in executing such a warrant will be able to be used as evidence in a prosecution.
  2. 'Network activity warrants:' Like data disruption warrants, these will be issued under the SD Act. These are a broad type of warrant that will enable the AFP or ACIC to investigate a 'criminal network' by accessing data in computers used or likely to be used by that network, whether that data is stored on the relevant computer or temporarily linked or transited through it. A criminal network is a network that has or may engage in defined relevant offences (or the facilitation of such offences). Given the broad nature of the warrant, information obtained may generally not be used as evidence in criminal proceedings but may be used to support an application for another type of warrant such as a telecommunications interception warrant under the TIA Act.
  3. 'Account takeover warrants:' This type of warrant will allow the AFP and ACIC to take control of an account or accounts where the applicant for such a warrant suspects on reasonable grounds that defined relevant offences have, are, or may be committed which are or are likely to be investigated, where control of the accounts is necessary to enable evidence to be obtained. Unlike the other two types of warrants mentioned above, which (as applies for other warrants under the SD Act) may generally only be granted by eligible judges or a limited category of members of the AAT, these warrants may generally be granted by a magistrate. Also, the account takeover warrant provisions will be incorporated in the Crimes Act 1914 (Cth) ('the Crimes Act'), not the SD Act.

For each of the first two types of warrants, the 'relevant offence' definition is the same as provided for in the SD Act and applicable to other warrants that may be issued under that Act, that is, it encompasses, amongst other offences, offences with a maximum penalty of at least three years' imprisonment. For the third type of warrant, there is a more limited category of relevant offence defined by reference to the Crimes Act – being a 'serious Commonwealth offence,' which is a more limited category of serious offence that relates to particular types of matters such as money laundering or tax evasion, or a 'serious State offence that has a federal aspect,' that is, an offence that affects the interests of the Commonwealth or relates to a matter outside Australia or for some other reason has a federal aspect and which would be a serious Commonwealth offence if it was a Commonwealth offence.

Interaction of the Comprehensive Review and Identify and Disrupt Bill

Following introduction, the Identify and Disrupt Bill was sent to the Parliamentary Joint Committee on Intelligence and Security for further scrutiny on 8 December 2020. In referring the Bill to the Committee, the Minister for Home Affairs requested that the Committee provide a report to the Australian Parliament by 5 March 2021, to enable the Bill to be debated in the Autumn 2021 sittings of the Australian Parliament, which commence in March 2021.

Given that the Government has accepted the recommendation of the Comprehensive Review for the creation of a new electronic surveillance act, it may seem surprising that it has at the same time put forward the Identify and Disrupt Bill which it is hoping to enact in the short term. However, it is likely that it will take a number of years for the proposed electronic surveillance act to be developed, consulted on, enacted, and then implemented. The Government has clearly decided that it does not wish to wait that long to introduce the three new warrants provided for in the Bill.

The proposed new types of warrants were not directly recommended by the Comprehensive Review, though the rationale for the Bill may be seen in the Government's response. The Government largely agreed with the Review's Recommendation 162 that the AFP should develop capability to fight cybercrime and fully utilise its existing powers to disrupt online offending. The Government stated in its response that not only should the AFP fight cybercrime and undertake disruption activities onshore, but that the ACIC has a role in disruption activities undertaken within and outside Australia. In responding to that Recommendation, the Government disagreed with the Review's position that the AFP had sufficient existing powers to disrupt online offending and stated that legislative reform was necessary to enhance the ability of the AFP and the ACIC to discover and disrupt serious criminality online.

The response stated:
'those agencies' current powers are increasingly ineffective against mass campaigns of cyber-enabled crime, including those that use the cover of the dark web and anonymising technologies on the surface web (such as virtual private networks). The increasingly large-scale use of the dark web, and other technologies that allow users to remain anonymous, to enable serious crime and terrorism is inhibiting agencies' ability to protect the community, including protecting children from sexual abuse. New powers should enable agencies to identify and collect intelligence on dark web targets, and to take action against those targets, whether that be through traditional investigation and prosecution, or through further disruption of criminal activities2.'

As the Minister for Home Affairs, the Honorable Peter Dutton MP, in introducing the Identify and Disrupt Bill stated that its purpose is to better equip relevant Australian enforcement agencies, the AFP and the ACIC, to take on criminals who use the dark web and online technologies that cloak their identities and encrypt their communications, the early introduction of the Identify and Disrupt Bill is consistent with the Government's response.

Nonetheless, the three new types of warrants are not limited only to use in relation to investigating and disrupting particularly heinous crimes such as terrorism and child sexual offences. Instead, the warrants will be available in respect of a much broader range of offences, as described above. As a consequence, the Parliamentary Joint Committee on Intelligence and Security may ultimately conclude in its inquiry that the Identify and Disrupt Bill is more extensive than necessary to achieve the Government's intended aims.

Angela Flannery Partner
[email protected]
Holding Redlich, Sydney

1. The Office of National Intelligence (responsible for providing intelligence assessments on international issues to Government); the Australian Security Intelligence Organisation (Australia's security service); the Australian Secret Intelligence Service (obtains foreign intelligence); the Australian Signals Directorate (responsible for protection from foreign cyber related attacks and providing foreign signals intelligence); the Australian Geospatial Intelligence Organisation (provides geospatial and imagery intelligence support); and the Defence Intelligence Organisation (responsible for assessing security/strategic threats from foreign countries and organisations).
2. As set out at page 42 of the Government's response, available here: