When it comes to Australia’s encryption laws, two out of the three arms can now be publicly said to have been used, following the release of the Telecommunications (Interception and Access) Act 1979 — Annual Report 2020-21 this week.
In previous years, agencies had only used voluntary Technical Assistance Requests (TAR) to get service providers to help them, but the latest report shows NSW Police in the past year also turned to the first of the compulsory notices available.
That request, used in a homicide investigation, is the first use of a compulsory Technical Assistance Notice (TAN) to force a provider to use a capability they already possess. Assistance notices issued by state-level law enforcement are reviewed by the Commissioner of the Australian Federal Police (AFP).
Read more: What’s actually in Australia’s encryption laws? Everything you need to know
This leaves the compulsory Technical Capability Notice (TCN) as the only form of notice yet to be publicly disclosed as used. The TCN forces providers to build a new capability for agencies and requires sign-off from the federal Attorney-General and Minister for Communications. The report said no TCNs were sought across the reporting period.
Of the 25 TARs issued by agencies, NSW Police accounted for 16, Victoria Police for five, with the AFP and Australian Criminal Intelligence Commission both issuing a pair. The category of offences under which the TAR was issued were eight for organised offences, seven for homicide, seven for drug offences, and one each for sexual assault, cybercrime, and acts intended to cause injury.
Australia’s encryption laws were passed in December 2018, with then-Labor leader Bill Shorten saying he wanted to make Australians safe over Christmas. A year later after losing an election, Labor wanted to fix the laws it voted for.
Since its passing, the most public display of these powers has been Operation Ironside, which the AFP labelled its “most significant operation in policing history”.
A recent review of the TOLA Act gave a tick to the laws, but it did so while asking for additional safeguards to be added.
For the now AU$238 million metadata retention scheme, over 314,000 requests for telco data were made.
Almost 270,000 pieces of retained data were less than three months old, while over 5,700 were beyond the two-year retention window.
Victoria Police made the most requests, with over 110,000, followed by NSW Police on 106,000, and WA Police making just over 26,200 requests for the period.
Over 312,000 of the requests related to criminal offences, and almost 3,500 related to missing persons.
Following the trend of years past, drug offences continued to be the offence with the most requests, this year with 68,500, followed by fraud, homicide, unlawful entry, abduction, and sexual assault all sitting in a band between 29,000 to 20,000 requests each.
No agencies were authorised to become an enforcement agency in the 2020-21 reporting period, the report said.
Inception warrants also continued the trend of past years, with Administrative Appeals Tribunal (AAT) members continuing to issue the vast bulk of said warrants, accounting for 2,900 of the 3,500 warrants issued.
Of the AAT member number, just shy of 1,700 warrants were applied for by NSW Police with the force only getting 72 from Federal Court judges. Similarly, the AFP had 590 warrants approved by AAT members from its 653 total.
Overall, 3,481 interception warrants were issued to all agencies, and information gained was used in 3,327 arrests, 6,424 prosecutions, and 2,610 convictions.