Surveillance State Laws That Enabled the Encryption-Busting Anom App Affect Us All
Home affairs minister Karen Andrews called Operation Ironside the “most significant operation in policing history” at an 8 June press conference, while AFP commissioner Reece Kershaw outlined that the crime sting had resulted in 224 arrests, had shut down six drug labs and foiled 21 killings.
Known as Operation Trojan Shield in the US, the transnational crime investigation involved the FBI and the AFP duping criminals around the planet into using an encrypted application known as Anom to communicate the details of their illegal operations in a supposedly undetected manner.
Kershaw told reporters that the use of the sham app was completely legal, under the provisions of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (the TOLA Act).
The passing of this controversial piece of legislation was overseen by then home affairs minister Peter Dutton during the last sitting week of parliament in 2018.
And while it’s unclear how the TOLA Act laws were specifically used in Ironside, their application during the criminal investigation has again raised concerns around the invasive reach of these measures, which, whilst currently turned upon lawbreakers, have implications for us all.
Avoiding US rights protections
The suggestion is that the FBI partnered with the AFP in relation to the encrypted app as the provisions within the TOLA Act provide Australian law enforcement agencies with legal capabilities that aren’t available to their US counterparts.
An unsealed document filed in a US District Court in May, outlined that a master key had been inserted into the application’s system of encryption, which permitted law enforcement to decrypt messages and store them at the same time that they were being sent by suspects.
As US privacy laws restricted the FBI from directly accessing the 20 million-odd messages intercepted in 90 countries, they had to be sent via a server in an unnamed third country to be download and then sent on to US agents. The protections in the US also meant that no arrests of its citizens could be made in relation to the sting.
Enforced assistance and access
The TOLA Act established a three-tiered system that enables Australian law enforcement to require designated communications providers to allow access to their encrypted systems.
The first tier involves technical assistance requests, which permit providers to voluntarily remove electronic protections on being asked by authorities.
The second tier involves technical assistance notices, which are a compulsory direction requiring providers to give decrypting assistance they already possess. While the third tier involves a technical capability notice, which requires a provider to build new backdoor to access their system.
In June 2017, the Five Eyes security alliance released a statement citing its concerns around not being able to break through encrypted systems.
Established in 1946, the Five Eyes alliance is an information sharing agreement between the intelligence agencies of the US, the UK, Canada, New Zealand and Australia.
Former Australian PM Malcom Turnbull announced the month following the release of the Five Eyes statement that the federal Coalition government intended to pass laws to break through encrypted data.
And in October that same year, then Electronic Frontiers Australia executive officer Jon Lawrence suggested to Sydney Criminal Lawyers that these developments showed it was “Australia’s turn to step up for the Five Eyes and take a lead on” the issue of getting around encryption.
The creeping surveillance state
Since the 9/11 attacks in 2001, the Australian federal government has passed over 85 pieces of national security legislation, with bipartisan approval.
These laws have ostensibly been aimed at terrorists, yet they’ve succeeded in undermining the rights of all Australians and are now increasingly being applied to regular citizens.
When asked at the Operation Ironside press conference about whether the FBI had sidled up to the AFP due to the legal capacity Australia has to get around encryption, prime minister Scott Morrison told reporters that he would leave that up to US authorities to explain.
But the PM did suggest that there are more rights-eroding bills before parliament that his government is itching to pass.
“There is a series of pieces of legislation that we’ve been seeking to move through the parliament, not just in this term, but in some cases over three terms,” Morrison maintained. “They need these powers to do their job.”