The Times Australia
The Times World News

.
Times Media

.

Facebook or Twitter posts can now be quietly modified by the government under new surveillance laws

  • Written by James Jin Kang, Lecturer, Computing and Security, Edith Cowan University
Facebook or Twitter posts can now be quietly modified by the government under new surveillance laws

A new law gives Australian police unprecedented powers for online surveillance, data interception and altering data. These powers, outlined in the Surveillance Legislation Amendment (Identify and Disrupt) Bill[1], raise concerns over potential misuse, privacy and security.

The bill updates the Surveillance Devices Act 2004[2] and Telecommunications (Interception and Access) Act 1979[3]. In essence, it allows law-enforcement agencies or authorities (such as the Australian Federal Police and the Australian Criminal Intelligence Commission) to modify, add, copy or delete data when investigating serious online crimes.

The Human Rights Law Centre says the bill has insufficient safeguards for free speech and press freedom[4]. Digital Rights Watch calls it a “warrantless surveillance regime[5]” and notes the government ignored the recommendations of a bipartisan parliamentary committee to limit the powers granted by the new law[6].

What’s more, legal hacking by law enforcement may make it easier for criminal hackers to illegally access computer systems via the same vulnerabilities used by the government.

What’s in the law?

The bill introduces three new powers[7] for law-enforcement agencies:

  1. “data disruption warrants” allow authorities to “disrupt data” by copying, deleting or modifying data as they see fit

  2. “network activity warrants” permit the collection of intelligence from devices or networks that are used, or likely to be used, by subject of the warrant

  3. “account takeover warrants” let agencies take control of an online account (such as a social media account) to gather information for an investigation.

There is also an “emergency authorisation” procedure that allows these activities without a warrant under certain circumstances.

How is this different to previous laws?

Previous legislation, such as the Telecommunications (Interception and Access) Act 1979[8] and the Telecommunications Act 1997[9], contained greater privacy protections[10]. Those laws, and others such as the Surveillances Devices Act 2004[11], do permit law-enforcement agencies to intercept or access communications and data under certain circumstances.

Read more: Australia's privacy laws gutted in court ruling on what is 'personal information'[12]

However, the new bill gives agencies unprecedented interception or “hacking” powers. It also allows “assistance orders”, which could require selected individuals to assist government hacking[13] or face up to ten years in prison.

Why do police argue this bill is required?

According to the Department of Home Affairs, more and more criminal activity[14] makes use of the “dark web” and “anonymising technologies”. Previous powers are not enough to keep up with these new technologies.

In our view, specific and targeted access to users’ information and activities may be needed to identify possible criminals or terrorists. In some cases, law enforcement agencies may need to modify, delete, copy or add content of users to prevent things like the distribution of child exploitation material. Lawful interception is key to protecting public and national security in the fight of global community against cybercrimes.

How does lawful data interception work?

“Lawful interception” is a network technology that allows electronic surveillance of communications, as authorised by judicial or administrative order. There are standards (which means regulations and rules) for telecommunication and internet service providers to achieve this, such as those recommended by the European Telecommunications Standards Institute[15].

How lawful interception works.

Law-enforcement agencies may require[16] service providers to hand over copies of communications data, decrypted data, or intercepted data without notifying users. Service providers may also have to make available analytical tools such as graphs or charts of target behaviours.

What are the privacy concerns?

The Office of the Australian Information Commissioner and others have also raised privacy concerns[17]. The bill may impact third parties who are not suspected in the investigation of criminal activities. In particular, the bill can authorise access to third party computers, communication and data.

The Human Rights Law Centre argues the proposed broad powers can potentially compel[18] any individual with relevant knowledge of the targeted computer or network to conduct hacking activities. In some cases this may clash with an individual’s right to freedom from self-incrimination.

Read more: How the world's biggest dark web platform spreads millions of items of child sex abuse material — and why it's hard to stop[19]

Enabling law enforcement agencies to modify potential evidence in a criminal proceeding is also a major issue of concern. The detection and prevention of inappropriate data disruption will be a key issue.

The implementation of the new warrants needs to be in line with Privacy Act 1988[20] which was introduced to promote and protect the privacy of individuals and to regulate Australian government agencies and organisations. Where some agencies may have exemption against the Privacy Act, it is important to balance[21] between public safety and privacy impacts[22].

What are the security issues and impacts?

The Identify and Disrupt Bill is a part of an extensive set of Australian digital surveillance laws, including the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (TOLA), and the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (the Mandatory Metadata Retention Scheme).

Under the Identify and Disrupt Bill, access can be gained to encrypted data which could be copied, deleted, modified, and analysed even before its relevance can be determined. This significantly compromises users’ privacy and digital rights.

Modern encryption can be very hard to crack, so hackers often exploit other vulnerabilities in a system to gain access to unencrypted data. Governments too are reportedly using these vulnerabilities[23] for their own lawful hacking.

Specifically, they depend on “zero-day exploits[24]”, which use software vulnerabilities that are unknown to software vendors or developers, to hack into a system. These vulnerabilities could be exploited for months or even years before they are patched.

Read more: From botnet to malware: a guide to decoding cybersecurity buzzwords[25]

A conflict of interest may arise if law enforcement agencies are using zero-day exploits for lawful hacking. To protect citizens, we would expect these agencies to report or disclose any software vulnerabilities they discover to the software manufacturers so the weakness can be patched.

However, they may instead choose not to report them and use the vulnerabilities for their own hacking. This puts users at risk, as any third party, including criminal organisations, could exploit these so-called zero day vulnerabilities.

It’s not an abstract concern. In 2016, the CIA’s secret stash of hacking tools[26] itself was stolen and published, highlighting the risk of these activities. The Chinese government has claimed the CIA was hacking targets in China[27] for more than a decade using these and similar tools.

Government use of hacking tools may result in worse cyber security overall. The warrant powers given to Australian law enforcement agencies may protect public safety and national interests, but they may also provide powerful means for adversaries to access government data.

This includes the data and online accounts of targeted individuals like state officials, which may significantly impact national security. This possibility needs to be considered in light of the passing of the new bill.

Whilst the justification of the bill for public safety over personal privacy can be debatable, there is no doubt that the security aspects should not be undermined.

References

  1. ^ Surveillance Legislation Amendment (Identify and Disrupt) Bill (www.aph.gov.au)
  2. ^ Surveillance Devices Act 2004 (www.homeaffairs.gov.au)
  3. ^ Telecommunications (Interception and Access) Act 1979 (www.comlaw.gov.au)
  4. ^ insufficient safeguards for free speech and press freedom (www.hrlc.org.au)
  5. ^ warrantless surveillance regime (digitalrightswatch.org.au)
  6. ^ limit the powers granted by the new law (parlinfo.aph.gov.au)
  7. ^ three new powers (tutanota.com)
  8. ^ Telecommunications (Interception and Access) Act 1979 (www.legislation.gov.au)
  9. ^ Telecommunications Act 1997 (www.alrc.gov.au)
  10. ^ greater privacy protections (research-management.mq.edu.au)
  11. ^ Surveillances Devices Act 2004 (www.comlaw.gov.au)
  12. ^ Australia's privacy laws gutted in court ruling on what is 'personal information' (theconversation.com)
  13. ^ assist government hacking (www.homeaffairs.gov.au)
  14. ^ more and more criminal activity (www.aph.gov.au)
  15. ^ European Telecommunications Standards Institute (www.etsi.org)
  16. ^ require (lims.utimaco.com)
  17. ^ raised privacy concerns (www.oaic.gov.au)
  18. ^ potentially compel (www.hrlc.org.au)
  19. ^ How the world's biggest dark web platform spreads millions of items of child sex abuse material — and why it's hard to stop (theconversation.com)
  20. ^ Privacy Act 1988 (www.legislation.gov.au)
  21. ^ balance (www.oaic.gov.au)
  22. ^ privacy impacts (www.natlawreview.com)
  23. ^ using these vulnerabilities (www.europarl.europa.eu)
  24. ^ zero-day exploits (www.fireeye.com)
  25. ^ From botnet to malware: a guide to decoding cybersecurity buzzwords (theconversation.com)
  26. ^ secret stash of hacking tools (www.washingtonpost.com)
  27. ^ hacking targets in China (www.bbc.com)

Read more https://theconversation.com/facebook-or-twitter-posts-can-now-be-quietly-modified-by-the-government-under-new-surveillance-laws-167263

The Times Features

Will the Wage Price Index growth ease financial pressure for households?

The Wage Price Index’s quarterly increase of 0.8% has been met with mixed reactions. While Australian wages continue to increase, it was the smallest increase in two and a half...

Back-to-School Worries? 70% of Parents Fear Their Kids Aren’t Ready for Day On

Australian parents find themselves confronting a key decision: should they hold back their child on the age border for another year before starting school? Recent research from...

Democratising Property Investment: How MezFi is Opening Doors for Everyday Retail Investors

The launch of MezFi today [Friday 15th November] marks a watershed moment in Australian investment history – not just because we're introducing something entirely new, but becaus...

Game of Influence: How Cricket is Losing Its Global Credibility

be losing its credibility on the global stage. As other sports continue to capture global audiences and inspire unity, cricket finds itself increasingly embroiled in political ...

Amazon Australia and DoorDash announce two-year DashPass offer only for Prime members

New and existing Prime members in Australia can enjoy a two-year membership to DashPass for free, and gain access to AU$0 delivery fees on eligible DoorDash orders New offer co...

6 things to do if your child’s weight is beyond the ideal range – and 1 thing to avoid

One of the more significant challenges we face as parents is making sure our kids are growing at a healthy rate. To manage this, we take them for regular check-ups with our GP...

Times Magazine

IT Support for Sustainable Business Practices

In a contemporary business landscape where sustainability transcends mere rhetoric to become a fundamental operational imperative, IT support emerges as a crucial facilitator in guiding enterprises toward environmentally conscious practices. This d...

Protect Your Vehicle with a Quality Metal Carport

Advantages of Choosing Metal Carports When you are looking for a way to protect your vehicles from the elements, one of the best options is a metal carport. Metal carport kits in Melbourne offer a variety of advantages over other types of carport...

The Future of Smartphones: Embracing Sustainability with Refurbished iPhones

Are you ready to revolutionize the way we use smartphones? In a world driven by technology, it's time for us to shift our focus towards sustainability. Say hello to refurbished iPhones - the game-changer that combines cutting-edge features with e...

Custom Blow Ups: A Fun and Effective Way to Engage Audiences

In today’s competitive market, capturing and maintaining the attention of your audience is crucial. That’s where custom inflatables, or as some might call them, custom blow ups, come into play. These fantastic marketing tools offer a unique and e...

The Best Removalists and Storage Solutions for Every Budget

Removalists and storage solutions are professional services designed to help individuals and businesses with their moving and storage needs. Removalists offer a wide range of services, including packing, loading, transporting, and unloading the fur...

oOh!media puts Neon up in lights

oOh!media has transformed its high-impact Panorama sites across the country for a campaign to mark the merger of Neon and Lightbox under the Neon brand. Sky’s ‘Get it on Neon’ campaign went live on street furniture assets on 17 August in Chris...