Australian Police Could Get More Cyber-Espionage Powers with New Government Bill

UK businesses and organisations have a better understanding of cyber risk and their responsibilities to manage them. We will help organisations better understand the risk to their customers, including how the data they hold could be used to facilitate crimes like fraud, identity theft or extortion. And we will share more insights from research and data on the prevalence and impact of cyber attacks and relative progress sectors are making in improving cyber security.

Australian Police Could Get More Cyber-Espionage Powers

Tarian Regional Cyber Crime Unit is a multidisciplinary team of police officers and staff seconded from the Welsh Police forces. Their mission is to contribute towards the provision of a safer and more secure cyber-environment in Southern Wales.

The Anti-Terrorism Act (No.2) 2005 expanded the powers of the AFP, and State and Territory police to stop, question and search persons for the purposes of investigating and preventing terrorism by introducing ss 3UA to 3UK of the Crimes Act.

On 21 December 2007, Mr Hicks became the second person in Australia to be the subject of an interim control order. The control order required that Mr Hicks report at least three times per week to a police station, and be fingerprinted. Mr Hicks was subject to a curfew between midnight and 6am. The order also imposed restrictions on where Mr Hicks could live, with whom he could associate, where he could travel and his ability to communicate via email, telephone and the internet. On 29 December 2007, Mr Hicks was released from prison. The control order imposed on Mr Hicks was confirmed on 20 February 2008, although some of its conditions were relaxed.[62]

The proposed legislation faced numerous criticisms from politicians, advocacy groups, and the tech industry. Liberal Democratic Party Senator David Leyonhjelm argued that the bill was "a draconian measure to grant law enforcement authorities unacceptable surveillance powers that invade Australians' civil rights", alleging that users could be compelled to provide passwords for their personal devices at the request of law enforcement, or be fined.[33][34][35] it was felt that the bill had weaker oversight and safeguards than the equivalent UK legislation, where requests for assistance are subject to judicial review.[29] It was also noted that although providers could not be ordered to do so, they could still be encouraged by the government via a TAR to add a "systemic weakness" to their systems.[30] In testimony, cyptography expert and Stanford Law School attorney Riana Pfefferkorn argued that "whenever you open up a vulnerability in a piece of software or a piece of hardware, it's going to have consequences that are unforeseeable".[36]

Companies could be prohibited from fixing existing vulnerabilities, or required to introduce new ones in forthcoming products. Even incidental users of communication tech could be commandeered to become spies in her Majesty's Secret Service: those same powers also allow the UK to, say, instruct a chain of coffee shops to use its free WiFi service to deploy British malware on its customers. (And, yes, coffee shops are given by officials as a valid example of a "communications service provider.")

In the meantime, the British authorities can encourage an intermediary step: other governments may be more likely to offer support for a IPA regime if Britain offers to share the results of its new powers with them.

But hacking and the subversion of tech companies isn't just for spies anymore. The British Act explicitly granted these abilities to conduct "equipment interference" to more than just GCHQ and Britain's other intelligence agencies. Hacking and secret warrants can now be used by, among others, the civilian police force, inland revenue and border controls. The secrecy and dirty tricks that used to be reserved for fighting agents of foreign powers is now available for use against a wide range of potential suspects.

Australian regulatory bodies coordinate their efforts so as to share information and intelligence-gathering powers (subject to certain restrictions). In the event of serious criminal allegations, it is common for two or more regulatory authorities to be involved. Joint task forces, such as the Serious Financial Crime Taskforce, have been established to streamline and consolidate information sharing, investigation and reporting lines in Australia.

Consolidate Domestic Intelligence Entities Under the FBI. After the September 11 terrorist attack, the federal government responded by reforming existing programs and adding new entities and activities. This new "homeland security" apparatus was born under the duress of a crisis, with the best of intentions. Knowing our policymakers rarely get it exactly right, we should occasionally review their decisions and make reforms when necessary. In our domestic counterterrorism activities, getting it right is critical. As the clich' notes, the law enforcement entities charged with protecting us from terrorists must succeed all of the time because the terrorists need only succeed once. Those difficult odds should not be made longer by trapping law enforcement in a fragmented, inefficient, and costly multiheaded system. Yet today, federal, state, and local law enforcement entities outside of Washington are doing the work to gather, share, and analyze information and intelligence within several, often siloed structures. The two primary structures are the Joint Terrorism Task Forces (JTTF) of the US Department of Justice (DOJ) and fusion centers of the US Department of Homeland Security (DHS). The bulk of the activity occurs in the JTTFs, while the fusion centers have struggled to show meaningful utility in the information and intelligence arena. Because these two entities compete for finite resources and run the risk of inadvertently failing to share information or intelligence that could help prevent a terrorist attack, DHS and DOJ should merge the fusion centers into the older, more established and active JTTFs. By consolidating all federal, state, and local information and intelligence activities into one entity, we would give our law enforcement community the best opportunities to detect and to prevent terrorist attacks. [Read more: Mayer/AmericanEnterpriseInstitute/7March2016] 2ff7e9595c