in

AFP used controversial encryption laws in its 'most significant operation in policing history'

AFP Commissioner Reece Kershaw addresses media following mass raids against organised crime across Australia.


Image: Getty Images

The Australian Federal Police (AFP) has made public its “most significant operation in policing history”, which primarily relied on using Australia’s encryption laws to access the encrypted communications of criminals.

During a press briefing on Tuesday morning, AFP commissioner Reece Kershaw said the US Federal Bureau of Investigation (FBI) gained access to an encrypted application, named Anom, and ran it without the knowledge of the criminal underworld.

With that access, the AFP helped to decrypt and read encrypted communication that was sent over Anom in real time as part of the operation.

“Essentially, we have been in the back pockets of organised crime and operationalised the criminal takedown like we’ve never seen. The use of encrypted communication apps presents significant challenges to law enforcement and Anom has given law enforcement a window into the level of criminality that we have never seen before on this scale,” Kershaw said.

Labelled Operation Ironside, Kershaw said the FBI took the lead on a global online sting operation while Australia provided the “technical capability” to be able to decrypt those messages. Europol was also involved in the operation.

Kershaw explained that access to these encrypted messages was gained lawfully through using the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, usually referred to as the TOLA Act, in combination with legal authority from the FBI.

The controversial TOLA Act allows intelligence and law enforcement agencies to request or demand assistance from communications providers to access encrypted communications.

When asked if the FBI chose to work with Australia due to the TOLA Act providing the legal capability to decrypt those messages rather than the AFP’s technical capability, Australian Prime Minister Scott Morrison deferred the question to the United States, touting the AFP’s efforts instead.

In light of the operation being made public, Morrison also took the opportunity to flog various Bills currently being considered by Parliament. Among those Bills were the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 and the Telecommunications Legislation Amendment (International Production Orders) Bill 2020 (IPO Bill).

“There are a series of pieces of legislation that we’ve been seeking to move through the Parliament, not just over this term, but in some cases, over three terms; they need these powers to do their job. The AFP and our law enforcement agencies and other agencies that support them need the support of our Parliament to continue to do the job that they do to keep Australians safe,” Morrison said at the press briefing.

The first Bill, if passed, would hand the AFP and the Australian Criminal Intelligence Commission (ACIC) new warrants for dealing with online crime. The latter Bill, meanwhile, would create a framework for Australian agencies to gain access to stored telecommunications data from further foreign designated communication providers in countries that have an agreement with Australia, and vice versa.

Both Bills have received criticism and currently do not have bipartisan support, with the Office of the Australian Information Commissioner (OAIC) having labelled the powers that would be given through the surveillance legislation amendment as “wide-ranging and coercive in nature”.

“These powers may adversely impact the privacy of a large number of individuals, including individuals not suspected of involvement in criminal activity, and must therefore be subject to a careful and critical assessment of their necessity, reasonableness, and proportionality,” the OAIC said in March.

The IPO Bill has received similar outcry, with the OAIC and Inspector-General of Intelligence and Security saying that the regime requires provision that address transparency and privacy concerns.

In total, the sting operation led to 525 search warrants, 224 individuals being charged, 525 charges in total, six clandestine labs being taken down, and 21 threats to kill being averted. 3.7 tonnes of drugs, 104 firearms and weapons, and over AU$45 million in assets were also seized as part of the operation that commenced three years ago.

Details of how the sting operation first commenced will be announced in San Diego, California tomorrow morning.

Updated at 11:50am AEST, 8 June 2021: made clarification it was the FBI, not the AFP, that first gained access to Anom.

Related Coverage


Source: Information Technologies - zdnet.com

Superloop to purchase Exetel for AU$110 million

How the FBI and AFP accessed encrypted messages in TrojanShield investigation