At a press conference heralding the success of Operation Ironside, the Australian Federal Police (AFP) commissioner Reece Kershaw boasted about his agency’s involvement in the global crime sting.
“We worked in partnership [with the FBI] and we provided a technical capacity to do that,” he said.
More than 800 suspected criminals were arrested, tonnes of drugs, hundreds of guns and millions of dollars of cryptocurrency were seized in the operation. And at the heart of it was an encrypted messaging app, Anom, which was supposed to allow users — criminals, police say — to communicate without anyone intercepting.
Little did they know that an FBI informant had also given a master key to law enforcement.
Sign up to WebCam, Cam's fortnightly newsletter for FREE.
The AFP, according to its early reporting, its own accounts and recently unsealed court documents, played a large role in the operation. But what was its role? It wasn’t, as reported by some, “created” by the AFP. Rather, the AFP’s contribution was to decrypt communications sent via the app.
Kershaw specifically named one law: the controversial anti-encryption Telecommunications and Other Legislation Amendment (Assistance and Access) Act, aka TOLA.
“I think that we’ve used the laws … successfully to protect Australians,” he later said.
While he made a big deal of using TOLA act powers, the AFP has been mum about how exactly it was used.
The act gave three new powers to intelligence and law enforcement agencies in Australia to access encrypted material:
- A technical assistance request: this is a non-compulsory request to provide information (which is something that law enforcement could already do)
- A technical assistance notice: this is a compulsory order to make companies hand over data if their capabilities allow them to access it
- A technical capacity notice: this is the big one. A service provider must build a capability to access any data, like a bespoke backdoor just to access the information they want.
This capacity, which significantly undermines Australians’ privacy, was sold by the government as necessary to cracking down on “terrorists, paedophiles and other criminals communicating in secret”.
Australia’s tech industry warned this would ruin the reputation of services here and cost the industry billions, something that early evidence supports.
Mandatory reporting on the law shows that as of June 30 2020, the powers have been used fewer than a dozen times by NSW Police, AFP and Australian Criminal Intelligence Commission, and only to make voluntary requests.
That’s why ears pricked at the mention of the law, which Kershaw framed as crucial to the global operation.
But he was vague about how it was used.
Prime Minister Scott Morrison was unapologetic when asked about whether the United States chose to partner with Australia because of its surveillance powers, in a practice known as “jurisdiction shopping”: “Certainly … we make no apologies for ensuring that our law enforcement authorities have the powers and authorities they need to stop criminal thugs and gangs.”
So a mystery remains about how this law was used. Did Australia’s law enforcement use new encryption-busting powers, finally providing a PR-friendly use case for the law?
In response to questions from Inq, the AFP has declined to provide further detail.
“There are provisions in Commonwealth legislation which prevent the AFP from confirming the details of the legislative provisions relied upon until these matters are lawfully disclosed in open court,” it said in an emailed statement. “The AFP will elaborate further when it is appropriate and lawful to do so.”
The timelines revealed in US court documents complicates the story. Anom devices were first given out in October 2018 — months before the TOLA act was passed in December that year.
Additionally, the AFP reported having used eight technical assistance requests as of June 30, 2020, and none of the compulsory technical assistance notices or technical capability notices. Essentially it has never used the powers to compel anyone to hand over encrypted data as of this date.
All the while, it had been using its capabilities to pass over communications from the app, according to the FBI.
To date, there is no public proof that powers granted to law enforcement as part of the TOLA act were necessary as part of the operation other than the statements made during the press conference — which was also used to spruik the case for further expansions of the surveillance state.
Why do Australians need to give more power to law enforcement when it remains a mystery how our current capabilities were necessary to carry out daring global stings?
Our political leaders say: “You’ll just have to take our word for it.”
Are you happy to have law enforcement know even more about you? Send your thoughts to email@example.com, and don’t forget to include your full name if you’d like to be considered for publication.