Fast Facts: AFP powers under SLAID legislation

Q. Can the Australian Federal Police/Australian Criminal Intelligence Commission take over my social media account?

To take control of an online account – which can be done by changing the password to an account – the AFP/ACIC must first must apply, and then be issued, an Account Takeover Warrant. The warrant must be issued by a magistrate.

The AFP/ACIC must suspect on reasonable grounds that taking control of an online account is necessary to obtain evidence about serious criminal offences.

A magistrate must consider different factors before granting a warrant to ensure the AFP/ACIC’s actions are justified. For example, the magistrate must consider:

· The nature and gravity of the alleged offences;

· Any alternative ways for the AFP to obtain the evidence; and

· The extent to which AFP taking control of the account is likely to cause a person to suffer any temporary loss of money, digital currency or property.

A warrant must be revoked once the AFP/ACIC no longer needs access to the account. The AFP/ACIC must also take steps to restore an account holder’s access to the account, if it is lawful for the account holder to operate the account. For example, the AFP/ACIC would not have to restore access to an account on a dark web forum that was used to distribute child abuse material.

If the AFP/ACIC needs to search an account for evidence, then the AFP/ACIC needs to apply for a separate warrant, such as a Computer Access Warrant.

Q. Can the AFP/ACIC hack into my device?

Data Disruption Warrant allows the AFP and the ACIC to add, copy, alter and delete data in computers in order to frustrate serious criminal offences occurring online.

The AFP/ACIC can only do this if authorised by a warrant obtained from an eligible federal judge or nominated Administrative Appeals Tribunal member.

The AFP/ACIC can only obtain these warrants if it meets the strict criteria in the legislation, including that it concerns a Commonwealth offence with a penalty of at least three years’ imprisonment.

Network Activity Warrants also allow the AFP/ACIC to access data held in devices used by a criminal network of individuals.

This is to gather intelligence about serious criminal activity occurring online, or is being facilitated by electronic communications. The AFP/ACIC can only do this if authorised by a warrant obtained from an eligible federal judge or nominated Administrative Appeals Tribunal member. It also must meet strict criteria in the legislation, including that it concerns a Commonwealth offence with a penalty of at least three years’ imprisonment.

Q. What are the oversights for these warrants?

The AFP/ACIC’s use of these warrants are subject to rigorous oversight and accountability.

The AFP/ACIC must present sufficient material to an eligible federal judge or nominated Administrative Appeals Tribunal for a Data Disruption Warrant or Network Activity Warrant, or magistrate for an Account Takeover Warrant.

All three warrants also have strict limitations on the activities which can and cannot be performed under the warrant. For example, the AFP cannot cause any permanent loss of money, digital currency or property (other than data).

The AFP/ACIC’s use of Data Disruption Warrants and Account Takeover Warrants will be overseen by the Commonwealth Ombudsman, which currently oversees the AFP/ACIC’s use of other surveillance and interception powers. The Commonwealth Ombudsman will inspect the AFP/ACIC’s records for data disruption and account takeover warrants, and will report twice a year on the AFP/ACIC’s compliance.

The AFP/ACIC’s use of Network Activity Warrants will be overseen by the Inspector-General of Intelligence and Security (IGIS). The IGIS will be able to inquire into the AFP/ACIC’s use of Network Activity Warrants, including whether all laws, directions or guidelines were complied with, and how the AFP/ACIC used the intelligence gained under that warrant. The AFP/ACIC must notify the IGIS every time a new warrant is issued.

The AFP/ACIC must also report to the Minister for Home Affairs on use of all the warrants. Statistics about AFP/ACIC’s use of the warrants will be included in annual reports that are tabled in Parliament and are publicly available.

Q. How can you assure innocent people that they won’t get caught up in police activities under this legislation?

Before issuing any warrants, the issuing authority must consider a range of factors including privacy and proportionality arising from the AFP/ACIC’s proposed activities under a warrant.

These powers are designed to help the AFP/ACIC adapt to the increasing use of the dark web and encrypted, anonymising technology. They will be used to target child abusers operating on dark web forums or a closed chat group on social media or organised crime groups using dedicated encrypted communications platforms (such as AN0M, Phantom Secure and Encrochat) to evade law enforcement’s detection.

Q. Are you going to use these powers for any crime, like minor theft?

No. The application for warrants will be made when the AFP/ACIC is investigating serious criminal offences, which is primarily a Commonwealth offence with a penalty of at least three years’ imprisonment.

The SLAID Act defines these serious types of offences as:

· An activity against the security of the Commonwealth (eg terrorism, foreign interference or espionage);

· An activity against the proper administration of government (eg bribery of a Commonwealth official);

· Conduct which causes serious violence or harm to a person (eg child abuse and human trafficking);

· Conduct which causes a danger to the community (eg drug and firearms trafficking, or organised crime/criminal association offences);

· Conduct which causes substantial damage to, or loss of, data, property or critical infrastructure (eg cybercrime and money laundering)

· Any other conduct involved in transnational, serious or organised crime.

These warrants require significant time and AFP/ACIC technical resources to use. This means the AFP/ACIC cannot justify the use of these warrants on minor matters. The investment of time, resources and people means the AFP/ACIC can only use these on serious matters, such as the above.

/Public Release. View in full here.