The Walsh report - Chapter 6



6.1      Policy Primacy and Coordination

6.1.1      Many departments and agencies have an interest in cryptography policy. Some of the range was outlined in Chapter 1. The issue of policy primacy now needs to be established so Ministers and departments are aware of whom with which they need to consult when policy issues overlapping the cryptographic area surface and so one Minister and department is viewing the issue of cryptography policy from a holistic point of view. There is fair indication that neither of these functions is currently being performed. Inside and outside the bureaucracy there is some bemusement that no department has or is even claiming ownership of this policy area. That diffidence, should it be that, can only confuse. Because of the pervasive impact of cryptography policy issues on every sphere of activity, not least the way commerce and government will engage in business, the matter should be taken to Cabinet promptly for a decision on policy ownership.

6.1.2      It has become self-evident that decisions taken in the areas of IT industry development, export schemes, broadband communication policy, intellectual property, criminal justice or law enforcement. each bear on policy issues associated with encryption, so it is only sensible that one Minister and one Department coordinate those issues while several may have responsibility for particular areas. The mystification within government and in the private sector at the apparent lack of policy coordination is accentuated by the plethora of committees, working groups and other forms of review looking at policy issues which embrace or impact upon cryptography policy issues. Clearly the questions of policy primacy and coordination go together and, when settled, need to be advised widely.

6.1.3      Which department should have the policy responsibility is an issue for decision by Ministers. Some of the issues are mentioned at paragraphs 3.4.3-5.

6.1.4      The option of the Attorney-General's Department was suggested in light of its interaction with the IT industry, academics, its organising role in the joint Australian Government/OECD conference on Security Privacy and Intellectual Property Protection in the Global Information Infrastructure in February 1996 and its continuing function as chair of the Ad Hoc Group of Experts tasked with developing draft Guidelines on Cryptography and leader of the Australian delegation, as well as its protective security policy, law and legal policy interests. As an alternative, Cabinet may decide to give it to a sub- committee of Ministers, but the chair of that sub-committee would likely be decided on the same basis as a single responsible Minister - congruence with portfolio interests, best positioned to represent the whole of government interests and subject to counterbalancing pressures which would likely produce balance and perspective.

6.2      Maintaining Investigative Capability

6.2.1      Technology continues to develop at an astonishing rate, rendering inadequate or anachronistic the scope of statutes whose original purpose may be yet clear but whose specification of the means by which ends are achieved has rendered them nugatory. The clearest example of this are the listening device provisions in the AFP Act which specify the purpose to be for carrying voice transmissions. This degree of specificity about means in the statute precludes their use to transmit video or other images, or electronic signals. There is a need to amend the provisions and, just as clearly, to ensure all these forms of intrusive investigation are couched solely in terms of purpose or objective, not the means by which those purposes may be realised. This is important to take account of the constant changes in technology and the political sensitivity which always surrounds the introduction to and amendment of such measures by the parliament.

6.2.2      The steadily growing level of dependence of business on computer and information technology has seen, not surprisingly, a proliferation of computer and communications crime. That trend is only likely to become more pronounced. The AFP needs to be able to deploy whatever it judges from a propriety and operational point of view to be the appropriate means. It is unable currently to use listening devices against these categories of crime because of their classification. It seems clear the criteria of Class 2 offences in section 12(B) of the AFP Act should be widened to enable it to do so.

6.2.3      That increasing reliance on computers for communication, file storage, word processing and publishing, among other uses, affects the subjects of investigation of the AFP, the NCA and ASIO as much as the rest of the community. Computers may be used to prepare for the commission of Commonwealth offences and assist in the commission of those offences. While investigative agencies may be unable to introduce human sources, listening devices or conduct searches because of the standard of protective security observed, the limited time available or the risk of destroying the integrity of the investigation, it may be open to them, if the authority existed, to defeat the access controls on the target's computer and enter the system.

The capacity to 'hack', under a Justice of the Peace or Magistrate's warrant, would harmonise the search provision of the Crimes Act 1914 to today's standard form of storage.

6.2.4      Some anomaly is perceived in the different way obligations are levied on telecommunications carriers and service providers. The class licensing system of service providers has not worked as well as might have been hoped. Dealing with the specific interest of this Review, it has proved ineffective in dealing with those service providers whose activities frustrate law enforcement or the preservation of national security. A system of enrolment as provided in s.225 of the Telecommunications Act 1991 has been canvassed by LEAC. It was hoped the services to be specified as subject to this requirement would include the supply of switched services, reselling capacity on leased lines to the public, reselling airtime on mobile networks, supply of voice mail and electronic mail services where those services include the provision of infrastructure, supply of paging services and the operation of private networks with more than 5,000 lines or which provide links between more than five distinct places, and providers of Internet services. The two major drivers of concern for law enforcement and national security are access to customer information and the kinds of services which could potentially be legally intercepted. The Department of Communications and the Arts (DOCA) has opined that a general requirement for registration of service providers would destroy the integrity of the class licensing system and it fears further obligations placed on service providers, whether through a system of enrolment or Ministerial direction, could deter some from entering or remaining in the industry.

6.2.5      There is broad support for a form of registration/enrolment from AUSTEL, the service providers themselves and the law enforcement and national security agencies. The delicate policy question with which DOCA, in particular, has to grapple is that actions not be taken which may prove inconsistent with the deregulated environment after 1 July 1997. This is a strong public interest argument here - but so, too, is the public interest in the maintenance of law and order and the protection of national security. Some form of registration or enrolment seems justified.

6.2.6      There has been a need for clear legislative authority for tracking devices (beacons) for some years. Proposals for draft legislation have, been considered but never advanced to the stage of a bill being listed.

The absence of this investigative tool is a privation for the AFP, the NCA and ASIO. It has proved its effectiveness in Britain, the United States and Canada. It has obvious application in counter-terrorist situations, in narcotics investigations and in cases of kidnapping of dignitaries. There is a need quickly to revive this legislative proposal on which bipartisan support would likely exist.

6.2.7      The Crimes Act 1914 contains no explicit provision for a covert search to be undertaken by any constable. It simply speaks of entry being made 'at any time', with necessary assistance or force as required. It is understood the execution of a search warrant was intended to be a transparent process so the owner or occupier might check the details on the warrant, confirm they were a correct description of his/her property and then monitor the search and seizure to ensure compliance with the terms of the warrant. No doubt the powerful place which property occupies in the common law had something to do with this approach. It is possible, presumably, for the police to delay execution of a search warrant until no person is present. That may not offend the terms of a warrant in a literal sense but it does frustrate the extant intention of the statute. The issue is raised as occasions will occur when a search of premises may well enable an investigation to be focussed more sharply, the privacy of others to be protected from unnecessary intrusion, a prosecution to be achieved and resources to be saved and directed to other priority tasks.

6.2.8      The ASIO Act provides for the issue of search warrants which may be executed covertly. 63 Such a provision recognises the value of a search as an investigative tool, rather than simply a means of publicly announcing the fact, and likely the conclusion, of the investigation. It also obviates the dilemma which those who execute a Crimes Act search warrant in covert fashion may face. That situation should be avoided. The Parliament has recognised the need for such a covert capability in relation to ASIO, there are strong grounds to extend that capability to law enforcement.

6.2.9      Tracking devices cater for locating or following the platform on which they are mounted. To investigate the offences enumerated in 6.2.6, the capacity to trace communications and identify the location of their source is just as, if not more, critical. There is extant authority for carriers, service providers and AFP, NCA or ASIO to cooperate in this regard. A problem would arise were carriers to confine the test of reasonable cooperation to life-threatening situations. This would seriously restrict the use of what would otherwise be a tool of immediate application, enabling the direction or diversion of resources. With the deregulation of the telecommunications market from 1 July 1997, this situation may well become more fraught. There is an issue of costs and the AFP and ASIO should carry a reasonable proportion for out-of-hours access to the service, but the, service needs to be available. The prospect of a growing incidence of encrypted communications will only increase the importance of this facility. LEAC, with its own reporting arrangements, would seem the most appropriate forum through which a new cooperative agreement might be negotiated.

6.2.10.      The opportunity may present itself to the AFP, NCA or ASIO to alter software located in premises used by subjects of intensive investigation or destined to be located in those premises. The software (or more rarely the hardware) may relate to communication, data storage, encoding, encryption or publishing devices. While some modifications may have the effect of creating a listening device which may be remotely monitored by means of the telecommunications service, for which purposes extant warranting provisions would provide, others may create an intelligent memory, a permanent set of commands not specified in the program written by the manufacturer or a remote switching device with a capacity to issue commands at request. The cooperation of manufacturers or suppliers may sometimes be obtained by agencies. When manufacturers or suppliers are satisfied the modification has no discernible effect on function, they may consent to assist or acquiesce in its installation. It will not always be possible, however, to approach manufacturers or suppliers or the latter may be in no position to consent to modification of proprietary software. When agencies are investigating a high priority target, practising effective personal and physical security, moving premises and changing telephone/fax regularly, an opportunity to access the target's computer equipment may represent not only the sole avenue but potentially the most productive.

6.2.11      Agency technical officers may be urged to effect such modification with the support, on the issues of personal and agency risk, of their management, senior officials of other departments and agencies and even Ministers. Such approval processes and support may not, however, address the liability implications of proceeding without the consent of manufacturer, supplier or owner. In the event of an equipment or software malfunction or failure to perform to full specification, an investigation of a complaint could lead to discovery of the modification. The issue of liability of the Commonwealth may then potentially arise. While agencies would not, presumably, employ techniques readily discoverable by physical or electronic search or which may interfere with functionality in any discernible way, in other words all reasonable means not to interfere in the contractual relationship between manufacturer/supplier and customer would be taken, the possibility of compromise cannot be excluded. Provision to limit the liability of the Commonwealth in these circumstances is a necessary protection for the officers and agencies engaged in this high risk area of technical collection.

6.2.12      Where sensitive operational sources, targeting or methods are likely to be disclosed in judicial proceedings, the Commonwealth commonly mounts a claim of public interest immunity (PII), arguing disclosure would adversely affect the operational capability of the agency concerned, render it ineffective in the performance of functions given it by the parliament, possibly place the lives or well-being of agency employees at risk or face the compromise of investigations employing similar means. It has been the experience of the AFP, NCA and ASIO in argument and cross-examination in support of applications for PII, that some information for which protection was sought under the aegis of those applications has, in fact, been disclosed. Indeed, it is not unknown for a judgement upholding a PII claim to be released, without restriction, when it contained information led in support of the application but intended to be protected bv the grant of that application.

6.2.13      Some more effective protection of sensitive operational sources and methods against disclosure is dictated or the risk must be faced either that prosecutions will not be pursued or the investigative capability of agencies will be progressively eroded. The advent of widespread use of strong encryption by the subjects of investigation of the AFP, NCA or ASIO will necessitate a range of high-risk, inventive and often costly investigative methods by those agencies to acquire keys or passwords and overcome that protection. Disclosure of the methods which may prove effective would quickly disadvantage those agencies and become common knowledge among criminals and terrorists. Protection of this narrow but critical edge might be afforded by incorporating a statutory protection in the acts of the various agencies.

6.2.14      A useful conceptual model is to be found in the ASIO Act. Part VA of the ASIO Act deals with the Parliamentary Joint Committee (PJC) on ASIO. After setting out the functions of the Committee, it proceeds to list what they do not include. Among them:

To that limitation on the function of the PJC is added the power of the Minister to issue a certificate advising a witness not to give or continue to give evidence or not produce a requested document for reasons relevant to security. Notwithstanding those two levels of protection, the legislature decided nothing should be left to chance when the Committee comes to report to the Parliament. It prescribed the Committee shall not disclose:

The statute then proceeds to enjoin the Committee to obtain the advice of the Minister whether the disclosure of any part of its report would meet the above or another criterion. 66

6.2.15      The model seems apposite as the restrictions intended to preserve effectiveness in the performance of function occur later in the same statute where the Parliament has given a range of intrusive investigative powers, subject to the application of the Director-General and the approval of the Attorney-General.

6.2.16      The need for a more reliable protection in judicial proceedings was asserted by all agencies. The particular need in the context of cryptography is to protect as long as possible any successful means devised by the AFP, the NCA or ASIO to obtain passwords or keys to encrypted data. This is not to suggest the validity of search warrants where data is seized should not be open to challenge, the provenance of seized electronic data should not be thoroughly scrutinised or the relationship between the key/password produced by the prosecution and the data seized under warrant should not be contested before the courts. The AFP, NCA and ASIO need to be able to produce a key which converts the data into intelligible form without being required to establish how the key came into their possession. To disclose those steps, unlike the audited evidentiary trail of the material seized, would be to erode the agency's capacity to conduct similar future investigations.

6.2.17      Invocation in judicial proceedings of such a statutory protection against disclosure of sensitive operational methods should properly be accompanied by a certificate from the head of the agency attesting to the nexus between that matter and the capability of the service to perform its functions and offset by a privacy oversight mechanism similar to one discussed later in this chapter.

6.2.18      As encryption has the potential to render intercepted communications unintelligible, it is critically important that the capability to intercept is provided with the delivery to the market-place of new telecommunications services. LEAC exercises a valuable role in bringing carriers together with law enforcement and ASIO to decide if that capability will be required. No less important is the licence provision requiring carriers to secure the approval of the Minister for the Communication and the Arts, who must consult with the Attorney-General, before approving the marketing of a service not susceptible to interception. It is understood a suggestion for consideration in the review of the Telecommunications Act is that this delegation might be exercised by the Minister without reference to the Attorney-General. Such an approach would risk failing to take account of law enforcement and national security requirements, which are located in the Attorney's portfolio. The experience with GSM should prove an effective deterrent to any inclined to move in this direction.

6.2.19      In summing up this section, there is a need to remedy some obvious deficiencies, to provide for new ways of doing old things and to preserve some existing capacities. The following list, which addresses concerns of Commonwealth agencies only, is not exhaustive, but illustrates the issues to be addressed.

6.2.20      Australian Federal Police Act 1979

6.2.21      Telecommunications Act

6.2.22     Crimes Act 1914 6.2.23      Clearly all proposals made in relation to the AFP (and the NCA) apply equally to ASIO, both for its security intelligence investigation purposes and its collection of foreign intelligence in Australia using its Special Powers.

6.2.24      The establishment of a statutory protection for investigating agencies from disclosure of sensitive information bearing on operational capability may exclude certain of those activities from the scrutiny of the courts or an oversight body charged with monitoring privacy protection. It is important that the privacy rights and civil liberties of persons the subject of investigations are preserved and seen to be preserved. There is, therefore, a need to put some special arrangement in place which will accommodate this need. A suggestion is made in the following paragraphs.

6.2.25      The task may be assigned to an Ombudsman, Inspector-General of Intelligence and Security or similar independent person experienced in the conduct and handling protocols of sensitive matters. The Inspector-General of Intelligence and Security has this function in his remit as far as ASIO is concerned. The IGIS Act prescribes the Inspector-General will act for the Human Rights and Equal Opportunity Commission in respect of the intelligence community. 67 As far as Commonwealth law enforcement agencies are concerned, I had been thinking in terms of the Ombudsman, but the function might be given to the proposed National Integrity and Investigations Commission.

6.2.26      This official concerned would be required to:

6.2.27      This outline is neither suggested as complete nor prescriptive, but merely an example of an attempt to walk a middle course at risk of some offence to both sides, yet offering a reasonable compromise.

6.2.28      There is obviously a functional overlap between the AFP and NCA and the police services of the States and Territories. The offences attracting the major investigative focus of those agencies are no respecters of borders, whether national or international. In a report where I urge new areas and forms of cooperation between the Commonwealth and the States and Territories, address a challenge which will tax the limited operational flexibility of those agencies either separately or acting in concert, and where there must be universal acknowledgement that involuntary or inadvertent disclosure of effective tradecraft by one will affect all adversely, the strongest call has to be made for parallel or complementary legislation between the Commonwealth, the States and Territories.

6.3      Coordination of Operational Capability

6.3.1      A modest but encouraging initiative was taken by DSD in the past year to bring together agencies facing common problems in the technical collection of intelligence, to provide a forum for frank exchange and to ensure coherence and the avoidance of duplication in the research and developmental work being undertaken by a number of agencies. This grouping did not involve any law enforcement agency representation. As the Review has not recommended the establishment of a separate decryption facility for law enforcement and in light of the reduction in Government outlays, there is an even greater need to ensure law enforcement agencies are included in this sort of forum and exchange, as they are likely to experience most acutely the problem.

6.3.2      This report has earlier (paragraphs 4.4.8-12) suggested the establishment of an inter-agency forum which would bring together the Commonwealth law enforcement agencies (AFP and NCA) ASIO and DSD, compliance agencies such as ACS and AUSTRAC and a coopted representative of a State or Territory police service. As the National Police Research Unit is involved in research on the impact of cryptography, it may be appropriate for an officer working on the project to represent the State and Territory police services.

6.3.3      It would seem sensible to coordinate work on profitable areas of technical attack among and between the investigative agencies, DSD and the Defence Science and Technology Organisation (DSTO). Again the forum would be able to provide the requisite level of coordination.

6.3.4      The relationship of these agencies with AUSTRAC may well prove crucial once encryption becomes more pervasive. Major subjects of investigation, whether they be narcotics suppliers or distributors, pornography distributors, money-launderers or terrorists, rely and will continue to rely on the banking system to provide value to their transactions. The 'money trail', provided by credit and smart-cards, not to ignore fly-buys, may well provide a continuously available hand-rail in a darkening investigative world.

6.3.5      This report has earlier noted the resources dedicated to the investigation of computer crime among law enforcement and national security agencies are impressive but seem very meagre. 68 There can be no doubt increasing demands will be made on these units. There is, in such specialist and technical areas a critical staffing and capital investment mass below which staff development and capability enhancement cannot be achieved or sustained. With agencies, some staffing and budgetary protection will be required if these purposes are to be met and failure through atrophy avoided. There would be merit in the proposed inter-agency forum on cryptography preparing, for the respective agency managements, a staffing, development and investment plan for the next 5 years. The aim of coordinating this through the forum would be to ensure its coherence, resource maximisation and the complementarity of its parts. The reason for proposing a 5 year time frame rather than the customary triennial basis is due simply to the pace at which the technology and circumstances change. In a field in which prediction of the operating context in 3 years time is hazardous, extension of the horizon to 5 years might lessen the risk of an inadvertent obstacle being placed in an agency's path by corporate decisions.

6.4      A New Legislative Approach?

6.4.1      The term normally used by the OECD to cover law enforcement, counter-terrorist and counter-espionage interests is 'public safety'. It is a useful and simple description of a class of interests which concern the community, with which the state must be concerned and which various agencies must investigate. The means employed to investigate the kidnapping of a distinguished visitor or internationally protected person, a threat to blow up an aircraft if demands are not met or money paid, a terrorist threat against Australian citizens or institutions or a major importation of narcotics are essentially the same. Putting aside the variety of overt means which may be employed, the covert ones may include various combinations of physical, audio and visual surveillance, the search of premises and possible seizure of items, the interception of various forms of telecommunications and possibly of the mail. They may include thermal imaging, call tracing, tracking devices, GPS, or even satellite imagery.

6.4.2      The powers which involve an intrusion into a person's privacy are located in various statutes administered by several federal Ministers. It has long been the case that amendment of the investigative sections of these statutes has been approached with considerable diffidence. Not because of lack of belief in the merit and necessity of particular amendments but rather because an excess of hyperbole appears to characterise these public discussions and often prevents reasoned explanation and ready acceptance by the community and carries, therefore, the risk of negative electoral impact. Sometimes that tendency has been positively encouraged with Orwellian titles to statutes like the 'Electronic Surveillance Act'. Criticism by a court or oversight body of the manner or circumstances in which some intrusive investigatory power was exercised appears to increase the degree of difficulty with which amendments to the relevant statutes are approached. It seems axiomatic in the Australian community that there is not and will never be a convenient time to introduce necessary amendments to the investigatory powers of these agencies. They are generally introduced in isolated fashion and often have to be argued defensively.

6.4.3      The chancing nature of crime, the proliferation of security threats with a capacity for violence, the extraordinary burgeoning of technology, all make regular review and amendment of the investigative capability of law enforcement and national security agencies a necessity. The increasing number of dignitaries invited by the Government to visit the country who face the risk of violence, the rising incidence of attacks against the institutions of the state and the imminent arranging of a major world event such as the 2000 Olympic Games suggest a different conceptual approach might prove rewarding.

6.4.4      All the intrusive investigative powers have to do with the preservation of 'public safety' in the broad definition given earlier. The approach suggested is to incorporate all these powers into one statute which would provide in its title an easily understood purpose, quite separate from any agency. It might, for instance, be titled the 'Aid to Public Safety Act'. Such a title would be precise in terms of objective, reassuring in terms of community expectation and positive in its statement. The various investigatory powers should be couched in purpose or objective terms. The specification of the means by which any particular purpose may be realised should be eschewed. For example, the problems created by the current definition of a listening device in the AFP Act when the purpose should simply be stated as being for 'the transmission of data'.

6.4.5      The ready availability of strong data encryption and increasing difficulty associated with interception, likely to be exacerbated in a deregulated environment, threatens both the availability and viability of traditional investigative methods. This will place, for instance, much greater emphasis on tracing, intercepting and data logging of calls through multi-carrier and multi- national networks and the local authority to enable these measures. The suggested statute would be able to make clear the common purpose and inter- relationship of the various investigative powers. Oversight or review mechanism procedures could be collocated in the statute or cross-referenced.

6.4.6      In presentational terms, explanatory memoranda and second reading speeches could be situated against a clearly drawn public safety backdrop - threats of kidnapping,, of violence directed against institutions of the state, of bombing of public buildings, of terrorism directed against aircraft, of explosive devices in public places. There are, regrettably, examples in any six month period and the Atlanta Games proved yet a-ain the drawing power which major events retain for the violent and the deranged. A schedule might indicate to which departments and agencies the statute applied and then specify particular provisions by part, section, paragraph or sub-paragraph.

6.4.7      It is not suggested such an approach would overcome all problems which have been experienced, but once enacted the process of review and amendment should be greatly facilitated. Under administrative arrangements Ministers are responsible for specified statues and it may not be possible or desirable to bring all intrusive investigative powers into the one Act. It would, however, make much sense for the law enforcement and national security related powers which are located in the Attorney-General's portfolio to be so combined.

6.4.8      Together with the benefit of adopting this new conceptual arrangement for the aggregation of intrusive investigative powers, there is a case for simplifying the warranting process. Currently, separate warrants exist for the interception of telecommunications, of mail, for the installation of listening devices, for search. In section 6.2 of this report, additional investigative activities are recommended for inclusion in the warranting system: the authority to search electronically computer systems whether from proximate or remote locations; to undertake covert searches; to alter proprietary software; and to conduct tracing and install tracking devices. All these activities by law enforcement and national security agencies may be seen to involve one of two forms of intrusion into the privacy or civil liberties of persons: the interception of communications or the entry into property. There would be administrative efficiency, clarifying benefit in the description of purpose and ease of oversight in reducing the multiple types of warrant to these two types.

6.4.9      As a discussion paper was issued in early September 1996 by the Attorney-General on the extension of the Privacy Act to the public sector and strong elements of preservation of privacy and individual liberty exist in the public safety purpose of those various investigatory powers, it may be sensible to couple the matters for legislative consideration. The security and protection demands associated with staging the 2000 Olympics in Sydney were always going to be a heavy burden. They have not been lightened by the loss of the TWA flight from New York to Paris just before the Atlanta Games nor the bomb which exploded in Centennial Park at the Games site. It is already evident from media commentary and public discussion that the community regards the provision of effective security arrangements not only as a national obligation but also a matter of national honour, reflecting the distinctive nature and values of our society. This backdrop should assist acceptance of such an approach.


63 Australian Security intelligence Organization Act 1979, s. 25 (3) 'A warrant...may, if the Minister thinks fit, provide that entry may he made, or that containers may be opened, without permission first sought or demand made and authorize measures that the Minister is satisfied are necessary for that purpose.'

64 Australian Security Intelligence Organization Act 1979. s.92C (4)(c).

65 ASIO Act, s. 92N(I)(b).

66 ibid, s.92N(2).

67 Inspector-General of Intelligence and Security Act 1986, s.8 (1)(a)(v)

68 cf. paragraphs 3.5.4 and 4.4.7