More surveillance powers for Australian law enforcement

Australian federal law enforcement agencies can now alter online data and take over on-line accounts. New legislation gives the AFP and ACIC powers (pursuant to warrants) to modify, add, copy, or delete data linked to cybercriminal suspects and even take control of their online accounts – in response to increased concerns over on-line crime, and the use of on-line services and platforms to facilitate crime.

But are these powers a good idea? And who will oversee their use to stop overreach, and maintain public trust in on-line interactions?


The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 (SLAID Bill) which grants the Australian Federal Police (AFP)  and the Australian Criminal Intelligence Commission (ACIC) more powers to spy on criminal suspects online was passed by the Australian government in August 2021.

The SLAID Bill amends the Surveillance Devices Act 2004 (SD Act), the Crimes Act 1914 (Crimes Act) and associated legislation to introduce the new law enforcement powers.

New surveillance powers

The SLAID Bill creates three new types of warrants that give extended powers to federal law enforcement agencies – the Australian Federal Police (AFP) and Australian Criminal Intelligence Commission (ACIC). The AFP and the ACIC are now able to apply for three new types of warrants:

  1. Data Disruption Warrant– This will enable the AFP and the ACIC to disrupt serious criminality online – authorizing the AFP and the ACIC to modify data belonging to individuals suspected of criminal activity to frustrate the commission of serious offenses such as the distribution of child exploitation material.
  2. Network Activity Warrant– This warrant will enable the AFP and the ACIC to collect intelligence on the most harmful criminal networks operating online, including the dark web, and when using anonymizing technologies.
  3. Account Takeover Warrant– This warrant powers the AFP and the ACIC to control a person’s online account to gather evidence about criminal activity, to be used in conjunction with other investigatory powers. Right now, law enforcement agencies rely on a person consenting to the takeover of their account.

New surveillance power: Data Disruption Warrant

A data disruption warrant will allow the AFP and the ACIC to add, copy, delete or alter data to allow access to and disruption of relevant data in the course of an investigation for the purposes of frustrating the commission of an offence. This will be a covert power also permitting the concealment of those activities. An example where this power may be used is removing content or altering access to content (such as child exploitation material), to prevent the continuation of criminal activity by participants, where those participants are in unknown locations or acting under anonymous or false identities.

Whilst this power will not be sought for the purposes of evidence gathering, information collected in the course of executing a data disruption warrant will be available to be used in evidence in a prosecution.

The purpose of the data disruption warrant is to offer an alternative action to the AFP and the ACIC, where the usual circumstances of investigation leading to prosecution are not necessarily the option guaranteeing the most effective outcome. For example, Under these circumstances, it may be prudent for the AFP or the ACIC to obtain a data disruption warrant.

New surveillance power: Network Activity Warrant

These warrants will be used to target criminal networks as part of investigations or information gathering. Network activity warrants will allow law enforcement to collect intelligence on criminal networks operating online by permitting access to the devices and networks used to facilitate criminal activity. Authorities may also be authorised to add, copy, delete or alter data if necessary to access the relevant data to overcome security features like encryption. Data that is subject to some form of electronic protection may need to be copied and analysed before its relevancy or irrelevancy can be determined.

They might be used where the AFP or the ACIC know that a group is using a particular online service or platform to carry out criminal activity need to find out more about the group’s activities. By using network activity warrants, agencies will be able to gather network data to help identify individuals involved and details of their activities. Reference is made to the use of the warrant to more easily identify those hiding behind anonymising technologies. This will support more targeted investigative powers being deployed, such as computer access warrants, interception warrants or search warrants.

The warrant will allow ‘live’ access to data in relevant computers used by a criminal network over the life of the warrant, not just to data stored on the devices. This covers data temporarily linked, stored, or transited through those computers. It ensure availability to data that might be lost when devices are disconnected from the network once the criminal activity has been carried out (for example, a person who disconnected from a website after downloading child exploitation material).

There are limitations on the use of network activity data – restricting it to use in investigations only.

New surveillance power: Account Takeover Warrant

The AFP and the ACIC can now apply to take control of a person’s online account for the purposes of gathering evidence about serious offences.  Currently, agencies can only take over a person’s account with the person’s consent.

This power enables the action of taking control of the person’s account and locking the person out of the account. However, this power not designed to be used in isolation. Other activities, such as accessing data on the account, gathering evidence, or performing undercover activities such as taking on a false identity, are not covered.  They must be performed under a separate warrant or authorisation pursuant to other existing powers, such as computer access and controlled operations.

Why do we need new powers?

The SLAID Bill aims to address gaps in the existing legislative framework. It will allow the AFP and the ACIC to collect intelligence, conduct investigations, disrupt and prosecute serious criminal online activity, cyber-enabled crime in the digital area.

The Explanatory Memorandum refers to the need for laws to adapt, just as cyber criminals adapt to the on-line world.

The Department of Home Affairs is concerned about the dark web and anonymising technologies which allow criminals to hide their identities and activities from law enforcement agencies. These new powers are intended to help attribute criminal activity to particular individuals, organisations, premises or devices, especially on the dark web, as part of criminal investigations.

“The bill introduces account takeover warrants to enable the AFP and ACIC to take over a person’s online account to gather evidence to further a criminal investigation; and make minor amendments to the controlled operations regime to ensure controlled operations can be conducted effectively in the online environment,” the Parliament of Australia stated.

Minister for Home Affairs, Karen Andrews, stated that the new legislation gives more authority to the law enforcement agencies in the country in identifying cybercriminal activities online. “Under our changes, the AFP will have more tools to pursue organized crime gangs to keep drugs off our street and out of our community, and those who commit the most heinous crimes against children,” Andrews said.

Specific and targeted access to users’ information and activities may be needed to identify possible criminals or terrorists. In some cases, law enforcement agencies may need to modify, delete, copy or add content of users to prevent things like the distribution of child exploitation material. Lawful interception is key to protecting public and national security in the fight of global community against cybercrimes.

Surveillance powers: Role of ASD

For those concerned over the capability of the AFP and ACIC to carry out the sort of covert cyber operations contemplated by the SLAID Bill, there is room for assistance from the Australian Signals Directorate (ASD). This would be facilitating through ASD’s existing functions under paragraph 7(1)(e) of the Intelligence Services Act 2001 (the IS Act) and the information sharing provisions in the Surveillance Devices Act.

ASD’s assistance will be overseen by the Inspector-General of Intelligence and Security (IGIS), consistent with other ASD powers.

If an ASD officer is seconded to the AFP or the ACIC, they would only have access to the powers and functions of an AFP or ACIC staff member, and not those available to an ASD staff member. In this scenario, the use of those powers and functions would be subject to oversight by the Ombudsman, consistent with other powers of the AFP or ACIC.

But what oversight will there be for the use of these covert powers by the AFP and ACIC?

Surveillance powers: Oversights, safeguards and accountability

According to the Department of Home Affairs strong safeguards, including oversight and controls on the use of information, are included in the legislation. These safeguards are designed to ensure the AFP and the ACIC use these powers in a targeted and proportionate manner and will minimise the potential impact on the privacy of individuals and legitimate users of online platforms. Human rights and privacy groups are not so sure.

An eligible judge or a nominated member of the administrative appeals tribunal (AAT) can issue the data disruption and network activity warrants. A data disruption warrant may be sought if an officer suspects on reasonable grounds that:

  • one or more relevant offences are being, are about to be, or are likely to be, committed, and
  • those offences involve, or are likely to involve, data held in a computer, and
  • disruption of data held in the target computer is likely to substantially assist in frustrating the commission of one or more of the relevant offences previously specified that involve, or are likely to involve, data held in the target computer.

Applications for network activity warrants also go to a magistrate or the AAT and can be made if there are reasonable grounds for suspecting that:

  • a group of individuals are using the same electronic service or are communicating by electronic communications to engage in, facilitate or communicate about the engagement in, or facilitation of, criminal activity constituting the commission of one or more relevant offences, and
  • access to data held in computers will substantially assist in the collection of intelligence about those criminal networks of individuals in respect of a matter that is relevant to the prevention, detection or frustration of one or more kinds of relevant offences.

There are stronger provisions for issuing an account takeover warrant, which must come from a magistrate who is satisfied that there are reasonable grounds that such a step is required to collect evidence relating to a serious Commonwealth offence or a serious State offence that has a federal aspect. In making this determination, the nature and extent of the suspected criminal activity must justify the conduct of the account takeover.

It is worth noting that the High Court has ruled that the AAT is not a court, but an organ of the executive under the control of the Attorney General – a government minister and politician. This makes it arguable how much oversight and accountability is provided by allowing the AAT to issue data disruption and network activity warrants.  In the Senate the Greens and Rex Patrick resisted the bill, moving amendments to implement the other PJCIS recommendations, including to require that magistrates or judges would have to sign off on warrants, not just members of the administrative appeals tribunal. The attorney general, Michaelia Cash, rejected this proposal, arguing it would be a “departure from longstanding government policy”, “likely result in operational delays” and was inconsistent with other warrant powers.

There are also protections on the use and disclosure of information collected under these warrants, with agencies subject to strict record-keeping and destruction requirements. For example, for information collected via a network activity warrant, the chief officer of the AFP ‘destroy records or reports as soon as practicable if no civil or criminal proceeding has been or is likely to be commenced and the material is not likely to be required in connection with section 45(5A) or (5B), and within 5 years if the material is no longer required to be kept under the SD Act.’[1]

The Commonwealth Ombudsman will be responsible for overseeing the use of data disruption warrants and account takeover warrants. This is consistent with the Commonwealth Ombudsman’s current oversight of the AFP and the ACIC’s use of electronic surveillance powers.

The Inspector-General of Intelligence and Security (IGIS) will oversee network activity warrants, given their nature as an intelligence collection tool.

Criticisms of the increased surveillance powers

Concerns around the ability of the AAT to  authorise the issue of the new warrants have been covered above.

Kieran Pender, senior lawyer at the Human Rights Law Centre, told Guardian Australia that the new powers granted to the AFP and ACIC under the bill “are unprecedented and extraordinarily intrusive.” The Human Rights Law Centre  has also said that the bill has insufficient safeguards for free speech and press freedom.

Digital Rights Watch calls it a “warrantless surveillance regime” and notes the government ignored the recommendations of a bipartisan parliamentary committee to limit the powers granted by the new law.

The Greens flagged that the new powers go against a central recommendation of the Richardson review of the legal framework for Australia’s intelligence community. Richardson found that “law enforcement agencies should not be given specific cyber-disruption powers.”

Future reviews of surveillance powers

Recommendations to improve safeguards and oversight concerning the new powers were made earlier this month by the parliamentary joint committee on intelligence and security (PJCIS), though not all of them were implemented. The committee can review the bill after four years, and the Independent National Security Legislation Monitor will review the bill in 2024.


Australia continues to increase the powers of its law enforcement agencies in their battle against on-line crime. By is the balance right?

Future reports on use of these powers should be examined with interest to help weigh up whether their breadth and invasiveness are truly required to protect Australians.

Further references:

Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 (

Australia Passes Identify and Disrupt Bill – Infosecurity Magazine (

Australian powers to spy on cybercrime suspects given green light | Australian security and counter-terrorism | The Guardian

[1] Explanatory Memorandum, at 12.

Privacy, software design and technology. Ian is a privacy, IT and software contracts lawyer with over 30 years of experience as a lawyer and over 20 years of experience advising on the legal aspects of data management and processing.