Senate rejects attempt to limit ASIO hacking powers

Knocks back Greens attempt to stop 'hack the Internet' provisions in national security bill

The Senate has rejected an attempt by the Greens to impose a limit on the number of devices that can be covered by a single computer access warrant obtained by ASIO.

An amendment to the government's National Security Legislation Amendment Bill (No. 1) 2014 sought to limit the number of devices covered by a single warrant to a maximum of 20.

The Senate today voted 11-52 to reject the amendment, with the Coalition government and Labor combining to block it.

The bill, which will give security agencies a range of new hacking powers including the right to use third party computers to access target systems, attempts to modernise the definition of "computer" in the ASIO Act.

The legislation as it stands will change the definition of computer to "one or more computers", "one or more computer systems", "one or more computer networks", or "any combination of the above".

The broadening of the definition has attracted criticism, with opponents arguing that it could arguably apply to the entire Internet.

The report of a parliamentary inquiry into the legislation endorsed the view of the Attorney-General's Department and ASIO that "existing safeguards in the legislation are sufficient to limit ASIO's access to networks to specific security matters".

Attorney-General George Brandis yesterday told the Senate that the Greens' amendment "would impose an arbitrary, artificial and wholly unworkable limitation that would frustrate the ability of ASIO to perform its statutory functions".

"How can anyone — certainly, how can [Greens] Senator [Scott] Ludlam— stand in the Senate today and anticipate what the needs of ASIO will be in relation to warrant based computer access next year, or in 10 years' time, or for however long this legislation exists?" Brandis said.

"The idea of saying today, in September 2014, that we know that in years to come there will never be a necessity for ASIO to have any more than a finite number of computer access warrants in operation is of course an absurdity.

"In the majority of cases, it is unlikely to be known in advance of a warrant being issued which parts of a computer network will contain data relevant to the security matter in respect of which a warrant is issued."

ASIO is required to comply with the attorney-general's guidelines, which require the agency to use as little intrusion into individual privacy as is possible, Brandis said.

The Coalition senator said that in line with a recommendation from the inquiry, the government has issued an additional explanatory memorandum that explains the concept of a security matter in relation to the relevant section of the ASIO Act and its limiting effect on the ability to issue warrants and authorise activities under them.

"[I]n expanding the definition of a computer to include a network or networks, you have effectively created an open-ended power for the exercise of a single warrant to, in theory, at least, to include anything connected to that device and anything connected to devices connected to that," Ludlam retorted yesterday.

"The Internet obviously being a network of networks, I am not sure whether the government anticipates a maximum number of devices, for example, being mandated in these warrants."

"[T]he government appears to have allowed — I won't call it a loophole because that implies it would have been accidental — but the ability for a single ASIO warrant to encompass an unlimited number of devices," Ludlam said today during debate on the amendment.

The Palmer United Party, independent Senator Nick Xenophon, Liberal Democratic Party Senator David Leyonhjelm, and the ALP have all submitted amendments to the bill that are yet to be moved in the Senate.

Follow Rohan on Twitter: @rohan_p

Join the Computerworld newsletter!

Error: Please check your email address.

Tags civil libertiessurveillancesecurityASIO

More about ALPASIOAttorney-GeneralBill

Show Comments