During a press briefing on Tuesday morning, AFP commissioner Reece Kershaw said the US Federal Bureau of Investigation (FBI) gained access to an encrypted application, named Anom, and ran it without the knowledge of the criminal underworld.
With that access, the AFP helped to decrypt and read encrypted communication that was sent over Anom in real time as part of the operation.
“Essentially, we have been in the back pockets of organised crime and operationalised the criminal takedown like we’ve never seen. The use of encrypted communication apps presents significant challenges to law enforcement and Anom has given law enforcement a window into the level of criminality that we have never seen before on this scale,” Kershaw said.
Labelled Operation Ironside, Kershaw said the FBI took the lead for the global online sting operation while Australia provided the “technical capability” to be able to decrypt those messages. Europol was also involved in the operation.
Kershaw explained that access to these encrypted messages was gained lawfully through using the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, usually referred to as the TOLA Act, in combination with legal authority from the FBI.
The controversial TOLA Act allows intelligence and law enforcement agencies to request or demand assistance from communications providers to access encrypted communications.
When asked if the FBI chose to work with Australia due to the TOLA Act providing the legal capability to decrypt those messages rather than the AFP’s technical capability, Australian Prime Minister Scott Morrison deferred the question to the United States, touting the AFP’s efforts instead.
In light of the operation being made public, Morrison also took the opportunity to flog various Bills currently being considered by Parliament. Among those Bills were the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 and theTelecommunications Legislation Amendment (International Production Orders) Bill 2020 (IPO Bill).
“There are a series of pieces of legislation that we’ve been seeking to move through the Parliament, not just over this term, but in some cases, over three terms; they need these powers to do their job. The AFP and our law enforcement agencies and other agencies that support them need the support of our Parliament to continue to do the job that they do to keep Australians safe,” Morrison said at the press briefing.
The first Bill, if passed, would hand the AFP and the Australian Criminal Intelligence Commission (ACIC) new warrants for dealing with online crime. The latter Bill, meanwhile, would create a framework for Australian agencies to gain access to stored telecommunications data from further foreign designated communication providers in countries that have an agreement with Australia, and vice versa.
Both Bills have received criticism and currently do not have bipartisan support, with the Office of the Australian Information Commissioner (OAIC) having labelled the powers that would be given through the surveillance legislation amendment as “wide-ranging and coercive in nature”.
“These powers may adversely impact the privacy of a large number of individuals, including individuals not suspected of involvement in criminal activity, and must therefore be subject to a careful and critical assessment of their necessity, reasonableness, and proportionality,” the OAIC said in March.
The IPO Bill has received similar outcry, with the OAIC and Inspector-General of Intelligence and Security saying that the regime requires provisions that address transparency and privacy concerns.
In total, the sting operation led to 525 search warrants, 224 individuals being charged, 525 charges in total, six clandestine labs being taken down, and 21 threats to kill being averted. 3.7 tonnes of drugs, 104 firearms and weapons, and over AU$45 million in assets were also seized as part of the operation that commenced three years ago.
Details of how the law enforcement agencies commenced the sting operation and gained access to these encrypted communications were released in an unsealed US warrant later on Tuesday.
Updated at 8:30am AEST, 9 June 2021: made clarification it was the FBI, not the AFP, that first gained access to Anom.
Related Coverage
AFP issues search warrant following alleged dodgy tech support schemeCops are the only ones being lawful on the dark web, AFP declaresACIC clarifies that it’s not actually interested in your WhatsApp or Signal chatASIO chief accuses tech giants of running safe spaces for terrorists and spiesPut privacy protections in IPO agreements if Australia hands data to other nations: OAICIGIS asks ASIO be required to provide transparency in IPO regimeHome Affairs touts IPO Bill as providing more benefit to Australia than the USASIO vows to consider privacy, proportionality, and human rights in IPO process