The senior lawyer has recommended the responsibility to issue two of the most intrusive encryption-busting powers be taken out of the hands of agency heads and the Attorney-General, and instead given to the Administrative Appeals Tribunal.
The AAT would establish a new arm called the Investigatory Powers Division, which would be headed by a retired judge and include other lawyers and technical experts.
Under the Morrison government’s laws, security agencies can order a “technical capability notice” (TCN) requiring service providers to build new capabilities to gain access to encrypted messages, which only needs the authorisation of the Attorney-General.
They can also order a “technical assistance notice” (TAN), which compels companies to decrypt information when they have the existing means to do so.
Dr Renwick said both powers should be authorised by a body independent of the issuing agency and the government.
“These are powers designed to compel (a service provider) to reveal private information or data of its customers and therefore the usual practice of independent authorisation should apply,” he said.
“It was a consistent and, indeed, unanimous theme across non-government submissions that TANs and TCNs should be authorised by either an independent tribunal member or a judicial officer with the benefit of expert technical advice. A number of submissions drew upon the UK’s double-lock model of judicial authorisation which, as I explain later, involves an independent exercise of decision making with the assistance of technical advisers.”
Dr Renwick also recommended some of the powers in the new laws, including TANs and TCNs, be given to integrity and anti-corruption bodies.
In conducting the review, Dr Renwick said he had to consider the broader security threats facing the nation including foreign interference and criminal networks hiding their activities on the dark web.
He said to counter the threat of bad actors “going dark”, the nation’s security agencies must adapt their techniques and laws must be upgraded to deal with the changing landscape.
“The extent of the use of the internet by hostile foreign states and their agents to engage in espionage and foreign interference is still not fully appreciated, partly because of the covert and disguised means these actors use in their online activity,” he said.
“There is an ever-present threat of criminals engaging in online activities to perpetrate general but serious crimes, such as child sexual exploitation and sophisticated frauds.”
Australian Security and Intelligence Organisation boss Mike Burgess has previously said the encryption-busting powers were used by his agency within 10 days of coming into effect.
The tech sector has warned it is impossible to introduce selective backdoor access to an encrypted service without weakening the entire system and leaving users vulnerable to hackers.
Dr Renwick was charged with reviewing the Telecommunications and Other Legislation Amendment (Assistance and Access) Act by the Parliamentary Joint Committee on Intelligence and Security, which still has to complete its own inquiry into the laws.
Attorney-General Christian Porter said the government would await the intelligence and security committee’s findings before responding to Dr Renwick’s review.
“What is clear however, is that the counter encryption laws have been critical to helping protect Australia’s national security,” Mr Porter said.
Get our Morning & Evening Edition newsletters
Anthony is foreign affairs and national security correspondent for The Sydney Morning Herald and The Age.