Encryption hampers ASIO and police operations and tech companies won’t talk, say spy bosses

The nation’s top security officials have accused social media companies of ignoring law enforcement and enabling criminals and terrorists as they roll out end-to-end encryption on their products.

Australian Federal Police commissioner Reece Kershaw and ASIO boss Mike Burgess have begged the tech giants to talk to them before going any further on encryption and to obey the law in complying with warrants for access to communications.

Mr Burgess said every one of the spy agency’s counter-terrorism and counter-espionage cases were now being hampered by encryption.

“Even ASIO’s most unsophisticated targets routinely use secure messaging apps and virtual private networks to avoid detection and hide their activities,” he told the National Press Club on Wednesday.

“That’s a problem for us.”

When tech companies wouldn’t help despite ASIO obtaining warrants for access to the communications, it had to fall back on old-fashioned methods that were riskier and used up more resources, meaning the agency could not monitor as many threats at once.

Mr Burgess gave the example of a recent investigation of an Australian sharing extremist material online, who ASIO suspected was in contact with Islamic State supporters overseas.

After a time-consuming operation involving surveillance and human intelligence, it discovered the multiple offshore extremists had encouraged the man to carry out a terrorist attack.

“You might think this case demonstrates we do not need accountable encryption to resolve security concerns but I believe it proves the opposite,” Mr Burgess said.

“If this individual was planning a terrorist attack, quick and targeted access to his communications could have been the difference between life and death.”

Mr Kershaw said there was a “growing sense of dissatisfaction with social media companies” from law enforcement agencies around the world.

He revealed that police had this year for the first time issued at least one technical capability notice – a compulsory order for a company to help after voluntary requests were ignored.

“Meta is, I think, around about halfway through their end-to-end encryption roll out. Our fear is that they may still refer matters to us, but we won’t be able to action them and we won’t know who the end receiver is,” he said.

“They’re not working with us, is the problem.

“We just want what we currently have as far as that arrangement of them being able to share material referrals to us that we can act on.”

Mr Burgess said agencies didn’t need the Government to give them any new powers, they just needed tech companies to comply with existing laws.

“I’m here today not to give the tech sector a hard time, I’m just asking for their help,” he said.

“I don’t want to be there in the future … when a Royal Commission is saying wouldn’t if have been good if this was possible because it used to be. That would be unfortunate.”

The spy boss said often when companies were asked to comply with warrants, “they’re saying the way we’ve designed this, we couldn’t possibly help you” and that was why agencies wanted to have conversations with them before new technology was rolled out, not afterwards.