A parliamentary inquiry has urged the federal government to extend ASIO's powers, including giving the organisation the right to use a third party's computer system to access a target PC.
The inquiry by the Parliamentary Joint Committee on Intelligence and Security has examined proposals for changes to telecommunications interception, telecommunications sector security and Australian intelligence community legislation.
According to committee documents, amending the <i>ASIO Act of 1979</i> to create an authorised intelligence operations scheme would provide ASIO officers and sources with protection from criminal and civil liability when conducting intelligence operations.
The committee said that ASIO should be able to use third party computer system's access a target's system under a computer access warrant.
"Innovative methods", such as the use of a third party's computer, may be necessary when a target is security conscious, the report states.
Greens Senator Scott Ludlam said that any extensions to the ever-growing powers of ASIO were disturbing.
“The power to access a third party computer in order to hack the computer of ASIO’s target drags law-abiding citizens into the net of ASIO’s surveillance,” he said in a statement.
The committee also recommended that a named person warrant be established to allow ASIO to request a single warrant specifying multiple powers against one target rather than requesting multiple warrants.
Data retention needs oversight: Inquiry
More money for ASIO won’t fix security problem: Ludlam
Telecommunications Act
The committee also recommended amending the <i>Telecommunications (Interception and Access) Act 1997</i> to create a new telecommunications security framework.
According to the committee, amendments could create a telco-industry wide obligation to protect infrastructure and the information held on it from unauthorised interference. The industry would also have to provide the government with information to assist in the assessment of national security risks to telco infrastructure.
The committee recommended powers of direction and a penalty regime to encourage compliance.
In addition, it recommended that the government, through a Government Regulation Impact Statement, address the interaction of the proposed regime with existing legal obligations imposed on corporations and indemnity to civil action for service providers that have acted in good faith under the requirements of the proposed framework.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia