Secretary of Australia’s Department of Home Affairs Mike Pezzullo has shared his concerns on Facebook’s plans to create a brand new online space for nefarious activity.
Australia now has world-first encryption laws. This guide explains what the laws can do, what they cannot do, and how Australia ended up here.
“We are particularly concerned about Facebook’s plans to go to end to end encryption of their entire platform to create, in effect, the world’s biggest dark web,” he told Senate Estimates on Tuesday.
Pezzullo joined members of the Australian Federal Police(AFP) at the Senate Estimates, who detailed that there had been an increase of child sex offenders exploiting “both the clear web and the dark web” during the COVID-19 pandemic.
The secretary said the AFP and his department were very concerned with the amount of traffic that had flipped over to the dark web.
“Unlike the challenge that’s being dealt with by this Parliament in relation to encryption — at least with encryption you know where the devices are, you know where the server is, you can geolocate typically the administrator — the dark web … you start to lose the trace of where the devices are, where the IP addresses are, who is logging into these abhorrent sites, where the administrator is, where the server is,” Pezzullo said.
“At some point, we’ll be chasing so much ground that it will be almost impossible for the deputy commissioner and his colleagues to do anything other than, to use a colloquial phrase, whack-a-mole. All the operations that are currently conducted essentially to run in effect virtual controlled operations and undercover operations, you’ll have so many of them that the adversary will simply be moving from platform to platform, server to server, network to network.”
He pointed to the recently announced cybersecurity strategy, however, as a resource for providing his department and its law enforcement agencies with the mandate to “attack” the dark web.
“We’re working very closely with the AFP and other agencies [on] how do we attack the dark web, how do we strip back the legitimate anonymity that on occasions, through VPNs and the like, is entitled and is available for use in relation to your privacy. What you’re not entitled to is then to use that anonymisation to hide these abhorrent criminal networks such that they basically disappear off the grid,” he continued.
“The dark web is particularly pernicious and concerning from this point of view because it’s getting harder and harder to defeat the anonymisation capability and they can literally just disappear off the grid.
“It will almost get to a point where we don’t know where these people are.”
Pezzullo was asked if his department has thought of introducing a banking-style know your customer initiative where the burden would be on the tech giants to validate that a user is who they say they are.
In response, the secretary pointed to the Digital Platforms work underway by the Australian Competition and Consumer Commission and took the question on notice, highlighting again that his concern was with the activities conducted on encrypted platforms.
AFP Deputy Commissioner Brett Pointing also told the committee that there was currently work being done around protecting personnel from being exposed to the material they see to prosecute offenders.
“No one should have to see [it],” he said. “So we’re actually doing a lot of work in the IT space to try and develop classification systems that limit the amount of time that our police are exposed to it.”