Criminal Law

By Peter Woodhouse


Operation Ironside and AN0M

The AFP would sure want to have their ducks in a row.

A lot of people were stunned, a lot of people got arrested and there was a lot of chest thumping and back-patting going on earlier this month when the AFP revealed the remarkable details of Operation Ironside.

This all came to light as hundreds of search warrants were executed around Australia, resulting in more than 220 people being arrested and charged and the seizure of 72 weapons, more than 3 tonnes of drugs and $45 million in cash.  It has been labelled the ‘sting of the century’.

The operation involved the AFP, in collaboration with the FBI and other authorities, building in a ‘back-door’ to encrypted communications software the FBI had apparently purchased from a convicted hacker in the US who had done a deal with American authorities to get a reduced sentence.  That person was apparently paid around $180,000 USD for their trouble.

Once the ‘back door’ was inserted into the software it was uploaded onto Google Android devices that had been stripped of other capabilities.  Authorities then covertly encouraged international criminals to use the devices, spruiking their benefit and security. The devices were increasingly traded on the black market.  Overtime the devices gained popularity amongst colourful characters allegedly involved in questionable activities across many countries. At the time of the recent raids, it was asserted that AN0M was being used by more than 11,000 people world-wide, including 1,650 people in Australia. Around the world, more than 800 arrests have now been made.

Over a period of three years, the AFP were monitoring the Trojan horse application, intercepting in excess of 25 million messages.

Two questions that remain to be answered are:

  1. Were the authorities acting lawfully when they intercepted these messages; and
  2. If not, will the evidence be inadmissible?

US authorities appear to have conceded from the outset that the messages could not be legally intercepted in America, relying on servers in other countries, including Australia, to capture the data and then pass on relevant communications to US authorities.  That ultimately may not help them overcome that problem.

It is a different story in Australia.  Telecommunications correspondence can be, and often is, lawfully intercepted with a warrant granted by a court or tribunal.  Such a warrant is granted in respect of a particular telecommunications service or a particular person.  However, as these devices do not otherwise use the telecommunications network (in the way that a normal mobile telephone would) and the authorities appear not to have known the identities of the AN0M users at the outset, it is unlikely these warrants were used or used properly.

There are other legislative provisions that allow police officers to conduct covert investigations, subject to approval of senior members of the police force, a court or tribunal.  An authority for such an investigation would require the identities of at least some of the players to be known from the outset.  Again, it seems unlikely these authorities were used or used properly.

If it is the case that these messages have been intercepted unlawfully or improperly they are, as a starting point, inadmissible.  That is not the end of it, however.  A court can admit unlawfully or improperly obtained evidence if satisfied that the desirability of admitting that evidence outweighs the undesirability of admitting evidence that was obtained unlawfully or improperly.  There are a number of factors a court is obliged to consider when conducting this balancing exercise including the importance of the evidence in the proceeding, the gravity or the impropriety and whether it was deliberate.

Whilst there are still a lot of unknowns about this investigation, what we do know is that the AFP are notoriously bad at following the law when it comes to the interception of data.  Only 2 months ago, the Commonwealth Ombudsman released a scathing report on the AFP’s access to metadata.  The report found that the AFP had unlawfully accessed metadata on more than 1,700 occasions between 2015 and 2019.

The AFP would want to hope that they have all their legal ducks in a row when it comes to the legality of their actions in intercepting many millions of private messages.  It would be mighty embarrassing if it turned out that substantial parts of the operation were carried out unlawfully and the admissibility of the evidence was called into question.  It remains to be seen whether the messages transmitted via AN0M were lawfully intercepted.  What is patent though is a lot of people have been charged out of this operation and a lot of good criminal defence lawyers will be scouring over material, giving it a lot of attention.  It may only take one successful challenge to the interception of this material for the rest of the dominoes to fall.

If you require advice in relation to a serious criminal matter, contact my team at Aulich Criminal Law.