Home Affairs minister Peter Dutton has once again invoked the spectre of paedophiles and terrorists in calling for an expansion of the Australian Signals Directorate (ASD)’s powers that would allow the foreign-focused agency to conduct domestic investigations for the first time.

A long-simmering policy change, the ABC reports, would allow the Australian Federal Police (AFP) to enlist the services of the ASD – the government’s overseas surveillance and signals-intelligence unit, which “operates in the slim area between the difficult and the impossible”, as its Web site puts it – to investigate certain matters within Australia’s borders.

ASD’s three key purposes – acquisition of foreign information, protecting by “comprehensively understanding the cyber threat” and disrupting “by applying our offensive cyber capabilities offshore” – relate to its technical support for military, counter-terrorism, counter cyber espionage and “serious cyber-enabled crime”.

Child exploitation would arguably fall under this last ambit, and in announcing the evolving policy Dutton warned that existing laws created an “anomaly” in which investigations could not be continued if the ASD was following an evidentiary trail that ended up in Australia.

“There should be a public debate,” he told the ABC, “about whether we think it’s acceptable for our society to tolerate the presence of these criminal networks right next door to us and yet we have no ability to do anything about it.”

The problem with scope creeps

Dutton’s push comes amidst AFP warnings that “perverted offenders” are using the dark web to commit “heinous crimes”.

AFP figures suggest that 17,000 child exploitation sites were referred for investigation, up from 300 a decade ago.

The proposal would explicitly expand the ASD’s charter so that it could direct its cyber capabilities at people or systems located within Australia.

Yet while few would debate the importance of better fighting paedophiles or terrorists online, it’s a line the government has frequently rolled out to justify other creeping privacy encroachments.

In December, Dutton supported the government’s anti-encryption stance by calling out Facebook to stop protecting paedophiles’ communications with encryption.

Paedophiles and terrorists were also commonly cited years ago as a justification for controversial data-retention legislation, which required telecommunications providers to store detailed ‘metadata’ about every call their customers make.

Such data proved valuable in efforts such as the investigation and prosecution of – ironically – an AFP officer who was found to have viewed large volumes of child exploitation material.

Yet early reviews validated opponents’ warnings about scope creep of the modified legal regime, with the Communications Alliance identifying 81 different agencies that have requested access to the metadata – including local councils, Fair Work Building Construction, Queensland Transport, and even the Regional Illegal Dumping Squad.

This was well expanded from the original 22 agencies listed when the data-retention legislation was passed.

The price of privacy

Home Affairs has long argued that changing operational demands require stronger powers, with Department of Home Affairs secretary Michael Pezzullo last year warning of a looming cyber attack “with economy-wide ramifications”.

“Earlier distinctions between ‘home’ and ‘abroad’ are breaking down completely as a result of advances in technology, communications and finance… and much more,” he said in a speech to the Australian Strategic Policy Institute.

“We are facing the separate and combined challenges of dealing with the ‘gathering storms’… the state’s role in protecting sovereignty and the citizen is being challenged and deconstructed.”

Regulations, he said, were “a work in progress, especially with regards to the use of data which avoids the peril of mass surveillance of that populace.”

Given past experiences with surveillance laws, critics are understandably nervous about proposals to expand the ASD’s remit.

Bond University associate professor in criminology Terry Goldsworthy, for one, wrote that we should be “wary” of expanding the ASD’s powers.

It’s a similar argument to earlier warnings by privacy advocates such as the Law Council of Australia and NSW Council for Civil Liberties, which labelled metadata laws “indiscriminate and excessive” and warned about the “cumulative chilling and intimidatory impact of the Government’s expanded surveillance powers and secrecy offences”.

Concerns that government bodies would use metadata to track journalists’ sources were validated when the AFP last year raided ABC offices and the home of News Corp journalist Annika Smethurst over her story about increasing the ASD’s investigative powers.

Reports suggested the AFP had been using metadata to access journalists’ communication histories, leading the Human Rights Law Centre to push for the laws to be scaled back.

“The claim that [data retention] was all about national security and child predators was, of course, far from the complete truth,” Electronic Frontiers Australia had previously warned.

Giving the ASD domestic powers would also allow it to target Australians with military-grade snooping and hacking capabilities, including malware exploits that leverage vulnerabilities in applications and operating systems like Windows.

Those capabilities were outlined in a newly published policy document that explains the ASD will responsibly disclose new vulnerabilities it discovers – except where “the national interest might be better served by not disclosing the vulnerability.”