Committee comment

1.81        The preceding analysis indicates the measures may engage and limit the right to freedom of expression and the right to freedom of assembly. The statement of compatibility does not acknowledge these rights may be engaged and limited by the bill. The committee therefore seeks the advice of the minister as to the compatibility of the measures with this right, including:

• whether there is reasoning or evidence that establishes that the stated objective addresses a pressing or substantial concern or whether the proposed changes are otherwise aimed at achieving a legitimate objective;
• whether there is a rational connection between the limitation and that objective; and
• whether the limitation is a reasonable and proportionate measure for the achievement of that objective.

Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018

Technical assistance notices, technical capability notices and technical assistance requests

1.82        Schedule 1 of the bill seeks to amend the Telecommunications Act 1997 (Telecommunications Act) to grant certain persons with the power to give a 'designated communications provider'[64] (provider) technical assistance notices, technical assistance requests, and technical capability notices, for the purposes of assisting law enforcement and intelligence agencies with performing certain functions and discharging certain powers relevant to crime, national security, and other objectives.

Technical assistance notice

1.83        Section 317L provides that the Director-General of Security (who leads the Australian Security Intelligence Organisation, ASIO) or the chief officer of an 'interception agency'[65] may give a provider a notice that requires the provider to do one or more specified 'acts or things' in connection with any or all of the 'eligible activities'[66] of the provider (technical assistance notice).  Prior to giving the notice, the Director-General or chief officer giving the notice must be satisfied that doing so is reasonable, proportionate, practicable and technically feasible.[67] The 'act or thing' specified in the technical assistance notice must be by way of giving help to either ASIO or the interception agency in relation to the performance of a function or the exercise of a power relevant to the objectives of: enforcing the criminal law and laws imposing pecuniary penalties, or assisting the enforcement of the criminal laws in a foreign country, or safeguarding national security.[68]

Technical capability notice

1.84        Section 317T gives the Attorney-General the power to issue a 'technical capability notice' requiring a provider to do an 'act or thing' which must be directed towards ensuring that the provider is capable of giving 'listed help', or be by way of giving help, to ASIO or an interception agency, in relation to performance of a function or exercise of a power insofar as it relates to a 'relevant objective'.  'Relevant objective' means enforcing the criminal law and laws imposing pecuniary penalties, or assisting the enforcement of the criminal laws in a foreign country, or safeguarding national security. Help will constitute 'listed help' if it consists of a listed act or thing, or one or more acts or things of a kind determined by legislative instrument.[69]

Technical assistance request

1.85        Section 317G of the bill provides for the giving of 'technical assistance requests', which operate similarly to technical assistance notices and technical capability notices, except that compliance with a technical assistance request is voluntary.[70] A provider that decides to comply with the request is not subject to civil liability in relation to an 'act or thing' done in accordance with the technical assistance request, or in good faith purportedly with the request.[71] In addition, the Director-General of the Australian Secret Intelligence Service (ASIS) and the Director-General of the Australian Signals Directorate (ASD) may also make a technical assistance request, as well as ASIO and interception agencies. Further, the 'act or thing' specified in the technical assistance request may 'be directed towards ensuring that the designated communications provider is capable of giving help' to ASIO, ASD, ASIS or the interception agency. In addition to seeking assistance in relation to the functions performed or powers exercised for enforcing criminal laws, imposing pecuniary penalties and assisting the enforcement of foreign criminal laws, technical assistance requests can also be made to procure assistance with functions performed or powers exercised in relation to 'the interests of Australia's national security, the interests of Australia's foreign relations or the interests of Australia's national economic well-being'.[72]

Listed acts or things

1.86        The 'acts or things' that may be specified in a technical assistance notice, technical capability notice or technical assistance request include, but are not limited to, 'listed acts or things'.[73] Listed acts or things include, for example:

• removing one or more forms of electronic protection;[74]
• installing, maintaining, testing or using software or equipment;[75]
• ensuring that information obtained in connection with the execution of a warrant or authorisation is given in a particular format;[76]
• facilitating access to customer equipment, software or a service;[77] and
• assisting with the testing, modification, development or maintenance of a technology or capability.[78]

1.87        It also includes an act or thing done to conceal the fact that any thing has been done covertly.[79]

Limitations on technical assistance notices and technical capability notices

1.88        The bill also provides that a technical assistance notice or technical capability notice must not have the effect of requiring a provider to implement or build a systemic weakness or a systemic vulnerability into a form of electronic protection, or prevent a provider from rectifying such a weakness or vulnerability.[80] This includes implementing or building a new decryption capability in relation to a form of electronic protection, or one or more actions that would render systemic methods of authentication or encryption less effective.[81]

1.89        Further, the bill provides that technical assistance notices and technical capability notices have no effect to the extent that they would require a provider to do a thing for which a warrant or authorisation under the Telecommunications (Interception and Access) Act 1979 (TIA Act), the Surveillance Devices Act 2004 (SD Act), the Crimes Act 1914 (Crimes Act), the Australian Security Intelligence Organisation Act 1979 (ASIO Act), the Intelligence Services Act 2001 (IS Act) or equivalent State and Territory laws would be required.[82]

Compatibility of the measures with multiple rights

1.90        As acknowledged in the statement of compatibility, the technical assistance notices and requests and technical capability notices engage and may limit a number of human rights including the right to privacy, the right to freedom of expression, and the right to an effective remedy. Each of these rights is discussed further below.

Compatibility of the measures with the rights to privacy and freedom of expression

1.91        The statement of compatibility identifies that the measures engage the rights to privacy and freedom of expression, but states that they represent permissible limitations on those rights.[83]

1.92        The right to privacy protects against arbitrary and unlawful interference with an individual's privacy, and includes the right to respect for private and confidential information, particularly the storing, use and sharing of such information and the right to control the dissemination of information about one's private life.  As noted in the statement of compatibility, the measures engage the right to privacy because, as a consequence of such notices, 'communications providers may facilitate law enforcement, security and intelligence agencies' access to private communications and data where an underlying warrant or authorisation is present'.[84]

1.93        The right to freedom of expression in article 19(2) of the International Covenant on Civil and Political Rights (ICCPR) includes the freedom to seek, receive and impart information and ideas of all kinds, either orally, in writing or print, in the form of art, or through any other media of an individual's choice. As acknowledged in the statement of compatibility, the measures may engage the right to freedom of expression 'by indirectly making some people more reluctant to use communications services' because:

It is plausible that a person may minimise their use of communications services if they believe government agencies can ask providers to facilitate access to communications carried through these service, for example by removing forms of electronic protection applied to their communications if they are capable of doing so.[85]

1.94        The right to freedom of expression, as the statement of compatibility identifies,[86] may only be subject to restrictions provided by law that are necessary for the protection of national security or of public order or of public health or morals.  The right to privacy may be subject to permissible limitations which are provided by law and are not arbitrary. That is, for each of these rights, the measures must pursue a legitimate objective and be rationally connected and proportionate to achieving that objective.

Legitimate objective

1.95        The statement of compatibility states that 'the bill pursues the legitimate objective of protecting national security and public order by addressing crime and terrorism',[87] specifically referring to 'terrorism, espionage, acts of foreign interference and serious and organised crime'.[88] 

1.96        In general terms, protecting national security and public order is capable of constituting a legitimate objective for the purposes of international human rights law. However, a measure will only pursue a legitimate objective (capable of justifying a proposed limitation on human rights) where there is a reasoned and evidence-based explanation of why the measure addresses a pressing or substantial concern, and does not simply seek an outcome which is convenient or desirable. The statement of compatibility does not identify a pressing and substantial concern to be addressed by the relevant measures. However, the explanatory memorandum indicates that the measures are directed towards addressing the 'challenges associated with encrypted communications', explaining that:

Secure, encrypted communications are increasingly being used by terrorist groups and organised criminals to avoid detection and disruption.  Over 90% of telecommunications information being lawfully intercepted by the Australian Federal Police now uses some form of encryption...

The increasing use of encryption has significantly degraded law enforcement and intelligence agencies’ ability to access communications and collect intelligence, conduct investigations into organised crime, terrorism, smuggling, sexual exploitation of children and other crimes, and detect intrusions into Australian computer networks.[89]

1.97        The committee's usual expectation is that this information would be included in the statement of compatibility to enable assessment of whether the measures pursue a legitimate objective.[90] However, even taking this information into account, further information is required to establish a pressing and substantial concern for the purposes of international human rights law. For example, it is not clear from the information provided why the measures are necessary, as opposed to desirable or convenient, to address the majority of information legally intercepted by ASIO being encrypted. It is also not clear whether the aspects of the measures that do not appear on their face to relate to decryption address a pressing or substantial concern.

1.98        Further, as noted in the statement of compatibility, 'national security' and 'public order' represent permissible grounds on which the right to freedom of expression may be restricted.[91]  However, there are questions as to whether aspects of technical assistance requests restrict the right on these grounds, insofar as a request may be given in relation to the objective of 'the interest of Australia's foreign relations or Australia's economic well-being'.[92] These grounds are broader than those on which the right to freedom of expression can be validly restricted, and the statement of compatibility does not address if they are relevant to a valid ground. Further information from the minister as to how the power to request technical assistance in relation to the performance of functions or exercise of powers in relation to the interest of Australia's foreign relations or economic well-being relates to a permissible ground on which the right to freedom of expression can be restricted would assist with this analysis. This would also assist in determining whether this aspect of the measure is rationally connected to its objective.

Rational connection

Power to give technical assistance notices or requests, or technical capability notices

1.99        Empowering ASIO to obtain technical assistance in relation to the performance of its functions or exercise of powers related to safeguarding national security or crime appears to be rationally connected to the objectives of the bill.  So, too, does granting such powers to some interception agencies such as the Australian Federal Police.  However, the definition of 'interception agency' is very broad and includes state-based anti-corruption agencies. It is not clear how empowering these agencies, which do not appear to discharge functions relevant to safeguarding national security and addressing the type of crime contemplated in the statement of compatibility,[93] is effective to achieve the objectives of the bill (namely, protecting national security and public order).  The statement of compatibility does not explicitly address this issue. Further information from the minister – namely, how granting each of the agencies that fall within the definition of 'interception agency' the power to give technical assistance notices or requests, or technical capability notices, is effective to achieve the objectives of the bill – would assist in assessing whether the measures are rationally connected to a legitimate objective.

'Acts or things' compelled by a technical assistance notice or technical capability notice, or requested by a technical assistance request

1.100         A question arises as to whether all of the 'acts or things' that may be specified in a technical assistance notice or request, or technical capability notices, are rationally connected to the stated objectives of the measures. The statement of compatibility provides an example, that 'a technical assistance notice may ask a provider to decrypt information that would otherwise be unintelligible if the provider has the ability to do so'.[94]  This appears to be rationally connected with the objectives of protecting national security and public order in circumstances where 'encryption is increasingly being used by terrorist groups and organised criminals'.[95] Other 'listed acts or things', such as ensuring information obtained in connection with a warrant is given in a particular format,[96] also would appear to be an effective means to achieve the objectives of the bill.  

1.101         However, the statement of compatibility otherwise does not specifically address how each of the listed acts or things a provider may be required to do in compliance with a technical assistance notice or request, or technical capability notice, is rationally connected to the objectives of the bill. It is not clear, for example, how modifying a service provided by a provider,[97] or requiring a provider to install software,[98] would be effective to achieve the objectives of protecting national security and public order by addressing crime and terrorism.  In relation to technical capability notices, the statement of compatibility states that capabilities built as a result of acts or things done pursuant to a technical capability notice 'may' assist agencies to access private communications for investigative purposes,[99] but does not elaborate as to how. Further information from the minister as to how each of the listed acts or things are rationally connected with the stated objectives of the bill would assist for the purposes of this analysis.

1.102         Further, the 'acts or things' that a provider can be compelled or requested to do is not limited to 'listed acts or things'.[100] As the list of acts or things that can be compelled or requested is non-exhaustive, it is difficult to assess whether the measures as a whole are rationally connected with the objectives of the bill.  Further information from the minister as to how requesting or compelling a provider to do any act or thing beyond the 'listed acts or things' in the bill is effective to achieve the objectives of the measures would assist with this analysis.

Proportionality

Power to give technical assistance notices or requests, or technical capability notices

1.103         As to proportionality, measures that restrict the right to privacy and freedom of expression must be no more extensive than is strictly necessary to achieve their stated objective.  While the statement of compatibility addresses the features of the measures and relevant safeguards, it does not explain why existing powers available under the warrant and authorisation scheme are insufficient to address the stated objectives, and therefore why the measures are strictly necessary. Nor does it consider whether the measures represent the least rights restrictive approach, compared with, for example, amending the relevant warrant and authorisation regimes.

1.104         While the stated objective of the measures is 'protecting national security and public order by addressing crime and terrorism',[101] the proposed power to give technical assistance notices or requests, or technical capability notices, is not limited in this way and may be broader in scope.  Specifically, the statement of compatibility does not explain why it is necessary for the purposes of safeguarding national security and addressing crime to seek assistance from providers in relation to 'enforcing laws that attract a pecuniary penalty' or, in relation to technical assistance requests, 'the interests of Australia's foreign relations or the interests of Australia's national economic well-being'.[102] The terms 'foreign relations' and 'national economic well-being' are not defined in the bill, and could apply to a broad range of conduct not necessarily involving crime and terrorism.  This raises concerns that the measures as framed may be overly broad with respect to its stated objectives.

1.105         The power to give a technical assistance notice or request is restricted to senior executive staff in all agencies,[103] and the power to give a technical capability notice is restricted to the Attorney-General.[104] The statement of compatibility concludes that 'accordingly, requests will only be issued by persons with the appropriate seniority and expertise who are in a position to effectively determine the proportionality, reasonableness, practicability and technical feasibility of any request'.[105]  In relation to technical assistance notices and technical capability notices, this may be a relevant safeguard for the purposes of proportionality in terms of ensuring that the power is exercised in a way that is not arbitrary. 

1.106         However, there are questions as to whether this is a relevant safeguard in relation to technical assistance notice, the giving of which does not require the Director-General or chief officer of an interception agency to determine that it is proportionate, reasonable, practicable or technically feasible. Given that technical assistance requests, if fulfilled by a provider, would appear to impact rights in the same way as technical assistance notices and technical capability notices, further information from the minister as to safeguards relevant to the decision to issue technical assistance requests that prevent the power from being exercised arbitrarily would be useful for the purposes of this analysis.

1.107         In relation to safeguards to prevent the arbitrary exercise of the power to issue technical capability notices, the statement of compatibility states that 'prior to a notice being issued, there is a mandatory 28 day consultation period with the relevant provider' and that 'this will ensure that the powers are not exercised arbitrarily'.[106]  However, there are questions as to whether the mandatory 28 day consultation period would function as a safeguard to prevent the power from being exercised arbitrarily for the purposes of human rights law. This is because it appears that the Attorney-General is not required to take into account any concerns raised by the relevant provider, and in any event those concerns may not necessarily be relevant to the impact a technical capability notice may have on human rights. 

1.108         Also relevant to proportionality is the extent to which the measure interferes with other rights. In this respect, concerns arise from the extent to which the measures can be used to obtain assistance from a provider with the enforcement of criminal laws in force in a foreign country.[107]  The committee has previously raised concerns regarding the human rights implications of Australia's mutual legal assistance scheme.[108] These concerns are relevant to the bill insofar as any requests for assistance from foreign countries would be governed by Australia's mutual legal assistance scheme. Further discussion of the interactions between the bill and the mutual legal assistance scheme are discussed further below at [1.202]-[1.203].

1.109         Another relevant factor in assessing whether a measure is proportionate is whether there is the possibility of oversight and the availability of review.[109] The power to give a technical assistance notice or request, or technical capability notice, is not exercised by a judge, nor does a judge supervise its application. Section 317ZFA provides a discretionary power to a court, in relation to proceedings before it, to make such orders as the court considers appropriate in relation to the disclosure, protection, storage, handling or destruction of technical assistance information, if the court is satisfied that it is in the public interest. The bill does not otherwise provide for court involvement in the process of giving a technical assistance notice or request, or technical capability notice. The bill additionally seeks to amend the Administrative Decisions (Judicial Review) Act 1977 (ADJR Act) to exclude decisions under Part 15 of the Telecommunications Act (which would include a decision to issue a technical assistance notice or request, or technical capability notice) from judicial review under the ADJR Act.[110]  In these circumstances, further information from the minister as the adequacy of the safeguards in terms of oversight and review would assist in determining the proportionality of the measures.

'Acts or things' compelled by a technical assistance notice or technical capability notice, or requested by a technical assistance request

1.110         There are also concerns as to the proportionality of the measures as they relate to the 'acts or things' the providers would be compelled to do in compliance with a technical assistance notice or technical capability notice, or could agree to do in relation to a technical assistance request. In this respect, the statement of compatibility indicates that the limitation on human rights ‘would not be arbitrary because a technical assistance request or notice may only be issued for a specified list of acts or things'.[111] However, the language of the bill is broader, such that the acts or things that may be specified in a technical assistance notice or request 'include (but are not limited to) listed acts or things', and for the purposes of a technical capability notice, 'listed help' may also include acts or things determined by the minister in a legislative instrument.[112]

1.111         In terms of safeguards relating to the disclosure of private information, it is relevant that section 317ZH provides that 'a provider cannot be asked to provide the content of a communication or private telecommunications data... without an existing warrant or authorisation' under the TIA Act, SD Act, Crimes Act, ASIO Act, the IS Act and their state and territory equivalents,[113] and that there is an express prohibition in section 317ZG on compelling a provider to implement or build a systemic weakness or vulnerability into a form of electronic protection,[114] also known as a 'back door'.[115] However, these safeguards appear to apply only to technical assistance notices and technical capability notices, and not technical assistance requests.[116] There is also a question as to whether variations to technical assistance notices or technical capability notices would be subject to this safeguard.  To assess the proportionality of these measures, further information from the minister is required as to whether a technical assistance request (or variation to a technical assistance notice or technical capability notice) could be used to request or compel information to be provided for which a warrant would ordinarily be required, or to request or compel a provider to build a 'back door'.

1.112         In relation to whether section 317ZH provides a safeguard to protect the disclosure of personal information, the section states that a notice has 'no effect' to the extent it seeks to compel a provider to do an act or thing for which a warrant would be required. While sections 317P and 317V prevent a relevant decision maker from issuing a notice unless satisfied of certain things (namely that the requirements it sets are reasonable and proportionate, and compliance with the notice is practicable and technically feasible),[117] it appears that a decision maker can still issue a notice even if it seek to compel a provider to do an act or thing for which a warrant would be required. It therefore appears that it would be for the provider receiving the notice to determine if the relevant notice seeks to compel the provider do an act or thing for which a warrant is required. There are questions as to how a provider, especially smaller or unsophisticated providers, are expected to know whether or not what has been requested or compelled requires a warrant, and therefore how to respond accordingly. Further information is required as to how this will operate as a relevant safeguard, including whether it would be possible to amend the decision-making criteria to state that a notice must not be issued unless the decision-maker is satisfied it does not seek to compel a provider to do an act or thing for which a warrant is required.

1.113         In any case, whether a warrant or authorisation scheme will function as an effective safeguard turns upon the extent to which the warrant and authorisation scheme constitutes a proportionate limitation on the right to privacy. In relation to the warrant or authorisation powers under the TIA Act, as that Act was legislated prior to the establishment of the committee, the scheme has never been required to be subject to a foundational human rights compatibility assessment in accordance with the terms of the Human Rights (Parliamentary Scrutiny) Act 2011.[118] It is therefore difficult to assess whether the warrant or authorisation scheme in the TIA Act would operate as a sufficient safeguard. The same concern arises in relation to the warrant and authorisation scheme under the SD Act.

1.114          The committee has previously noted in relation to the TIA Act, however, that while the warrant regime may assist to ensure that access to private communications is sufficiently circumscribed, questions arise as to the proportionality of the broad access that may be granted in relation to 'services' or 'devices' under the relevant chapters of the TIA Act.[119] This would be particularly relevant in the context of this bill given the broad scope of 'acts or things' that may be done to 'services' or 'devices' pursuant to a technical assistance notice.  Further information from the minister in relation to the human rights compatibility of the warrant and authorisation scheme of the TIA Act insofar as it interacts with the bill would assist the human rights assessment of the proposed measures. 

1.115         In relation to the warrant or authorisation powers under other legislative schemes referred to in the statement of compatibility, there are also questions as to the extent to which the enabling legislation of 'interception agencies', such as state-based commissions charged with investigating corruption and misconduct, functions as a sufficient safeguard, given the broad investigative powers afforded to such bodies. Such investigative powers are exercised pursuant to warrant and authorisation regimes which may operate without judicial oversight.[120]

1.116         Further, while section 317ZG is intended to operate to prevent notices from being used to compel providers to implement or build systemic weaknesses or vulnerabilities, there are questions as to whether this functions as a sufficient safeguard for the purposes of international human rights law.  The bill itself does not define systemic weakness or vulnerability and therefore appears to leave this determination to the person that gives the notice.  In this respect the statement of compatibility provides that:

While systemic weaknesses cannot be built into services or devices, a technical assistance notice can require the selective deployment of a weaknesses [sic] or vulnerability in a particular service, device or software on a case-by-case basis.  Deployment of this kind is necessary to access protected information of suspect individuals and gather intelligence or evidence in the course of an investigation.  This will ensure that the powers achieve legitimate, national security and law enforcement objectives without unduly jeopardising the legitimate privacy and information security interests of innocent parties.[121]

1.117         The statement of compatibility does not elaborate as to how weaknesses or vulnerabilities in a particular service, device or software can be 'selectively deployed' in a way that is limited to matters in relation to individuals under investigation, and in a manner that will not unnecessarily intrude into the private life of the person under investigation or third persons. This raises concerns under international human rights law in circumstances where it has been observed that the exploitation of a weakness or vulnerability in encryption may weaken security systems more generally.[122] Further information from the minister as to how the scheme will be limited to avoid broader effects on the users of a provider's service or device would assist with the analysis of the proportionality of the measure.

Committee comment

1.118        The preceding analysis raises questions about the compatibility of technical assistance notices, technical capability notices and technical assistance requests with the rights to privacy and freedom of expression.

1.119        The committee therefore seeks the advice of the minister as to the compatibility of the measures with these rights, including:

• an explanation of the pressing and substantial concern that gives rise to the need for the measures  (including how aspects of the measures that do not on their face relate to decryption are directed towards addressing the stated objective of the measures);
• whether the power to give a technical assistance request in relation to 'the interests of Australia's foreign relations or the interests of Australia's national economic well-being', relates to a permissible ground on which the right to freedom of expression can be restricted;
• whether granting each of the agencies that fall within the definition of 'interception agency' the power to give technical assistance notices or requests is rationally connected to (that is, effective to achieve) the stated objectives of the measures;
• whether each of the listed acts or things specified in proposed section 317E is rationally connected to (that is, effective to achieve)  the stated objectives of the measures;
• whether the measures are proportionate to the stated objectives, including:
• why the current warrant and authorisation schemes are insufficient to address the stated objectives of the bill, and whether the measures therefore represent the least rights restrictive approach to addressing the objectives of the bill;
• safeguards relevant to the decision to issue technical assistance requests;
• safeguards in terms of oversight and review of the measures and whether these are adequate for the purposes of ensuring the proportionality of the measures;
• the human rights compatibility of the warrant and authorisation scheme of the Telecommunications (Interception and Access) Act 1979 insofar as it interacts with the measures;
• the adequacy of the safeguards to ensure that notices and requests will not be used to obtain personal information for which a warrant would be required (including whether it would be possible to amend the decision-making criteria to state that a notice must not be issued unless the decision-maker is satisfied it does not seek to compel a provider to do an act or thing for which a warrant is required);
• whether a technical assistance request could be used to request a provider to do a thing for which a warrant or authorisation under the Telecommunications (Interception and Access) Act 1979, the Surveillance Devices Act 2004, the Crimes Act 1914, the Australian Security Intelligence Organisation Act 1979, the Intelligence Services Act 2001 or equivalent State and Territory laws would be required, and if so, the relevant safeguards that would apply;
• whether a technical assistance request could be used to request or compel a provider to implement or build a systemic weakness or vulnerability, and if so, the relevant safeguards that would apply;
• whether it would be feasible to amend sections 317ZG and 317ZH to also apply to technical assistance requests, and to expressly refer to variations to technical assistance notices and technical capability notices;
• whether it would be feasible to define 'systemic vulnerability' and 'systemic weakness', and if not, whether the scheme will be sufficiently circumscribed so as to avoid broader effects on the users of a provider's service or device; and
• any other information relevant to determining the proportionality of compatibility of the measures with the rights to privacy and expression.

Compatibility of the measures with the right to an effective remedy

1.120         Article 2(3) of the ICCPR protects the right to an effective remedy for any violation of rights and freedoms recognised by the ICCPR, including the right to have such a remedy determined by competent judicial, administrative or legislative authorities or by any other competent authority provided for by the legal system of the state.  While limitations may be placed in particular circumstances on the nature of the remedy provided (judicial or otherwise), state parties must comply with the fundamental obligation to provide a remedy that is effective.[123]

1.121         The statement of compatibility acknowledges that the bill may engage the right to an effective remedy insofar as an individual's rights are infringed by compliance with a notice, because the bill does not provide for merits review of decision making and excludes judicial review under the ADJR Act.[124] The statement of compatibility suggests, however, that individuals will still be entitled to an effective remedy as Australian courts will retain jurisdiction for judicial review of a decision of an agency head to issue a technical assistance notice or the Attorney-General's decision to issue a technical capability notice (presumably by way of prerogative writ).[125] However, it is not clear how a natural person could pursue judicial review of a decision to issue a technical assistance notice or technical capability notice in circumstances where they may not be aware that a notice has been issued.[126] Further information from the minister as to how this ensures the right to an effective remedy would assist with this analysis.

1.122         Technical assistance requests also engage the right to an effective remedy because they provide immunity from civil liability for any act or thing done by a provider in compliance with a technical assistance request.  If the act or thing involves a breach of human rights, this could raise concerns about the availability of an effective remedy for victims in these circumstances. However, the statement of compatibility does not address the right to an effective remedy in relation to technical assistance requests and accordingly no assessment was provided as to the compatibility of this measure with this right.

Committee comment

1.123        The preceding analysis raises questions as to the compatibility of technical assistance notices, technical capability notices and technical assistance requests with the right to an effective remedy. In relation to technical assistance notices and technical compatibility notices, this was not fully addressed in the statement of compatibility.  In relation to technical assistance requests, this was not addressed at all in the statement of compatibility.

1.124        The committee therefore seeks the advice of the minister as to the compatibility of the measures with this right.

Computer access warrant scheme in the Surveillance Devices Act

1.125         The SD Act currently governs the use of optical surveillance devices, listening devices, data surveillance devices and tracking devices by law enforcement agencies.  Schedule 2 of the bill introduces a computer access warrant scheme into the SD Act, as well as several related and additional orders and authorisations relating to accessing data held on computers. A computer access warrant enables officers to search a computer[127] remotely or physically and access content on that computer.[128]

Computer access warrants

1.126         Proposed section 27A provides that computer access warrants can be sought in a number of different circumstances, including:

• in relation to investigations into the commission of 'relevant offences'[129] or where there has been a 'mutual assistance authorisation'[130] where the law enforcement officer suspects on reasonable grounds that access to data[131] held in a computer[132] (the 'target computer')[133] is necessary in the course of that investigation for the purpose of enabling evidence to be obtained of the commission of the relevant offences, or the identity or location of the relevant offenders;
• where a recovery order[134] is in force and where the law enforcement officer suspects on reasonable grounds that access to data held in a target computer may assist in the location and safe recovery of the child to whom the recovery order relates; 
• where an 'integrity authority'[135] is in effect authorising an integrity operation in relation to an offence committed by a staff member of a target agency and the officer suspects on reasonable grounds that access to data held in a target computer will assist the conduct of the integrity operation  in specified ways; and
• where a 'control order' is in force in relation to a person and the officer suspects on reasonable grounds that access to data held in a target computer to obtain information relating to the person would be likely to substantially assist in specified matters, including determining whether the control order or any succeeding control order has been or is being complied with.

1.127         Proposed section 27C provides that a computer access warrant is issued by an eligible Judge or a nominated AAT member (decision maker).[136] To issue a computer access warrant, the decision maker must be satisfied of various matters including that there are reasonable grounds for the suspicion founding the application for a warrant. The decision maker must also 'have regard to' various other matters including the nature and gravity of the alleged offence (where applicable), the extent to which the privacy of any person is likely to be affected, the existence of any alternative means of obtaining the evidence or information sought to be obtained, and the likely evidentiary or intelligence value of evidence or information obtained.

1.128         A computer access warrant authorises specified things to be done in relation to a target computer that the decision maker considers appropriate in the circumstances, including:

• entering premises;
• using the target computer for the purpose of obtaining access to data held on the target computer in order to determine whether the relevant data is covered by the warrant;
• adding, copying, deleting or altering other data in the target computer for certain purposes;
• using any other computer to access the relevant data (if, having regard to other methods of obtaining access to the relevant data which are likely to be as effective, it is reasonable to do so);
• removing a computer or other thing from premises to do any thing specified in the warrant;
• intercepting a communication passing over a telecommunications system, if the interception is for the purpose of doing any thing specified in the warrant;[137] and
• any other thing reasonably incidental to any of the above.[138]

1.129         There are also concealment of access powers[139] and provisions which compel persons to provide assistance to law enforcement to allow the officer to access data,[140] discussed in further detail below.

1.130         In addition to these matters, the computer access warrant must authorise the use of any force against persons and things that is necessary and reasonable to do the things specified in the warrant.[141] Orders can also be made that a person not be required to disclose information in proceedings that would reveal details of computer access technologies or methods in certain circumstances.[142]

Additional measures in relation to computer access warrants for control orders

1.131         Proposed section 65A(2) in Schedule 2 of the bill provides that a person is not criminally liable for any actions done under a control order access warrant issued on the basis of an interim control order where the interim control order is subsequently declared to be void. Further, if a court declares an interim order is void, any information obtained under the control order access warrant can be used, communicated or published if the person reasonably believes that doing so is necessary for preventing or reducing the risk of the commission of a terrorist act or serious harm to a person or property, or if the person does so for certain purposes including in relation to a matter arising under a preventative detention order.[143]

Emergency authorisation for access to data held in a computer

1.132         Additionally, the bill seeks to amend the SD Act to provide that a law enforcement officer may apply to an 'appropriate authorising officer'[144] for an emergency authorisation for access to data held in a target computer[145] in certain circumstances where the matters are of such urgency that access to data held in the target computer is necessary, and it is not practicable in the circumstances to apply for a computer access warrant.[146] The appropriate authorising officer may give the emergency authorisation if satisfied of certain matters, including that there are reasonable grounds for the suspicion founding the application.[147]

1.133         Within 48 hours after giving an emergency authorisation, the person who gave the authorisation must apply to an eligible Judge or nominated AAT member for approval of the giving of the emergency authorisation. The Judge or eligible AAT member may give the approval if satisfied of certain matters.[148] In making this decision, the decision-maker considering the application must, in particular, and 'being mindful of the intrusive nature of accessing data held in a target computer',[149] consider several factors. These factors include the nature of the risk which provided the basis for the emergency authorisation, the extent to which issuing a computer access warrant would have helped reduce or avoid the risk, and the extent to which law enforcement officers could have used alternative methods of investigation to help reduce or avoid the risk.[150]

Compatibility of the measures with the right to privacy

1.134         The measures in the new computer access warrant scheme in the SD Act engage and limit a number of rights, in particular the right to privacy. The relevant principles relating to the right to privacy are discussed above.

1.135         The statement of compatibility acknowledges that the new computer access warrant scheme engages the right to privacy 'insofar as accessing a person's personal information held in a computer is inherently privacy intrusive'.[151] It states that the measures pursue the following objective:

The measure is directed towards the legitimate purpose of ensuring that law enforcement agencies have appropriate powers to investigate serious crimes. Computer access is a valuable in the current digital environment because it allows officers to access data held on a device in an unencrypted state. The ability to execute computer access remotely limits interference with property and limits the risk of harm to law enforcement officers.[152]

1.136         The statement of compatibility also states that the measures pursue the objectives of protecting national security and public order, and that the amendments address advances in technology which enable serious criminals to conduct activities and communicate anonymously.[153] While this may be capable of constituting a legitimate objective for the purposes of international human rights law, further information is required as to the substantial and pressing concern each of the measures seeks to address. That is, while the statement of compatibility states that advances in technology have enabled criminals to conduct activities and communicate anonymously, more information is needed to conclude that this creates a substantial and pressing national security or public order concern, so as to give rise to a legitimate objective justifying the limitation of human rights. Further, it is not clear how some aspects of the computer access warrant regime, such as the proposed use of force provision, are rationally connected to the achievement of any such national security or public order objective.[154] Further information as to the substantial and pressing concern each of the measures seeks to address, and how each of the measures is rationally connected to the achievement of the relevant objectives, would assist with this analysis.

1.137         The statement of compatibility states that the measures include 'a range of safeguards to ensure that the limitation on privacy is reasonable, proportionate and necessary'.[155] These safeguards include, in relation to computer access warrants, that:

• a law enforcement officer must have reasonable grounds to suspect that access to data held on a particular computer is necessary to investigate a federal offence which carries a maximum penalty of at least three years imprisonment;
• the chief officer of the law enforcement agency to which the computer access warrant was issued must revoke the warrant if it is no longer required to obtain evidence of the offence, and also has an obligation to ensure that access to data is discontinued;
• a Judge or nominated AAT member is responsible for issuing a computer access warrant, and in all cases, the Judge or AAT member must have regard to the extent to which the privacy of any person is likely to be affected and the existence of any alternative means of obtaining the evidence or information sought to be obtained;
• a computer access warrant does not authorise activities likely to cause material loss or damage to other persons lawfully using a computer,[156] except where necessary for concealment (discussed further below); and
• the chief officer of a law enforcement agency must report to the Attorney-General on every computer access warrant issued, and agencies must report annually on the number of warrants applied for and issued during the year and the number of emergency authorisations.[157]

1.138         These safeguards are relevant to determining the proportionality of the limitation on the right to privacy.

1.139         The statement of compatibility also identifies that there are restrictions on the use of information obtained under a computer access warrant in the SD Act, including offences relating to unauthorised disclosure.  It also notes that the use, recording and communication of information obtained in the course of intercepting a communication in order to execute a computer access warrant is also restricted, because where an agency wants to gain intercept material for its own purpose, it must apply for, and be issued with, an interception warrant under Chapter 2 of the TIA Act.[158]

1.140         However, as the committee has previously stated, the SD Act was legislated prior to the establishment of the committee, and has therefore not been subject to a foundational human rights compatibility assessment in accordance with the Human Rights (Parliamentary Scrutiny) Act 2011. It is difficult to assess the human rights compatibility of measures which extend or amend the existing legislation, or make an assessment as to whether the existing safeguards in the SD Act are sufficient, without the benefit of a foundational human rights assessment.[159]

1.141         Further, a number of the measures raise concerns from the perspective of proportionality that are not sufficiently addressed in the statement of compatibility.  In order to constitute a proportionate limitation on the right to privacy, measures must only go so far as is strictly necessary to achieve the stated objectives of the measures. However, computer access warrants authorise a number of measures which may significantly interfere with a person's privacy, including entering a premises, using a computer, adding or deleting data to a computer, and removing a computer. In particular, computer access warrants can authorise entering third party premises and using 'any other computer' to access relevant data.[160] This is, of its nature, very intrusive and may occur in circumstances where the owner of the third party computer or premises may not be suspected of committing any criminal offence or any of the other bases on which a warrant can be granted (such as being the subject of recovery order). While the use and manipulation of data in another computer is subject to the requirement that it be reasonable in the circumstances and that the relevant decision maker consider other methods of obtaining access that are likely to be effective,[161] it is not clear these safeguards are sufficient in light of the very substantial interference with the right to privacy associated with these measures. This is particularly the case given the broad definition of computer, such that many types of devices may be caught within the scope of these measures, including mobile phones and communications devices which use computers or computing technology as their functional basis (such as security systems, internet protocol cameras and digital video recorders).[162] This raises concerns that the measure may not be sufficiently circumscribed to constitute a proportionate limitation on the right to privacy.

1.142         Further, the statement of compatibility does not address the proportionality of the emergency authorisations. As noted earlier, an emergency authorisation allows access to data held in a target computer without a computer access warrant in certain circumstances of urgency. While a Judge or AAT member is required to approve the emergency authorisation, this is not required until up to 48 hours after the authorisation is originally given, during which time the data could be obtained. The statement of compatibility does not, for example, provide any information as to the compatibility with the right to privacy of the treatment of information where a decision maker does not subsequently approve the emergency authorisation. The explanatory memorandum states that in such circumstances the decision maker may make certain orders (including issuing a computer access warrant for subsequent access) but that the decision maker may not authorise the destruction of relevant information because 'such information, while improperly obtained may still be required for a permitted purpose such as an investigation'.[163] There would appear to be less rights restrictive approaches available, including the destruction of information and obtaining a new warrant for an investigation. Further information as to the proportionality of the emergency authorisations, including whether such authorisations are sufficiently circumscribed, are the least rights restrictive approach, and are accompanied by adequate safeguards, would assist in determining the proportionality of these measures.

Committee comment

1.143        The preceding analysis indicates that the proposed computer access warrant scheme in Schedule 2 of the bill engages and limits the right to privacy.

1.144        The committee therefore seeks the advice of minister as to the compatibility of the measures with this right, including:

• having regard to the matters discussed in the preceding analysis, whether there is reasoning or evidence that establishes that each of the measures addresses a pressing or substantial concern, or whether the proposed changes are otherwise aimed at achieving a legitimate objective;
• how the measures are effective to achieve (that is, rationally connected to) the stated objective;
• whether the measures are a proportionate limitation on the right to privacy, including:
• whether the measures are sufficiently circumscribed (including in relation to the proposed powers to be able to enter third party premises and use third party computers);
• whether the emergency authorisations are proportionate, including whether such authorisations are sufficiently circumscribed, are the least rights restrictive approach, and are accompanied by adequate safeguards;
• whether the existing safeguards in the Surveillances Devices Act 2004 are sufficient insofar as those safeguards interact with the measures in the bill; and
• any other information relevant to determining the proportionality of the measures in Schedule 2 of the bill.

Compatibility of the measures with the right to a fair trial and fair hearing

1.145         As noted earlier, Schedule 2 of the bill also provides that information relating to computer access technologies and methods may be prohibited from disclosure in proceedings.[164] As noted in the statement of compatibility, this engages the right to a fair trial and fair hearing because the result of this provision is 'that there may be circumstances where a defendant will not have a chance to review material that the relevant Judge has decided warrants capability protection'.[165]

1.146         The right to a fair trial in Article 14 of the ICCPR provides that in the determination of any criminal charge against a person, that person shall be entitled to certain minimum guarantees including the right to be informed of the charge and to understand the nature of the cause of the charge, and to have adequate time and facilities to prepare a defence. Limitations on the right to a fair trial are permissible where the measures pursue a legitimate objective and are rationally connected with and proportionate to that objective.

1.147         The statement of compatibility describes the objective of the measure as follows:

Preventing the release of sensitive operational information into the public domain is essential for the protection of the public and for national security. Releasing such information has inevitable harmful consequences for the ability of law enforcement to conduct future operations.[166]

1.148         In general, these objectives are capable of being legitimate objectives for the purposes of international human rights law. However, while such objectives may be legitimate in relation to public disclosure of sensitive information, it is not clear whether it is legitimate to preclude a defendant from accessing such information which may be relevant to their case. In this respect it is also not clear how precluding a defendant from reviewing such material is rationally connected to this objective.

1.149         In relation to proportionality, the statement of compatibility states:

To the extent the right to a fair trial is limited, the limitation is necessary and proportionate. Safeguards include that the presiding officer of the proceeding must make a determination whether the disclosure of the information is necessary for the fair trial of the defendant. It is anticipated that agencies will use computer access powers to gather such material as is necessary to enable other powers to collect evidentiary material, where it is possible to do so. For example, an agency may use a computer access power to gather such intelligence as to enable the application for search warrants under the Crimes Act to be made for a number of suspects. The Crimes Act search warrant would collect such evidence as would be presented in a relevant proceeding. Section 47A does not engage with the right to be informed in detail, in a language the defendant understands, as it only takes effect after charges have been laid.[167]

1.150         These are relevant safeguards and assist with the proportionality of the measure. However, further information as to whether there may be other less rights restrictive means available (such as allowing for disclosure to a defendant subject to certain conditions, or allowing for disclosure to a defendant's legal counsel), would assist in determining the proportionality of the measure.

Committee comment

1.151        The preceding analysis indicates that the power to prohibit disclosure of information relating to computer access technologies and methods engages and limits the right to a fair trial and fair hearing.

1.152        The committee seeks the further advice of the minister in relation to the compatibility of the measures with this right, including:

• whether precluding a defendant from accessing information as a consequence of proposed section 47A pursues a legitimate objective;
• whether this measure is rationally connected to (that is, effective to achieve) the stated objective; and
• whether the measure is proportionate (including whether there are other less rights restrictive measures available).

Compatibility of the use of force power with multiple rights

1.153         As noted earlier, the 'use of force' provisions in proposed section 27E(6) of the SD Act require computer access warrants to authorise the use of any force against persons and things that is necessary and reasonable to do the things specified in the warrant and, if the warrant authorises entering premises, state whether entry is authorised to be made at any time of the day or night or during stated hours of the day or night.

1.154         Use of force provisions engage multiple human rights. The provisions engage the right to privacy insofar as using force to enter a premises can interfere with a person's right to a private life. Empowering authorised persons to use force against persons may also engage and limit the right to life, as force may be used in a manner that could lead to a loss of life. Empowering persons to use force against other persons may engage the rights to freedom from torture, cruel, inhuman and degrading treatment or punishment, as force may be used in such a way that causes pain (physical or mental) in such a way that it amounts to a violation of these rights.

1.155         The statement of compatibility does not acknowledge that the use of force provisions engage any of these rights. In relation to the right to privacy and the right to life, limitations may be permissible if it is demonstrated that the measure addresses a legitimate objective, is rationally connected to that objective and is a proportionate means of achieving that objective. The prohibition on torture, cruel, inhuman and degrading treatment or punishment is absolute and can never be justified in any circumstances, regardless of the objective sought to be achieved. Further information from the Minister would therefore assist in determining the compatibility of the use of force provision with these rights.

Committee comment

1.156        The use of force provisions in proposed section 27E(6) of the Surveillance Devices Act 2004 engage and may limit the right to privacy and the right to life. They may also engage the prohibition on torture, cruel, inhuman and degrading treatment or punishment.

1.157        In relation to the right to privacy and right to life, the committee seeks the advice of the minister as to the compatibility of the use of force provisions with these rights, including:

• whether the measure is aimed at achieving a legitimate objective for the purposes of human rights law;
• how the measure is effective to achieve (that is, rationally connected to) that objective; and
• whether the limitation is a proportionate measure to achieve the stated objective.

1.158        In relation to the prohibition on torture, cruel, inhuman and degrading treatment or punishment, the committee seeks the advice of the minister as to the compatibility of the measures with this right, including any safeguards in place governing the use of force, and any monitoring or oversight in relation to the use of force.

Compatibility of the computer access warrants relating to control orders with multiple rights

1.159         The committee has previously considered that the control orders regime engages a number of human rights, including the right to equality and non-discrimination, the right to liberty, the right to freedom of movement, the right to a fair trial and fair hearing, the right to privacy, the right to freedom of expression, the right to freedom of association, the right to protection of the family, the right to work, the right to social security and an adequate standard of living, and the rights of children.[168]  To the extent that computer access warrants can be used against persons subject to a control order (including for determining whether a control order has been complied with), several of these rights may also be engaged, in particular the right to privacy.

1.160         Human rights, in particular the right to an effective remedy, may also be engaged in relation to the provisions of the bill that preclude criminal liability for persons who exercised powers relating to the control order computer access warrant if the control order is declared void, as well as the provision which allows for the use of information obtained under the warrant even if the order is declared void.[169] Further, in relation to the ability to use such information even if the control order is declared void, insofar as the information obtained can be used in relation to a matter arising under a preventative detention order,[170] the committee's analysis of the human rights compatibility of the preventative detention order regime is also relevant.[171]

1.161         The statement of compatibility does not acknowledge the human rights implications of these measures. Further information in relation to these matters would assist in assessing whether the measures are compatible with human rights.

Committee comment

1.162         The preceding analysis indicates that computer access warrants relating to control orders engage multiple human rights. The statement of compatibility does not provide an assessment of whether these measures are compatible with human rights.

Concealment of access powers

1.164         Schedule 2 of the bill also seeks to amend the ASIO Act and the SD Act to introduce new concealment of access powers. These powers would authorise doing any thing reasonably necessary to conceal the fact that any thing has been done to a computer. This can include authorisation to do any of the following:

• enter premises where the computer is reasonably believed to be, or enter any other premises for the purposes of gaining entry to or exiting the premises where the computer is reasonably believed to be;
• remove the computer or any other thing from any place where it is situated and return the computer or thing to that place;
• where it is reasonable in all the circumstances to do so: use any other computer or a communication in transit to conceal access; and if necessary to achieve that purpose – add, copy, delete or alter data in the computer or the communication in transit; and
• intercept a communication.[172]

1.165         The bill also provides authorisation to exercise these concealment powers with or without a warrant. In particular, the powers can be exercised at any time a computer access warrant is in force, or within 28 days after it ceases to be in force.[173]  However, if it is not possible to exercise the concealment powers within the 28-day period after the warrant ceases to be in force, the bill authorises the exercise of the powers 'at the earliest time after the 28-day period at which it is reasonably practicable'.[174]

Compatibility of the measures with the right to privacy

1.166         The relevant principles relating to the right to privacy are summarised above. As acknowledged in the statement of compatibility, the concealment of access powers engage and limit the right to privacy by enabling officers to access devices, which hold personal information, for the purposes of concealment.[175]

1.167         The statement of compatibility states that the measures pursue the objective of protecting the rights and freedoms of individuals by providing ASIO with the tools it requires to keep Australians safe.[176] It also provides the following information as to the rationale for introducing the measures:

The amendments are necessary to address situations where ASIO no longer has access to the computer at the time the warrant expires but needs to undertake concealment activities. Concealment activities are crucial to ensure that a person does not become aware they are the subject of an investigation, the investigation does not become compromised and sensitive agency capabilities are not revealed.

ASIO cannot always reliably predict whether, or when, it will be able to safely retrieve its devices without compromising a covert security intelligence operation. For example, a person may unexpectedly relocate their computer or device prior to the expiry of the warrant, precluding ASIO from taking the necessary steps to conceal the fact that it had accessed the device under warrant until the computer or device is available to be access again.

Once the warrant has expired ASIO may not be able to obtain a further computer access warrant to undertake retrieval and concealment activities, as retrieving and concealing would (by definition) not necessarily meet the statutory threshold of ‘substantially assisting the collection of intelligence’.[177]

1.168         While this is capable of giving rise to a legitimate objective, further information is required to determine whether this objective is legitimate in the context of these specific measures. It is not clear from the information provided, for example, how concealment of access powers pursue the objective of 'keeping Australians safe'. Further information is also required in order to determine whether this objective applies to the proposed powers under the SD Act and, if not, the legitimate objective of the concealment of access powers under that Act.  This information would also assist in determining whether the measures are rationally connected to the objectives sought.

1.169         In relation to proportionality, the statement of compatibility provides the following information:

The requirement that the concealment activities be performed ‘at the earliest time after than 28-day period at which it is reasonably practicable to do so’ acknowledges that this authority should not extend indefinitely, circumscribing it to operational need.

The authority conferred by the amendments can only be exercised by the Director-General, or a person or class of persons approved by the Director-General in writing. This item provides a safeguard against the arbitrary exercise of the range of activities permitted by the new subsection.[178]

1.170         While these are relevant safeguards, there remain questions as to the proportionality of the measures. In particular, the powers to conceal access under the bill are extensive, and include entering premises of third parties and using the computers of third parties to conceal the fact that a thing has been done under a warrant. This raises concerns that the measures may be overly broad and more extensive than is strictly necessary to achieve the objectives of the measures.

1.171         The power to conceal access 'at the earliest time after the 28-day period [after the warrant expires] at which it is reasonably practicable' raises additional concerns in relation to proportionality. While the statement of compatibility states that the requirement to exercise the power as early as reasonably practicable means that the authority should not extend indefinitely, 'reasonably practicable' is not defined and the provision is not subject to any express time limits. Therefore while as a matter of practice the authority may not extend indefinitely, on the face of the bill the authority could do so if it were not reasonably practicable to exercise the power within a particular timeframe. It appears possible that the authority could be in force for a substantial period of time. This raises concerns as to whether the measures are sufficiently circumscribed. There also appear to be other, less rights restrictive, options available, including requiring further authorisation and supervision from a court following the expiry of the warrant or 28 day period, or defining 'reasonably practicable' by reference to a specific time limit. Further information in relation to these matters would assist in determining the proportionality of the measures.

Committee comment

1.172        The preceding analysis indicates that concealment of access powers in the proposed amendments to the Surveillance Devices Act 2004 and the Australian Security Intelligence Organisation Act 1979 engage and limit the right to privacy.

• whether the proposed concealment access powers in each of the Surveillance Devices Act 2004 and Australian Security Intelligence Organisation Act 1979 pursue a legitimate objective (including reasoning and evidence to how the measures address a pressing and substantial concern);
• whether the proposed concealment access powers are effective to achieve (that is, are rationally connected to) the stated objective; and
• whether the proposed concealment access powers are proportionate (including whether the measures are sufficiently circumscribed and whether there are other less rights restrictive measures available).

Powers to compel persons to assist officers to access data and devices

1.174         Schedule 2 of the bill also seeks to introduce a new provision into the SD Act relating to 'assistance orders', under which a law enforcement officer may apply to a decision maker for an order requiring certain persons (such as the owner of a computer or an employee of the owner of a computer)[179] to provide any information or assistance that is reasonable and necessary to allow the officer to access data that is held in a computer that is the subject of a computer access warrant or emergency authorisation.[180] Assistance orders can also be made to copy data held in the computer to a data storage device, or convert data held in the computer or data storage device into documentary form or another intelligible form.

1.175         Schedules 3 and 4 similarly seek to amend the Crimes Act and Customs Act respectively to compel assistance from a person with accessing a device that has been seized under warrant, by making it an offence not to comply with an order to assist where the person is capable of compliance.[181]  The offence is punishable by imprisonment for 5 years or 300 penalty units or both, or 10 years or 600 units or both if the offence to which the relevant warrant relates is a serious offence or a serious terrorism offence.[182]

1.176         Schedule 5 seeks to empower the Attorney-General to make an order requiring a specified person to provide assistance that is reasonable and necessary to ASIO in order to gain access to data on a device subject to an ASIO warrant, upon request by the Director-General of ASIO. A person that does not comply with an order is liable to a maximum of five years' imprisonment.

Compatibility of the measures with the right to privacy

1.177         The statement of compatibility acknowledges that these measures engage and limit the right to privacy, insofar as it enables certain law enforcement officers and agencies, the Australian Border Force and ASIO to access private communications and other information on a person's device.[183]

1.178         The stated objective for the measures is the protection of national security and public order.[184] In relation to the proposed introduction of the measure into the Crimes Act in Schedule 3, the statement of compatibility explains why the measure is necessary to achieve its objectives:

The power to compel assistance is critical to Australia's national security and ensures that law enforcement has the tools necessary to protect Australians.  The power for law enforcement to be able to access portable technology devices is necessary and proportionate to achieving the legitimate objectives of protecting national security and public order.[185]

1.179         The statement of compatibility further states that the language of the current provisions is limited because the current provisions 'do not envision people carrying smartphones in their pockets' and the measure seeks to resolve this gap as 'inability to access information held on devices may impede legitimate investigations and prosecutions'.[186] The statement of compatibility indicates that the proposed provisions in Schedule 5 empowering the Attorney-General to make an assistance order is 'directed towards the legitimate objective of ensuring that ASIO can give effect to warrants which authorise access to a device' as 'ASIO's inability to access a device can frustrate operations to protect national security'.[187]

1.180         As previously noted, protecting national security and public order is capable of constituting a legitimate objective for the purposes of international human rights law. However, further information is needed to establish why the power to compel assistance in relation to each of the measures is 'critical' to Australia's national security, in particular, why the current capabilities, technology and powers available are insufficient to achieve the objectives to which the measures are addressed. Given the serious consequences for non-compliance with an assistance order, and its potential impact on the privacy of third parties, further information from the minister as to the pressing and substantial concern the measure seeks to address would assist with this analysis.

1.181         Compelling persons to provide assistance to access data and devices pursuant to a warrant appears to be rationally connected to (that is, effective to achieve) the objectives of protecting national security and public order. 

1.182         In relation to the proportionality of the measure for the purposes of the Customs Act, the statement of compatibility provides that 'the requirement for a magistrate to authorise warrants provides an important safeguard for person-based search warrants' and notes that to grant an order the magistrate has to be satisfied of several matters set out in the legislation.[188] This is an important safeguard and is relevant to the proportionality of that measure.

1.183         In relation to safeguards available under the ASIO Act for the proposed measures in Schedule 5, the statement of compatibility provides that 'legislative safeguards ensure any limitation on the right to privacy is reasonable and proportionate'.[189] However, the statement of compatibility does not elaborate as to how these purported safeguards will ensure that an assistance order does not limit the right to privacy beyond the extent which is strictly necessary for the purposes of protecting national security and public order. Similarly there is limited information provided as to the safeguards available in relation to the proposed assistance order provisions in the SD Act and the Crimes Act.

1.184         There are also concerns as to whether the measures are sufficiently circumscribed. The provisions may compel assistance from a broad range of persons. For example under the proposed amendments to the SD Act, persons who may be required to provide assistance include employees of the owner of the computer, a person engaged under a contract for services by the owner of the computer, a person who uses or has used the computer, or a person who is or was a system administrator for the computer.[190] While those persons can only be compelled to assist where the person has relevant knowledge of the computer or the measure applied to protect data held in the computer, 'relevant knowledge' is not defined. In any event, the measures nonetheless may involve a significant interference with a person's privacy. This is of particular concern since penalties for non-compliance with the provisions are significant: for example, the offence for non-compliance with an assistance order in Schedule 2 is punishable by imprisonment for 10 years or 600 penalty units or both,[191] and imprisonment of 5 to 10 years or 300 to 600 penalty units or both in relation to the provisions in Schedules 3 and 4.[192] 

Committee comment

1.185        The preceding analysis indicates the assistance order provisions in Schedules 2, 3, 4 and 5 engage and limit the right to privacy.

1.186        The committee therefore seeks the further advice of the minister as to the compatibility of the measures with this right, in particular:

• the pressing and substantial concern that the measures seek to address; and
• whether the measures are a proportionate limitation on the right to privacy (including whether the measures are sufficiently circumscribed and accompanied by adequate safeguards).

Interception of communications under ASIO computer access warrants

1.187         Schedule 2 of the bill also seeks to amend the ASIO Act to introduce new powers associated with the warrant scheme under the ASIO Act to gain access to computers (an 'ASIO computer access warrant'[193]).

1.188         Section 33(1) of the ASIO Act currently provides that ASIO computer access warrants do not authorise the interception of a communication passing over a telecommunications system operated by a carrier or carriage service provider. In order to intercept communications, ASIO is currently required to obtain a telecommunications service warrant under the TIA Act.[194]

1.189         The bill seeks to amend the ASIO Act to repeal section 33 and to expand the operation of ASIO computer access warrants to allow ASIO to intercept a communication passing over a telecommunications system, if the interception is for the purpose of doing anything specified in the ASIO computer access warrant.[195]  As a consequence, ASIO will no longer be required to obtain the second warrant under the TIA Act for this purpose.

Compatibility of the measures with the right to privacy

1.190         The relevant principles relating to the right to privacy are summarised above. As acknowledged in the statement of compatibility, the interception of communications under ASIO computer access warrants engages the right to privacy because interception (including interception to enable remote access to a computer) is 'inherently privacy intrusive'.[196] However the statement of compatibility states that the measures are compatible with the right to privacy as the limitation is reasonable, necessary and proportionate.[197]

1.191         The statement of compatibility states that the objective of this measure is for 'ASIO to have effective powers to execute its statutory function to protect national security'.[198] It further states:

The current arrangements cause administrative inefficiency by requiring ASIO to prepare two warrant applications, addressing different legal standards, for the purpose of executing a single computer access warrant. The process requires the Attorney-General to consider each application separately and in accordance with each separate criterion.

The amendments will mean ASIO will be able to obtain a single computer access warrant, which authorises an officer to undertake all activities that are required to give effect to that warrant. The amendments enhance the operational efficiency of ASIO to collect intelligence in Australia’s interest.[199]

1.192         To be capable of justifying a proposed limitation on human rights, a legitimate objective must address a pressing or substantial concern and not simply seek an outcome regarded as desirable or convenient. The stated justification for limiting the right to privacy in the statement of compatibility – namely, to enhance the operational effectiveness of ASIO and address an 'administrative inefficiency' caused by needing to obtain two warrants – does not appear to constitute a pressing and substantial concern for the purposes of international human rights law. Further information as to the legitimate objective of the measure would be helpful in this regard, and would also assist in determining whether the measure is rationally connected to this objective.

1.193         As to proportionality, the statement of compatibility states that the new interception powers are proportionate on the following basis:

The power is proportionate because the new provisions tightly constrain the purposes for which ASIO may use information intercepted under this provision. ASIO can only use intercepted information in order to execute the computer access warrant. In order for ASIO to use intercepted information for its own intelligence value, ASIO must obtain an interception warrant under the TIA Act.

Consistent with the existing provisions in the ASIO Act, computer access warrants are subject to strict tests and must be signed by the Attorney-General. The Attorney-General may only issue a warrant if he or she is satisfied that there are reasonable grounds for believing that access to data held in a computer will substantially assist the collection of intelligence in respect of matter that is important in relation to security.

1.194         There are safeguards in the bill that assist with the proportionality of the measure. This includes safeguards to be introduced into the TIA Act, including:

• prohibitions on ASIO, the Inspector-General of Intelligence and Security and the Director-General of Security using the computer access intercept information in connection with the performance of those organisations' functions;[200]
• prohibitions on disclosing information to staff members of certain agencies except for limited purposes of testing and development;[201] and
• a prohibition on giving ASIO computer access intercept evidence in an exempt proceeding, except in certain circumstances.[202]

1.195         However, there remain concerns in relation to the proportionality of the measure.  In particular, by expanding the operation of ASIO computer access warrants to allow ASIO to intercept a communication passing over a telecommunications system, the bill appears to, in effect, lower the threshold for obtaining a warrant to intercept such communications.  This is because, under the current regime, the threshold for obtaining the second warrant under the TIA Act is that the Attorney-General has be satisfied that:

1. the telecommunications service is being or is likely to be:
   • i. used by a person engaged in, or reasonably suspected by the Director‑General of Security of being engaged in, or of being likely to engage in, activities prejudicial to security; or
   • ia. the means by which a person receives or sends a communication from or to another person who is engaged in, or reasonably suspected by the Director‑General of Security of being engaged in, or of being likely to engage in, such activities; or
   • ii. used for purposes prejudicial to security; and
2. the interception by the Organisation of communications made to or from the telecommunications service will, or is likely to, assist the Organisation in carrying out its function of obtaining intelligence relating to security.[203]

1.196         In contrast, the threshold for obtaining an ASIO computer access warrant under the ASIO Act is that the Attorney-General is satisfied that there are reasonable grounds for believing that access 'will substantially assist the collection of intelligence' in respect of a matter that is important in relation to national security.[204] This test appears to be a lower threshold for obtaining the warrant. This appears to be acknowledged in the explanatory memorandum to the bill, which states that currently in some circumstances ASIO can obtain a computer access warrant (as currently defined) but cannot contain a telecommunications interception warrant.[205] Based on the information provided, however, it is not clear why the lower threshold in the ASIO Act, as opposed to the higher threshold in the TIA Act, was adopted for the amended ASIO computer access warrants. In this respect, a possible less rights restrictive approach would be to apply the higher threshold under the TIA Act.

Committee comment

1.197        The preceding analysis indicates the proposed amendments to ASIO computer access warrants to allow ASIO to intercept a communication passing over a telecommunications system engage and limit the right to privacy.

1.198        The committee therefore seeks the advice of the minister as to the compatibility of the measures with this right, including:

• whether the proposed amendments to ASIO computer access warrants to allow ASIO to intercept a communication passing over a telecommunications system pursue a legitimate objective (including reasoning and evidence to how the measures address a pressing and substantial concern);
• whether the measure are effective to achieve (that is, are rationally connected to) the stated objective; and
• whether the measures are proportionate (including whether there are other less rights restrictive measures available).

Assistance to foreign countries in relation to data held in computers

1.199         Schedule 2 of the bill also seeks to amend the Mutual Assistance in Criminal Matters Act 1987 (MA Act) to provide that the Attorney-General may, in the Attorney-General's discretion, authorise an 'eligible law enforcement officer'[206] to apply for a computer access warrant under the SD Act if the Attorney-General is satisfied that:

1. an investigation, or investigative proceeding, relating to a criminal matter involving an offence against the law of a foreign country (the requesting country) that is punishable by a maximum penalty of imprisonment for 3 years or more, imprisonment for life or the death penalty has commenced in the requesting country; and
2. the requesting country requests the Attorney-General to arrange for access to data held in a computer[207] (the target computer); and
3. the requesting country has given appropriate undertakings in  relation to:
   1. ensuring that data obtained as a result of access under the warrant will only be used for the purpose for which it is communicated to the requesting country; and
   2. the destruction of a document or other thing containing data obtained as a result of access under the warrant; and
   3. any other matter the Attorney-General considers appropriate.[208]

1.200         The 'target computer' may be a particular computer, a computer on particular premises, or a computer associated with, used by or likely to be used by, a person (whose identity may or may not be known).[209]

1.201         The bill also amends the definition of 'protected information' in the MA Act to incorporate the proposed new definition of 'protected information' in the SD Act, which states that any information (other than general computer access intercept information) obtained from access to data under either the new computer access warrant or emergency authorisation for access to data held in a computer is 'protected information'.[210] The effect of this, according to the explanatory memorandum, is that where information is obtained in response to a computer access warrant for a domestic investigation, the Attorney-General may authorise the provision of that information to a foreign country in response to a mutual assistance request, subject to existing restrictions under section 13A of the MA Act.[211]

Compatibility of the measure with multiple rights

1.202         The committee has previously raised concerns regarding the human rights implications of Australia's mutual legal assistance scheme in relation to the right to liberty, right to life, prohibition against torture and cruel, inhuman and degrading treatment, the right to a fair hearing, right to equality and non-discrimination and the right to an effective remedy.[212]

1.203         For example, concerns regarding the right to life arise because the MA Act allows the Australian government to give assistance to a foreign country to help it investigate an offence or gather evidence in order to prosecute. The MA Act provides that a request by a foreign country for assistance under the Act must be refused if the offence is one in respect of which the death penalty may be imposed. However, the MA Act qualifies this by saying that this prohibition will not apply if 'the Attorney‐General is of the opinion, having regard to the 'special circumstances' of the case, that the assistance requested should be granted’.[213] In relation to the present bill, then, providing assistance in the form of a computer access warrant may engage and limit the right to life to the extent it may lead to an individual in another country being tried and convicted of a criminal offence that carries the death penalty.[214]

1.204         The statement of compatibility does not acknowledge that the amendments to the MA Act introduced in Schedule 2 of the bill may engage multiple human rights and therefore does not provide an analysis of whether any limitation on these rights is permissible.[215] In accordance with the committee's Guidance Note 1, the committee's usual expectation where a measure may limit a human right is that the accompanying statement of compatibility explain how the measure supports a legitimate objective and how it is rationally connected to, and proportionate to achieve, its legitimate objective.

Committee comment

1.205        The committee has previously stated that the Mutual Assistance in Criminal Matters Act 1987 would benefit from a full review of the human rights compatibility of the legislation, as it raises human rights concerns in relation to the right to liberty, right to life, prohibition against torture and cruel, inhuman and degrading treatment, the right to a fair hearing, right to equality and non-discrimination and the right to an effective remedy.

1.206        The statement of compatibility does not acknowledge that any human rights are engaged by the amendments to the Mutual Assistance in Criminal Matters Act 1987 introduced in Schedule 2 of the bill. The committee therefore seeks the advice of the Minister on the compatibility of the amendments to that Act with these human rights.

Power for law enforcement and Australian Border Force to access computers remotely

1.207         Schedules 3 and 4 of the bill seek to empower law enforcement agencies and the Australian Border Force to remotely access a computer on premises the subject of a warrant obtained pursuant to the Crimes Act and Customs Act 1901 (Customs Act), respectively.[216]

1.208         The proposed amendments provide that, for the purposes of obtaining access to data (relevant data) held in a computer or device on premises subject to a warrant, an officer executing the warrant (executing officer) may use any other computer to determine if the relevant data is evidential material of the kind specified in the warrant.  In doing so, an executing officer may also copy the relevant data, or add, copy, delete or alter other data where necessary to use the computer or device for the purposes of the warrant.

1.209         The proposed amendments to the Crimes Act additionally seek to empower law enforcement agencies to use a computer found during a search authorised under the warrant (warrant computer), or telecommunications facility, or any other electronic equipment, for the purpose of obtaining access to 'account-based data'[217] of a living or deceased person who is/was the owner or lessee of the warrant computer, or who uses or has used the warrant computer,[218] to determine if it is evidential material of a kind specified in the warrant.

Compatibility of the measures with the right to privacy

1.210         The statement of compatibility notes that the measure engages the right to privacy by enabling law enforcement agencies and Australian Border Force 'to access private communications and other information on a device using a range of methods'.[219] However, it states that the restriction is necessary and proportionate to achieve the legitimate objective of 'protecting national security and public order' by providing law enforcement and Australian Border Force with 'the tools they require to investigate criminal activity and protect Australian's [sic] national security in a modern context'.[220] The statement of compatibility states further that 'currently... to use [the power to access data electronically] an officer must be physically located at the warrant premises' and that 'these amendments will allow [officers] to access data without having to be physically present'.[221] While protecting national security and public order is capable of constituting a legitimate objective, as noted earlier in order to justify a restriction on human rights, the measure must address a pressing and substantial concern, not just an outcome regarded as desirable and convenient. In this respect it is not clear whether introducing the measures so executing officers do not have to attend warrant premises in person addresses a pressing and substantial concern.

1.211         The power to access data held in a computer or device on premises the subject of a warrant under the Crimes Act or Customs Act appears to be rationally connected with the objective of protecting national security and public order. 

1.212         As to proportionality, the statement of compatibility provides that 'the bill includes limitations to ensure the power is proportionate and does not impact other users of communications services, including joint account holders',[222] namely:

The addition, deletion or alteration of data is not authorised when those actions are likely to interfere with communications in transit or the lawful use by other persons of a computer, unless specified in the warrant.  The addition, deletion or alteration of data is also not authorised when those actions are likely to cause other material loss or damage to other persons lawfully using a computer.[223]

1.213         This is capable of constituting a relevant safeguard, but questions remain as to the extent to which the safeguard will be effective. While the addition, deletion or alteration of data is not authorised if it will materially interfere with, interrupt or obstruct the lawful use by other persons of a computer, it will be authorised if it is necessary to do one or more of the things specified in the warrant.[224] Given that a computer or device on warrant premises is accessed for the broad purposes of obtaining evidential material of the kind described in the warrant, it appears that there could be a large number of circumstances in which adding, deleting or altering data such as to interfere with the lawful use of that computer by a third person could be justified as necessary to do one or more things for the purposes of the warrant. 

1.214         This raises concerns in the context of the proposed warrants under the Crimes Act, which allow access to account-based information. This measure could affect not just joint account holders, as the statement of compatibility notes, but could also potentially affect any person who has used that computer, for example to access their bank account through online banking. Further information from the minister as to how the safeguard will operate to limit the impact on third parties would be useful for the purposes of this analysis.

1.215         The statement of compatibility provides that the interference with privacy is 'not arbitrary' as it is 'authorised under domestic law'.[225] However, the exercise of a power prescribed by law can still be arbitrary if it is not necessary or if it is not sufficiently circumscribed in light of its objectives. Here, it is relevant that the power to access relevant data remotely can only be exercised if it is 'reasonable in all the circumstances to do so' having regard to 'other methods (if any) of obtaining access to the relevant data which are likely to be as effective'.[226]

1.216         This goes some way towards ensuring that the limitation on rights occasioned by remote access to data occurs only when it is strictly necessary. However, it is not required that other less rights restrictive means must be pursued first if available, just that they be considered before exercising the power.  In addition, other than the availability of alternative means, no definition or guidance is provided as to when it will be 'reasonable in all the circumstances' to access data remotely, thereby appearing to leave interpretation of this standard to the executing officer.  Therefore, it is unclear whether this will function as an effective safeguard to ensure that the power is only exercised when necessary such that the limitation on rights occasioned by the measure is proportionate to its objectives.

1.217         As currently framed, the power is such that it could be exercised in a broad range of circumstances, including potentially where it was simply more convenient to access information remotely than to attend warrant premises. Further information from the minister as to how safeguards will ensure that the measure is only used where necessary, such as any relevant guidelines that may assist executing officers in determining whether it is ‘reasonable in all the circumstances’ to access data remotely, would assist with this analysis.

Committee comment

1.218        The preceding analysis raises questions as to the compatibility of the proposed power of law enforcement and Australian Border Force to access computers remotely with the right to privacy.

1.219        The committee therefore seeks the advice of the minister as to the compatibility of the measures with this right, including:

• the pressing and substantial concern which the measures seek to address;
• how the proposed safeguards will be effective to limit the impact on the right to privacy of third parties who are lawful users of the computer or device subject to the warrant; and
• any relevant guidelines that may apply to the exercise of the power to access data remotely.

Power for Australian Border Force to search persons who may have computers or devices under the Customs Act

1.220         Proposed section 199A of the Customs Act in Schedule 4 of the bill empowers a judicial officer to issue a warrant authorising an ordinary search or a frisk search of a person where there are reasonable grounds to suspect the person has in their possession, or will in the next 72 hours have in their possession, any computer, or data storage device, that is evidential material.[227]

Compatibility of the measure with the right to privacy

1.221         The statement of compatibility acknowledges that the measure engages the right to privacy but concludes that 'the interference is proportionate and necessary to meet legitimate objectives'.[228] The statement of compatibility states that:

While the nature of searching a person in order to gain access to a device is inherently intrusive, it is not arbitrary as it is a targeted law enforcement tool designed to assist the [Australian Border Force] to effectively investigate crimes in the current technological environment.  The power has the legitimate objective of protecting national security and public order.[229]

1.222         Protecting national security and public order are capable of constituting a legitimate objective for the purposes of international human rights law, where there is a pressing or substantial concern to which the measure responds. While this is not explicitly identified, the statement of compatibility provides that 'under existing laws, the [Australian Border Force] could obtain a judicial warrant to search premises' but 'the amendments recognise that information is often stored on devices, held physically by persons, and that an inability to access the information may impede legitimate investigation and prosecutions'.[230] Given that the device would be subject to the warrant but for it being on a person, and given the prevalence of portable devices, such as smartphones, it would appear this is a pressing and substantial concern which the measure seeks to address. The measure also appears to be rationally connected to the objective.

1.223         In relation to proportionality, as noted by the statement of compatibility, the requirement for a judicial officer to authorise warrants, and the time limit of seven days for executing the warrant, are capable of functioning as relevant safeguards.[231] In relation to whether the warrant power is sufficiently circumscribed, the matters that are authorised by a search warrant relating to a person are largely identical to those authorised in relation to the proposed powers to access computers remotely under the Crimes Act and the Customs Act.[232] Therefore, the analysis and concerns raised above at [1.212]-[1.213] and [1.215]-[1.217] also apply in relation to the measure. That is, whether the safeguards will ensure that the power is only exercised when necessary, and in a manner that will limit its impact on third parties, such that the limitation on rights occasioned by the measure is proportionate to its objectives.

Committee comment

1.224        The preceding analysis raises questions as to the compatibility of the power for Australian Border Force to search persons who may have computers or devices under the Customs Act 1901 with the right to privacy.

1.225        The committee therefore seeks the advice of the minister as to the proportionality of the limitation on this right, including whether the proposed safeguards will be effective to limit the impact on the right to privacy of third parties who are lawful users of the computer or device subject to the warrant.

Amendments to the Crimes Act and Customs Act which allow electronic devices moved under warrant to be kept for analysis for 30 days

1.226         Schedules 3 and 4 of the bill seek to amend the Crimes Act and Customs Act respectively to extend the time period for which devices moved under warrant can be kept for analysis to 30 days, from the current period of 14 days permitted under the Crimes Act,[233] and 72 hours under the Customs Act.[234] 

Compatibility of the measure with the right to privacy

1.227         The statement of compatibility states that 'moving a person's computer or data storage device engages the right to privacy, as it may restrict a person's access to person information'[235] but that it is 'a proportionate and necessary measure to achieve the legitimate objective of protecting national security and public order'.[236]

1.228         The statement of compatibility does not identify the pressing and substantial concern which the measure seeks to address, but states that extending the timeframe to 30 days will ensure Australian Border Force can 'fulfil its statutory functions with forensic best practice'.[237] The statement of compatibility also indicates that extended timeframes will allow law enforcement agencies 'adequate time to conduct the lengthy and intricate forensic processes necessary to determine whether there is evidential material in the electronic advice'.[238] Further information from the minister as to how these matters constitute a pressing and substantial concern, including what constitutes 'forensic best practice' and information as to how current timeframes are inadequate or insufficient, would assist with assessing whether the measure pursues a legitimate objective and is rationally connected to that objective.

1.229         As to proportionality, limited information is provided in the statement of compatibility. It is not clear, for example, whether extending the time period to 30 days represents the least rights restrictive approach, or whether the same objectives could be achieved by, for example, extending the time period for less than 30 days, or extending the number of times an extension can be sought and the time period of those extensions. The statement of compatibility does not identify any safeguards to ensure the measure does not limit the right to privacy any more than necessary, nor does it consider the impact that, for example, holding a person's computer or mobile phone for a month, as opposed to three days or two weeks, may have on other rights.[239] It is also not clear from the bill or acts it seeks to amend whether there are processes in place to ensure that devices are returned expeditiously if it is determined that they do not contain evidential material relevant to the warrant before the end of the period for which the device may be lawfully held. Therefore, further information from the minister as to the relevant safeguards that apply to ensure that warrant property is only held as long as necessary to achieve the objectives of the bill would assist in determining the proportionality of the measure.

Committee comment

1.230        The preceding analysis raises questions as to the compatibility of the amendments to the Crimes Act 1914 and Customs Act 1901 which allow electronic devices moved under warrant to be kept for analysis for 30 days with the right to privacy.

1.231        The committee therefore seeks the advice of the minister as to the compatibility of the measure with this right, including:

• the pressing and substantial concern which the measure seeks to address (including how existing timeframes are inadequate for determining whether the device moved from warrant premises and kept for analysis contains evidential material of the type listed in the warrant);
• how extending the timeframes for which a device moved under a warrant can be held for analysis is rationally connected with (that is, effective to achieve) the objectives of the measure; and
• whether the measure represents a proportionate limitation on the right to privacy (including whether the measure represents the least rights restrictive approach to ensuring law enforcement and Australian Border Force have adequate time to determine if the device contains evidential material of the kind specified in the warrant, and any processes in place to ensure the devices are returned expeditiously).

Release from civil liability for providing voluntary assistance to ASIO

1.232         Schedule 5 of the bill amends the ASIO Act to release from civil liability, any person who voluntarily engages in conduct in accordance with a request from the Director-General of ASIO, for or in relation to that conduct.[240] 

Compatibility of the measure with the right to an effective remedy

1.233         The bill does not define 'conduct' (except insofar as it specifies some conduct which will not attract immunity from civil liability),[241] so it is difficult to assess what rights this measure may engage and limit, and whether those limitations are legitimate for the purposes of international human rights law. However, in general releasing a person from civil liability in relation to conduct engages the right to an effective remedy, insofar as an individual whose rights are violated by that conduct cannot pursue a civil remedy against the person. This raises concerns given that 'conduct' is not defined in the bill and therefore could potentially encompass a wide range of acts that could impact individual rights, relevantly limited only by the requirement that it not be an offence.[242] However, the statement of compatibility does not address the right to an effective remedy in relation to the measure, and accordingly no assessment was provided as to the compatibility of this measure with this right.

Committee comment

1.234        The preceding analysis raises questions as to the compatibility of providing voluntary assistance to ASIO with the right to an effective remedy.

1.235        The committee therefore seeks the advice of the minister as to the compatibility of the measure with this right.

Bills not raising human rights concerns

1.236         Of the bills introduced into the Parliament between 17 and 20 September, the following did not raise human rights concerns (this may be because the bill does not engage or promotes human rights, and/or permissibly limits human rights):

• Aviation Transport Security Amendment Bill 2018
• Corporations Amendment (Strengthening Protections for Employee Entitlements) Bill 2018
• Criminal Code Amendment (Food Contamination) Bill 2018
• Customs Amendment (Collecting Tobacco Duties at the Border) Bill 2018
• Customs Amendment (Peru-Australia Free Trade Agreement Implementation) Bill 2018
• Customs Amendment (Product Specific Rule Modernisation) Bill 2018
• Customs Tariff Amendment (Peru-Australia Free Trade Agreement Implementation) Bill 2018
• Excise Tariff Amendment (Collecting Tobacco Duties at Manufacture) Bill 2018
• Higher Education Support (Charges) Bill 2018
• Higher Education Support Amendment (Cost Recovery) Bill 2018
• Higher Education Support Amendment (VET FEE-HELP Student Protection) Bill 2018
• Income Tax (Managed Investment Trust Withholding Tax) Amendment Bill 2018
• Income Tax Rates Amendment (Sovereign Entities) Bill 2018
• Maritime Legislation Amendment Bill 2018
• Treasury Laws Amendment (2018 Measures No. 5) Bill 2018
• Treasury Laws Amendment (Black Economy Taskforce Measures No. 2) Bill 2018
• Treasury Laws Amendment (Design and Distribution Obligations and Product Intervention Powers) Bill 2018
• Treasury Laws Amendment (Gift Cards) Bill 2018
• Treasury Laws Amendment (Making Sure Foreign Investors Pay Their Fair Share of Tax in Australia and Other Measures) Bill 2018
• Treasury Laws Amendment (Making Sure Multinationals Pay Their Fair Share of Tax in Australia and Other Measures) Bill 2018
• Veterans’ Affairs Legislation Amendment (Omnibus) Bill 2018

Navigation: Previous Page | Contents | Next Page