This chapter presents the Committee’s recommendations regarding the Bill.
The Committee recommends that the Parliament immediately pass the Telecommunications (Assistance and Access) Bill 2018, following the inclusion of amendments recommended in this report.
The Committee recommends that the industry assistance measures under Schedule 1 of the Telecommunications (Assistance and Access) Bill 2018, so far as they relate to criminal law enforcement, apply to offences with a penalty of a maximum period of three year’s imprisonment or more.
The Committee recommends that State and Territory law enforcement agencies be retained within the scope of the Bill, with the exception of State and Territory independent commissions against corruption which the Committee recommends should be excluded from the scope of Schedule 1 of the Bill.
The Committee recommends that the Bill be amended to incorporate recommendations from the Commonwealth Ombudsman to establish clear authority to inspect and gather information on the exercise of the industry assistance measures by the Australian Federal Police (AFP), the Australian Criminal Intelligence Commission, and State and Territory interception agencies.
This includes express notification requirements and information sharing provisions which would complement the inspection activities of State and Territory oversight bodies.
The Committee recommends that the Bill be amended to incorporate suggestions from the Office of the Inspector-General of Intelligence and Security (IGIS) to strengthen oversight of the powers in Schedule 1 of the Bill, as it applies to the Australian Security Intelligence Service (ASIO), the Australian Secret Intelligence Service (ASIS) and the Australian Signals Directorate (ASD). This includes:
explicit notification and reporting requirements when issuing, varying, extending or revoking a notice or request under Schedule 1;
limits on the exercise of Schedule 1 powers (including extending prohibition on systemic weakness to voluntary notices, ensuring decision-makers consider necessity and intrusion on innocent third parties when issuing a notice);
defences for IGIS officials; and
clear information sharing provisions.
The IGIS and the Ombudsman should provide assurances directly to the Committee that the amendments agreed to by the Government address their concerns.
The Committee recommends that the Bill be amended to provide that Technical Assistance Notices (TANs) and Technical Capability Notices (TCNs) be subject to statutory time limits, and that any extension, renewal or variation of a TAN or TCN also be subject to a statutory time limit.
The Committee recommends that the Bill set out a tiered approval system for state and territory initiated Technical Assistance Notices (TANs), under which TANs would be submitted for approval to the Commissioner of the AFP before being issued to the recipient.
The intention of this process of approval would be to ensure consistency in decision making, and reporting, across jurisdictions.
To give effect to this intention, the Commissioner of the AFP must apply the same statutory criteria, and go through the same decision‑making process, as would apply if the AFP were the original issuing authority.
The Committee recommends that the Bill be amended to include a requirement that Technical Capability Notices be jointly authorised by the Attorney-General and the Minister for Communications, the latter being able to provide a direct avenue for the concerns of the relevant industry to be considered as part of the approval process.
The Committee notes the evidence of the Director-General of the Australian Signals Directorate that a “systemic weakness” is a weakness that “might actually jeopardise the information of other people as a result of that action being taken”. The Committee also notes the evidence of the Director-General of Security, that the powers in Schedule 1 will not be used to require a designated communications provider to do anything that jeopardises the security of the personal information of innocent Australians. Having regard to those assurances, the Committee recommends that the Bill be amended to clarify the meaning of the term ‘systemic weakness’, and to further clarify that Technical Capability Notices (TCNs) cannot be used to create a systemic weakness.
The Committee recommends that Schedule 1 of the Bill be amended to apply the ‘systemic weakness’ limitation to all ‘listed acts or things’.
The Committee also recommends that the definitions of ‘listed acts or things’ and ‘listed help’ be exhaustive in the Bill.
The Committee recommends that the Bill be amended to allow a designated communications provider, who has been given a capability notice under subsection 317W(1) of the Bill in relation to a proposed Technical Capability Notice (TCN), to request a binding assessment of:
whether the proposed technical capability notice would contravene section 317ZG of the Bill;
the requirements imposed by the notice are reasonable and proportionate;
compliance with the notice is practicable and technically feasible; and
the notice is the least intrusive measure that would be effective in achieving the legitimate objective of the notice.
This request would be made in writing to the Attorney-General within a reasonable time limit specified in the consultation notice.
The Committee recommends that two persons be jointly appointed to conduct the assessment:
One of these persons should have knowledge that would enable them to assess whether proposed TCN would contravene section 317ZG of the Bill, and should be cleared for security purposes to the highest level required by staff members of ASIO, unless the Attorney-General approves a lower security level.
The second assessor must be a person who has served as a judge in one or more prescribed courts for a period of 5 years; and who no longer holds a commission as a judge of a prescribed court.
Both persons must agree that:
The requirements imposed by the notice are reasonable and proportionate;
Compliance with the notice is practicable and technically feasible; and
The notice is the least intrusive measure that would be effective in achieving the legitimate objective of the notice.
The report prepared by the technical expert and the retired judge must also be provided to the Inspector-General of Intelligence and Security (for oversight of ASIO) and the Commonwealth Ombudsman (for oversight of the AFP).
The Committee recommends that the Government continues to ensure that the IGIS and other Commonwealth oversight bodies have sufficient resources to ensure that they can properly execute their additional responsibilities under the Bill.
The Committee recommends that the Bill be amended to allow a provider to request that the Attorney-General approve disclosure of a technical capability. It would be expected that the Attorney-General would agree to such a request except to the extent that doing so would prejudice an investigation or compromise national security. This would complement existing provisions in the Bill that enable a provider to disclose publically the fact that they were issued a technical capability notice.
The Committee recommends that the Bill include express provision for a statutory review of the Bill’s operation by the Independent National Security Legislation Monitor, within 18 months of the Bill commencing.
The Committee recommends that the Bill include an amendment which puts beyond any doubt suggestions the Bill may impact Parliamentary privilege.
The Committee recommends that, once the Bill (as amended) is passed by the Parliament, the Committee:
commences a review of the new legislation;
for the purposes of the review, be allowed to hold further public hearings; and
complete its review of the new legislation by 3 April 2019.
The Committee recommends that the Government:
Amend clause 317ZG of Schedule 1 to explicitly prohibit an interception agency from asking a designated communications provider to voluntarily implement or build a systemic weakness or vulnerability under a technical assistance request; and
Amend clause 317ZH of Schedule 1 so that the ‘general limits’ on technical assistance notices and technical capability notices apply equally to technical assistance requests.