Chapter 2 - Overview of the Bill
2.1
This chapter briefly outlines the main provisions of the Bill.
Current regime
2.2
The TIA Act has two main objectives. Its primary object is to protect
the privacy of individuals who use the Australian telecommunications system by
making it an offence to intercept communications passing over that system, or
to access stored communications that have passed over that system, other than
in accordance with the provisions of the TIA Act (sections 7 and 108). The
second purpose of the TIA Act is to specify the circumstances in which it is
lawful for the interception of, and access to, communications to take place.
2.3
There is currently a two tier hierarchy of interceptions made under
warrants. A telecommunications service (such as a phone call) may be
intercepted under the authority of a telecommunications interception warrant by
an interception agency for the investigation of a serious offence (Part 2.5),
or by the Australian Security Intelligence Organisation (ASIO) for national
security purposes (Part 2.2). A stored communication (such as voicemail, email
and SMS) may be accessed under the authority of a stored communications warrant
by a law enforcement agency for the investigation of a serious contravention
(Part 3.3), or by ASIO for national security purposes (Part 3.2).[1]
2.4
An overview of the current regime and lists of interception and law
enforcement agencies can be found in the Telecommunications (Interception
and Access) Act 1979 Report for the year ending 30 June 2006 (the Annual Report).[2]
2.5
The Annual Report states the agency position on the utility of interception
powers:
There remains a consistent view among agencies that
telecommunications interception continues to be an extremely valuable
investigative tool. Agencies have again noted that evidence gathered through
the execution of a telecommunications interception warrant can lead to the
successful conclusion of an investigation in circumstances where alternative
evidence is uncorroborated, unavailable or insubstantial.[3]
2.6
The Attorney-General also issued a press release on 9 May 2007 stating that telecommunications interception is a valuable aid to prosecuting crime:
Telecommunications interception is an essential investigative
tool which allows law enforcement agencies to identify and target persons
involved in serious criminal activity.
During the 12-month reporting period, almost 1500 convictions
were secured with the assistance of intercepted communications.
Over the same time, intercepted communications also supported
more than 2000 arrests and the progression of more than 3000
prosecutions. Many of these ongoing prosecutions represent the
culmination of investigations that have spanned a number of years.[4]
2.7
In recent articles, academics Bronitt and Stellios identified a steady increase
in the issue of federal wiretap warrants[5]
and stated that the legislative framework governing electronic surveillance is
failing to keep up with technological advances and 'resembles a patchwork'.[6]
They contested the 'balance' approach to regulation of telecommunications
interception and argue that this approach sets up privacy rights and fighting
serious crime as competing interests. Privacy or due process issues tend to
consistently lose in this competition depending on how serious the crime is considered
to be.[7]
Legislative history
2.8
The Blunn Review recommended that comprehensive and over-riding
legislation dealing with access to telecommunications data for security and law
enforcement purposes be established.[8]
2.9
The Blunn Review observed that under Part 13 of the Telecommunications
Act 'call data' may be accessed for security and law enforcement purposes
subject to authorisation.[9]
2.10
The Blunn Review stated that generally the prescribed process for an
authorisation involves an authorised officer of a designated agency certifying
that disclosure is 'reasonably necessary' for the specified purpose, but under
that process access to 'content or substance' is not to be disclosed. The Blunn
Review therefore concluded:
1.7.2. Other than to reinforce the requirement that access
should only be provided on receipt of a conforming certificate I see no reason
to change that regime and I recommend accordingly.[10]
2.11
The Bill therefore clarifies the exceptions to disclosure of data in
Part 13 of the Telecommunications Act and transfers these exceptions to
proposed sections 175 and 176 (disclosure to ASIO) and proposed sections 178 to
180 (disclosure to enforcement agencies) of the TIA Act. In addition, the Bill
sets up a new distinction between historical data and prospective data.
2.12
The Blunn Review did however raise issues with the current voluntary
disclosure provisions in Part 13 which have led to some of the amendments
contained in the Bill:
1.7.3. However in what seems to me to be anomalous provisions,
subsections 282(1) and (2) provide for the disclosure or use of information or
a document, including content or substance, by an 'eligible person' (apparently
to anyone) without any certificate, if the disclosure or use is reasonably
necessary for the enforcement of the criminal law or laws imposing a pecuniary
penalty or for the protection of the public revenue.
1.7.4. The provisions are intended to allow disclosure where an
employee of a carrier in the course of employment comes across information
which is clearly relevant to the enforcement of the criminal law but the
information has not been requested by a law enforcement agency.
1.7.5. In as much as they require the eligible person to form an
opinion that disclosure is 'reasonably necessary' for the enforcement of the
criminal law or the protection of the public revenue they appear inappropriate
and sit oddly with the requirement established by subsections 282(3), (4) and
(5) for a certificate from the requesting agency in which case access to
content or substance is precluded.
1.7.6. That said, there is obviously a case for enabling
eligible persons who do come across information in the course their employment
which they consider relevant to security or law enforcement to report that to
an appropriate authority. From a privacy point of view the provisions as
presently drafted are not adequate and I recommend that they be reviewed with a
view to clarifying the objective and better identifying the process to be
followed. If they are to be retained, given the significance of the provisions,
consideration should be given to them being incorporated in as a separate
section.[11]
2.13
The Bill therefore contains proposed sections 174 and 177 to clarify
that voluntary disclosure to ASIO or an enforcement agency is permitted.
2.14
The Office of the Privacy Commissioner's (OPC) submission to the Blunn
Review in 2005 referred to previous recommendations it had made in relation to
legislative review. OPC recommended that the operation of the TIA Act should be
subject to overall independent review, including key stakeholder and public
consultation at least every five years.
2006 amendments
2.15
As outlined in Chapter 1, the first tranche of the Blunn Review
amendments contained more controversial measures than those contained in this Bill
(such as stored communication warrants and B Party intercepts) and have already
become law. The Telecommunications (Interception) Amendment Act 2006
received Royal Assent on 3 May 2006.
2.16
The Senate Legal and Constitutional Legislation Committee made 28
recommendations in its report on the Telecommunications (Interception)
Amendment Bill 2006 tabled in March 2006.
2.17
Only some of those recommendations specifically relate to the present Bill.
Recommendation 17 regarding the Spam Act 2003 is addressed by Schedule
2, Part 1, Item 5.
2.18
Committee Recommendation 25 called for a five year review of the
amendments made by the 2006 Bill:
4.111 The Committee recommends that the Bill should include a
provision for the provisions to expire in five years, with a review at that
time or earlier.
4.112 The Review should encompass the broader issues surrounding
the suitability and effectiveness of AAT members in the warrant issuing regime,
together with consideration of ways in which the Act may be amended to take
account of emerging technologies such as peer-to-peer technology.
2.19
Following the Senate committee report, the government tabled several
amendments to the Bill which were passed by Parliament. The Attorney-General stated in the House on 30 March 2006 that:
...this bill is to deal with matters that would
otherwise be the subject of a sunset clause dealing with stored communications.
We did not want to see those important measures come to an end, and that is why
the legislation has been progressed not in haste but to ensure that these
issues have been dealt with before that sunset clause comes into effect. The
government will continue to consider in detail the committee report and the
recommendations as part of its ongoing commitment to ensuring the regime
achieves an appropriate balance. If there are further amendments that are
thought to be appropriate following the consideration of the committee report,
we will propose further amendments in the spring session of parliament.[12]
2.20
The government response to the Legal and Constitutional Legislation
Committee report on the provisions of the Telecommunications (Interception)
Amendment Bill 2006 was tabled in the Senate on 10 May 2007. Of the 25 recommendations made by the committee, the government accepted 18 in whole or in
part. Recommendation 25 relating to a review was not accepted.
2.21
The Bill is not a response to the issues raised by the committee's 2006
report, but a separate legislative exercise.[13]
Summary of provisions
Commencement
2.22
Items 23 and 25 of Schedule 2 would apply the amendments made by Item 7
and Items 20 and 21 of that Schedule respectively, to conduct engaged in, or
proceedings instituted, before or after the commencement of the respective items.
The Scrutiny of Bills Committee has asked the
Attorney-General for clarification of whether the operation of these provisions
may affect any individuals' rights.[14]
The Scrutiny of Bills Committee has not yet
reported on the Attorney-General's response on this matter.
Definitions
2.23
Schedule 1, Items 1 to 9 and Schedule 2, Items 2 to 12 amend definitions
in section 5 of the TIA Act.
Telecommunications data
2.24
The Bill does not set out a definition of 'telecommunications data'.[15]
Instead proposed section 172 provides that the provisions in proposed Chapter 4
of the Bill[16]
do not permit the disclosure of the 'contents or substance of a communication.'
Subject to this limitation, the provisions in Chapter 4 then authorise access
to 'information or a document'.[17]
The Explanatory Memorandum (EM) explains what material Chapter 4 is intended to
authorise access to:
Telecommunications data is information about a
telecommunication, but does not include the content or substance of the
communication. Telecommunications data is available in relation to all
forms of communications, including both fixed and mobile telephony services and
for internet based applications including internet browsing and voice over
internet telephony.
For telephone-based communications, telecommunications data
includes subscriber information, the telephone numbers of the parties involved,
the time of the call and its duration. In relation to internet based
applications, telecommunications data includes the Internet Protocol (IP)
address used for the session, the websites visited, and the start and finish
time of each session.
Telecommunications data specifically excludes the content or
substance of a communication.[18]
2.25
The EM then elaborates further:
Communications associated data will vary according to the type
of telecommunications service. For fixed and mobile voice telephony,
including voice calls, and voice- or text-messaging services, the term includes
the details of the parties to the communication, the date, time and duration of
the communication, the device used to send or receive the information, and (in
some cases) the locations of the parties.
For Internet based telecommunications, such as email, web
browsing, instant messaging, or internet voice calls (Voice over Internet
Protocol or VoIP), data includes the sender's and recipient/s' Internet
addresses, the devices from which they were sent from or to, and the time and
date at which it was sent. The information does not include content such
as the subject line of an email, the message sent by email or instant message
or the details of Internet sessions.[19]
Enforcement Agency
2.26
The general definition of 'enforcement agency' is amended by Schedule
1, Item 6 by adding new paragraphs k and n:
- the Australian Federal Police; or
- a police force or service of a State; or
- the Australian Commission for Law Enforcement Integrity; or
- the ACC; or
- the Crime Commission; or
- the Independent Commission Against Corruption; or
- the Police Integrity Commission; or
- the Office of Police Integrity; or
- the Crime and Misconduct Commission; or
- the Corruption and Crime Commission; or
- an authority established by or under a law of the Commonwealth, a State
or a Territory that is prescribed by the regulations for the purposes of this
paragraph; or
- a body or organisation responsible to the Ministerial Council for
Police and Emergency Management - Police; or
- the CrimTrac Agency; or
- any body whose functions include:
- administering a law imposing a pecuniary penalty; or
- administering a law relating to the protection
of the public revenue (emphasis added).
2.27
The EM states:
Item 6 amends subsection 5(1) to include a definition of 'enforcement
agency'. An authorised officer of one of these bodies will be able to
authorise the disclosure of historical telecommunications data. The
definition draws together the agencies described as 'criminal law-enforcement
agency', 'civil penalty-enforcement agency' and 'public revenue agency' in
section 282(10) of the Telecommunications Act. The definition includes
bodies covered by the definition of 'criminal law-enforcement agency' in this
subsection, as well as a body or organisation responsible to the Ministerial
Council for Police and Emergency Management – Police, the CrimTrac Agency or
any other body whose functions include administering a law imposing a pecuniary
penalty or a law relating to the protection of the public revenue.[20]
Authorised officer
2.28
Item 2 also amends the definition of an 'authorised officer' of an enforcement
agency. The EM states:
The formulation of the definition reflects the differing
management structures of enforcement agencies, particularly in the case of
criminal law-enforcement agencies. An authorised officer has the power to
authorise the disclosure of telecommunications data.[21]
2.29
Schedule 1, Item 10 inserts new section 5AB to give the head of an
enforcement agency the authority to authorise a particular management position
or management office in their organisation for the purposes of paragraph (c) of
the definition of authorised officer in subsection 5(1). The EM states that this
will 'allow persons holding the authorised position or office to authorise the
lawful disclosure of historical telecommunications data, or in the case of
criminal law-enforcement agencies, historical and prospective
telecommunications data'.[22]
Security authority
2.30
Schedule 2, Items 3 and 4 amend subsections 5(1) and 5(4A) to include a
new definition of 'security authority' and to clarify who is defined as an
employee of a security authority. Proposed subsection 5(4A) will provide that an
employee of a security authority includes a person 'whose services are made
available to the security authority'.
Transfer of provisions
2.31
The remainder of Schedule 1 generally transfers key
security and law enforcement provisions from Parts 13, 14 and 15 of the
Telecommunications Act to the TIA Act.[23]
2.32
Schedule 1, Item 12 inserts new Chapter 4 dealing with access to
telecommunications data. The amendments establish a regime for particular officers
of ASIO or an enforcement agency to lawfully authorise the disclosure of
telecommunications data without breaching the general prohibitions on the
disclosure of telecommunications data in existing sections 276, 277 and 278 of
the Telecommunications Act.
2.33
The amendments create a new two tier access regime. The first tier
encompasses the traditional access to existing telecommunications data (proposed
sections 175, 178 and 179). The second tier which would be limited to a
narrower range of agencies and would require a higher threshold of
authorisation, allows for access to future telecommunications data (proposed
sections 176 and 180).
2.34
The justification for the new two tier access regime for data is stated
in the EM:
The need to distinguish between historical and prospective data
is a reflection of the advances in technology which enables the use of
telecommunications data to provide location information. To reflect the
increased privacy implications of access to prospective telecommunications data,
three more restrictive conditions are attached to these authorisations:
- restricting the disclosure of prospective telecommunications data
to an authorised officer of a criminal law-enforcement agency, for the
investigation of offences which attract a maximum term of imprisonment of at
least 3 years;
- limiting the timeframe for which an authorisation may be in force
to 45 days; and
- requiring the authorising officer to have regard to the impact of
the authorisation on the privacy of the individual concerned.[24]
2.35
Proposed sections 174 and 177 deal with voluntary disclosures of
telecommunications data by employees of carriers or carriage service providers
to ASIO and enforcement agencies. These provisions make it clear that they only
apply in the case of voluntary disclosures and that requests from agencies must
be dealt with under proposed sections 175, 176 and 178-180.
2.36
There are certain safeguards set out in the Bill in relation to access
to telecommunications data. Authorisations must be retained for a period of three
years (proposed section 185). The head of an enforcement agency must report on the
number of authorisations to the Minister on an annual basis, and this report
must be tabled in Parliament (proposed section 186).
2.37
Schedule 1, Item 41 amends the Telecommunications Act by inserting
proposed section 306A. This provision is based on the existing record keeping
arrangements for the disclosure of historical communications associated data
under section 306 of the Telecommunications Act. Proposed section 306A provides
for the records of prospective authorisations made under the TIA Act that are
to be kept by carriers, carriage service providers and number-database
operators.
2.38
Finally, proposed section 182 creates offences for unlawful disclosure
or use, including secondary use and disclosure, of telecommunications data.
Carrier cooperation with
interception agencies
2.39
Schedule 1, Item 12 inserts new Chapter 5 dealing with cooperation with
interception agencies. New Part 5.3 requires carriers and carriage service providers
to ensure that communications carried over their telecommunications system are
capable of being intercepted ('interception capability' is defined in proposed
subsection 187(2)). New Part 5.5 deals with the obligation on carriers that the
intercepted information is capable of being delivered to interception agencies
from a delivery point ('delivery capability' is defined in proposed subsection
187(3)). Proposed section 188 provides a process for defining 'delivery
points', including the resolution of any disagreements by the Australian
Communications and Media Authority (ACMA).[25]
2.40
The Attorney-General may make written determinations on the interception
capability of certain carriage services under proposed section 189. The new
post of the Communications Access Coordinator (CAC) is defined by proposed
section 6R (previously 'agency coordinator') and may grant exemptions to any
interception capability obligations under proposed section 192. ACMA can also
grant exemptions for trial services under proposed section 193.
2.41
Carriers also have to prepare and submit an annual 'Interception
Capability Plan' (ICP) in accordance with new Part 5.4. The plans are now
lodged with the CAC rather than ACMA.
2.42
New Part 5.6 preserves existing cost allocation principles between the
telecommunications industry and interception agencies associated with
interception and delivery capability.[26]
Exemptions
2.43
Proposed subsections 192(4), 195(6) and 203(4) to be inserted by Item 12
of Schedule 1, state that various instruments are not legislative instruments.
The Scrutiny of Bills Committee noted that, in each case, the EM (at pages 20,
22 and 27 respectively) states that the reason these exemptions are not legislative
instruments is that the relevant documents contain sensitive and confidential
information. For example, in respect of the instrument referred to in proposed subsection
192(4), the EM explains that if the 'documents were not kept confidential, the
limitations of interception capability and, by implication, how to avoid interception,
could become publicly apparent.' However, the Scrutiny of Bills Committee
pointed out inconsistencies in the EM which refers to exemptions granted by ACMA
under proposed subsection 193(1) as administrative in nature. That committee
queried why:
...despite appearing to be very similar provisions, the exemption
provided for under proposed new subsection 192(1) is considered to be
legislative in character but the exemption provided for in proposed new
subsection 193(1) is considered administrative in nature.[27]
2.44
The Scrutiny of Bills Committee has sought the Attorney-General's advice
as to whether, if the exemption under proposed subsection 193(1) is
administrative in nature as suggested by the EM, it should be subject to merits
review under the Administrative Appeals Tribunal Act 1975.
Schedule 2 amendments
Child pornography
2.45
Schedule 2, Items 6 and 7 amend section 5D of the TIA Act to ensure that
the list of 'serious offences', for which interception warrants may be sought,
includes all child pornography offences, whether or not the penalty for such an
offence is imprisonment for at least 7 years. Child pornography offences are
already defined as 'serious offences' by subparagraphs 5D(2)(b)(viii) and (ix)
but only where the maximum penalty is imprisonment for at least seven years.
Spam Act
2.46
The TIA Act provides that interception material can be adduced as
evidence in an exempt proceeding. Schedule 2, Item 5 widens the definition of 'exempt
proceedings' to allow disclosures for the purposes of proceedings in relation
to the Spam Act 2003.[28]
This amendment is consistent with the intention of recommendation 17 of the
Senate Legal and Constitutional Legislation Committee's report on the
Telecommunications (Interception) Amendment Bill 2006.[29]
Testing interception capabilities
2.47
The Bill contains several amendments to partially implement
recommendation 24 of the Blunn Review, which recommended allowing access to the
content of communications for the protection of data systems and the
development or testing of new technologies.[30]
Schedule 2, Item 16 inserts new Part 2.4 in the TIA Act which will allow the
Attorney-General to authorise interception for developing and testing
interception capabilities, subject to conditions, and only by security agencies.
2.48
Schedule 2, Items 11 and 12 would amend existing subsections 5F(2) and
5G(2). These provisions currently create a general exemption to the definition
of 'passing over the telecommunications system' for the purpose of a computer
network operated by or on behalf of the Australian Federal Police (AFP).
People who operate, protect or maintain the network, or are responsible for the
enforcement of professional standards in the AFP are treated as 'intended
recipients' so that their monitoring of outbound and inbound communications is
not unlawful. These provisions were inserted by the 2006 amendments and were
subject to a two year sunset clause.
2.49
Items 11 and 12 would expand the exemption from the AFP to cover
Commonwealth agencies (the AFP, the Australian Commission for Law Enforcement Integrity
and the Australian Crime Commission), security authorities (ASIO, the Department
of Defence, and the Department of Foreign Affairs and Trade) and eligible
authorities of the States (integrity and crime commissions and police forces).
The EM states that:
Item 11 widens the existing provisions to increase the number of
agencies who may monitor all outbound and inbound communications for the
purposes of enforcing professional standards and protecting and maintaining
their corporate network. This is achieved by ensuring that monitoring,
recording or copying a written communication while it is still in the 'confines'
of the network is not interception for the purposes of the TIA Act.[31]
Navigation: Previous Page | Contents | Next Page