Additional comments by Liberal senators

Additional comments by Liberal senators

1.1        In order to be effective, legislation designed to ensure that network owners and operators are able to protect their networks must be clear. In particular, the law must provide clarity as to what types of actions network owners and operators, including those operating networks for government agencies, can lawfully undertake.

1.2        Liberal Senators are concerned that the Bill does not provide sufficient clarity as to what actions would be considered necessary to effectively undertake 'network protection duties' and, further, how intercepted information may be used for 'disciplinary purposes'.

1.3        The Law Council of Australia ('the Law Council') also raised some important concerns about proposed section 63E and the potential for law enforcement agencies to bypass warrant arrangements to obtain information using voluntary disclosure provisions.

'Network Protection Duties'

1.4        Proposed paragraph 7(2)(aaa) provides an exemption from the prohibition on intercepting communication if the person is authorised to engage in network protection duties and the interception is necessary for the performance of those duties. Neither the Bill nor any supporting material provide sufficient examples for what types of actions constitute 'appropriate use' of the network for 'network protection duties'.  A number of submitters to the inquiry raised this concern.

1.5        One submitter recognised that some network administrators may unwittingly engage in unlawful behaviour because of this lack of clarity.

Some of these are everyday activities that almost all network administrators would do and users would accept without thinking there is any possibility of contravening the TIA Act.[1]

1.6        The Office of the Privacy Commissioner suggested that additional guidance be provided to help organisations train authorised persons about what actions are lawfully enabled under the proposed exemption.[2] While the Explanatory Memorandum provides examples of people who might be considered appropriate to undertake network protection duties, no guidance is given as to what actions they might then appropriately take.

'Disciplinary Action'

1.7        The Office of the Privacy Commission noted that 'disciplinary action', in relation to the misuse of computer networks within designated Commonwealth Agencies, security agencies and eligible authorities of a state, was not defined. Some IT policies include provisions that are unrelated to network protection.

1.8        Liberal Senators are concerned that, unless the government clarifies that ‘disciplinary action’ only applies to activities that pose a risk to network security, network owners or operators could use and disclose an intercepted communication for disciplinary action even though that use of the network does not pose a network security risk.

Recommendation 1

1.9        That the Government provide greater clarity about what activities do and don't constitute 'network protection activities'.

1.10      That the Government make it clear that 'disciplinary action' only applies to activities that pose a risk to network security.

Voluntary Disclosure

1.11      Proposed section 63E of the Bill allows lawfully intercepted information to be voluntarily disclosed to certain agencies (including law enforcement agencies) by the person responsible for the network, if the person suspects that the information is relevant to determining whether another person has committed a prescribed offence. A 'prescribed offence' is generally an offence punishable by imprisonment for a maximum period of at least three years.

1.12      The Law Council supports the principles underpinning this provision but raised concerns that some law enforcement agencies may attempt to bypass existing warrant arrangements by requesting that information be 'voluntarily disclosed'. In their submission, the Law Council noted that it would be of great concern if:

...law enforcement agencies were to use this voluntary disclosure provision to obtain information by request, when they would otherwise require a warrant to access it...

...The Law Council accepts that an agency would not have the power under the Act to compel the disclosure of such information. However, the Law Council submits that an agency is not expressly prohibited or prevented from requesting the disclosure of information under proposed section 63E.[3]

1.13      Liberal Senators support the Law Council's proposal that the Bill be amended to provide that proposed section 63E does not apply where an agency has requested the disclosure of the information. The Law Council submitted that:

...such an amendment would safeguard against the potential misuse of the section to circumvent the warrant requirements of the Act.[4]

Recommendation 2

1.14      That proposed section 63E of the Bill should be amended to provide that the section does not apply where an agency has requested the disclosure of the information.

 

Senator Guy Barnett
Deputy Chair

Senator Mary Jo Fisher

Navigation: Previous Page | Contents | Next Page