House debates

Wednesday, 15 August 2007

Telecommunications (Interception and Access) Amendment Bill 2007

Second Reading

11:04 am

Photo of Arch BevisArch Bevis (Brisbane, Australian Labor Party, Shadow Minister for Homeland Security) Share this | Hansard source

I rise to speak on the Telecommunications (Interception and Access) Amendment Bill 2007. In March 2005, the government appointed Anthony Blunn AO, a former Secretary of the Attorney-General’s Department, to undertake a review of the regulation of access to communications under the Telecommunications (Interception) Act 1979. The report on the review of the regulation, the Blunn report, was tabled in parliament on 14 September 2005 and recommended that legislation dealing with access to telecommunications data for security and law enforcement purposes be established. The Blunn report included public submissions and consultations with security and law enforcement agencies, the telecommunications industry, privacy organisations and individuals. The Telecommunications (Interception) Amendment Act 2006 implemented the first stage of the legislative amendments.

This bill will amend the Telecommunications (Interception and Access) Act 1979, the T(IA) Act, to implement further recommendations from the Blunn report. It will transfer relevant provisions of the Telecommunications Act 1997 to the T(IA) Act and will provide comprehensive and overriding legislation that regulates access to telecommunications data for national security and law enforcement purposes, which Labor welcomes.

The bill also contains a number of additional amendments to the operations of the existing T(IA) Act which Labor supports, including ensuring that interception warrants are available in relation to the investigation of any offence relating to child pornography regardless of the maximum term of imprisonment that may be imposed by state and territory criminal law; widening the definition of ‘exempt proceedings’ to allow disclosures for the purposes of proceedings in relation to the Spam Act 2003 and enabling the use of this evidence in court proceedings; implementing, in part, recommendation 24 of the Blunn report which recommended allowing access to the content of communications for the protection of data systems and the development of testing of new technologies; and a number of other minor amendments that generally improve operational efficiency.

The key purpose of schedule 1 in the bill is to transfer security and law enforcement provisions from parts 13, 14 and 15 of the Telecommunications Act to the T(IA) Act. Schedule 1, item 12 also inserts a new chapter 4, which deals with access to telecommunications data. The amendments establish a regime for particular officers of ASIO or an enforcement agency to lawfully authorise the disclosure of telecommunications data without breaching the general prohibitions on the disclosure of that data that exist within existing sections 276, 277 and 278 of the Telecommunications Act. The new chapter 4 transfers sections 282 and 283 of the Telecommunications Act to the T(IA) Act. The basis for lawful access will depend on whether the authorising body is ASIO, a criminal law enforcement agency or an enforcement agency.

The new provisions distinguish between access to historical telecommunications data—that is, data which is already in existence at the time of the request—and prospective data—that is, data that is collected as it is created and forwarded to the agency in near real time. Access to prospective telecommunications data is only available to ASIO or criminal law enforcement agencies because of the high privacy applications of this type of access. The key amendments are contained in part 1. Those amendments create a new two-tier access regime. The first tier encompasses the traditional access to existing telecommunications data. These agencies are defined as enforcement agencies. The second tier, which would be limited to a narrower range of agencies—that is, the criminal law enforcement agencies—would require a higher threshold of authorisation, allowing for future access to telecommunications data, and that is covered in proposed sections 176 and 180. The need to distinguish between historical and prospective data is a reflection of the advances in technology which enable the use of telecommunications data to provide, amongst other things, location information.

To reflect the increased privacy implications of access to prospective data, three more restrictive conditions are attached to these authorisations: firstly, restricting the disclosure of prospective telecommunications data to an authorised officer of a criminal law enforcement agency for the investigation of offences which attract a maximum term of imprisonment of at least three years; secondly, limiting the time frame for which an authorisation may be enforced to 45 days for criminal law enforcement agencies, under proposed section 180, and 90 days for ASIO, under proposed section 176; and, thirdly, requiring the authorising officer to have regard to the impact of the authorisation on the privacy of the individual concerned.

The bill also deals with voluntary disclosures of telecommunications data by employees of carriers or carriage service providers to ASIO and to enforcement agencies. These provisions make it clear that they only apply in the case of voluntary disclosures and that requests from agencies must be dealt with under proposed sections 175, 176 and 178 through to 180. There are certain safeguards set out in the bill in relation to access to telecommunications data: authorisations must be retained for a period of three years; the head of an enforcement agency must report on the number of authorisations to the minister on an annual basis; and this report must be tabled in the parliament. Transparency provisions of that kind are particularly important in matters like this.

The bill amends the Telecommunications Act by also inserting proposed section 306A. This provision is based on the existing record-keeping arrangements for the disclosure of historical telecommunications data. The proposed section provides for the records of prospective authorisations made under the T(IA) Act that are to be kept by carriers, carriage service providers and number database operators. The bill also provides for an offence for unlawful disclosure or use, including secondary use and disclosure, of telecommunications data.

Schedule 1, item 12, inserts a new chapter 5, which deals with cooperation with interception agencies. It requires carriers and carriage service providers to ensure that communications carried over the telecommunications systems are capable of being intercepted. The bill deals with the obligation on carriers that the intercepted information is capable of being delivered to interception agencies from a delivery point. The Attorney-General’s office advised that, although the above arrangements already exist under the Telecommunications Act of 1997, they are being transferred to the T(IA) Act. The legislation will remain valid within the Telecommunications Act for a transitional period and will then be repealed, although the Attorney-General’s office have not yet specifically identified the length of that transitional period. They may be in a position to provide some further advice today on that.

The Attorney-General may make written determinations on the interception capability of certain carriage services under proposed section 189. The new post of Communications Access Co-ordinator is defined by this bill. That person may grant exemptions to any interception capability obligation under proposed section 192. ACMA can also grant exemptions for trial services under proposed section 193. Carriers also have to prepare and submit an annual interception capability plan in accordance with the bill. The plans will now be lodged with the CAC rather than with ACMA.

The bill also inserts new item 12 in schedule 1, which states that various instruments are not legislative instruments. The Scrutiny of Bills Committee noted that, in each case, the explanatory memorandum states that the reason these exemptions are not legislative instruments is that the relevant documents contain sensitive and confidential information. For example, in respect of the instrument referred to in proposed section 192(4), the explanatory memorandum explains that, if the documents were not kept confidential, the limitations of interception capability and by implication how to avoid interception could become publicly apparent.

However, the committee did point out inconsistencies in the explanatory memorandum, which refers to exemptions granted by ACMA under proposed section 193(1) as administrative in nature. The committee queried:

... why, despite appearing to be very similar provisions, the exemption provided for under proposed new subsection 192(1) is considered to be legislative in character but the exemption provided for in proposed new subsection 193(1) is considered administrative in nature.

Again I invite the minister in his reply to comment on that or the Attorney-General’s office to consider that and provide some advice to the parliament or my office in due course. The Scrutiny of Bills Committee has sought the Attorney-General’s advice as to whether the exemption under the proposed section is administrative and should be subjected to review under the Administrative Appeals Tribunal. We await the Attorney-General’s response.

Schedule 2 amends the act to ensure that the list of serious offences for which interception warrants may be sought includes all child pornography offences, whether or not the penalty for such an offence is imprisonment for at least seven years. Child pornography offences are already defined as serious offences by the act but only where the maximum penalty is imprisonment for at least seven years.

In relation to the Spam Act, the T(IA) Act provides that interception material can be used as evidence in an exempt proceeding. Schedule 2, item 5 widens the definition of ‘exempt proceedings’ to allow disclosures for the purposes of proceedings in relation to the Spam Act 2003. This amendment is consistent with the intention of recommendation 17 of the Senate Standing Committee on Legal and Constitutional Affairs report on the bill.

The bill contains several amendments to partially implement recommendation 24 of the Blunn review, which recommended allowing access to the content of communications for the protection of data systems and the development or testing of new technologies. The bill will allow the Attorney-General to authorise interception for developing and testing capabilities, subject to conditions and only by security authority. A ‘security authority’ is defined in schedule 2, proposed section 3, subsection 5(1) as:

... an authority of the Commonwealth that has functions primarily relating to:

(a)
security; or
(b)
collection of foreign intelligence; or
(c)
the defence of Australia; or
(d)
the conduct of the Commonwealth’s international affairs.

The bill also contains provisions concerning the definition of ‘passing over the telecommunications system’ for the purpose of a computer network operated by or on behalf of the Australian Federal Police. People who operate, protect or maintain the network or are responsible for the enforcement of professional standards in the AFP are treated as intended recipients so that their monitoring of outbound and inbound communications is not unlawful. These provisions were inserted by the 2006 amendment and were subject to a two-year sunset clause. The Attorney-General’s office has advised that the two-year sunset clause will also apply to the proposed amendments inserted in this amended bill.

Items 11 and 12 would expand the number of agencies eligible for exemption under subsection 5F(2) and 5G(2) to cover Commonwealth agencies—that is, the Australian Commission for Law Enforcement Integrity and the Australian Crime Commission; security authorities—that is, ASIO, the Department of Defence and the Department of Foreign Affairs and Trade and eligible authorities of the states—and that would include integrity, crime commission and police forces, as well as the AFP, which is currently exempt. This amendment would increase the number of agencies which can monitor all outbound and inbound communications for the purposes of enforcing those professional standards.

The bill was reviewed by the Senate Standing Committee on Legal and Constitutional Affairs. The committee handed down its report on 1 August 2007 and made a number of recommendations. I will refer to some of those now. At paragraph 3.77 the committee recommended:

... that proposed paragraph 5(1)(m) of the Bill be deleted to remove CrimTrac from the definition of ‘enforcement agency’.

That was a matter that we looked at with some interest. However, it is not proposed to move an amendment in relation to that. Whilst acknowledging that CrimTrac does not have the investigative powers of a traditional enforcement or security agency, we note that CrimTrac does play a vital specialist role in assisting law enforcement. It is for this reason that we think it should remain within the bill’s definition of an enforcement agency.

CrimTrac is a Commonwealth executive agency set up to develop, involve and manage advanced information systems that assist Australian police to carry out their law enforcement and crime prevention roles. By generating national approaches to information sharing solutions for law enforcement, CrimTrac is able to enhance Australian policing through the provision of high-quality information services that meet the needs of the policing community. Since November 2004, CrimTrac has been brokering Sensis Direct Access information on behalf of all policing jurisdictions and other criminal law enforcement agencies to provide them with pertinent information about telephone subscriptions when investigating, preventing and prosecuting criminal offences. Access to this information is governed by various processes and procedures according to the law enforcement agency requesting the information.

Enforcement of criminal law covers a wide spectrum of activities and depends on the organisation to which the investigator belongs. CrimTrac currently brokers that on behalf of all policing jurisdictions across Australia, including the AFP. In addition, CrimTrac also brokers telecommunications data on behalf of a number of other law enforcement agencies: the Customs Service, the New South Wales Independent Commission Against Corruption, the Crime and Misconduct Commission of Queensland, the Australian Crime Commission and the Australian Securities and Investments Commission. The current application used by CrimTrac is a simple forward/reverse and address based search on behalf of those law enforcement agencies.

By undertaking these activities, CrimTrac ensures that all organisations are legitimately entitled to have access before approving individuals on a case-by-case basis. Access is granted to individuals, not organisations, work units or teams, according to their responsibility and rank.

In addition to this, all jurisdictions and other criminal law enforcement agencies have specific protocols and policy relating to additional approval and security levels. These additional specific protocols and policy relating to additional approval and security have an added authorisation for checks from the commissioned officer level status. Checks made by jurisdictions are subject to full security audit capabilities. All application use is logged to standards accepted by police and law enforcement agencies. This includes security and audit applications that have the capability to recreate what each user accessed, and these can then be recreated for evidential purposes in court.

As a result of the CrimTrac agency brokering of information from Sensis Direct Access, CrimTrac ensures that the jurisdictions and other law enforcement agencies are not required to commit to the development, establishment and ongoing support costs associated with the individual interfaces. That is a sensible thing which we support. In addition to this, CrimTrac, on behalf of the jurisdictions and other law enforcement agencies, has been in a better position to negotiate competitive transaction costs through the economies of scale. Their brokerage of information to law enforcement agencies is done via appropriate security level classifications within the AFP network, with the server being housed within the Defence Computer Bureau. In fact, CrimTrac has taken almost one year to establish and develop that current interface. The system has been used in all jurisdictions and has clearly proved beneficial. We therefore think its inclusion in the bill is appropriate.

The committee also recommended that the determination of the communications access coordinator under proposed subsection 183(2) address requirements for the consideration and documentation of privacy issues by authorised officers. We are not proposing to move an amendment in relation to that matter. The committee acknowledged that the department’s concern that seeking to provide that guidance within the bill is likely to be impractical given the range of circumstances confronting officers was a fair point, and we have taken that on board. Also, the committee recommended that the Inspector-General of Intelligence and Security incorporate into his regular inspection program the oversight of the use of powers to obtain prospective telecommunications data by the Australian Security and Intelligence Organisation.

We note that the IGIS has broad powers to incorporate oversight of these matters contained in this bill, and indeed the advice we have received from the Attorney-General’s office is that these powers are not impinged upon in any way by this bill. The committee itself noted advice from the department that the existing powers of the IGIS would permit such inspections. Having not long ago met with the IGIS, I am confident that his office will continue to monitor and inspect not only these matters but all significant activities of ASIO, and we are not proposing to proceed with an amendment on that matter, either.

The committee also recommended that the Attorney-General’s Department arrange for an independent review of the operations of the Telecommunications (Interception and Access) Act 1979 within five years. The committee accepted the view of the government that it is unnecessary to amend the bill to require such a review—though I would anticipate that the parliament, irrespective of the election outcome, would want to keep a close eye on the operation of this bill and may well want to have a look at it somewhere in the time frame that the committee recommended. However, we accept, as the committee did, the point that is being made and we are not proposing to move an amendment in respect of that matter. The measures that are contained in the bill are, in the view of the opposition, fair and reasonable in the circumstances, and we support the bill.

Comments

No comments