Senate debates

Thursday, 20 September 2007

Telecommunications (Interception and Access) Amendment Bill 2007

Second Reading

7:26 pm

Photo of Joe LudwigJoe Ludwig (Queensland, Australian Labor Party, Manager of Opposition Business in the Senate) Share this | Hansard source

I seek leave to incorporate my speech in Hansard.

Leave granted.

The speech read as follows—

I rise to support the Telecommunications (Interception and Access) Amendment Bill 2007.

The Bill will amend the Telecommunications (Interception and Access) Act 1979 (the TIA Act) to implement further recommendations from the Report on the Review of the Regulation of Access to Communications by Anthony Blunn AO (the Blunn Report).

The Telecommunications (Interception) Amendment Act 2006 implemented the first stage of the legislative amendments. This Bill will amend the TIA Act to transfer relevant provisions of the Telecommunications Act 1997 (the Telecommunications Act) to the TIA Act and will provide comprehensive and overriding legislation that regulates access to telecommunications data for national security and law enforcement purposes.

The report on the review of the regulation, the Blunn report, was tabled in parliament on 14 September 2005 and recommended that legislation dealing with access to telecommunications data for security and law enforcement purposes be established. The Blunn report included public submissions and consultations with security and law enforcement agencies, the telecommunications industry, privacy organisations and individuals. The Telecommunications (Interception) Amendment Act 2006 implemented the first stage of the legislative amendments.

The bill also contains a number of additional amendments to the operations of the existing TIA Act which Labor supports, including ensuring that interception warrants are available in relation to the investigation of any offence relating to child pornography regardless of the maximum term of imprisonment that may be imposed by state and territory criminal law; widening the definition of ‘exempt proceedings’ to allow disclosures for the purposes of proceedings in relation to the Spam Act 2003 and enabling the use of this evidence in court proceedings; implementing, in part, recommendation 24 of the Blunn report which recommended allowing access to the content of communications for the protection of data systems and the development of testing of new technologies; and a number of other minor amendments that generally improve operational efficiency.

The key purpose of schedule 1 in the bill is to transfer security and law enforcement provisions from parts 13, 14 and 15 of the Telecommunications Act to the TIA Act. Schedule 1, item 12 also inserts a new chapter 4, which deals with access to telecommunications data. The amendments establish a regime for particular officers of ASIO or an enforcement agency to lawfully authorise the disclosure of telecommunications data without breaching the general prohibitions on the disclosure of that data that exist within existing sections 276, 277 and 278 of the Telecommunications Act. The new chapter 4 transfers sections 282 and 283 of the Telecommunications Act to the TIA Act.

The basis for lawful access will depend on whether the authorising body is ASIO, a criminal law enforcement agency or an enforcement agency.

The new provisions distinguish between access to historical telecommunications data—that is, data which is already in existence at the time of the request—and prospective data—that is, data that is collected as it is created and forwarded to the agency in near real time. Access to prospective telecommunications data is only available to ASIO or criminal law enforcement agencies because of the high privacy applications of this type of access. The key amendments are contained in Part I.

Those amendments create a new two-tier access regime. The first tier encompasses the traditional access to existing telecommunications data. These agencies are defined as enforcement agencies.

The second tier, which would be limited to a narrower range of agencies—that is, the criminal law enforcement agencies—would require a higher threshold of authorisation, allowing for future access to telecommunications data, and that is covered in proposed sections 176 and 180. The need to distinguish between historical and prospective data is a reflection of the advances in technology which enable the use of telecommunications data to provide, amongst other things, location information.

To reflect the increased privacy implications of access to prospective data, three more restrictive conditions are attached to these authorisations: firstly, restricting the disclosure of prospective telecommunications data to an authorised officer of a criminal law enforcement agency for the investigation of offences which attract a maximum term of imprisonment of at least three years; secondly, limiting the time frame for which an authorisation may be enforced to 45 days for criminal law enforcement agencies, under proposed section 180, and 90 days for ASIO, under proposed section 176; and, thirdly, requiring the authorising officer to have regard to the impact of the authorisation on the privacy of the individual concerned.

The Bill also deals with voluntary disclosures of telecommunications data by employees of carriers or carriage service providers to ASIO and to enforcement agencies. These provisions make it clear that they only apply in the case of voluntary disclosures and that requests from agencies must be dealt with under proposed sections 175,176 and 178 through to 180.

There are certain safeguards set out in the bill in relation to access to telecommunications data: authorisations must be retained for a period of three years; the head of an enforcement agency must report on the number of authorisations to the minister on an annual basis; and this report must be tabled in the parliament. Transparency provisions of that kind are particularly important in matters like this.

The bill amends the Telecommunications Act by also inserting proposed section 306A. This provision is based on the existing record-keeping arrangements for the disclosure of historical telecommunications data. The proposed section provides for the records of prospective authorisations made under the TIA Act that are to be kept by carriers, carriage service providers and number database operators. The bill also provides for an offence for unlawful disclosure or use, including secondary use and disclosure, of telecommunications data.

Schedule 1, item 12, inserts a new chapter 5, which deals with cooperation with interception agencies. It requires carriers and carriage service providers to ensure that communications carried over the telecommunications systems are capable of being intercepted.

The bill deals with the obligation on carriers that the intercepted information is capable of being delivered to interception agencies from a delivery point. The Attorney-General’s office advised that, although the above arrangements already exist under the Telecommunications Act, they are being transferred to the TIA Act. The legislation will remain valid within the Telecommunications Act for a transitional period and will then be repealed, although the Attorney-General’s office have not yet specifically identified the length of that transitional period.

The Attorney-General may make written determinations on the interception capability of certain carriage services under proposed section 189. The new post of Communications Access Co-ordinator is defined by this bill. That person may grant exemptions to any interception capability obligation under proposed section 192. ACMA can also grant exemptions for trial services under proposed section 193. Carriers also have to prepare and submit an annual interception capability plan in accordance with the bill. The plans will now be lodged with the CAC rather than with ACMA.

The bill also inserts new item 12 in schedule 1, which states that various instruments are not legislative instruments. The Scrutiny of Bills Committee noted that, in each case, the explanatory memorandum states that the reason these exemptions are not legislative instruments is that the relevant documents contain sensitive and confidential information. For example, in respect of the instrument referred to in proposed section 192(4), the explanatory memorandum explains that, if the documents were not kept confidential, the limitations of interception capability and by implication how to avoid interception could become publicly apparent.

The Attorney-General has advised that the power to grant these exemptions is reviewable under the Administrative Decision (Judicial Review) Act 1977.

Schedule 2 amends the TIA Act to ensure that the list of serious offences for which interception warrants may be sought includes all child pornography offences, whether or not the penalty for such an offence is imprisonment for at least seven years. Child pornography offences are already defined as serious offences by the act but only where the maximum penalty is imprisonment for at least seven years.

In relation to the Spam Act, the TIA Act provides that interception material can be used as evidence in an exempt proceeding. Schedule 2, item 5 widens the definition of ‘exempt proceedings’ to allow disclosures for the purposes of proceedings in relation to the Spam Act 2003. This amendment is consistent with the intention of recommendation 17 of the Senate Standing Committee on Legal and Constitutional Affairs report on the bill.

The bill contains several amendments to partially implement recommendation 24 of the Blunn review, which recommended allowing access to the content of communications for the protection of data systems and the development or testing of new technologies. The bill will allow the Attorney-General to authorise interception for developing and testing capabilities, subject to conditions and only by security authority. A ‘security authority’ is defined in schedule 2, proposed section 3, subsection 5(1) as:

... an authority of the Commonwealth that has functions primarily relating to:

  • security; or
  • collection of foreign intelligence; or
  • the defence of Australia; or
  • the conduct of the Commonwealth’s international affairs.

The bill also contains provisions concerning the definition of ‘passing over the telecommunications system’ for the purpose of a computer network operated by or on behalf of the Australian Federal Police. People who operate, protect or maintain the network or are responsible for the enforcement of professional standards in the AFP are treated as intended recipients so that their monitoring of outbound and inbound communications is not unlawful. These provisions were inserted by the 2006 amendment and were subject to a two-year sunset clause. The Attorney-General’s office has advised that the two-year sunset clause will also apply to the proposed amendments inserted in this amended bill.

Items 11 and 12 would expand the number of agencies eligible for exemption under subsection 5F(2) and 5G(2) to cover Commonwealth agencies—that is, the Australian Commission for Law Enforcement Integrity and the Australian Crime Commission; security authorities—that is, ASIO, the Department of Defence and the Department of Foreign Affairs and Trade and eligible authorities of the states—and that would include integrity, crime commission and police forces, as well as the AFP, which is currently exempt. This amendment would increase the number of agencies which can monitor all outbound and inbound communications for the purposes of enforcing those professional standards.

The bill was reviewed by the Senate Standing Committee on Legal and Constitutional Affairs. The committee handed down its report on 1 August 2007 and made a number of recommendations. I will refer to some of those now. At paragraph 3.77 the committee recommended:

... that proposed paragraph 5(1)(m) of the Bill be deleted to remove CrimTrac from the definition of ‘enforcement agency’.

However, it is not proposed to move an amendment in relation to that. Whilst acknowledging that CrimTrac does not have the investigative powers of a traditional enforcement or security agency, we note that CrimTrac does play a vital specialist role in assisting law enforcement. It is for this reason that we think it should remain within the bill’s definition of an enforcement agency.

The committee also recommended that the Attorney-General’s Department arrange for an independent review of the operations of the Telecommunications (Interception and Access) Act 1979 within five years. The committee accepted the view of the government that it is unnecessary to amend the bill to require such a review. We support the bill.

Comments

No comments