Senate debates
Wednesday, 25 August 2021
Bills
Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020; In Committee
10:48 am
Michaelia Cash (WA, Liberal Party, Deputy Leader of the Government in the Senate) Share this | Hansard source
I can advise that a data disruption warrant cannot authorise causing any material loss or damage to data unless the issuing authority considers it reasonably necessary and proportionate to the offences targeted. For example, reasonably necessary and proportionate loss or damage may involve a loss incurred as a result of taking action against a large group of individuals committing a particularly serious offence. Whether the disruption of data is reasonably necessary and proportionate will be determined by the issuing authority on a case-by-case basis. There may be circumstances in which it would be reasonably necessary and proportionate to cause loss or damage to the data of third parties. For example, it may be reasonably necessary and proportionate for an agency to shut down an online site hosting the live streaming of child exploitation material. I'll just say that again: for example, it may be reasonably necessary and proportionate for an agency to shut down an online site hosting the live streaming of child exploitation material, despite the owner or administrator of that site not necessarily being suspected of this type of criminality. However, it may not be reasonably necessary and proportionate if an agency were to delete all of the data on a third-party computer that was used to access a dark-web forum advertising illicit drugs.
I can also advise a person's account may only be taken over when taking control of that account is likely to substantially assist in enabling the collection of evidence relating to serious criminal offences. An account takeover warrant cannot authorise material interfering with a person's lawful use of a computer unless absolutely necessary to facilitate the collection of evidence, and account takeover warrant cannot under any circumstances authorise causing material loss or damage to any person lawfully using a computer. An account takeover warrant cannot be executed in a manner that causes a person the loss of money, digital currency or property other than data. When considering whether to issue an account takeover warrant, the magistrate must take into account the extent to which the privacy of any person is likely to be affected. Also, I can advise that the Commonwealth Ombudsman will provide robust oversight of the use of the account takeover power by the AFP and the ACIC.
No comments