Telecommunications (Interception and Access) Amendment (Corrective Services Authorities) Bill 2022

Introductory Info

Date introduced:  17 February 2022
House:  House of Representatives
Portfolio: Home Affairs
Commencement: The day after the Act receives Royal Assent.

Purpose and structure of the Bill

The purpose of the Telecommunications (Interception and Access) Amendment (Corrective Services Authorities) Bill 2022 (the Bill) is to amend the Telecommunications (Interception and Access) Act 1979 (TIA Act) to enable the Minister for Home Affairs to make a declaration that state and territory corrective services authorities are enforcement agencies for the purposes of accessing telecommunications data.

The Bill consists of a single Schedule setting out the amendments to the Act. It implements part of the Commonwealth Government’s Response to the Comprehensive Review of the Legal Framework of the National Intelligence Community (Response to Comprehensive Review).

Background

2017 Independent Intelligence Review

On 7 November 2016, an independent review into Australia’s intelligence agencies was announced (the 2017 Review). The 2017 Review was to ‘assess whether our current intelligence arrangements, structures and mechanisms are best placed to meet the security challenges we are likely to face in the years ahead’.[1]

The 2017 Review found that ‘the changing nature of the security threats facing Australia’ meant that there was increasing interaction between intelligence agencies and law enforcement authorities, both Commonwealth and state/territory and:

The points of interaction relate to co-operation not only among Commonwealth entities but also among relevant State and Territory bodies. They need to be managed in ways that respect the information sharing arrangements, the accountability and the obligations under law of each entity, including arrangements for managing intelligence-derived information in the conduct of legal proceedings.[2]

A ‘comprehensive review of the legal framework under which Australia’s intelligence agencies operate’ was recommended.[3]

Comprehensive Review of the Legal Framework of the National Intelligence Community

On 30 May 2018 the then Attorney-General, Christian Porter, announced a review of national intelligence legislation (the Richardson Review), noting that this was a key recommendation of the 2017 Review. The Richardson Review was to consider the legislative frameworks for the intelligence functions of law enforcement bodies, consistent with the 2017 Review’s ‘recommendation to consolidate and expand linkages between members of the national intelligence community’.[4]

The 1,300 page, four volume report of the Richardson Review was published in December 2019. The Richardson  Review identified the TIA Act as being ‘a dog’s breakfast’ in terms of oversight arrangements and the piece of legislation that was most in need of reform.[5]

The Richardson Review recommended the enactment of a consolidated Electronic Surveillance Act, in which the existing TIA Act, Surveillance Devices Act 2004 (SD Act) and parts of the Australian Security Intelligence Organisation Act 1979 (ASIO Act) would be replaced with a single Act governing the use of federal telecommunications interception powers, covert access to stored communications, computers and telecommunications data, and the use of optical, listening and tracking devices.[6] The Richardson Review noted that ‘reform of this nature will not be a simple or quick undertaking’ and would require two to three years of ‘very detailed work and drafting before being considered by Parliament’.[7]

The Richardson Review also recommended that the oversight framework under the SD Act—which provides for the Commonwealth Ombudsman to oversee all aspects of each Commonwealth, state and territory agencies’ use of the powers under that Act—be adopted as the model for the new Act. It was noted that this would expand the role of the Commonwealth Ombudsman and require additional resourcing.[8]

The Government accepted most of the public recommendations, including the recommendation for a consolidated Electronic Surveillance Act.[9]

The Richardson Review recognised that some immediate reforms were necessary to the TIA Act, while the extensive process of preparing a new Electronic Surveillance Act was underway.[10] 

The Richardson Review also reported that several state and territory governments and agencies requested that their corrective services agencies (CSAs) be given the power to access telecommunications data. It was noted that CSAs were able to access telecommunications data prior to 2014 as they then fell within the definition of an enforcement agency, but amendments in the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Data Retention Act) subsequently limited access to a smaller range of criminal law‑enforcement agencies:

As originally introduced the legislation would have allowed government to declare additional agencies to be eligible to access telecommunications data, once they had proven that they had a ‘demonstrated need’ to access such information. However, the Government amended the Bill to remove its ability to declare additional agencies in response to a recommendation by the PJCIS [Parliamentary Joint Committee on Intelligence and Security].[11]

Removing CSAs from the list of agencies which may access telecommunications data had the greatest impact on Corrective Services NSW and Corrections Victoria. Between 2010 and 2015, Corrective Services NSW applied to access telecommunications data for criminal investigations 387 times, and Corrections Victoria applied to access telecommunications data 926 times for criminal investigations and 119 times to enforce laws imposing a pecuniary penalty. Tasmania Prison Service applied to access telecommunications data 30 times to enforce laws imposing a pecuniary penalty.[12]

The Richardson Review concluded that, whereas the evidence did not support granting access to telecommunications data to all CSAs at that time, as part of the development of the new Electronic Surveillance Act, CSAs should be granted the power to access telecommunications data ‘if the relevant state or territory government considers it to be necessary’.[13]

In its Response to the Richardson Review, the Government agreed with the recommendation that CSAs should be granted the power to access telecommunications data, if the relevant state or territory government considers it to be necessary.[14]

In his second reading speech on the Bill, the Assistant Minister to the Minister for Industry, Energy and Emissions Reduction, Tim Wilson, advised:

It is necessary and appropriate to make these amendments ahead of the broader holistic electronic surveillance reforms recommended by the comprehensive review…The ability of corrective services authorities to access telecommunications data is now vital to combat transnational, serious and organised crime, to ensure the safety and security of both the correctional environment and the wider community.[15]

In relation to the timing of the Bill, the Assistant Minister also referred to a temporary declaration made by the Minister for Home Affairs that commenced on 18 February 2022, which temporarily declares the NSW Department of Communities and Justice to be an enforcement agency under section 176A of the TIA Act.[16] While it is in force, this declaration allows the NSW Department to access telecommunications data. The declaration will expire at the end of the period of 40 sitting days of a House of Parliament after it came into force.[17] 

Review of the Mandatory Data Retention Regime

In compliance with section 187N of the TIA Act, in 2020 the PJCIS undertook a review of the Mandatory Data Retention Regime (MDRR) that was implemented by the Data Retention Act.

The PJCIS reported that the Corrective Services Administrators’ Council (CSAC) made a case for the inclusion of its members to be considered Criminal Law Enforcement Agencies under the TIA Act.[18] The CSAC contended that the existing temporary regime was not suitable for CSAs as the process of applying for declarations on a regular basis would be very time consuming and the ‘lack of access to telecommunications data and information has created obstacles for CSAs in pursuing avenues of investigation, reducing the likelihood of securing a conviction or, in some cases, identifying the likely perpetrator.’[19]

CSAC advised that the use of mobile phones within corrections settings was a particularly pressing issue:

Although CSAs have a range of strategies to detect and prevent inmate mobile phone use, the use of telecommunications data (call charge records and SIM card registration details) following the detection of unauthorised mobile phone use in correctional centres would allow for identification and, if deemed appropriate, prosecution of the inmate or inmates found to be linked to the mobile phone. In this way, criminal associations operating from within correctional centres can be identified and prevented. This has a direct effect on community safety.[20]

Committees

The Senate Standing Committee for the Scrutiny of Bills expressed concern that the Bill grants the minister ‘a broad discretionary power to declare that a corrective services authority is an enforcement agency in circumstances where there is limited guidance on the face of the primary legislation as to when it may be appropriate to exercise this power’.[21] The Committee requested detailed advice from the Minister regarding the rationale for the granting of this power without including any guidance or a 40 sitting-day time limit in the legislation.[22] 

At the time of writing this Digest, the Minister’s response had not been provided to the Committee.[23]

Subsection 176A(11) of the TIA Act provides that any amendment to subsection 176A(1) must be referred to the PJCIS. Item 3 of the Bill proposes an amendment to subsection 176A(1).

Policy position of non-government parties/independents

Non-government parties and independents do not appear to have commented publicly on the Bill to date. There have been no proposed amendments circulated.

Position of major interest groups

Noting that the position of the CSAs was established by their submission to the 2020 PJCIS review,[24] there has been no comment by major interest groups on the introduction of the Bill.

Financial implications

The financial implications of the Bill are discussed below in the ‘Key issues and provisions’ section.

Statement of Compatibility with Human Rights

As required under Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011 (Cth), the Government has assessed the Bill’s compatibility with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of that Act.

Although it was acknowledged that the Bill limits the right to privacy in Article 17 of the International Covenant on Civil and Political Rights (ICCPR), the Government considers that the Bill is compatible with human rights and freedoms as any limitations are reasonable, necessary and proportionate.[25]

Key issues and provisions

Definition of enforcement authority

The definition of enforcement agency in section 176A of the TIA Act is:

  1. subject to subsection 110A(7), a criminal law‑enforcement agency;
  2. subject to subsection (7), an authority or body for which a declaration under subsection (3) is in force.

Subsection 176A(3) of the TIA Act provides that the Minister may declare an authority or body to be an enforcement agency, but this declaration only remains in force until the end of the period of 40 sitting days of a House of the Parliament.

Section 176A was introduced by the Data Retention Act. Prior to the commencement of this Act, CSAs came within the definition of enforcement agency,[26] as this definition was an ‘open‑ended description’.[27] The definition was changed to assuage privacy concerns associated with the MDRR and ensure that the TIA Act has ‘a clear mechanism for determining which authorities and bodies fall within the definition of an ‘enforcement agency’’.[28] It was envisioned that the time limit on a declaration of the Minister that an authority or body is an enforcement agency would account for emergency situations and enable legislative amendment to be brought before the Parliament.[29]

Proposed section 176B, at item 4 of the Bill, gives the Commonwealth Minister the ability to make a declaration that a CSA is an enforcement agency (proposed paragraph 176B(3)(a)) and that specified persons are officers of the enforcement agency (proposed paragraph 176B(3)(b)). The effect of this amendment is to enable declared CSAs to access stored telecommunications data under sections 177, 178 and 179. Unlike declarations made under section 176A, there is no time limit in the new provision.

This does not re-instate the pre-2015 position of all CSAs having access to telecommunications data, as each individual agency will need a declaration in place for access to be granted.    

Oversight of information gathering powers

The Bill sets out the powers and obligations of the relevant Commonwealth Minister, state or territory Minister and the Commonwealth Ombudsman in managing a CSA’s access to telecommunications data.

State or Territory Minister

State or territory Ministers who are responsible for corrective services can request that the Commonwealth Minister declare a CSA to be an enforcement agency (proposed subsection 176B(2)). State or territory Ministers may also request that a declaration be revoked (proposed subsection 176B(8)).  

Commonwealth Minister

Under proposed subsection 176B(4), the Commonwealth Minister is not empowered to make a declaration unless the state or territory Minister has requested it. Proposed subsection 176B(5) specifies that the Minister may consult bodies such as the Privacy Commissioner or the Ombudsman before making a declaration.

The Explanatory Memorandum notes that it is not mandatory for the Commonwealth Minister to conduct consultations before making a declaration, and this is consistent with the consultation provision in subsection 176A(5) of the TIA Act.[30] In relation to this section of the TIA Act, prior to its introduction as part of the data retention regime, the Australian Privacy Commissioner recommended to the PJCIS that consultation with the Commissioner be required before a declaration could be made under subsection 176A(3).[31] This recommendation was not endorsed by the PJCIS, which commented:

While the Committee considers it would be a matter of good practice for the Attorney-General to consult with the Australian Privacy Commissioner and Ombudsman before making a declaration, it is not considered necessary to insert a mandatory consultation requirement for this in the legislation.[32]

The declaration made by the Commonwealth Minister may limit the powers of the subject authority by specifying that the CSA cannot exercise a power conferred by a specified provision. The CSA is then not considered to be an enforcement agency for the purposes of that provision (proposed subsection 176B(7)).

The Commonwealth Minister is required to revoke a declaration on request by the state or territory Minister (proposed subsection 176B(9)). The Commonwealth Minister can also revoke a declaration if they are satisfied the CSA’s compliance with the TIA Act has been unsatisfactory (proposed subsection 176B(10)).

The Explanatory Memorandum states that the intention is for the unsatisfactory compliance to involve ‘ongoing and serious disregard for the obligations in the TIA Act, and an unwillingness to engage with and respond to issues identified by the Commonwealth Ombudsman.’[33] This is not expressed in the legislation, hence the above criteria may act as a guide to the Commonwealth Minister’s decision making.

Commonwealth Ombudsman

The Bill does not confer any additional powers on the Ombudsman, hence the arrangements for oversight of CSAs are the same as those for other enforcement agencies under section 176A of the TIA Act.  

It is advised in the Explanatory Memorandum that the Ombudsman’s involvement entails:

independent oversight by the Commonwealth Ombudsman, who will inspect the records to determine the extent of an authority’s (and its officers’) compliance with Chapter 4 of the TIA Act. The Ombudsman will also report annually to the Minister for Home Affairs about the results of those inspections which are then tabled in Parliament…[34]

It is acknowledged in the Explanatory Memorandum that oversight of additional agencies could have a financial impact for the Ombudsman, which ‘will be assessed and resolved with the Ombudsman and the relevant State or Territory prior to any declaration being made by the Commonwealth Minister.’[35]

Funding may prove to be a significant issue given the Ombudsman’s projection that ‘the economic and budgetary impact arising from the pandemic will be significant and potentially long lasting’[36] and that increased reliance on government support ‘may generate complaints to the Office or otherwise involve us taking on an increased role in the oversight of the management of new government support and services.’[37]

Differences between declaration powers in section 176A of the TIA Act and new section 176B

If proposed section 176B is enacted, the Commonwealth Minister will have the ability to make declarations with respect to CSAs on an effectively permanent basis and will retain the ability to make declarations for other bodies or authorities temporarily under subsection 176A(3).  

The legislation provides that the Minister must have regard to certain matters before making a temporary declaration under subsection 176A(3), such as whether the authority or body proposes to adopt processes and practices that would ensure its compliance with the obligations of an enforcement agency (paragraph 176A(4)(d)). These conditions are not replicated in the provisions of the Bill.

According to the Explanatory Memorandum, this difference reflects the breadth of the power in section 176A(3) and the fact that ‘it is intended to be used as a temporary measure pending parliamentary consideration of legislative amendments’,[38] compared with the power in new section 176B which is ‘administrative in nature’[39] and ‘for the Minister to consider’.[40]   

Given the matters that the Minister must consider before making a declaration are not prescribed by the legislation, the Minister can exercise their discretion in respect of whether making a declaration requires assessing a CSA’s willingness to be declared an enforcement agency, their readiness to access data, whether they require access to telecommunications data and what access is necessary for the authorities to meet legitimate objectives.

Mobile phones in prisons

In his second reading speech, the Assistant Minister specifically referred to the issue of illicit mobile phones in prisons and stated:

Operation Ironside has already resulted in more than 350 individuals being charged who, if convicted, will spend time in correctional facilities around Australia. The ability of corrective services authorities to access telecommunications data is now vital to combat transnational, serious and organised crime, to ensure the safety and security of both the correctional environment and the wider community.[41]

Operation Ironside is an ongoing Australian Federal Police (AFP)-led investigation into ‘significant organised crime syndicates’ that used a dedicated encrypted communications device to traffic illicit drugs and weapons to Australia, as well as order local executions.[42]

In addition to the need to access telecommunications data prompted by Operation Ironside, the issue of mobile phones in prisons has become more prominent due to COVID-19. There have been difficulties with prisoners who have COVID-19 being able to contact friends, family and legal representatives when in isolation, such as at Parklea Correctional Centre in NSW where over 140 prisoners contracted COVID-19.[43]

In a public sector guidance sheet for drafters of statements of compatibility with human rights, the Attorney-General’s Department advises that the right to humane treatment has been found to have been violated when detainees were held in 'incommunicado detention’ with insufficient justification. In the guidance sheet, incommunicado detention is defined as meaning that the ‘detainee cannot communicate with anyone other than their captors’, such as family, friends, independent lawyers or doctors.[44]

It has been reported that Corrective Services NSW is co-ordinating the rollout of mobile phones for inmates with COVID-19 in remand centres, which has reportedly caused concern about ‘a spike in organised crime, harassment, intimidation of officers and “gaol house hits”’.[45]