List of Recommendations

Recommendation 1

4.75

The Committee recommends that the Government implement a periodic survey, starting in three years from the presentation of this report, to ascertain ongoing economic impacts of the TOLA Act legislation on Australia’s ICT industry and the results should be made publicly available.

Recommendation 2

4.78

The Committee recommends the Government, in consultation with relevant stakeholders, develop a prescribed set of requirements for information that must be included in technical assistance requests.

Recommendation 3

4.82

The Committee recommends that s317C of the Telecommunications Act 1997 be amended to clarify that a designated communications provider does not include a natural person, where that natural person is an employee of a designated communications provider, but will only apply to natural persons insofar as required to include sole traders.

Recommendation 4

4.85

The Committee recommends that Part 15 of the Telecommunications Act 1997 be amended to remove references to ‘systemic vulnerability’.

Recommendation 5

4.87

The Committee recommends that s 317ZG of the Telecommunications Act 1997 be amended to describe the ‘prohibited effects’ of a technical assistance request, a technical assistance notice or a technical capability notice.

Such an amendment could take the form of the words put forward by the Independent National Security Legislation Monitor in his recommendations 9 and 10, and the government may consider incorporation of additional definitions in s317B of the Telecommunications Act 1997 arising from the proposed amendment.

Recommendation 6

4.90

The Committee recommends that the Department of Home Affairs develop, maintain, and publish non-exhaustive guidance documents that set out non-binding examples of what may constitute a ‘whole class of technology’ for the purposes of defining a systemic weakness.

Recommendation 7

4.93

The Committee recommends the Government commission a review of Commonwealth legislation to determine whether the concept of ‘serious offence’, ‘relevant offence’, and other similar concepts:

should be made consistent across different Acts of Parliament; and

whether the threshold for the concept of ‘serious offence’ in all Commonwealth legislation should be – at a minimum – an indictable offence punishable by a maximum penalty of seven years’ imprisonment or more, with a limited number of exceptions.

This body of work should inform, or occur as part of, the eventual electronic surveillance bill being considered by the Department of Home Affairs and other departments.

Recommendation 8

5.55

The Committee recommends that the relevant provisions of the Australian Security Intelligence Organisation Act 1979 and the Surveillance Devices Act 2004 be amended to require the Australian Security Intelligence Organisation and law enforcement agencies to seek external authorisation from the Attorney-General or issuing authority to carry out concealment activities in relation to the execution of computer access warrants following the initial 28 day window provided in the respective acts.

The Committee recommends that such an application should allow the Australian Security Intelligence Organisation or law enforcement agencies to carry out concealment activities within a window of time not exceeding six months from the expiry of the initial 28 day window, with the option to seek additional external authorisation for a further six months if required.

Recommendation 9

5.62

The Committee recommends that the Government make clear that no mandatory assistance order, including those defined in section 3LA of the Crimes Act 1914 and section 201A of the Customs Act 1901, can be executed in a manner that amounts to the detention of a person where that agency does not otherwise have any lawful basis to detain the person.

Recommendation 10

6.46

The Committee recommends that s21A of the Australian Security Intelligence Organisation Act 1979 be amended to limit authorisation of activities under voluntary assistance provisions to the Director-General of Security and Deputy Directors-General of the Australian Security Intelligence Organisation.

Recommendation 11

6.49

The Committee recommends that s 21A(1)(e) and s 21A(5)(e) of the Australian Security Intelligence Organisation Act 1979 be amended to confine the scope of the immunity from civil liability offered under the Act to ‘conduct that does not result in serious personal injury or death to any person or significant loss of, or serious damage to, property’.

Recommendation 12

6.53

The Committee recommends that s21A of the Australian Security Intelligence Organisation Act 1979 be amended to require the Director-General of Security to be satisfied of the reasonableness and proportionality of the conduct of a voluntary assistance request prior to issuance.

Recommendation 13

6.55

The Committee recommends that s21A of the Australian Security Intelligence Organisation Act 1979 be amended to require the Australian Security Intelligence Organisation to retain written reasons underpinning a voluntary assistance request.

Recommendation 14

6.57

The Committee recommends that s21A and s34AAD of the Australian Security Intelligence Organisation Act 1979 be amended to state that nothing in either section authorises the Director-General of Security to make a request of a person that is properly the subject of a technical assistance request as set out by s317G of the Telecommunications Act 1997.

Recommendation 15

6.61

The Committee recommends that the Government make clear, for the avoidance of doubt, that the compulsory assistance order power in s34AAD of the Australian Security Intelligence Organisation Act 1979 does not authorise the detention of person to whom the order applies where the Australian Security Intelligence Organisation does not otherwise have any lawful basis to detain the person.

Recommendation 16

6.64

The Committee recommends that s34AAD of the Australian Security Intelligence Organisation Act 1979 be amended to state that the requirement to comply with a compulsory assistance order is only enlivened once the specified individual has been provided with a written notice that outlines what they must do to ensure compliance with the order. This notice should also clarify the consequences of failing to comply.

Recommendation 17

6.66

The Committee recommends that s34AAD of the Australian Security Intelligence Organisation Act 1979 be amended to require the Australian Security Intelligence Organisation to advise the individual subject to a compulsory assistance order the conditions associated with that order at the time the written notice is provided or at such time as the conditions are known.

Recommendation 18

7.85

The Committee recommends that the Government amend the Inspector-General of Intelligence and Security Act 1986 to expand the jurisdiction of the IGIS to oversee the intelligence functions of the Australian Federal Police.

Recommendation 19

7.88

The Committee recommends that the Government amend the Intelligence Services Act 2001 to provide the Parliamentary Joint Committee on Intelligence and Security with the ability oversee to the intelligence functions of the Australian Criminal Intelligence Commission.

Recommendation 20

7.93

The Committee recommends the Government give further consideration to the proposal from the INSLM for an Investigatory Powers Division within the Administrative Appeals Tribunal and provide a response on the proposed model or any recommended alternatives by September 2022.

Recommendation 21

7.96

The Committee recommends the Government consider the proposal for an Investigatory Powers Commissioner, as recommended by the INSLM, and provide a response on the proposed model or any recommended alternative models by September 2022.

Recommendation 22

7.98

The Committee recommends that the Government expressly clarify that the Commonwealth Ombudsman must consult with relevant agencies to identify operationally sensitive material that should be removed or amended before publication of a report. Section 317ZRB(7) of the Telecommunications Act 1997 should then subsequently be repealed.

Recommendation 23

7.100

The Committee recommends that s317LA of the Telecommunications Act 1997 be repealed so that State and Territory police are not required to seek the approval of the Australian Federal Police for a technical assistance notice.

Recommendation 24

7.104

The Committee recommends that s 34 of the Australian Security Intelligence Organisation Act 1979 be amended to require the Australian Security Intelligence Organisation to report to the Attorney-General when a device is removed from premises in the execution of a computer access warrant and the duration of the removal.

Recommendation 25

7.108

The Committee recommends that:

the Australian Security Intelligence Organisation provide annually to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) a copy of its annual report appendix in relation to Telecommunications and Other Legislation Amendment (TOLA) authorisations, consistent with current practice for telecommunications data access authorisations; and

the Intelligence Services Act 2001 be amended, as required, to provide that the PJCIS may review matters in relation to TOLA authorisations of the Australian Security Intelligence Organisation.

Recommendation 26

7.110

The Committee recommends that the Australian Security Intelligence Organisation brief the Parliamentary Joint Committee on Intelligence and Security on the acts or things implemented as part of a compulsory assistance order to facilitate and assist the ongoing review and oversight of the legislation.

Recommendation 27

7.113

The Committee recommends that s 3LA of the Crimes Act 1914 and s 201A of the Customs Act 1901 be amended to require agencies to report to inspection bodies on the execution of assistance orders and publish those figures in their respective annual reports.

Recommendation 28

7.118

The Committee recommends the definition in s 4 of the Independent National Security Legislation Monitor Act 2010 be amended to allow the Independent National Security Legislation Monitor to review the amendments made by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 of its own motion.

Recommendation 29

7.121

The Committee recommends s 29 of the Intelligence Services Act 2001 be amended to require the Parliamentary Joint Committee on Intelligence and Security to commence a review within three years once the Committee becomes aware through existing annual reporting requirements that the technical assistance notices or technical capability notices provided by Schedule 1 of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 have been used.

| Contents |