Chapter 3 - Stored Communications

Introduction

3.1       The principal consideration of legislation which governs access to personal communications should be the protection of privacy. However, it is accepted that in limited circumstances it may be in the public interest to allow access to such communications. It is therefore essential that any legislation permitting access to personal communications achieves an appropriate balance between preserving privacy and assisting law enforcement agencies to effectively investigate serious offences. The primary test must always be whether the seriousness of the offence being investigated sufficiently warrants a significant invasion of an individual's privacy. This is particularly important whenever access to information is by covert interception.

3.2       The proposed amendments create a general prohibition on access to stored communications subject to prescribed exceptions including a stored communications warrant. The effect of the general prohibition proposed in this Bill is to prevent law enforcement agencies from serving notices to produce to obtain stored communications from a carrier without the knowledge of the intended recipient.

3.3       The proposed amendments clarify the lawful position surrounding access to stored communications which has previously been under dispute. This includes the ability of enforcement agencies to use warrants pursuant to section 3L of the Crimes Act, or other lawful notices to produce, to covertly obtain stored communications.

3.4       Generally, the clarification of access to stored communications provided by the Bill has been welcomed as a necessary and significant improvement. However, a number of areas of concern regarding the proposed stored communications warrants, as well as some definitional issues have emerged in the submissions and evidence received by the Committee at the hearing. These issues are considered in the following sections.

Access to stored communications

3.5       Section 108 prohibits access to stored communications 'without the knowledge of the intended recipient of the stored communication.'[3] The Explanatory Memorandum states that:

The requirement for knowledge also preserves the ability of law enforcement agencies to access stored communications held by a carrier where they do so with the knowledge of the intended recipient ... The distinction means that enforcement agencies are regulated by the stored communications regime only when they are acting covertly in the access to these communications.[4]

3.6       Electronic Frontiers Australia (EFA) argue that enforcement agencies should not be permitted to use existing notices to produce at the carrier because 'there is no means by which the carrier can know whether or not the intended recipient has in fact been notified by the agency prior to disclosing the information.'[5]

3.7       EFA also suggest that there is a lack of clarity in the existing telecommunications legislation, in particular the interrelationship between the Telecommunication (Interception) Act 1979 and the Telecommunications Act 1997 regarding the authorisation of agencies to obtain the content of stored communications via compulsory notices to produce.

3.8       Section 280(1)(a) of the Telecommunications Act 1997 provides for the disclosure of information if:

... in a case where the disclosure or use is in connection with the operation of an enforcement agency – the disclosure or use is required or authorised under a warrant.

3.9       EFA state that:

We believe that the Telecommunications Act overrides [the ability of agencies to submit compulsory notices to produce under their own legislation] and therefore, once the interception Bill is passed it will then override the Telecommunications Act and, as a result, civil penalty agencies and criminal penalty agencies will need to provide a warrant. There are not notice-to-produce provisions. [6]

3.10      However, during the Inquiry it was noted that there have been instances in the past where various government agencies have had differing views about the kinds of warrants they needed to access information from a carrier.[7]

3.11      Advice from ASIC indicates that, in their view, subsections 282(1) and (2) of the Telecommunications Act 1997, allows them to obtain stored communications using their notice to produce powers.[8]

3.12      The Attorney-General's Department supports the view that upon enactment of the proposed Bill, the position in relation to stored communications would be clarified and access to stored communications will only be permitted with a warrant.[9]

Committee view

3.13      The Committee notes EFA's concern regarding the ability of a carrier to know whether or not the intended recipient has been notified of access to communications prior to the disclosure of such information. However, the Committee considers that there are means by which an enforcement agency can inform the carrier of notification to the intended recipient.

3.14      The Committee considers that distinction between overt and covert access to communications as provided for in the Bill, is a critical one. The Committee considers that covert access to communications must be subject to much tighter controls than overt access. Where access is covert, individuals have virtually no opportunity to protect privileged information or to challenge the grounds on which such access was granted.

3.15      Given that many law enforcement agencies will be unable to access a stored communications warrant for covert access to stored communications, the Committee recognises the need of enforcement agencies to have an overt means of access. This requirement is satisfied through the ability of agencies to use notices to produce where the intended recipient has been notified.

3.16      The Committee acknowledges the view that when enacted the current Bill will prohibit covert access to stored communications except where an agency has a stored communications warrant.

3.17      However, the Committee also acknowledges the importance of clarifying the regime governing access to stored communications particularly for the benefit of telecommunication carriers who carry the risk of criminal and/or civil action if they disclose stored communications information in breach of the Telecommunication Act 1997 or the Telecommunications (Interception) Act 1979.

Recommendation 1

3.18      The Committee recommends that the Bill be amended to include a provision amending Section 280 and subsections 282(1) and (2) of the Telecommunications Act 1997, effective from the same date as the Bill, to make it clear that covert access to stored communications is not permitted without a stored communications warrant.

Stored communications warrants

3.19      Under the proposed amendments a stored communications warrant will be required to access stored communications held on the carrier's equipment. The inquiry identified a number of concerns regarding the proposed warrant regime for access to stored communication, in particular:

• offences for which stored communications can be accessed and used; and
• enforcement agencies for which access to stored communications may be granted.

Offences for which stored communications may be accessed and used

3.20      As noted above, the proposed amendments provide an exemption to the general prohibition for stored communications accessed with a stored communications warrant. The Bill proposes two penalty thresholds that must be met in relation to accessing and the use of, stored communications. The Bill provides an initial penalty threshold that must be met for a stored communications warrant to be issued. A lower penalty threshold is then specified for the secondary use and disclosure of information which has been accessed under a stored communications warrant.

The threshold for issuing a warrant

3.21      Proposed section 116(1)(d) provides that stored communications warrants may be issued to agencies if the information likely to be obtained would assist in connection with an investigation of 'serious contraventions'.

3.22      Serious contraventions are defined at proposed section 5E as:

1. a contravention of a law of the Commonwealth, a State or a Territory that:
   1. is a serious offence;[10] or
   2. is an offence punishable:
      1. by imprisonment for a period, or a maximum period, of at least 3 years; or
      2. if the offence is committed by an individual – by a fine or a maximum fine, of at least 180 penalty units; or
      3. if the offence cannot be committed by an individual – by a fine, or maximum fine, of at least 900 penalty units; or
   3. would, if proved, render the person committing the contravention liable to:
      1. if the contravention is committed by an individual – a pecuniary penalty, or maximum pecuniary penalty, of at least 180 penalty units; or
      2. if the contravention cannot be committed by an individual – a pecuniary penalty, or maximum pecuniary penalty, of at least 900 penalty units.

3.23      The offences for which a stored communications warrant may be issued, are significantly less than those offences for which the existing telecommunications warrants are currently available. That is, offences punishable by imprisonment for a period, or maximum period, of at least seven years.

3.24      The Attorney-General's department advised the Committee that the distinction between real time communications and stored communications, had been recommended by the Blunn report and is based on the supposition that something that is in writing, such as emails or a text message, is 'something that definitely involves more consideration of the expression'.[11]

3.25      However, other witnesses argued that the different treatment of the two forms of communications was unjustified:

It strikes me as nonsensical that a differentiation would be drawn between speaking to somebody on a mobile phone and sending them an SMS message. Many of the students who I teach today see them as equivalent forms of communications. It makes no sense as a matter of law or public policy why, indeed, it is easier to gain one type of information than the other ... I think the proper focus for assessing this legislation is: what is the appropriate limitation upon the privacy of Australian people? For them there is no rational distinction, so I cannot see how you could justify one from the government's end.[12]

3.26      This is supported by others who argue that the proposed penalty threshold for the issuing of a stored communications warrant is too low. The Australian Privacy Foundation states:

The principle that invasion of privacy through covert interception should only be allowed in relation to genuinely serious offences is clearly established in the existing regime. In our view, no convincing case has been mounted for why a lower threshold should apply to stored communications, which can contain information just as private, sensitive and even intimate. In the absence of any such case, it is difficult to have a rational discussion about where the threshold should be set, but we strongly urge the Committee to recommend higher thresholds than those proposed.[13]

3.27      In contrast, law enforcement agencies such as the Australian Securities and Investment Commission (ASIC) and the Australian Consumer and Competition Commission (ACCC) state that the initial three-year threshold was too high and would severely impact on the ability to carry out their legislative function. The ACCC believes that their 'ability to obtain a stored communications warrant under the Bill appears ... to be quite limited.'[14]

3.28      ASIC argued:

The specific issue we have with the draft bill in its current form is the threshold for obtaining the warrant – three years or 180 penalty units. We have many examples of provisions throughout the Corporations Act which address serious misconduct which have a lower threshold than that. ... That means that we will not be able to access that material during the course of our investigation and that will affect, to a varying degree – depending on what the information is – our investigation and our ability to assess whether or not misconduct has occurred and then our ability to take action if it has occurred.[15]

The threshold for use

3.29      The proposal in the Bill to allow for information obtained under a stored communication to be used in proceedings into offences carrying a punishment of twelve months imprisonment or sixty penalty units was supported by enforcement agencies as an appropriate threshold.[16]

3.30      However, the lower secondary threshold was strongly opposed by other organisations. EFA state that they are:

... opposed to the provisions allowing accessed information to be disclosed and used in relation to offences and contraventions involving the much lower penalties than those for which a stored communications warrant is permitted to be used.[17]

3.31      The Attorney-General's department explained that the stored communications regime has been designed to mirror the telecommunications regime in the sense that once the higher threshold has been met for the initial privacy intrusion, the penalty for the use of that information is then dropped.

Enforcement agencies for which access may be granted

3.32      The proposed section 110 provides that an 'enforcement agency may apply to an issuing authority for a stored communications warrant in respect of a person.' The Bill inserts a new definition of enforcement agency into subsection 5(1) of the Act. It defines an enforcement agency as having the same meaning as in section 282 of the Telecommunications Act 1997 and also includes an interception agency and eligible authority of a State.

3.33      The Explanatory Memorandum further explains that enforcement agencies 'include all the law enforcement agencies responsible for investigating criminal matters, as well as agencies responsible for administering a law imposing a pecuniary penalty or administration of a law relating to the protection of public revenue.'[18] Examples of enforcement agencies include the Australian Tax Office, the Australian Securities and Investment Commission and the Australian Customs Service.

3.34      It has been argued that the range of agencies that are able to apply for stored communications warrants should be limited. The Australian Privacy Foundation considers that the extension to the breadth of access provided for in the Bill 'strikes the wrong balance between protection of privacy – the acknowledged focus of the legislation, and the exceptions for other public interests.'[19]

Committee view

3.35      The Committee acknowledges the view of law enforcement agencies relating to their requirements to access stored communications in the course of investigations related to their legislative functions.

3.36      However, the Committee notes advice from ASIC that:

The majority of our access to emails, however, comes from access at the user's end[20]

3.37      Further the Committee notes advice that 'in the last 12 months ASIC has not accessed stored communications from an ISP.'[21]

3.38      The Committee believes that this suggests that the need for enforcement agencies to seek access to stored communications via the carrier would be limited and a general prohibition of access to stored communications would only have limited impact, if any, on the work of these agencies.

3.39      The Committee agrees that an extension of agencies for which a stored communication warrant would be available 'strikes the wrong balance' between individual privacy and effective law enforcement. The key distinction is between covert and overt searches and the principal test should be the impact on individual privacy. The Bill would result in a wide number of government agencies being able to covertly obtain material for investigating a significant range of sometimes relatively minor offences.

3.40      The Committee is of the view that the invasion of privacy resulting from covert interception of communications is significant and should therefore only be accessible to core law enforcement agencies. As well, the Committee considers that offences for which stored communications warrants may be issued should be limited to criminal offences.

3.41      Other agencies having a legitimate need to access stored communications may continue to use the notice to produce procedures under Section 280 of the Telecommunications Act (as discussed above), requiring the notification of the owner of the information.

Recommendation 2

3.42      The Committee recommends that the enforcement agencies able to access stored communications should be limited to those agencies eligible under the existing arrangements for telecommunications interception.

Recommendation 3

3.43      The Committee recommends that the Bill be amended to permit stored communications warrants to be issued only in relation to criminal offences.

Required warrant information

3.44      The Bill does not require that an application for a stored communications warrant, or the warrant itself, specify either identifying information for the subject of the warrant or any specific identifying information for the telecommunications services for which the warrant will authorise access.

3.45      EFA note in their submission that 'proposed section 6EB appears to assume that a stored communications warrant would contain information identifying the person and also identifying the relevant telecommunications service ... However, it is not apparent from the Bill how the issuing authority would obtain such information.'[22]

3.46      The Attorney-General's department advised the Committee that:

The warrant would include the name of the person whom the warrant is over, including the telecommunications services that the stored communications would be attached to. All the other relevant details would be included in the affidavit. The facts and the grounds for issuing or applying for the stored communications warrant are required to be included in the affidavit.[23]

3.47      Proposed section 118 of the Bill outlines the form and content of stored communications warrants. It provides that a stored communications warrant must be in accordance with the prescribed form and may specify conditions or restrictions relating to access. Notwithstanding the advice from the Attorney-General's department, the Committee notes that subsection 118(3) only requires that:

A stored communications warrant must set out short particulars of each serious contravention in relation to which the issuing authority issuing the warrant was satisfied, on the application for the warrant ...[24]

3.48      In addition, proposed sections 111-113, which deal with the application for a stored communications warrant and the accompanying affidavit information, do not require personal or telecommunications service identification information to be provided.

Committee view

3.49      To protect the integrity of the stored communications regime and the privacy of Australians, it is essential that both the subject of the warrant and the telecommunications services for which access is sought are clearly and unmistakeably identified in the application for a stored communications warrant and on the warrant itself. The Committee notes that existing section 42(4A) currently requires such identifying information to be included in the applications for named person warrants.

3.50      The Committee notes advice that:

... the department is currently working on the prescribed forms for which the stored communications warrants will be made.[25]

3.51      The Committee considers that given the importance of clearly identifying the subject and services for which access is sought, the requirements for such information should be settled as soon as possible for inclusion in the Bill.

Recommendation 4

3.52      The Committee recommends that the Bill be amended to require applications for stored communications warrants, and the warrant itself, to include information that clearly identifies the person who will be the subject of the warrant and the telecommunications for which access is sought.

3.53      The Committee suggests that the existing provisions for named person warrants provide a suitable example of the type of information that ought to be required.

Safeguards and privacy protection

Issuing authorities

3.54      The proposed amendments extend the range of authorities who may be declared as issuing authorities for the purposes of the stored communications warrant regime. The proposed amendments allow for stored communication warrants to be issued by those identified as able to issue interception warrants, 'as well as any other Commonwealth, State or Territory judge or magistrate.[26]

3.55      It has been argued that allowing AAT members to issue telecommunication interception warrants has diminished the front end accountability of Australia's interception regime.[27] The NSW Council of Civil Liberties has suggested that the increase in the number of telecommunications interceptions is a result of allowing AAT members to issue interception warrants. The Council states:

AAT members do not have tenure, are appointed by the government and work on contract. This means that AAT members are more likely to do the government's bidding than a judge, which explains why most warrants are issued by non-judges.[28]

3.56      Evidence was provided to the Committee which stated that the proposed extension of issuing authorities for the purpose of stored communications regime will make it too easy for enforcement agencies to obtain a warrant. The Australian Privacy Foundation argued:

Restricting warrant issuing authority to judges, full time federal magistrates and full-time senior AAT members would be an important safeguard against it becoming too easy to for [sic] enforcement agencies to obtain a warrant.[29]

3.57      The Attorney-General's department explained the proposal to increase the range of issuing authorities as:

... trying to get a balance. As ASIC said earlier, 'We don't see why these electronic things should be treated any different to any other hard copy document.' So you have that angle to it. Of course, a search warrant can be issued by a magistrate ... I think Tony Blunn in his report makes this point that there is a distinction between something that is live and something that is being composed and stored like a document. Consequently, because of those factors, Mr Blunn recommended that it was appropriate to have it as a magistrate.[30]

Committee view

3.58      As discussed above, the Committee rejects the proposition that stored communications are equivalent to normal search warrants. The key differentiating factor is the covert nature of the stored communication warrant. For this reason, the Committee does not accept that stored communications should be afforded any less privacy than is afforded to real time communications.

3.59      As such, the Committee does not consider a comparison between stored communications and hard copy documents justifies an extension of the issuing authorities to include magistrates. It is also noted that no evidence has been produced to suggest that the current arrangements are inadequate. In practice, an increase in the number of issuing authorities seems likely to make stored communications warrants more readily available.

Recommendation 5

3.60      The Committee recommends that the Bill be amended to allow issuing authorities to only include those currently able to issue interception warrants.

Enforceability in relation to State/Territory agencies

3.61      EFA highlight in their submission that while the Bill intends to regulate access to, and the use of, stored communications it is not clear if the Commonwealth would have the ability to enforce the provisions proposed in the Bill. According to EFA:

In the case of interception information, this issue is dealt with by the legislated requirement that State and Territory Parliaments enact complementary interception legislation applicable to their agencies and responsible Minister prior to the (C'th) Minister being permitted to declare such agencies as 'eligible' interception agencies ... However, there is no indication in either the Bill or Explanatory Memorandum of any intent to require State/Territory Parliaments to amend their interception legislation to complement the Commonwealth provisions concerning use, communication and recording of information obtained by accessing stored communications, and related reporting requirements.[31]

3.62      EFA advised the Committee that the issue would be remedied by requiring, as a precondition to being granted the powers of an enforcement agency under the stored communications regime, State and Territory Parliaments to enact complementary legislation. Given the tight timeframe for the implementation of such measures, as an additional safeguard EFA suggests that the Minister could be given the power to 'remove from state or territory agencies the right to get a warrant under the Commonwealth Telecommunications (Interception) Act.'[32]

3.63      This would provide similar protections as those provided by existing section 34 for telecommunications interception which allows the Minister, 'by legislative instrument and at the request of the Premier of a State, declare an eligible authority of that State to be an agency for the purposes of this Act' subject to certain conditions.

Committee view

3.64      The Committee considers it essential that the Commonwealth has the ability to enforce the obligations prescribed in the Bill relating to accessing stored communications. Immediate action should be taken to ensure enforceability of these provisions on State and Territory agencies.

3.65      The Committee considers that consistent with the arrangement for the existing telecommunications interception regime, State and Territory Parliaments should be required to enact complementary legislation for access to stored communications as a precondition to being granted the powers of an enforcement agency under the stored communications regime.

3.66      In light of the tight timeframe, the Committee supports the idea of amending the Bill to enable the exclusion of particular State/Territory agencies as an interim measure.

Recommendation 6

3.67      The Committee recommends that, consistent with the existing arrangements for telecommunications interception, immediate action be taken to ensure the enforceability of the stored communications provisions on State and Territory agencies by requiring complementary legislation to be enacted as a precondition to being granted the powers of an enforcement agency under the stored communications regime.

Recommendation 7

3.68      The Committee also recommends that as an interim measure, the definition of an enforcement agency in the Bill be amended to allow for the ability to exclude an agency specified in the Telecommunications Interception Regulations from being able to obtain a stored communications warrant.

Matters which issuing authorities must consider

3.69      The Bill proposes at section 116(2) that issuing authorities must have regard to:

1. how much the privacy of any person or persons would be likely to be interfered with by accessing those stored communications under a stored communications warrant; and
2. the gravity of the conduct constituting the serious contravention; and
3. how much the information referred to in paragraph (1)(d) would be likely to assist in connection with the investigation; and
4. to what extent methods of investigating the serious contravention that do not involve the use of a stored communications warrant in relation to the person have been used by, or are available to, the agency; and
5. how much the use of such methods would be likely to assist in connection with investigation by the agency of the serious contravention; and
6. how much the use of such methods would be likely to prejudice the investigation by the agency of the serious contravention, whether because of delay or for any other reason.

3.70      The proposed approach is generally supported. However, it is suggested that that the issuing authority should be permitted to take additional considerations into account such as length of time stored communications have been stored and whether a search can be undertaken to obtain the relevant information.[33] Further, whether or not the stored communications are likely to include communications the subject of legal professional privilege and whether such communications should be placed in confidential safekeeping of an independent person should also be considered.[34]

Committee view

3.71      The Committee is of the view that individual privacy protection ought to be the chief consideration in any regime permitting access to personal communications. This is particularly important where communications may include information subject to legal professional privilege. The Committee considers that additional considerations for issuing authorities such as those suggested above will only serve to enhance the privacy protection already outlined in the Bill.

Recommendation 8

3.72      The Committee recommends that the Bill be amended to allow issuers of stored communications warrants to have regard to the length of time stored communications may have been held on a carrier's equipment and whether the communications sought can be sufficiently identified in order to minimise the impact on privacy.

Recommendation 9

3.73      The Committee also recommends that the Bill be amended to require issuers of stored communications warrants to consider whether the stored communications are likely to include communications the subject of legal professional privilege and whether any conditions may be implemented to prevent the disclosure of such communications.

Destruction of irrelevant information

3.74      Access to stored communications, by its very nature, results in the increased likelihood of the collection of large amounts of information that may not be relevant to the investigation for which the warrant was issued. Therefore, adequate provisions governing the destruction of irrelevant material are a vital privacy safeguard.

3.75      Proposed section 150 provides for the destruction of records obtained by accessing a stored communication. Specifically it states that:

if the chief officer of the agency is satisfied that the information or record is not likely to be required for a purpose referred to in subsection 139(2); the chief officer must cause the information or record to be destroyed forthwith.[35]

3.76      In their submission, the Office of the Privacy Commissioner suggested that the effect of proposed section 150 may result in it being 'lawful for an agency to keep irrelevant information indefinitely.'[36] This is due to the fact that an obligation to destroy irrelevant information does not arise until after the chief officer has formed a view that the information is no longer required without the Bill specifying a time limit for this to occur.

3.77      The Office of the Privacy Commissioner recommended that, consistent with good privacy practice:

consideration be given to amending the Bill to ensure that agencies take regular steps to review whether information they have accessed via stored communications warrants is still required for a permitted purpose eg; by setting a maximum period for review.[37]

3.78      The Attorney General's department argued it did not expect that any law enforcement agency that is permitted to access stored communications would fail to assess irrelevant information on a regular basis. As well, they advised the Committee that 'there is also the additional safeguard that there is a prohibition on the use of any information.'[38]

Committee view

3.79      The Committee considers that setting a maximum period for review of information obtained via a stored communications warrant will require agencies to establish procedures to deal with irrelevant information in a timely manner. Given the potential to collect vast amounts of irrelevant information under a stored communications warrant the Committee believes that such a safeguard is essential.

3.80      The Committee notes the assurances of the Attorney-General's department that the relevance of collected information would be considered in a timely manner, however these are not requirements that are contained in law. The legislation must also guard against any lapses in administrative practices within agencies. Furthermore, the Committee considers that such a requirement is particularly important given the proposal in the Bill to extend the access to stored communications to a range of agencies that are not used to dealing with intercepted material as a matter of course.[39]

Recommendation 10

3.81      The Committee recommends that the Bill be amended to specify time limits within which an agency must both review their holdings of information accessed via a stored communications warrant and destroy information as required under the proposed section 150.

Monitoring of the stored communications warrant regime

Proposed reporting requirements

3.82      The Bill proposes lower reporting requirements for the use and effectiveness of stored communications warrants in comparison to the existing telecommunication interception warrants. The Explanatory Memorandum states that the reporting requirements for stored communications warrants are not as burdensome on the agencies as the reporting requirements for interception and these are consistent with general search warrant provisions and reflect the lower threshold to be met.[40]

3.83      However, the primary consideration of a regime which permits access to personal communications ought to be the protection of privacy. Stored communications warrants can not be considered the equivalent of search warrants due to their covert nature.

3.84      In their submission, EFA argues:

Reporting obligations are necessary due to the covert and secretive nature of warrants and resultant potential for abuse. The fact that warrants will be available in relation to contraventions involving lesser penalties increases, not decreases, the potential for abuse.[41]

Role of the Ombudsman

3.85      The proposed amendments expand the functions of the Ombudsman considerably to include oversight of the stored communications regime. Section 152 proposes additional functions including:

1. to inspect an enforcement agency's records in order to ascertain, so far as is practicable, the extent of compliance, in relation to those records with sections 150 and 151; and
2. to report to the Minister about the results of inspections under this Division; and
3. to do anything incidental or conducive to the performance of any of the preceding functions.

3.86      In his submission the Ombudsman advised the Committee that:

Whether my office is able to inspect most, if not all, agencies, in the spirit of the proposed amendments, or whether we will be able to inspect only a few, will depend on whether additional resources are available.[42]

3.87      The Ombudsman also advised the Committee that if a considerable number of enforcement agencies were inspected, the reporting timeframes may be difficult to meet. The Ombudsman went on to suggest:

It would be preferred if the proposed reporting timeframes for section 153 reports could be extended to six months instead of three. This should not interfere unduly with the accountability objective while allowing more time for reports to be prepared that are as useful and comprehensive as they can be.[43]

Committee view

3.88      The Committee agrees with the view that reporting obligations are vital to provide adequate transparency and accountability for the stored communications warrant regime. The Committee agrees with the position that a lower offence threshold does not equate to a lesser reporting obligation.

3.89      As well, the Committee considers that the Ombudsman will undertake a vital role in the oversight and inspection of the stored communication regime. The Committee acknowledges the view expressed by the Ombudsman with regard to the impact that resources will have on his ability to fulfil the additional functions required under the Bill. The Committee is of the view that limited resources should not prevent adequate oversight of this regime. Therefore, the Committee considers that the Government should review the funding levels of the Commonwealth Ombudsman to provide the requisite additional resources to adequately fulfil this expanded function.

3.90      The Committee also supports allowing an additional three months to enable the production of useful and comprehensive reports.

Recommendation 11

3.91      The Committee recommends that Bill be amended to require agencies and the Minister to report on the use and effectiveness of stored communications warrants in a manner equivalent to the existing reporting obligations for telecommunications interception warrants.

Recommendation 12

3.92      The Committee recommends that additional resources be provided to the Ombudsman to enable the Office to fulfil the expanded functions under this Bill.

Recommendation 13

3.93      The Committee recommends that the Bill be amended to extend the timeframe for section 153 reports to six months.

Stored Communications and related definitions

3.94      The Bill inserts new definitions into the Act to support the establishment of the stored communications access regime.

3.95      Stored Communications is defined by the Bill as:

... a communication that:

1. has passed over a telecommunications system; and
2. is not passing over a telecommunications system; and
3. is held on equipment that is operated by, and is in the possession of, a carrier; and
4. is accessible to the intended recipient of the communication.

Copies of stored communications

3.96      In relation to the definition of stored communications as proposed in the Bill, EFA argues:

In our view the definition results in insufficient clarity and certainty in relation to some types of records of communications held on carriers' equipment. For example, it is not clear whether a copy of a stored communication that is stored on a carriers' equipment, but is not accessible to the intended recipient of the communication, is to be regarded as a 'stored communication' or not.[44]

3.97      EFA suggest that copies of communications stored in a sender's sent box on a carrier's equipment, or communications stored on a carrier's backup device are examples of communications which may be regarded as copies of communications rather than stored communications.

3.98      The Attorney-General's department advised:

A copy of a stored communication accessed by the person on the premises – so any end point of the communication – will not require a stored communications warrant. It is only those communications which are accessed directly from the carrier which will require a stored communications warrant.[45]

Definition of accessing a stored communication

3.99      In their submission, EFA highlight that accessing a stored communication as provided for in section 6 of the Act refers to among other things, 'recording such a communication, by means of equipment operated by a carrier, without the knowledge of the intended recipient of the communication.'[46]

3.100         However, recording a communication, as defined in the Act, does not specifically address recording in relation to accessing a stored communication.

3.101         EFA suggest that:

The definition of a record should be amended so that it applies in relation to, not only an interception, but also accessing a stored communication.[47]

Access to stored communications via the sender

3.102         In regard to the definition of stored communications, Telstra advised that it appears to limit stored communication warrants to accessing communications received by a person of interest, but not those communications sent by the person of interest. Telstra stated that:

Carriers cannot necessarily know whether, or when, a communication that has been sent has been received by the intended recipient and, therefore, whether a communication that has been sent has become a stored communication. As such, communications that have been received by a person of interest would be stored communications, and could be accessed under a stored communications warrant. In contrast, communications that have been sent by the person of interest would not be stored communications, and therefore, could not be accessed under a stored communications warrant.[48]

3.103         The Attorney-General's department advised the Committee that:

That question, of whether or not access is available via the sender, is still under active consideration by the government in terms of making sure it makes sufficient allowance for our operational needs.[49]

Unsolicited commercial electronic messages

3.104         In their submission, the Australian Communications and Media Authority (ACMA) highlight that as currently drafted the definition of stored communications would adversely impact the ACMA's ability to enforce the Spam Act 2003 (the Spam Act). ACMA state that:

... any spam message that falls outside the definition of a stored communication will not be accessible by ACMA investigators under the proposed warrant regime and would therefore be unavailable to ACMA investigators in their enforcement of the Spam Act.[50]

3.105         The Attorney-General's department advised the Committee that:

This is an issue that ACMA has raised with us previously. It is a matter on which we continue to work collaboratively with ACMA and the Attorney is well versed on this particular issue.[51]

3.106         The Committee is of the view that it is essential that the definitions proposed in the Bill provide sufficient clarity to support the effective operation of the stored communications warrant regime. The Committee acknowledges the advice from the Attorney-General's department that in some cases work is continuing. However, the Committee considers that definitional issues should be settled prior to the passage of the Bill.

Recommendation 14

3.107         The Committee recommends that the Bill be amended to ensure that copies of communications can not be accessed without a stored communications warrant.

Recommendation 15

3.108         The Committee recommends that the definition of 'record' be amended so that it applies in relation to accessing a stored communication.

Recommendation 16

3.109         The Committee recommends that the issue regarding whether or not access to stored communications is accessible via the sender is settled and the Bill be amended as necessary.

Recommendation 17

3.110         The Committee recommends that prior to the passage of the Bill the definition of stored communications be amended so that the Australian Communications and Media Authority's ability to enforce the Spam Act is not limited.

Peer-to-peer networks

3.111         The proposed definition of stored communication provides that a stored communication is defined to mean a communication that, among other things, is held on equipment operated by the carrier at its premises. The Explanatory Memorandum states that:

This is to ensure that ... the stored communications regime only applies to accessing stored communications via a telecommunications carrier. The regime does not affect existing lawful access to communications stored on a person's telecommunication device.

3.112         Communications are not considered 'stored communications' if they are unable to be accessed via the carrier. However, current technology allows individuals to share content files[52] via the peer-to-peer model (file sharing). The peer-to-peer model allows files to be stored on and served by personal computers of the users. Pure peer-to-peer networks do not have a central server managing the network or a central router.

3.113         Since the stored communications regime applies only to communications held by a telecommunications carrier, it will not extend to allow access to other communications and information shared via a peer-to-peer network. This may therefore, allow persons of interest to avoid covert access to their stored communications by law enforcement agencies.

3.114         The intent of the Bill has been described as assisting 'law enforcement and security agencies to keep pace with increasingly sophisticated methods of avoiding detection.'[53] The Committee acknowledges the challenges associated with developing technology neutral interception and access regimes, particularly given rapid technological advances. However, increased use of peer-to-peer technology is likely to have a considerable impact on the effectiveness of the stored communications regime proposed in the Bill.

Navigation: Previous Page | Contents | Next Page