Chapter 2
Overview of the Bill
Key provisions of the Bill
2.1
The Bill contains seven schedules of amendments:
- Schedule 1 proposes to enable the Australian Security
Intelligence Organisation (ASIO) to provide technical assistance to law
enforcement agencies in relation to telecommunications interception warrants
issued to those agencies;
- Schedules 2-5 include other measures to improve the operation,
responsiveness and integrity of the telecommunications interception regime, by,
for example:
-
requiring telecommunications carriers and nominated carriage
service providers (C/NCSPs) to regularly notify the Communications Access
Coordinator (CAC) of proposed changes that could impact on their ability to
comply with their legal obligations with respect to interception;[1]
- authorising disclosure of telecommunications data in relation to
missing persons;[2]
and
- enabling the police to apply for a warrant to access stored
communications (such as email and SMS) relating to victims of serious
contraventions without the victim's consent;[3]
-
Schedule 6 includes amendments to facilitate greater cooperation
between law enforcement agencies and intelligence agencies, and to remove
legislative barriers to information sharing by intelligence agencies; and
- Schedule 7 contains minor amendments to definitions in the Telecommunications
(Interception and Access) Act 1979 (TIA Act).
Schedule 1 – Interception and other
assistance by ASIO
2.2
Schedule 1 amends the TIA Act. Currently the TIA Act prohibits the
interception of, and other access to, communications passing over a
telecommunications system, except in certain special circumstances as outlined
in that Act.[4]
Circumstances where interceptions are permitted include where an agency is
issued with a warrant to intercept telecommunications.[5]
2.3
In its current form, section 55 of the TIA Act enables the chief officer
of a law enforcement agency to seek the assistance of other law enforcement
agencies in exercising an interception warrant. This enables smaller law
enforcement agencies with limited interception capacity to rely on larger
agencies to intercept on their behalf.[6]
However, ASIO does not fall within the group of agencies from which assistance
can be sought. In his original second reading speech, to which he referred when
he reintroduced the Bill, the Attorney-General noted that this does not reflect
the reality of the modern security environment and the cooperative basis within
which law enforcement agencies and intelligence agencies now operate.[7]
2.4
The Bill aims to address this issue by amending section 55 to enable
officers of ASIO, or persons assisting ASIO in the performance of its
functions, to be authorised to exercise a telecommunications interception
warrant on behalf of a law enforcement agency.[8]
Amendments in Schedule 6 will also enable ASIO to provide technical and
logistical assistance to a law enforcement agency exercising an interception
warrant.[9]
2.5
The proposed amendments in items 5 and 6 of Schedule 1 will broaden the
class of persons who could exercise authority under the warrant to include
persons assisting ASIO in the performance of its functions. The Bill clarifies
that assistance provided by a person assisting ASIO in the performance of
ASIO's functions does not remove ASIO's responsibility for that person's
actions.[10]
In other words, such a person would be acting on behalf of ASIO and ASIO would
be exercising authority under the warrant.
2.6
According to the EM, the Bill proposes to maintain existing controls and
safeguards on the use and disclosure of information obtained by ASIO intercepting
on behalf of another agency or providing technical assistance in relation to
telecommunications interception.[11]
It does this by preventing ASIO from using or disclosing this information for
its own purposes.[12]
In addition, ASIO will be subject to existing legislative requirements
contained in the TIA Act and the Australian Security Intelligence
Organisation Act 1979 (ASIO Act) in assisting law enforcement agencies
under this new function.[13]
This oversight is provided by the Inspector General of Intelligence and
Security (IGIS).
2.7
The Bill also makes a number of associated amendments to give effect to
ASIO's proposed new function of intercepting on behalf of, or providing
assistance to, another agency, including by:
-
amending the processes for notifying when a warrant is revoked,[14]
to ensure that ASIO is adequately informed if it is exercising the authority of
another agency's warrant;
- enabling ASIO to issue an evidentiary certificate in relation to
things it has done in exercising the authority of another agency's warrant;[15]
- placing a requirement on the Director-General of Security to
record and provide the agency in relation to which it may undertake an
interception with any information the relevant agency requires to meet its
recordkeeping obligations under section 81 of the TIA Act;[16]
and
- requiring that the annual report on warrants issued under the TIA
Act include the number of interceptions by ASIO on behalf of other agencies.[17]
Schedule 2 – Telecommunications
industry requirement to inform of proposed changes
2.8
Schedule 2 also amends the TIA Act. The TIA Act imposes an obligation on
C/NCSPs to enable communications passing over a particular type of
telecommunications system to be intercepted in accordance with an interception
warrant.[18]
Currently, C/NCSPs are required to submit an interception capability plan (IC
plan) each year to the CAC,[19]
setting out the C/NCSPs' strategies to comply with their legal obligations in
relation to interception.[20]
The C/NCSPs are required to submit a revised plan if there is any change to a
matter required to be set out in the plan. The existing provisions only require
notification after a change is made to the C/NCSPs' business activities which potentially
impacts their ability to comply with their legal obligations in relation to
interception.
2.9
The proposed amendments are, in part, modelled on earlier provisions
that were contained in Division 4 of Part 15 of the Telecommunications Act
1997 (Telecommunications Act). The Telecommunications (Interception and
Access) Amendment Act 2007 removed these provisions from the Telecommunications
Act.
2.10
The amendments will require C/NCSPs to notify the CAC in writing if they
intend to implement a proposed change to a telecommunications service or
telecommunications system that is likely to have a material adverse effect on
the C/NCSPs' capacity to comply with their obligations under the TIA Act or the
Telecommunications Act.[21]
Proposed changes that would have to be reported on would include, but are not
limited to:
- C/NCSPs' provision of a new telecommunications service;
-
C/NCSPs changing the location of 'notifiable equipment',[22]
including moving equipment outside of Australia;
- C/NCSPs procuring notifiable equipment (including equipment
located outside of Australia); and
- C/NCSPs entering into outsourcing arrangements, including having
all or some of the information to which section 276 of the Telecommunications
Act applies in relation to the C/NCSPs, managed[23]
for C/NCSPs by another organisation.[24]
2.11
The C/NCSPs must provide sufficient details of the specifics of the
change to allow the CAC and interception and enforcement agencies to analyse
the potential impact.[25]
After notifying the CAC of a proposed change, the C/NCSPs may implement the
proposed change if the C/NCSPs have not been notified in writing by the CAC
within 30 days after the day on which the notification was made.[26]
If the CAC notifies the C/NCSPs in writing within 30 days of the notification
being made and makes a determination under section 203 of the TIA Act, the
C/NCSPs must not implement the proposed change until the C/NCSPs have complied
with the determination. On receiving notification from C/NCSPs of an intention
to implement a proposed change, the CAC and each agency that receives
notification of the proposed change must treat the change as confidential.[27]
No penalty is provided should a proposed change not be kept confidential.
2.12
The Attorney-General has indicated that it is intended that early
notification will assist C/NCSPs to meet their obligations to assist interception
agencies and avoid the need for costly alterations once a change has been implemented.[28]
The Attorney‑General's Department (Department) has indicated that current
requirements for lodging an IC plan do not facilitate notice being provided
sufficiently early in the development of changes to telecommunications capacity
to enable effective consultation.[29]
The proposed amendments only apply to changes to IC plans proposed after the
commencement of Schedule 2.[30]
Schedule 3 – Disclosure of
telecommunications data in relation to missing persons
2.13
The Telecommunications Act makes it an offence for specified classes of
persons, including employees of carriers, to disclose information which comes
into existence as a result of the business activities undertaken by that
carrier.[31]
2.14
The TIA Act outlines exceptions to these offences. The exceptions relate
to authorisations for access to telecommunications data made by senior officers
of enforcement and security agencies where the officer is satisfied that the
specified information subject to the authorisation is reasonably necessary for
the purposes of security, the enforcement of the criminal law, or the
enforcement of a law imposing a pecuniary penalty or for the protection of the
public revenue.[32]
2.15
There is currently no exception to enable carriers to disclose to the police
data which is relevant to locating a missing person. The Bill proposes to amend
the TIA Act to insert a new exception to allow an authorising officer of the
Australian Federal Police (AFP) or a state police force[33]
to authorise disclosure when the officer is satisfied that the disclosure is
reasonably necessary for the purposes of finding a person who the police force
has been notified in writing is missing.[34]
Disclosure would only be of communications data available prior to the person
being reported as missing.
2.16
The proposed amendments include constraints on the disclosure of this
information to acknowledge that there are circumstances in which missing
persons may not want their location divulged.[35]
The amendments specify that the information can only be disclosed to the person
who made the missing person's report:
- with the missing person's consent; or
-
to prevent a threat to the missing person's health, life or
safety if the missing person is unable to consent;[36]
or
-
if the missing person is deceased.[37]
2.17
The EM also notes that the proposed limits on disclosure of missing
person information reflect that information obtained in these circumstances is
for the purposes of public safety and should not be disclosed to obtain
evidence for criminal investigations.[38]
2.18
The amendments also limit the use of the information by the relevant police
force to the sole purpose of locating a missing person.[39]
Agencies will be required to report on the number of authorisations made in
relation to missing persons made by the agency.[40]
Schedule 4 – Stored communications
warrants in relation to victims of serious contraventions
2.19
Currently, enforcement agencies are able to access stored communications[41]
where the victim of a serious contravention[42]
is notified that their stored communications will be obtained in order to
investigate the contravention.[43]
Stored communications can also be obtained without consent under a stored
communications warrant issued by a judge or nominated Administrative Appeals
Tribunal member. However, such warrants are currently only issued where an
enforcement agency is investigating a serious contravention 'in which the
person is involved'.[44]
2.20
While the current requirements clearly apply to perpetrators and persons
suspected of committing a serious contravention, it is unclear whether they
also apply to the victim of a serious contravention. The EM notes that this
gives rise to uncertainty about whether the current wording of the provision
enables a warrant to be obtained for the stored communications of the victim of
a serious contravention in circumstances where, for example, the victim is not
available because they are missing, incapacitated or deceased.[45]
2.21
The proposed amendments to the TIA Act aim to remove any ambiguity, by
clarifying that a stored communications warrant can be obtained to access the
stored communications of both the offender and the victim of a serious
contravention.[46]
2.22
Under the commencement provisions, a law enforcement agency can apply
for a stored communications warrant in relation to the victim of a serious
contravention regardless of whether the information held on the carrier's
network was first held before or after the commencement of Schedule 4 or
whether the conduct being investigated was committed prior to or after the
commencement of that Schedule.[47]
Schedule 5 – Notifying managing
directors of warrants
2.23
Under the TIA Act, an interception under a warrant is only authorised
where the managing director of the carrier has been notified of the warrant and
the interception is undertaken by an employee of the carrier.[48]
Currently, the managing director cannot nominate anyone else within the carrier
to receive the notification, meaning that a warrant cannot be executed if the managing
director is not readily available.[49]
2.24
The Bill amends the notification provisions to enable notifications of a
warrant (and notifications of the revocation of a warrant) to be made to a
carrier representative authorised in writing by the managing director.[50]
Schedule 6 – Cooperation and other
assistance for intelligence agencies
2.25
Schedule 6 amends the ASIO Act, the Intelligence Services Act 2001
(the IS Act) and the TIA Act. The ASIO Act establishes ASIO and sets out
its functions and powers, including the circumstances in which it may cooperate
with other agencies and communicate intelligence. Similarly, the IS Act
establishes the Australian Secret Intelligence Service (ASIS), the Defence
Signals Directorate (DSD), and the Defence Imagery and Geospatial Organisation
(DIGO), and sets out those agencies' functions and authorised activities.
Subsection 11(1) of the IS Act also provides that ASIS, DSD and DIGO are only
to perform those functions:
...in the interests of Australia's national security,
Australia's foreign relations or Australia's national economic well-being, and
only to the extent that those matters are affected by the capabilities,
intentions or activities of people or organisations outside Australia.
2.26
According to the EM, the aim of these amendments is to facilitate
greater interoperability in multi-agency teams, and enable agencies to harness
resources in support of key national security priorities.[51]
2.27
Schedule 6 proposes to provide ASIO, ASIS, DSD and DIGO with a new
function of cooperating with and assisting each other, and prescribed
Commonwealth authorities and 'authorities of a State',[52]
in the performance of their functions.[53]
Regulations will be used to prescribe an authority of the Commonwealth or of a
state to enable ASIO, ASIS, DSD and DIGO to cooperate with and assist those bodies
in the future.[54]
2.28
In addition, the Bill proposes to give ASIO a new function to cooperate
with and assist law enforcement agencies[55]
in the performance of their functions.[56]
'Law enforcement agency' is defined as an authority of the Commonwealth or a
state 'that has functions related to law enforcement.'[57]
The EM indicates that this definition is intended to cover a broad range of
agencies – including police forces, integrity and anti‑corruption
agencies and other agencies with 'investigatory and enforcement powers' under
Commonwealth and state laws.[58]
2.29
The Bill also proposes to amend the communication provisions in the ASIO
Act. The amendments will enable the Director-General, or a person acting in
accordance with the authorisation of the Director-General, to communicate
information that has come into the possession of ASIO in the course of
performing its functions, to specified persons in specified circumstances.[59]
The circumstances where information may be communicated are where:
- the information relates, or appears to relate, to the commission,
or intended commission, of a serious crime;[60]
or
- the Director-General, or a person authorised for the purpose by
the Director‑General, is satisfied that the national interest[61]
requires the communication.
2.30
The information may also be communicated to an appropriate Minister or a
staff member of a Commonwealth or state authority if the information relates,
or appears to relate, to the functions, responsibilities or duties of the
person to whom it is communicated.[62]
When communicating this information, ASIO will still be required to comply with
the requirements of the ASIO Act.[63]
2.31
These proposed provisions are similar to current paragraphs 18(3)(a) and
(b) of the ASIO Act, except that the current provisions only enable disclosure
of information about indictable offences to 'specified law enforcement
agencies', and disclosure of information in the national interest where the
information has come into ASIO's possession 'outside Australia or concerns
matters outside Australia'.[64]
2.32
The EM notes that broadening the group of persons to whom ASIO can
disclose information will provide flexibility to ensure that ASIO is able to
provide information to the most appropriate person or body, having regard to
their functions. The EM also notes that, while the category of persons is
broad, it is required that information only be authorised to be communicated
for specified purposes, and the information must be relevant to the functions,
responsibilities or duties of the person.[65]
2.33
The Bill also enables ASIO to communicate information that has come into
its possession in the course of performing its functions to ASIS, DSD or DIGO,
if the information appears to relate to the performance of those other
agencies' functions.[66]
2.34
To achieve the same objective in relation to ASIS, DSD and DIGO, the
Bill proposes to amend the definition of 'incidentally obtained intelligence'
to specifically exclude information obtained for the purpose of cooperating
with and assisting another agency.[67]
Currently, subsection 11(2AA) of the IS Act outlines the circumstances in which
incidentally obtained intelligence may be communicated, and to whom it may be
communicated. The EM notes that it is necessary to exclude information obtained
solely for the purpose of assisting another agency from the definition of
incidentally obtained intelligence, in order to ensure that information which
is collected for the sole purpose of assisting another agency is not prevented
from being communicated to that agency. This might occur if communication of
the intelligence were subject to the requirements in subsection 11(2AA).[68]
2.35
In relation to ASIS, DSD and DIGO, the Bill proposes that the
limitations on the performance of those agencies' functions (in subsection
11(1) of the IS Act, described above) does not apply in relation to the new
cooperation and assistance functions.[69]
The EM notes that the proposed new cooperation and assistance functions are
intended to enable the agencies to assist other agencies in the performance of
the other agencies' functions, which may not be limited to the matters
specified in subsection 11(1) of the IS Act.[70]
Cooperation and assistance would include the provision of linguistic,
analytical and other technical services, logistical support and the provision
of agency staff or other resources.
2.36
Under the proposed amendments, agencies' cooperation and assistance with
other agencies will be subject to any arrangements or directions that may be
given by the Minister responsible for the agency. Agencies will only be able to
cooperate with and assist another agency at the request of the head of that
other agency.[71]
In addition, in undertaking the new function of cooperating with and assisting
one another, ASIS, DSD and DIGO must still adhere to the requirements of the IS
Act, and ASIO must still adhere to the requirements of the ASIO Act.[72]
Schedule 7 – Amendments to section
5 of the Telecommunications (Interception and Access) Act 1979
2.37
Schedule 7 makes minor and technical amendments to the TIA Act,
including redefining the 'Director-General of Security'[73]
and the 'Organisation'[74]
in an identical way to the current definition in order to change where the
definitions are located, and substituting and repealing definitions of
'Enforcement Agency'[75]
and a 'member of the staff of the Police Integrity Commission'.[76]
Navigation: Previous Page | Contents | Next Page