Introductory Info
Date introduced: 17
February 2022
House: House of
Representatives
Portfolio: Home
Affairs
Commencement: The
day after the Act receives Royal Assent.
Purpose and
structure of the Bill
The purpose of the Telecommunications
(Interception and Access) Amendment (Corrective Services Authorities) Bill 2022
(the Bill) is to amend the Telecommunications
(Interception and Access) Act 1979 (TIA Act) to enable the
Minister for Home Affairs to make a declaration that state and territory
corrective services authorities are enforcement agencies for the purposes of
accessing telecommunications data.
The Bill consists of a single Schedule setting out the
amendments to the Act. It implements part of the Commonwealth
Government’s Response to the Comprehensive Review of the Legal Framework of the
National Intelligence Community (Response to Comprehensive Review).
Background
2017
Independent Intelligence Review
On 7 November 2016, an independent review into Australia’s
intelligence agencies was announced (the 2017 Review). The 2017 Review was to ‘assess
whether our current intelligence arrangements, structures and mechanisms are
best placed to meet the security challenges we are likely to face in the years
ahead’.[1]
The 2017 Review found that ‘the changing nature of the
security threats facing Australia’ meant that there was increasing interaction
between intelligence agencies and law enforcement authorities, both
Commonwealth and state/territory and:
The points of interaction relate to co-operation not only
among Commonwealth entities but also among relevant State and Territory bodies.
They need to be managed in ways that respect the information sharing
arrangements, the accountability and the obligations under law of each entity,
including arrangements for managing intelligence-derived information in the
conduct of legal proceedings.[2]
A ‘comprehensive review of the legal framework under which
Australia’s intelligence agencies operate’ was recommended.[3]
Comprehensive
Review of the Legal Framework of the National Intelligence Community
On 30 May 2018 the then Attorney-General, Christian
Porter, announced a review of national intelligence legislation (the Richardson
Review), noting that this was a key recommendation of the 2017 Review. The Richardson
Review was to consider the legislative frameworks for the intelligence
functions of law enforcement bodies, consistent with the 2017 Review’s ‘recommendation
to consolidate and expand linkages between members of the national intelligence
community’.[4]
The 1,300 page, four volume report
of the Richardson Review was published in December 2019. The
Richardson Review identified the TIA Act as being ‘a dog’s breakfast’ in
terms of oversight arrangements and the piece of legislation that was most in
need of reform.[5]
The Richardson Review recommended
the enactment of a consolidated Electronic Surveillance Act, in which the
existing TIA Act, Surveillance
Devices Act 2004 (SD Act) and parts of the Australian Security
Intelligence Organisation Act 1979 (ASIO Act) would be replaced
with a single Act governing the use of federal telecommunications interception
powers, covert access to stored communications, computers and
telecommunications data, and the use of optical, listening and tracking
devices.[6]
The Richardson Review noted that ‘reform of this nature will not be a simple or
quick undertaking’ and would require two to three years of ‘very detailed work
and drafting before being considered by Parliament’.[7]
The Richardson Review also recommended that the oversight framework
under the SD Act—which provides for the Commonwealth Ombudsman to
oversee all aspects of each Commonwealth, state and territory agencies’ use of
the powers under that Act—be adopted as the model for the new Act. It was noted
that this would expand the role of the Commonwealth Ombudsman and require
additional resourcing.[8]
The Government accepted most of the public
recommendations, including the recommendation for a consolidated Electronic
Surveillance Act.[9]
The Richardson Review recognised that some immediate
reforms were necessary to the TIA Act, while the extensive process of preparing
a new Electronic Surveillance Act was underway.[10]
The Richardson Review also reported that several state and
territory governments and agencies requested that their corrective services
agencies (CSAs) be given the power to access telecommunications data. It was noted
that CSAs were able to access telecommunications data prior to 2014 as they then
fell within the definition of an enforcement agency, but amendments in the Telecommunications
(Interception and Access) Amendment (Data Retention) Act 2015 (Data
Retention Act) subsequently limited access to a smaller range of criminal
law‑enforcement agencies:
As originally introduced the legislation would have allowed
government to declare additional agencies to be eligible to access
telecommunications data, once they had proven that they had a ‘demonstrated
need’ to access such information. However, the Government amended the Bill to
remove its ability to declare additional agencies in response to a
recommendation by the PJCIS [Parliamentary Joint Committee on Intelligence and
Security].[11]
Removing CSAs from the list of agencies which may access
telecommunications data had the greatest impact on Corrective Services NSW and
Corrections Victoria. Between 2010 and 2015, Corrective Services NSW applied to
access telecommunications data for criminal investigations 387 times, and
Corrections Victoria applied to access telecommunications data 926 times for
criminal investigations and 119 times to enforce laws imposing a pecuniary
penalty. Tasmania Prison Service applied to access telecommunications data 30
times to enforce laws imposing a pecuniary penalty.[12]
The Richardson Review concluded that, whereas the evidence
did not support granting access to telecommunications data to all CSAs at that
time, as part of the development of the new Electronic Surveillance Act, CSAs
should be granted the power to access telecommunications data ‘if the relevant
state or territory government considers it to be necessary’.[13]
In its Response to the Richardson Review, the Government
agreed with the recommendation that CSAs should be granted the power to access
telecommunications data, if the relevant state or territory government
considers it to be necessary.[14]
In his second reading speech on the Bill, the Assistant
Minister to the Minister for Industry, Energy and Emissions Reduction, Tim
Wilson, advised:
It is necessary and appropriate to make these amendments
ahead of the broader holistic electronic surveillance reforms recommended by
the comprehensive review…The ability of corrective services authorities to
access telecommunications data is now vital to combat transnational, serious
and organised crime, to ensure the safety and security of both the correctional
environment and the wider community.[15]
In relation to the timing of the Bill, the Assistant
Minister also referred to a temporary declaration made by the Minister for Home
Affairs that commenced on 18 February 2022, which temporarily declares the NSW
Department of Communities and Justice to be an enforcement agency under section
176A of the TIA Act.[16]
While it is in force, this declaration allows the NSW Department to access
telecommunications data. The declaration will expire at the end of the period
of 40 sitting days of a House of Parliament after it came into force.[17]
Review of the Mandatory Data Retention Regime
In compliance with section 187N of the TIA Act, in
2020 the PJCIS undertook a review of the Mandatory Data Retention Regime (MDRR)
that was implemented by the Data Retention Act.
The PJCIS reported that the Corrective Services
Administrators’ Council (CSAC) made a case for the inclusion of its members to
be considered Criminal Law Enforcement Agencies under the TIA Act.[18]
The CSAC contended that the existing temporary regime was not suitable for CSAs
as the process of applying for declarations on a regular basis would be very
time consuming and the ‘lack of access to telecommunications data and
information has created obstacles for CSAs in pursuing avenues of investigation,
reducing the likelihood of securing a conviction or, in some cases, identifying
the likely perpetrator.’[19]
CSAC advised that the use of mobile phones within
corrections settings was a particularly pressing issue:
Although CSAs have a range of strategies to detect and
prevent inmate mobile phone use, the use of telecommunications data (call
charge records and SIM card registration details) following the detection of
unauthorised mobile phone use in correctional centres would allow for identification
and, if deemed appropriate, prosecution of the inmate or inmates found to be
linked to the mobile phone. In this way, criminal associations operating from
within correctional centres can be identified and prevented. This has a direct
effect on community safety.[20]
Committees
The Senate Standing Committee for the Scrutiny of Bills expressed
concern that the Bill grants the minister ‘a broad discretionary power to
declare that a corrective services authority is an enforcement agency in
circumstances where there is limited guidance on the face of the primary
legislation as to when it may be appropriate to exercise this power’.[21]
The Committee requested detailed advice from the Minister regarding the
rationale for the granting of this power without including any guidance or a 40
sitting-day time limit in the legislation.[22]
At the time of writing this Digest, the Minister’s
response had not been provided to the Committee.[23]
Subsection 176A(11) of the TIA Act provides
that any amendment to subsection 176A(1) must be referred to the PJCIS. Item
3 of the Bill proposes an amendment to subsection 176A(1).
Policy
position of non-government parties/independents
Non-government parties and independents do not appear to
have commented publicly on the Bill to date. There have been no proposed
amendments circulated.
Position of
major interest groups
Noting that the position of the CSAs was established by
their submission to the 2020 PJCIS review,[24]
there has been no comment by major interest groups on the introduction of the
Bill.
Financial
implications
The financial implications of the Bill are discussed below
in the ‘Key issues and provisions’ section.
Statement of Compatibility with Human Rights
As required under Part 3 of the Human Rights
(Parliamentary Scrutiny) Act 2011 (Cth), the Government has assessed
the Bill’s compatibility with the human rights and freedoms recognised or declared
in the international instruments listed in section 3 of that Act.
Although it was acknowledged that the Bill limits the
right to privacy in Article 17 of the International Covenant on Civil and
Political Rights (ICCPR), the Government considers that the Bill is
compatible with human rights and freedoms as any limitations are reasonable,
necessary and proportionate.[25]
Key issues
and provisions
Definition
of enforcement authority
The definition of enforcement agency in section
176A of the TIA Act is:
- subject to subsection 110A(7), a criminal law‑enforcement agency;
- subject
to subsection (7), an authority or body for which a declaration under subsection (3)
is in force.
Subsection 176A(3) of the TIA Act provides
that the Minister may declare an authority or body to be an enforcement agency,
but this declaration only remains in force until the end of the period of 40
sitting days of a House of the Parliament.
Section 176A was introduced by the Data Retention Act.
Prior to the commencement of this Act, CSAs came within the definition of
enforcement agency,[26]
as this definition was an ‘open‑ended description’.[27]
The definition was changed to assuage privacy concerns associated with the MDRR
and ensure that the TIA Act has ‘a clear mechanism for determining which
authorities and bodies fall within the definition of an ‘enforcement agency’’.[28]
It was envisioned that the time limit on a declaration of the Minister that an
authority or body is an enforcement agency would account for emergency
situations and enable legislative amendment to be brought before the
Parliament.[29]
Proposed section 176B, at item 4 of the
Bill, gives the Commonwealth Minister the ability to make a declaration that a CSA
is an enforcement agency (proposed paragraph 176B(3)(a)) and that
specified persons are officers of the enforcement agency (proposed paragraph
176B(3)(b)). The effect of this amendment is to enable declared CSAs to
access stored telecommunications data under sections 177, 178 and 179. Unlike declarations
made under section 176A, there is no time limit in the new provision.
This does not re-instate the pre-2015 position of all CSAs
having access to telecommunications data, as each individual agency will need a
declaration in place for access to be granted.
Oversight of
information gathering powers
The Bill sets out the powers and obligations of the
relevant Commonwealth Minister, state or territory Minister and the Commonwealth
Ombudsman in managing a CSA’s access to telecommunications data.
State or
Territory Minister
State or territory Ministers who are responsible for
corrective services can request that the Commonwealth Minister declare a CSA to
be an enforcement agency (proposed subsection 176B(2)). State
or territory Ministers may also request that a declaration be revoked (proposed
subsection 176B(8)).
Commonwealth
Minister
Under proposed subsection 176B(4), the Commonwealth
Minister is not empowered to make a declaration unless the state or territory
Minister has requested it. Proposed subsection 176B(5) specifies
that the Minister may consult bodies such as the Privacy Commissioner or the
Ombudsman before making a declaration.
The Explanatory Memorandum notes that it is not mandatory
for the Commonwealth Minister to conduct consultations before making a
declaration, and this is consistent with the consultation provision in subsection 176A(5)
of the TIA Act.[30]
In relation to this section of the TIA Act, prior to its introduction as
part of the data retention regime, the Australian Privacy Commissioner recommended
to the PJCIS that consultation with the Commissioner be required before a
declaration could be made under subsection 176A(3).[31]
This recommendation was not endorsed by the PJCIS, which commented:
While the Committee considers it would be a matter of good
practice for the Attorney-General to consult with the Australian Privacy
Commissioner and Ombudsman before making a declaration, it is not considered
necessary to insert a mandatory consultation requirement for this in the
legislation.[32]
The declaration made by the Commonwealth Minister may limit
the powers of the subject authority by specifying that the CSA cannot exercise
a power conferred by a specified provision. The CSA is then not considered to
be an enforcement agency for the purposes of that provision (proposed subsection 176B(7)).
The Commonwealth Minister is required to revoke a
declaration on request by the state or territory Minister (proposed subsection 176B(9)).
The Commonwealth Minister can also revoke a declaration if they are satisfied
the CSA’s compliance with the TIA Act has been unsatisfactory (proposed
subsection 176B(10)).
The Explanatory Memorandum states that the intention is
for the unsatisfactory compliance to involve ‘ongoing and serious disregard for
the obligations in the TIA Act, and an unwillingness to engage with and
respond to issues identified by the Commonwealth Ombudsman.’[33]
This is not expressed in the legislation, hence the above criteria may act as a
guide to the Commonwealth Minister’s decision making.
Commonwealth
Ombudsman
The Bill does not confer any additional powers on the
Ombudsman, hence the arrangements for oversight of CSAs are the same as those for
other enforcement agencies under section 176A of the TIA Act.
It is advised in the Explanatory Memorandum that the Ombudsman’s
involvement entails:
independent oversight by the Commonwealth Ombudsman, who will
inspect the records to determine the extent of an authority’s (and its
officers’) compliance with Chapter 4 of the TIA Act. The Ombudsman will
also report annually to the Minister for Home Affairs about the results of
those inspections which are then tabled in Parliament…[34]
It is acknowledged in the Explanatory Memorandum that
oversight of additional agencies could have a financial impact for the
Ombudsman, which ‘will be assessed and resolved with the Ombudsman and the
relevant State or Territory prior to any declaration being made by the
Commonwealth Minister.’[35]
Funding may prove to be a significant issue given the
Ombudsman’s projection that ‘the economic and budgetary impact arising from the
pandemic will be significant and potentially long lasting’[36]
and that increased reliance on government support ‘may generate complaints to
the Office or otherwise involve us taking on an increased role in the oversight
of the management of new government support and services.’[37]
Differences
between declaration powers in section 176A of the TIA Act and new section 176B
If proposed section 176B is enacted, the
Commonwealth Minister will have the ability to make declarations with respect
to CSAs on an effectively permanent basis and will retain the ability to make declarations
for other bodies or authorities temporarily under subsection 176A(3).
The legislation provides that the Minister must have
regard to certain matters before making a temporary declaration under subsection 176A(3),
such as whether the authority or body proposes to adopt processes and practices
that would ensure its compliance with the obligations of an enforcement agency
(paragraph 176A(4)(d)). These conditions are not replicated in the provisions
of the Bill.
According to the Explanatory Memorandum, this difference
reflects the breadth of the power in section 176A(3) and the fact that ‘it is
intended to be used as a temporary measure pending parliamentary consideration
of legislative amendments’,[38]
compared with the power in new section 176B which is ‘administrative in
nature’[39]
and ‘for the Minister to consider’.[40]
Given the matters that the Minister must consider before
making a declaration are not prescribed by the legislation, the Minister can
exercise their discretion in respect of whether making a declaration requires
assessing a CSA’s willingness to be declared an enforcement agency, their readiness
to access data, whether they require access to telecommunications data and what
access is necessary for the authorities to meet legitimate objectives.
Mobile
phones in prisons
In his second reading speech, the Assistant
Minister specifically referred to the issue of illicit mobile phones in prisons
and stated:
Operation Ironside has already resulted in more than 350
individuals being charged who, if convicted, will spend time in correctional
facilities around Australia. The ability of corrective services authorities to
access telecommunications data is now vital to combat transnational, serious
and organised crime, to ensure the safety and security of both the correctional
environment and the wider community.[41]
Operation Ironside is an ongoing Australian
Federal Police (AFP)-led investigation into ‘significant organised crime
syndicates’ that used a dedicated encrypted communications device to traffic
illicit drugs and weapons to Australia, as well as order local executions.[42]
In addition to the need to access telecommunications data
prompted by Operation Ironside, the issue of mobile phones in prisons has
become more prominent due to COVID-19. There have been difficulties with
prisoners who have COVID-19 being able to contact friends, family and legal
representatives when in isolation, such as at Parklea Correctional Centre in
NSW where over 140 prisoners contracted COVID-19.[43]
In a public sector guidance sheet for drafters of
statements of compatibility with human rights, the Attorney-General’s
Department advises that the right to humane treatment has been found to have
been violated when detainees were held in 'incommunicado detention’ with
insufficient justification. In the guidance sheet, incommunicado detention is
defined as meaning that the ‘detainee cannot communicate with anyone other than
their captors’, such as family, friends, independent lawyers or doctors.[44]
It has been reported that Corrective Services NSW is
co-ordinating the rollout of mobile phones for inmates with COVID-19 in remand
centres, which has reportedly caused concern about ‘a spike in organised crime,
harassment, intimidation of officers and “gaol house hits”’.[45]