Save Search

Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Telecommunications (Interception and Access) Amendment Bill 2010

Bill home page  


Download WordDownload Word


Download PDFDownload PDF

 

 

 

 

2008 - 2009 

 

 

 

 

THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA

 

 

 

 

HOUSE OF REPRESENTATIVES

 

 

 

 

TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) AMENDMENT BILL 2009

 

 

 

 

EXPLANATORY MEMORANDUM

 

 

 

 

(Circulated by authority of the Attorney-General,

the Honourable Robert McClelland MP)



TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) AMENDMENT BILL 2009

 

OUTLINE

 

1.              The Bill will amend the Telecommunications (Interception and Access) Act 1979 (the TIA Act) to implement a full legislative solution that clarifies the basis on which communications can be accessed for the purposes of protecting a computer network.

 

2.              Increased use of online services by individuals, governments, business and the

not-for-profit sector means sensitive information is regularly transmitted and stored electronically.  Accessing or disrupting the carriage of this information can provide significant financial and other benefits for criminal elements.  Consequently, protecting information and computer infrastructure from malicious attack is a key concern both for governments and for the growing number of computer network owners whose networks hold and transmit such information.

 

3.              Not all network protection activities are currently lawful under the TIA Act.  Whether an activity is lawful depends on the particular characteristics of the activity that is undertaken, where it is undertaken, by whom, and whether or not there is awareness by the affected person that it is being done.  For example, persons undertaking network protection activities may need to copy a communication before it is delivered to the intended recipient.  However, under the TIA Act, copying is only allowed at certain points in the delivery of that communication and under certain conditions.  This means that network owners and operators are vulnerable to inadvertently breaching the law prohibiting interception. 

 

4.              The TIA Act currently includes special exemptions that enable interception and security agencies, as well as certain Government Departments, to access communications on their own computer network for network protection activities.  However, these provisions are not permanent.  Rather, they were intended to operate on an interim basis while a comprehensive solution covering both the public and private sectors was developed.  These provisions cease to have effect after 12 December 2009. 

 

5.              The amendments contained in the Bill will:

 

·           enable all owners and operators of computer networks to undertake activities to operate, maintain and protect their networks

·           enable Commonwealth agencies, security authorities and eligible State authorities to ensure that their computer network is appropriately used by employees, office holders or contractors of the agency or authority

·           limit secondary use and disclosure of information obtained through network protection activities to:

a.        network protection purposes



b.       undertaking disciplinary action against an employee, office holder or contractor of a Commonwealth agency, security authority and eligible authority of a State who has been given access to a network, and

c.        reporting illegal behaviour that attracts a minimum of three years’ imprisonment penalty threshold to the relevant authorities

 

·           require the destruction of records obtained by undertaking network protection activities when the information is no longer required for those purposes.

 

6.              Under the Bill network protection activities include activities intended to protect the communication of and access to information on the network, as well as network infrastructure.

 

7.              Network protection information will only be able to be communicated or used for disciplinary purposes by Commonwealth agencies, security authorities and eligible authorities as defined under the TIA Act.  Use for these purposes is consistent with the current network protection provisions.  Additional protections for workers in these agencies and authorities will be inserted by this Bill.  Under these requirements network protection information will only be able to be communicated or used for disciplinary purposes where a user has undertaken to comply with reasonable conditions and where that communication or use is not prohibited by another State, Territory or Commonwealth law.  Any initial or subsequent disclosures made by an individual who has received information for the purpose of disciplinary action must also accord with Commonwealth, State or Territory laws.

 

8.              This Bill will also improve the effectiveness of the Australian telecommunications access regime by:

·           extending the evidentiary certificate regime to lawful access to telecommunications data authorised under Chapter 4 of the TIA Act and allowing the Managing Director or the secretary of a carrier to delegate their evidentiary certificate functions

·           clarifying that lawfully intercepted information can be used, communicated and used in proceedings by the Australian Federal Police (AFP) in applications for interim and final control orders and initial and final preventative detention orders under Divisions 104 and 105 of the Criminal Code Act 1995 , and

·           making consequential amendments to reflect amendments to the Police Integrity Commission Act 1996 (NSW) in relation to the investigation of the  corrupt conduct of an administrative officer of the New South Wales Police Force (NSWPF) or the misconduct of an officer of the New South Wales Crime Commission (NSWCC).

 

FINANCIAL IMPACT STATEMENT

 The amendments made by the Telecommunications (Interception and Access) Amendment Bill 2009 will have no financial impact. 

NOTES ON CLAUSES

 

Clause 1 Short title

 

Clause 1 is a formal provision specifying the short title of the Bill.  It provides that the Act may be cited as the Telecommunications (Interception and Access) Amendment Act 2009.

 

Clause 2 Commencement

 

Clause 2 provides for the commencement of the Bill.

 

This Act will commence on the day after this Act receives Royal Assent.

 

Clause 3 Schedule(s)

 

Clause 3 provides that each Act that is specified in a Schedule is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.

Schedule 1 - Amendments

 

Telecommunications (Interception and Access) Act 1979

 

Computer networks are protected from security risks by the use of gateway controlled systems.  The use of these systems (such as virus protection applications) is generally consistent with interception legislation.  Automated systems can screen and reject incoming communications if they are suspected of containing a virus, and network operators are able to monitor internal and outbound communications (including emails and internet browsing) provided they have notified the people using the computer network.  However, some network protection activities that take place at the threshold of a computer network such as the copying or recording of communications for purposes such as quarantining, analysing or filtering may constitute a technical breach of the

TIA Act.

Activities undertaken for the purpose of protecting a network are critical to the efficient operation of network infrastructure and the protection of data stored and transmitted on the network.  Such data may include sensitive government and business data held on the network, as well as any personal and financial data which individuals have supplied, for example in the course of their employment or in requesting or purchasing services.

The Bill ensures that all legitimate activities in relation to protecting computer networks, whether it is the infrastructure or the information stored or transmitted by them, which are undertaken by network administrators in either the government or non-government sectors, do not inadvertently constitute an offence under the TIA Act.  However, the new provisions do not make such activities compulsory.  Utilising the provisions in relation to network protection remains at the discretion of the owner or operator of the network. 

 

Item 1 - Subsection 5(1)

 

Item 1 amends subsection 5(1) by inserting the definition of appropriately used .

 

The term appropriately used in relation to a computer network is to be defined according to section 6AAA of the TIA Act, which provides the terms on which the computer network is appropriately used by an employee, office holder or contractor of a Commonwealth agency, security authority or eligible State authority.

 

A computer network is part of the telecommunications system that is controlled by the owner or operator of that computer network.  A computer network will include the network infrastructure, stored information and any mobile devices that have been permitted access to that computer network.

 

A computer network is a part of a telecommunications network that is solely controlled by an individual or an organisation.

 

The terms Commonwealth agency , security authority and eligible authority in relation to a State are defined in subsection 5(1). 

 

For the purposes of the TIA Act, a Commonwealth agency is limited to the Australian Federal Police, the Australian Commission for Law Enforcement Integrity and the Australian Crime Commission. 

 

A security authority is an authority of the Commonwealth whose functions primarily relate to security, collection of foreign intelligence, the defence of Australia or the conduct of the Commonwealth’s international affairs.

 

An eligible authority in relation to a State includes State Police, as well as anti-corruption bodies, such as the Independent Commission Against Corruption and the Victorian Office of Police Integrity.

 

Item 2 - Subsection 5(1)

 

Item 2 amends subsection 5(1) by inserting the definition of network protection duties

 

Network protection duties , undertaken in relation to a computer network, are duties relating to the operation, protection or maintenance of the computer network. 

 

Where the computer network is operated by, or on behalf of, a Commonwealth agency, security authority or eligible authority of a State, network protection duties also include   ensuring that the network is appropriately used by employees, office holders or contractors of the agency or authority.  This is the basis for the exception to the general prohibition on the interception of a communication at Item 11. 

 

Network protection duties encompass activities undertaken to protect the network infrastructure, the information transmitted by the network and information stored on the network.

 

Item 3 - Subsection 5(1)

 

Item 3 amends subsection 5(1) by inserting the definition of office holder .

 

An office holder is a person who holds, occupies or performs the duties of an office, position or appointment.  This definition is intended to ensure that the appropriate use provisions apply to all employment arrangements.

 

Item 4 - Subsection 5(1)

 

Item 4 amends subsection 5(1) by inserting the definition of responsible person

 

Under this Bill, network protection activities can only be lawfully undertaken if certain conditions are met.  One condition is that a person must be authorised in writing by a responsible person to perform network protection duties

 

In a small organisation, the responsible person is the individual who owns or operates the computer network or on whose behalf the computer network is operated.  This would include a sole trader who owns or operates the computer network in their business.

 

In the case of a body, including a body corporate, the responsible person is the head of the body who owns or controls the computer network or on whose behalf the computer network is operated, or a person acting as that head, or a person holding (or acting in) a position nominated by the head (or the acting head) of that body.  For example, the responsible person could include the Chief Executive Officer of the corporation owning the network, and the responsible person functions may be delegated to one or more other positions in the corporation such as the Head of IT, or the Head of IT Security.

 

Allowing more than one person to be nominated as the responsible person means organisations have the capacity to respond to network protection issues as they arise.

 

Items 5 and 6 - Subsections 5F(1), (2) and (3)

Items 7 and 8 - Subsections 5G(1), (2), (3) and (4)

 

The Telecommunications (Interception) Amendment Act 2006 inserted the existing network protection provisions into sections 5F and 5G of the TIA Act.  These provisions are limited to law enforcement agencies, security authorities and eligible authorities of a State.  They are subject to a sunset clause and are due to expire at the end of 12 December 2009. 

 

The existing section 5F operates by providing that a message does not start its passage over the telecommunications system until such time as it exits the relevant agency or authority’s network.  It enables communications which are within the network boundaries of the relevant agency or authority’s network to be copied or recorded in order to allow network protection duties concerning the operation, protection or maintenance of the network, or upholding professional standards, to be performed by personnel within those bodies other than the sender.

 

The existing section 5G operates by modifying the definition of the intended recipient of a communication for Commonwealth agencies, security authorities and eligible authorities of a State.  It enables communications which are within the network boundaries of the relevant agency or authority’s network to be copied or recorded in order to allow duties concerning the operation, protection or maintenance of the network, or upholding professional standards, to be performed by personnel within those bodies other than the addressee.

 

The effect of Items 5 - 8 is to repeal these provisions so that they can be replaced with the solution for network protection introduced by this Bill.  

 

 

 

Items 7 and 8 remove the modification of the definition of intended recipient so that with the introduction of the new solution the intended recipient of a communication does not vary depending on whether or not it is a Commonwealth agency, security authority or eligible authority of a State.

 

Item 9 - After section 6

 

Item 9 inserts new section 6AAA. 

 

New section 6AAA specifies when a computer network is appropriately used

 

An employee, office holder or contractor of a Commonwealth agency, security authority or eligible authority of a State, who has legitimate access to a computer network, appropriately uses that network, when they have made a written undertaking to comply with any conditions specified by the agency or authority, those conditions are reasonable and the person complies with those conditions when using the network.

 

When read in conjunction with the Acts Interpretation Act 1901 (Cth) , the requirement for an agreement in writing includes any mode of representing or reproducing words, figures, drawings or symbols in a visible form.

 

This means that an electronic agreement that otherwise complies with new section 6AAA will satisfy the written requirement in that section.  

 

The concept of appropriate use is flexible enough to recognise that what constitutes an appropriate use of a computer network will vary between agencies.  User agreements must be reasonable for the agency or authority involved and complies with all relevant Commonwealth, State and Territory laws. 

 

The Bill does not require a new user agreement to be entered into.  Existing user agreements will suffice where an employee, office holder or contractor of an agency or authority has undertaken to comply with the conditions set out in the agreement and those conditions are reasonable.

 

The absence of user agreements does not preclude an agency or authority from recording information transiting their computer network for duties relating to the operation, protection or maintenance of the network.  However, an agency or authority will not be able to record information transiting their network to ensure the network is appropriately used, nor secondarily use or disclose information accessed for disciplinary purposes.  This is because new subsection 63D(2) at Item 15 only authorises disciplinary action to be taken in relation to ‘appropriate use’ of the network, not ‘use’ of the network.

 

 

 

 

Allowing specified government agencies and authorities to undertake network protection activities for disciplinary purposes is consistent with the existing network protection provisions.  These agencies are subject to additional statutory requirements not applicable to other public sector or non-government employers which prescribe particular information handling obligations.  The requirement to act in accordance with reasonable conditions set out in a written user agreement is new and will provide additional protection to workers in the agencies and authorities covered by these provisions. 

 

Item 10 - At the end of paragraph 6E(2)(b)

 

Item 10 amends subsection 6E(2) by adding ‘or 63E’ at the end of paragraph 6E(2)(b). 

 

This amendment extends the definition of lawfully intercepted information to include information communicated to an agency or authority by a responsible person for a computer network in accordance with the provisions of section 63E at Item 15.

 

This ensures that information communicated to an agency (including a law enforcement agency) by a responsible person for the purposes of determining whether a person has committed a prescribed offence can only be used and disclosed by that agency in accordance with the existing limitations on use and disclosure set out in the TIA Act.

 

A prescribed offence is defined in subsection 5(1) and is generally an offence punishable by imprisonment for a maximum period of at least three years.

 

Item 11 - After paragraph 7(2)(aa)

 

Item 11 amends subsection 7(2) by inserting new paragraph 7(2)(aaa). 

 

New paragraph 7(2)(aaa) creates an exception to the prohibition on the interception of communications by persons lawfully engaged in network protection duties in relation to a computer network where that interception is reasonably necessary for the person to effectively perform their duties. 

 

New paragraph 7(2)(aaa) ensures that a person, who is lawfully engaged, in writing, by the responsible person to perform duties relating to the protection, operation or maintenance of the network, may intercept communications within that computer network without breaching the TIA Act where that interception is reasonably necessary for the performance of those duties.  This exception to the general prohibition on the interception of communications applies to both government and non-government computer networks.

 

New paragraph 7(2)(aaa) also enables a lawfully engaged person to undertake network protection duties to ensure that a network operated by or on behalf of a Commonwealth agency, security authority or eligible authority of a State is being used appropriately by employees, office holders or contractors of the agency or authority.

 

The engagement of persons to undertake network protection duties is not restricted to internal appointments and can be outsourced to one or more third party providers.  There is no requirement that a person can only perform network protection duties , merely that network protection duties must be within their responsibilities.

 

Paragraph 7(2)(aaa) does not allow the interception of speech for network protection purposes.  Voice communication in the form of packet data, such as Voice over Internet Protocol (VoIP), may be interrogated but the data cannot be reconstructed in order to listen to the actual voice communication. 

 

This limitation is intended to preserve the integrity of the interception warrant regime by excluding telephone conversations and communications from the exception so that normal voice communications cannot be listened to. 

 

The limitation does not prevent recorded voice communications embedded in video or audio files such as music videos or audio files downloaded from the internet that may be attached to an email communication from being intercepted, reconstituted and listened to for the purposes of communicating or making use of communications intercepted under new paragraph 7(2)(aaa).  

 

Information that is intercepted under this provision will be lawfully intercepted information for the purposes of section 6E of the TIA Act and will, therefore, be subject to the existing limitations on the secondary use and disclosure of lawfully intercepted information in Part 2-6 of the TIA Act.

 

Item 12 - Subsection 7(2A)

 

Item 12 amends subsection 7(2A) to incorporate a reference to new paragraph 7(2)(aaa) which provides that in determining whether an act or thing done by a person under the network protection exemption was reasonably necessary in order for the person to perform their duties effectively, a court is to have regard to such matters that are specified in or ascertained in accordance with the regulations.

 

No regulations have been issued at this time.

 

Item 13 - After subsection 7(2A)

 

Item 13 amends section 7 by inserting new subsection 7(3).

 

New subsection 7(3) clarifies that the network protection exception to the prohibition of the interception of telecommunications does not apply to voice communications in the form of speech, which includes a communication that involves a recorded or synthetic voice. 

 

In the case of Voice over Internet Protocol (VoIP), the voice communication in the form of packet data may be intercepted and interrogated but the data may not be reconstructed in order to listen to the actual voice communication. 

 

This limitation is intended to preserve the integrity of the interception warrant regime by excluding telephone conversations and communications from the exception so that normal voice communications cannot be listened to. 

 

Recorded voice communications embedded in video or audio files such as a music video or audio file downloaded from the internet that may be attached to an email communication can be intercepted, reconstituted and listened to for the purposes of communicating or making use of communications intercepted under new paragraph 7(2)(aaa).  

 

Item 14 - After subsection 35(1)

 

Item 14 amends section 35 by inserting new subsection 35(1A).

 

New subsection 35(1A) applies to the operation of paragraphs 35(1)(f) and 35(1)(g). 

 

Section 35 of the TIA Act sets out the conditions State law must meet before the Minister can declare an eligible State authority to be an interception agency under section 34 of the TIA Act. Paragraphs 35(1)(f) and 35(1)(g) specify security and destruction requirements for information lawfully intercepted in accordance with the TIA Act.  While these requirements are appropriate for information accessed under a warrant by an interception agency, if applied to communications intercepted under paragraph 7(2)(aaa), they would impose an onerous administrative burden on interception agencies that would not be imposed on any other computer network operator.

 

With the commencement of new subsection 35(1A), the effect of these amendments will be that a relevant State law will not have to place a personal requirement on the chief officer of an eligible authority of a State to keep in a secure place or limit access to a restricted record that is a record of a communication that was intercepted under paragraph 7(2)(aaa). 

 

Nor will a State law have to require the chief officer of an eligible authority of a State to cause the destruction of a restricted record that is a record of a communication intercepted under paragraph 7(2)(aaa).  This is consistent with new section 79A at Item 22 which imposes destruction requirements on the responsible person for the computer network of an eligible State authority rather than the chief officer. 

 

As new subsection 35(1A) removes restricted records that are records of communications intercepted under the provisions of 7(2)(aaa) from the record-keeping and destruction requirements imposed by subsections 35(1)(f) and 35(1)(g), such records will not be a factor when the Minister is considering preconditions in relation to a declaration under section 34.

Item 15 - After section 63B

 

Item 15 inserts new sections 63C, 63D and 63E. 

 

New section 63C sets out the terms under which a person engaged in network protection duties may communicate or make use of information lawfully intercepted in relation to those duties. 

 

New subsection 63C(1) allows a person legitimately engaged in network protection duties to communicate, cause to be communicated or make use of information which was lawfully intercepted in the performance of those duties.  Network protection duties mean duties relating to the operation, protection or maintenance of the network, including its infrastructure.  Where the computer network is operated by, or on behalf of, a Commonwealth agency, security authority or eligible authority of a State, network protection duties also include ensuring that the network, including its infrastructure, is appropriately used.

 

New subsection 63C(1) is subject to new subsection 63C(3) which does not allow the use or disclosure of a communication intercepted under new paragraph 7(2)(aaa) that has been converted into a voice communication in the form of speech. 

 

Under new subsection 63C(2), a person engaged in network protection duties may disclose lawfully intercepted information to either the responsible person for the network or to another person if it is reasonably necessary to enable the other person to perform their duties in relation to protecting the network. 

 

New subsection 63C(2) is also subject to the limitations of new subsection 63C(3) regarding voice communications.

 

New section 63D allows a person engaged in network protection duties to disclose lawfully intercepted information to another person in order to determine whether disciplinary action should be taken in relation to the use of the network by an employee, office holder or contractor of a Commonwealth agency, security authority or eligible State authority who has legitimate access to the network, taking disciplinary action in relation to the use of the network by such an employee, office holder or contractor or reviewing a decision to take disciplinary action.

 

Whether a computer network has been used appropriately is defined by reference to new section 6AAA at Item 9. 

 

New subsection 63D(2) is limited by the operation of new subsections 63D(3) and 63D(4).

 

New subsection 63D(3) does not allow the use or disclosure of a communication intercepted under new paragraph 7(2)(aaa) that has been converted into a voice communication in the form of speech. 

New subsection 63D(4) prevents a person from communicating or making use of information accessed under new paragraph 7(2)(aaa) relating to disciplinary action if to do so would contravene another law of the Commonwealth, State or Territory.  This limitation further protects workers in agencies and authorities covered by these provisions by ensuring that their employer cannot circumvent any relevant Commonwealth, State or Territory workplace relations requirements or workplace surveillance laws by accessing information under the TIA Act.

 

New section 63E allows a responsible person for a computer network to voluntarily communicate lawfully intercepted information, other than foreign intelligence information, to an officer of an agency in certain circumstances. 

 

An agency may not compel or request the disclosure of information obtained under new paragraph 7(2)(aaa).

 

The responsible person may only communicate the information if it was communicated to the responsible person under new subsection 63C(2)(a) by a person lawfully undertaking network protection duties and the responsible person suspects, on reasonable grounds, that the information is relevant to determining whether another person has committed a prescribed offence A prescribed offence is defined in subsection 5(1) and is generally an offence punishable by imprisonment for a maximum period of at least three years.

 

It is not necessary for the responsible person to determine that the suspected offence is a prescribed offence .  It is only necessary for the responsible person to have a reasonable belief that it may be a prescribed offence under the TIA Act.

 

Lawfully intercepted information may be communicated to an agency pursuant to section 63E regardless of whether it was collected in accordance with a user agreement.

 

Item 16 - Section 72

 

This is a consequential amendment to incorporate references to new sections 63C, 63D and 63E.

 

This amendment allows all persons who communicate information in accordance with new sections 63C, 63D and 63E to make a record of that information.

 

Items 17 - 20 - Section 73

 

These amendments ensure that the limitations on the use and disclosure of information related to disciplinary action will apply to further use and disclosures regardless of the number of times the information is used or disclosed.

 

 

These amendments will also ensure that a person who receives information related to disciplinary action under subsection 63D(2), may only communicate, use or record that information where doing so does not contravene another law of the Commonwealth or a State or Territory.

 

Item 21 - At the end of section 79

 

Item 21 amends section 79 by inserting new subsection 79(3).

 

Section 79 sets out the destruction requirements applicable to interception agencies in relation to records regarding intercepted information (a restricted record ).  

 

These requirements only apply to interception agencies and when combined with the new destruction requirements under new section 79A at Item 22 would create a different regime for interception agencies.  This would impose an onerous administrative burden on agencies as the destruction requirements in section 79 are imposed on an agency’s chief officer.  In practice this would mean that the chief officer of an agency would need to destroy every record of a network protection activity when it is no longer needed.  In some agencies this could amount to thousands of records at any point in time. 

 

New subsection 79(3) will address this by ensuring that section 79 does not apply to records of communications intercepted under new paragraph 7(2)(aaa).  Rather, the new section 79A will apply to agencies.

 

Item 22 - At the end of Part 2-6

 

Item 22 inserts new section 79A. 

 

New section 79A states that the responsible person for a computer network must ensure the destruction of a restricted record that is a record of a communication that was intercepted under paragraph 7(2)(aaa).  This record is a restricted record for the purposes of subsection 5(1) of the TIA Act.

 

The responsible person must cause the record to be destroyed once the responsible person is satisfied that the record is not likely to be required for network protection duties .

 

In the case of a network operated by, or on behalf of a Commonwealth agency, security authority or eligible State authority, once the responsible person is satisfied that the record is not likely to be required for the purpose of deciding, taking or reviewing disciplinary action in relation to the appropriate use of the network, the responsible person must cause the record to be destroyed. 

 

 

 

The obligation extends only to the destruction of the original record.  There is no obligation on the responsible person to destroy copies of restricted records as often they are no longer in the possession of the responsible person , but have been lawfully communicated to another person.

 

As more than one person can be designated as a responsible person the destruction requirement can be met by more than one person. 

 

Item 23 - Paragraph 81(1)(d)

 

Item 22 amends subsection 81(1) by excluding the requirement for the Chief Officer of an agency to record every occasion a network protection activity takes place.

 

While these requirements are appropriate for information accessed under a warrant by an interception agency, they would impose an onerous administrative burden on interception agencies that could impact on an agency’s capacity to perform network protection duties .

 

Consistent with Item 21, this Item will ensure that consistent requirements apply to communications intercepted under paragraph 7(2)(aaa). 

 



Schedule 2—Other amendments

The purpose of Schedule 2 is to make other necessary amendments to the TIA Act to improve the ongoing effective operation of the interception and access regime in Australia .

These amendments will:

·           extend the evidentiary certificate regime to lawful access to telecommunications data authorised under Chapter 4 of the TIA Act and allow the Managing Director or the secretary of a carrier to delegate their evidentiary certificate functions

·           clarify that lawfully intercepted information can be used, communicated and used in proceedings by the Australian Federal Police (AFP) in applications for interim and final control orders and initial and final preventative detention orders under Divisions 104 and 105 of the Criminal Code Act 1995 , and

·           make consequential amendments to reflect amendments to the Police Integrity Commission Act 1996 (NSW) in relation to the investigation of the corrupt conduct of an administrative officer of the New South Wales Police Force or the misconduct of an officer of the New South Wales Crime Commission.

 

Part 1—Amendments

 

Telecommunications (Interception and Access) Act 1979

Item 1 - Subsection 5(1) (after subparagraphs (b)(i), (ii), (iia) and (iib) of the definition of permitted purpose )

 

Item 1 inserts the word ‘or’ after each subparagraph in paragraph (b) of permitted purpose in subsection 5(1).

 

This is a minor technical amendment to comply with current drafting conventions.

Item 2 - Subsection 5(1) (at the end of paragraph (b) of the definition of permitted purpose )

 

Item 2 amends the definition of permitted purpose in subsection 5(1) by inserting new subparagraphs (b)(v) and (b)(vi).

New subparagraph (b)(v) clarifies that lawfully intercepted information can be used or communicated in relation to control orders sought and issued pursuant to Division 104 of the Criminal Code .  Section 67 of the TIA Act currently allows information which has been lawfully intercepted to be used for a permitted purpose , which includes a purpose connected with an investigation by the AFP of a prescribed offence .  A prescribed offence is defined in subsection 5(1) of the TIA Act and is generally any offence which carries a maximum penalty of at least three years imprisonment.

This amendment clarifies the TIA Act to avoid doubt that the TIA Act enables the AFP to use and communicate lawfully intercepted information in relation to seeking the Attorney-General’s approval to apply for an interim control order and in applying to the court for an interim control order.   Lawfully intercepted information may also be used in proceedings relating to interim control orders , including the declaration, revocation, variation or confirmation of an interim control order by an issuing court.

 

New subparagraph (b)(vi) clarifies that lawfully intercepted information can be used or communicated in relation to preventative detention orders sought and issued pursuant to Division 105 of the Criminal Code .

 

This amendment clarifies that the AFP can use and communicate lawfully intercepted information in relation to an application for an initial preventative detention order or a continued preventative detention order.  Lawfully intercepted information may also be used in proceedings relating to preventative detention orders, including the issue or extension of a preventative detention order by an issuing authority.

Item 3 - Subsection 5(1) (subparagraph (e)(i) of the definition of permitted purpose )

 

Item 3 amends the definition of permitted purpose in subsection 5(1) by removing the phrase “of an officer of the New South Wales Police Service” and substituting “(within the meaning of section 5 of that Act) of a police officer (within the meaning of that Act)”.

The changes reflect amendments made to the powers of the Police Integrity Commission (PIC) through changes to the Police Integrity Commission Act 1996 (NSW)

(the PIC Act).  The new provisions ensure that further changes to relevant provisions of the New South Wales legislation will be recognised by the TIA Act without the need for further amendments to the TIA Act.

 

Item 4 - Subsection 5(1) (after subparagraph (e)(i) of the definition of permitted

purpose )

 

Item 4 amends the definition of permitted purpose in subsection 5(1) by inserting new subparagraphs (e)(ia) and (e)(ib). 

 

New subparagraph (e)(ia) extends the definition of permitted purpose to include an investigation under the PIC Act in relation to the corrupt conduct of an administrative officer of the New South Wales Police Force.  An administrative officer is defined in the PIC Act and includes any member of the New South Wales Police Force who is not a police officer, for example, a civilian or an unsworn employee.

 

New subparagraph (e)(ib) extends the definition of permitted purpose to include an investigation under the PIC Act in relation to the misconduct of a Crime Commission officer.  A Crime Commission officer is defined in the PIC Act and includes a member of staff of the NSW Crime Commission within the meaning of the New South Wales Crime Commission Act 1985 .

 

These amendments reflect the transfer of particular functions from the Independent Commission Against Corruption (ICAC) to the PIC, which came into effect on

1 July 2008, and will enable the PIC to use and communicate lawfully intercepted information for the purpose of an investigation in relation to any officer who falls within the PIC’s jurisdiction.   

 

These provisions apply to the use or disclosure of information on or after commencement, regardless of whether the lawfully intercepted information was obtained before or after commencement.

 

‘Corruption’ and ‘misconduct’ are defined in the PIC Act.

 

Item 5 - Subsection 5(1) (subparagraph (e)(ii) of the definition of permitted

purpose )

 

Item 5 amends the definition of permitted purpose in subsection 5(1) by removing the phrase “such an investigation” from subparagraph (e)(ii) and substituting “an investigation covered by subparagraph (i), (ia) or (ib)”.

 

Subparagraph (e)(ii) of the definition of permitted purpose currently allows the PIC to include lawfully intercepted information in the reports of investigations of police misconduct of an officer of the New South Wales Police Force.

 

New subparagraph (e)(ii) of the definition of permitted purpose enables the PIC to use and communicate lawfully intercepted information for the purpose of producing a report on the expanded range of investigations to include those covered in new subparagraphs (e)(ia) and (e)(ib).



Item 6 - Subsection 5(1) (subparagraphs (e)(iii) and (iv) of the definition of permitted purpose )

 

Item 6 amends the definition of permitted purpose in subsection 5(1) by removing the word “Service” from subparagraphs (e)(iii) and (e)(iv) and substituting the word “Force”. 

This reflects the fact that the New South Wales Police Service is now known as the New South Wales Police Force.

 

Item 7 - Subsection 5(1)

 

Item 7 amends subsection 5(1) by inserting the definition of preventative detention order .

 

Preventative detention order has the same meaning as in Part 5.3 of the Criminal Code , that is, an order under section 105.8 or 105.12 of the Criminal Code , and is included in the expanded definition of permitted purpose in the TIA Act in relation to the AFP.

 

 

 

Item 8 - After paragraph 5B(1)(ba)

 

Item 8 amends the definition of an exempt proceeding in subsection 5B(1) by inserting new paragraphs (bb) and (bc).

 

New paragraph 5B(1)(bb) amends the definition of an exempt proceeding to include a proceeding under, or a proceeding relating to a matter arising under, Division 104 of the Criminal Code

 

This amendment clarifies that a person may give lawfully intercepted information in evidence in a proceeding relating to a control order pursuant to Division 104 of the Criminal Code .

 

New paragraph 5B(1)(bc) extends the definition of an exempt proceeding to include a proceeding under, or a proceeding relating to a matter arising under, Division 105 of the Criminal Code , so far as the proceeding relates to a preventative detention order.

 

This amendment clarifies that a person may give lawfully intercepted information in evidence in a proceeding relating to a preventative detention order pursuant to Division 105 of the Criminal Code .

 

Item 9 - Subsection 18(1)

 

Item 9 repeals subsection 18(1) and substitutes new subsection 18(1). 

 

This enables the Managing Director or secretary of a carrier to issue a written evidentiary certificate in relation to acts or things done to enable the execution of an interception warrant issued to the Australian Security and Intelligence Organisation (ASIO).  Alternatively, the Managing Director or the secretary may delegate their evidentiary certificate functions by authorising, in writing, an employee of the carrier to issue such a certificate. 

 

An evidentiary certificate issued by the Managing Director, secretary or authorised employee should be a written certificate, signed by him or her.  The certificate should set out such facts as he or she considers relevant with respect to the acts or things done by, or in relation to, employees of the carrier which enabled the execution of the warrant issued to ASIO.

 

The issuing of evidentiary certificates is an administrative function and the Managing Director or secretary is unlikely to be involved with each interception conducted by an agency.  The delegation power will expand the number of people who can issue evidentiary certificates on behalf of a carrier.  Enabling staff who are more accessible but of sufficient seniority to issue the certificate gives the carrier flexibility, which should ensure that evidentiary certificates can be issued promptly.

 

The delegation of this function is consistent with the current evidentiary certificate regime applying to law enforcement interception warrants under section 61 of the TIA Act.

 

Item 10 - Subsection 18(2)

 

Item 10 amends subsection 18(2) by inserting the phrase “, or an employee,” after the word “secretary”.

 

Subsection 18(2) provides that an evidentiary certificate issued by the Managing Director or secretary of a carrier is to be received in an exempt proceeding as conclusive evidence of the matters stated in the certificate.

 

Item 10 is a consequential amendment to incorporate the delegation provision in new subsection 18(1) at Item 9.

 

Item 11 - Subsection 129(1)

 

Item 11 repeals subsection 129(1) and substitutes new subsection 129(1).

 

This enables the Managing Director or secretary of a carrier, or of a body corporate of which the carrier is a subsidiary, to issue a written evidentiary certificate in relation to acts or things done to enable the execution of a stored communications warrant.  Alternatively, the Managing Director or the secretary may delegate their evidentiary certificate functions by authorising, in writing, an employee of the carrier to issue such a certificate. 

 

An evidentiary certificate issued by the Managing Director, secretary or authorised employee should be a written certificate, signed by him or her.  The certificate should set out such facts as he or she considers relevant with respect to the acts or things done by, or in relation to, employees of the carrier which enabled the execution of a stored communications warrant issued to an enforcement agency.

 

The delegation power will expand the number of people who can issue evidentiary certificates on behalf of a carrier.  Enabling staff who are more accessible than the Managing Director or the secretary of a carrier but of sufficient seniority to issue the certificate gives the carrier flexibility, which should ensure that evidentiary certificates can be issued promptly.

 

The delegation of this function is consistent with the current evidentiary certificate regime applying to interception warrants under section 61 of the TIA Act.

 

 

 

 

 

Item 12 - Subsection 129(2)

 

Item 12 amends subsection 129(2) by removing the words “the Managing Director or secretary of a carrier, or of a body corporate of which the carrier is a subsidiary” and substituting “a person referred to in paragraph (a), (b) or (c) of that subsection”.

 

Subsection 129(2) provides that an evidentiary certificate issued by the Managing Director or secretary of a carrier is to be received in an exempt proceeding as conclusive evidence of the matters stated in the certificate.

 

Item 12 is a consequential amendment to incorporate the delegation provision in subsection 129(1) at Item 11.

 

Item 13 - After section 185

 

Item 13 inserts new sections 185A, 185B and 185C, which extend the evidentiary certificate regime to include access to telecommunications data obtained under an authorisation. 

 

Telecommunications data is information about a communication, but does not include the content or substance of the communication.  Telecommunications data is available in relation to all forms of communications, including both fixed and mobile telephony services, and for internet based applications, including internet browsing and voice over internet protocol (VoIP).

 

For telephone-based communications, telecommunications data includes subscriber information, the telephone numbers of the parties involved, the time of the call and its duration.  In relation to internet based applications, telecommunications data includes the Internet Protocol (IP) address used for the session and the start and finish time of each session.

 

Currently, telecommunications data is able to be disclosed by a carrier or carriage service provider to ASIO in connection with the performance of its functions and to enforcement agencies for the investigation of the criminal law, a law imposing a pecuniary penalty or the protection of the public revenue.

 

New sections 185A, 185B and 185C apply to historical and prospective telecommunications data disclosed in accordance with Divisions 3 and 4 of Part 4-1 of the TIA Act.

 

New sections 185A, 185B and 185C are consistent with the existing evidentiary certificate provisions for interception and stored communications.

 

Section 185A

 

New section 185A enables the Managing Director or secretary of a carrier, or of a body corporate of which the carrier is a subsidiary, to issue a written evidentiary certificate which is conclusive evidence as to the acts or things done by an employee of the carrier to enable the lawful disclosure of telecommunications data to ASIO or an enforcement agency.

 

New section 185A also allows the Managing Director or the secretary of a carrier, or of a body corporate of which the carrier is a subsidiary, to delegate their evidentiary certificate functions by authorising, in writing, an employee of the carrier to issue such a certificate. 

 

For the purposes of this section, the question of whether a body corporate is a subsidiary of another body corporate is to be determined in accordance with the Corporations Act 2001.

 

An evidentiary certificate issued by the Managing Director, secretary or authorised employee should be a written certificate, signed by him or her.  The certificate should set out such facts as he or she considers relevant with respect to the acts or things done by, or in relation to, employees of the carrier which enabled the disclosure of information or a document covered by an authorisation in force under a provision of Division 3 or 4 of Part 4-1 of the TIA Act.

 

A certificate issued under subsection 185A(1) and signed by a person referred to in paragraph (a), (b) or (c) of that subsection is to be received in evidence in an exempt proceeding without further proof and is, in an exempt proceeding , conclusive evidence of the matters stated in the document.

 

The conclusive nature of the evidentiary certificate regime under the TIA Act was upheld in Cheiko v Regina [2008] NSWCCA 191 .  Whealy J in an initial application to the Supreme Court noted that Parliament had balanced competing public interests and acknowledged that the purpose of the provisions was to protect the identity of a carrier’s employees engaged in the execution of warrants by police and agencies and only go to formal matters of technical evidence.  Evidentiary certificates only enable a carrier to provide evidence about what actions employees undertook to enable the execution of a warrant and do not prove any facts in issue before the court.

 

The certificates do not prevent an accused from challenging the validity of an authorisation or the information being used against them.  For example, an accused continues to be able to lead evidence that there were other relevant calls that may tend to exonerate them.  Accordingly, there is no disadvantage to an accused as they are able to challenge evidence being used against them.

 

 

The conclusive certificates also assist in the protection of capabilities and methodologies from being released on the public record and allow for the submission of routine evidence in a consistent manner.  Spigelman CJ, Barr and Fullerton JJ in the NSW Criminal Court of Appeal unanimously upheld the constitutional validity of the certificate in

Cheiko v Regina [2008] NSWCCA 191.

 

Section 185B

 

New section 185B enables the Director-General of Security or the Deputy

Director-General of Security to issue an evidentiary certificate which is prima facie evidence as to anything done by an officer or employee of ASIO in connection with information or a document covered by an authorisation for telecommunications data under Division 3 of Part 4-1 of the TIA Act.

 

An evidentiary certificate issued by the Director-General or the Deputy

Director-General of Security should be a written certificate, signed by him or her. 

The certificate should set out such facts as he or she considers relevant with respect to anything done by an officer or employee of ASIO in relation to the disclosure, communication, use, recording, custody of records or giving in evidence of information or a document covered by an authorisation in force under a provision of Division 3 of Part 4-1 of the TIA Act.

 

A certificate issued under subsection (1) by the Director-General of Security or the Deputy Director-General of Security and to be signed by him or her is to be received in evidence in an exempt proceeding without further proof and is, in an exempt proceeding , prima facie evidence of the matters stated in the document.

 

Certificates issued by an ASIO are considered to be prima facie evidence as they relate to a wider range of matters than a carrier’s evidentiary certificate, including the recording, copying and use of the information and its content being used in evidence.

 

Section 185C

 

New section 185C enables an enforcement agency to issue a prima facie evidentiary certificate regarding the execution of an authorisation for telecommunications data under Division 4 of Part 4-1 of the TIA Act.

 

A certifying officer of an enforcement agency may issue a written certificate signed by him or her setting out such facts as he or she considers relevant with respect to anything done by an officer or staff member of the agency in connection with the information or a document covered by an authorisation in force under a provision of Division 4 of Part 4-1, including disclosure, communication, use, making a record or the custody of a record, or the giving in evidence of such information.

 

 

A document purporting to be a certificate issued under subsection (1) by a certifying  officer of an enforcement agency and purporting to be signed by him or her is to be received in evidence in an exempt proceeding without further proof and is, in an exempt proceeding , prima facie evidence of the matters stated in the document.

 

Certificates issued by an enforcement agency are considered to be prima facie evidence as they relate to a wider range of matters than a carrier’s evidentiary certificate, including the recording, copying and use of the information and its content being used in evidence.

 



 

Part 2 Validation, application and transitional provisions

 

Item 14 - Validation of the dealing with information by the Australian Federal Police

 

Item 14 applies to new subparagraphs (b)(v) and (b)(vi) under permitted purpose in subsection 5(1).

 

Item 14 ensures that an officer or staff member of the AFP who, prior to those subparagraphs coming into force, communicated, made use of, or made a record of lawfully intercepted information or interception warrant information of the kind which is now a permitted purpose under new subparagraphs (b)(v) and (b)(vi), will not have contravened section 63 of the TIA Act.

The amendments to permitted purpose in relation to the use or disclosure of information related to Divisions 104 and 105 of the Criminal Code are designed to clarify the operation of the existing legislation, rather than expanding police powers.

Therefore, the validation provision is to ensure that any AFP officers who have in good faith used or communicated lawfully intercepted information for a purpose connected with Divisions 104 or 105 of the Criminal Code are not liable for any breach of the TIA Act caused by that use or communication. 

 

Item 15 - Application - investigations

 

Item 15 applies to new subparagraphs (e)(ia) and (e)(ib) under permitted purpose in subsection 5(1).

 

Item 15 clarifies that an investigation under the PIC Act, which commences after new subparagraphs (e)(ia) and (e)(ib) come into force, may be an investigation into complaints or actions that occurred prior to, on, or after the commencement of these subsections.

The provisions do not retrospectively criminalise any action.  They allow the PIC access to the same techniques to investigate complaints or actions, regardless of when the behaviour in question occurred.

 

Item 16 - Transitional - previously issued evidentiary certificates

 

Item 16 applies to subsections 18(1) and 129(1).

 

Item 16 clarifies that an evidentiary certificate issued under subsection 18(1) prior to commencement of new subsection 18(1) or issued under subsection 129(1) prior to commencement of new subsection 129(1), which was in force immediately before the commencement of the new provisions, has effect as if it had been issued under the relevant new provision.

 

Item 17 - Application - issue of evidentiary certificates

 

Item 17 applies to sections 18, 129, 185A, 185B and 185C.

 

Item 17 clarifies that sections 18 and 129 apply in relation to acts or things done before, on, or after the commencement of this item and that new sections 185A, 185B or 185C apply in relation to an authorisation made under Part 4-1 of the TIA Act, whether the authorisation was made before, on or after the commencement of this item.