Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
 Download Current HansardDownload Current Hansard    View Or Save XMLView/Save XML

Previous Fragment    Next Fragment
Monday, 29 November 2004
Page: 6

Senator LUDWIG (12:56 PM) —I rise to speak on the Telecommunications (Interception) Amendment (Stored Communications) Bill 2004. This is the third attempt to clarify the application of the Telecommunications (Interception) Act 1979 to stored communications. The previous two attempts, which formed part of the Telecommunications Interception Legislation Amendment Bill 2002 and the Telecommunications (Interception) Amendment Bill 2004, were withdrawn by the government after flaws were identified in those bills by the Senate Legal and Constitutional Legislation Committee.

In part, the last bill collapsed after the Attorney-General's Department and the Australian Federal Police could not agree about the correct interpretation of the existing law. Unfortunately it was fairly clear to the committee this time around that the stand-off has never been resolved. The committee has now examined the current bill and has recommended that it proceed, subject to an amendment mandating a review of the Telecommunications (Interception) Act. The government has now made this commitment, so the opposition can now support this bipartisan recommendation and the bill.

In its bipartisan report, the committee has identified a range of issues that should be considered in any such review. The principal issue, which is referred to in the committee's recommendation, is whether stored communications should be exempted altogether from the act or whether the exemption should in fact be qualified in some way and, if it were to be qualified in some way, the extent of that qualification. For example, the earlier 2004 bill sought to provide some protection for stored communications which had not yet been accessed by the intended recipient. However, consideration of this issue was complicated by uncertainty about whether current technology enables it to be determined whether the communication has in fact been accessed.

In its most recent report, the committee noted in paragraphs 3.17 to 3.19 the conflicting evidence it had heard on this particular issue. For example, while some witnesses had said it is not possible to know whether emails have been accessed, one witness suggested that, under newer versions of software, ISPs would be able to determine this. It was certainly not clear to the committee whether it was able to be accessed and whether they were to know about that. Because of the significance of this question, the committee specifically recommended that it be examined in detail in any review of the T(I) Act. In part, the distinction between read and unread emails was removed from the current bill because of the concerns expressed by the Australian Federal Police that the earlier 2004 bill would prevent it internally monitoring emails for corporate governance purposes. However, it is pertinent to refer to what the Privacy Commissioner told the committee. The Privacy Commissioner said:

If there is continued uncertainty about whether such activities may contravene the Interception Act, this could be resolved by amending legislation to ensure that while protection is maintained for personal telecommunications generally, e-security and corporate governance measures are permitted.

That is why the committee recommended at paragraph 3.21 of its report that the review of the T(I) Act consider whether this is a more appropriate way to address those specific concerns.

The committee also heard evidence about broader implications of allowing the interception of stored communications using some other form of lawful authority besides the T(I) Act. One of these was the potential for telecommunications carriers to disclose communications, such as copies of customers' emails, under the Telecommunications Act. The act imposes quite specific obligations on carriers to keep records of these disclosures, and section 309 enables the Privacy Commissioner to check compliance with these obligations. However, the Privacy Commissioner told the committee:

With the work of the Office of the Federal Privacy Commissioner compliance section currently focussed on complaints handling, it is not carrying out audits in a range of areas included under this provision.

It is reasonable to assume that in future the disclosure provisions of the Telecommunications Act will be relied on a lot more because carriers will no longer be able to insist on the production of a TI warrant before granting access to stored communications. When that happens there will be an undeniable need to ensure that records are kept in accordance with that act through an appropriate program of audits. But under this government such audits have ceased altogether, it appears, because of a lack of funds provided to the Privacy Commissioner to allow him to do not only complaints handling but also the wider auditing that you would expect the Privacy Commissioner to do.

In paragraph 3.30 of its report the committee has drawn the government's attention to this and we hope it is addressed in the course of the proposed review. It is necessary not only to review the TI legislation itself in detail but also to go a little deeper to examine the import of this change and how it would affect other agencies such as the Privacy Commissioner. The government in this instance should be forewarned. This is a matter that we will continue to pursue to ensure that there is open and public accountability in this process. The Telecommunications Act is administered by the communications minister, but the funding of the Privacy Commissioner is the responsibility of the Attorney-General.

Another concern heard by the committee was in relation to the handling and destruction of personal information contained in stored communications that are obtained through some other form of lawful authority. The Privacy Commissioner observed that, while the T(I) Act imposes requirements to destroy information not required for an agency's functions, the information privacy principles do not contain such an obligation. Again, at paragraph 3.39 the committee recommended that the proposed review consider whether the IPPs do the work that is likely to be required of them following the passage of this bill.

In summary, the committee has recommended that the bill proceed with an amendment mandating the proposed review of the T(I) Act. But in truth the government should not take too much comfort from this recommendation. The committee has stopped far short of giving an unqualified endorsement of the approach proposed in this bill. At paragraph 3.47 the committee said:

The Committee notes with concern the arguments presented that if enacted, the Bill will remove privacy protection for those using emails or SMS. The Committee heard competing policy arguments. Those in favour of the Bill argue that a stored email is analogous to a letter (and like a PO Box should be accessible with only a search warrant), whilst those opposing the Bill argue it is more analogous to a phone call, and should be protected by the TI Act like a phone call.

And at paragraph 3.54 the committee concluded:

The Committee believes that there is a genuine need to ensure clarity as the application of the TI Act to stored communications. If enacted, the Bill will achieve this clarity, although it will cease to have effect 12 months after its commencement. The Committee regards this as an important check in the process. The Committee believes that if the Bill is enacted, the review that is to take place within this 12 months should be public, and should reconsider the appropriateness of continuing the exemption of read and unread stored communications from the TI regime, as proposed in the Bill. The Committee has identified a range of issues in its report which bear upon this question.

The committee's inquiry was an important opportunity for all the implications of this bill to be drawn out and put into the public arena. It is important that these implications now be further examined and responded to in the review of the T(I) Act to properly inform consideration of what longer term arrangements should be put in place after this legislation sunsets in 12 months time. The opposition therefore will not be opposing this bill. The opposition notes that the government has given effect to the bipartisan recommendations of the Senate committee by committing to a review of the T(I) Act. In the light of the substantial privacy concerns raised before the Senate committee we believe this is desirable. We have previously seen numerous legislative reviews put on the backburner or falling by the wayside, and this commitment means that the opposition will ensure the government is held to the commitment which it has given.

The government has not always carried out the reviews when they were called for or were required. One recent example was the promise of the 2002 review of the Financial Transaction Reports Act, which was meant to result in the publication of an issues paper but was delayed and then swallowed up completely by broader work on the revised recommendations of the financial action task force. This review caused considerable frustration in the business sector. A second example was the promised review of the Privacy Act exemptions for employee records, which previous ministers Peter Reith and Daryl Williams promised would be completed by the time the private sector amendments came into operation in December 2001. Instead, progress has been glacial and in fact the government did not even publish an issues paper until 2004. A third example was the promised review of the Bankruptcy Act offences relating to gambling. This was promised in December 2002 but the government has said nothing about it since. Maybe something has been going on behind the scenes with the government in relation to these matters, but certainly it has not bothered to inform parliament of this.

So there you have three examples in the Attorney-General's portfolio alone of where legislative reviews have been put on the backburner or have fallen by the wayside. We do not raise these to attribute blame but simply to illustrate the need for vigilance by the government in light of the substantial privacy issues raised in this bill. We expect parliament and government to heed the warning that is contained within that: if they are going to have a review, it should commence at the earliest possible moment and be thorough, appropriate and complete.