Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
STANDING COMMITTEE ON LEGAL AND CONSTITUTIONAL AFFAIRS
16/07/2007
Telecommunications (Interception and Access) Amendment Bill 2007

CHAIR —Welcome. The Attorney-General’s Department has lodged submission No. 15. I remind senators that the Senate has resolved that an officer of the department of the Commonwealth or of the state shall not be asked to give opinions on matters of policy and shall be given reasonable opportunity to refer questions asked of the officer to superior officers or to a minister. This resolution prohibits only questions asking for opinions on matters of policy and does not preclude questions asking for explanations of policies or factual questions about when and how policies have been adopted. Officers are also reminded that any claim that it would be contrary to the public interest to answer a question must be made by a minister and should be accompanied by a statement setting out the basis of the claim. I invite you to make a short opening statement, at the conclusion of which we will invite senators to ask questions.

Ms Smith —I will not repeat any matters that are already set out in our submission or in the Attorney-General’s second reading speech, but instead I would like to focus on two key points in relation to the bill. The first point is that this bill brings together all provisions governing national security and law enforcement access to telecommunications into one act to create one piece of overarching legislation that governs access to communications. This implements the core recommendation of Mr Blunn in his review of regulation of access to communication. This change is intended to make the nature and scope of these access powers clearer to agencies, industry and to the public alike. It will also clarify the relationships between the three types of information, being telecommunications interception content, stored communications content and telecommunications data.

The second important point this bill addresses is that it is assisting the legislation to deal with the convergence of technology. In recent years there has been a dramatic increase in telecommunications technology and within the industry that provides it. The driving force behind these changes has been the convergence of technology and services, and the emergence of internet based services. This means that different methods of electronic communications are converging into a single extraordinarily complex data stream. A device such as a mobile phone, which until recently was a single service we could use to call someone, is now a portable office, providing multiple services such as SMS, MMS, email, video calls, file transfers, web browsing and so on. These developments have fundamentally changed the way law enforcement agencies need to conduct their investigations. It has also dramatically increased the complexity of the relationship between agencies and the telecommunications industry. With the convergence of these technologies, it is essential that law enforcement and national security agencies retain their ability to lawfully access these services to combat serious crime and terrorism. For agencies and industries alike, the line is now blurred in what level of access is appropriate for agencies. With one overarching piece of legislation there is a greater certainly in place on how agencies can receive assistance from the telecommunications industry.

In developing this bill there has been major consultation with key stakeholders. In February an exposure draft was placed with major stakeholders. In the resulting discussions we received a lot of constructive feedback and suggestions, and many are reflected in the current bill before the committee. To assist the committee’s consideration of the bill, we have put together some additional items, which I seek to table. The first is a table making a comparison between the existing provisions within the Telecommunications Act and their equivalents in the proposed legislation. The second is a diagram that addresses what would be the three types of access to communications under the new proposed bill and the current Telecommunications (Interception and Access) Act. The third is a diagram of a model of how the processes of interaction between agencies and industries works in practice.

This bill essentially is a refinement of the current administrative and legal arrangements in place under both the T(IA) Act and the Telecommunications Act, and my officers and I are more than happy to answer any questions specifically on the bill.

CHAIR —Would the Federal Police like to make an opening statement?

Federal Agent Lammers —The Australian Federal Police feels it is unnecessary to make an opening statement, other than to say that we support the statements made by the Attorney-General’s Department.

CHAIR —We will move to questions.

Senator LUDWIG —You have had an opportunity to hear some of the evidence today from the Police Federation and Electronic Frontiers. Is it your intention to go through each of those submissions and provide a response to some of the matters raised?

Ms Smith —That was not our intention, but we could do that should the committee like us to provide that at a later date in writing.

Senator LUDWIG —I will deal with individual matters relating to the Police Federation first. The EM does not have a definition of ‘telecommunications data’ but it has an explanation of what it includes. The bill does not include a definition of what ‘telecommunications data’ is.

Ms Smith —That is correct.

Senator LUDWIG —Is it the intention to put a definition in?

Ms Smith —No, it is not the intention. The T(IA) Act has been technologically neutral. One of Mr Blunn’s comments is that it has been very robust in the face of technological change over the years. Our concern about defining what technology and call associated data may be now might be redundant in 12 months time. Essentially we rely on the premise that the contents and substance of a communication are protected and are only accessible under a TIA warrant, an interception warrant or a stored communication warrant, and it is the other information that attaches to a communication but does not disclose the contents or the substance of that communication that is the associated data. One of the points of bringing this all into one piece of legislation is the hope that by having the three limbs together it will be clearer when advising law enforcement and the carriers on what exactly is content and what is call associated data as new technologies come into place.

Senator LUDWIG —Mr Mark Burgess of the Police Federation of Australia took the committee to the Attorney-General’s letter of 28 May, where there was concern by the Police Federation of Australia that disciplinary proceedings may be caught in various jurisdictions by the phrase a ‘pecuniary penalty’. The view of the Attorney-General seems to be as stated in the letter, ‘... nor will they permit the general use of telecommunications data and police disciplinary proceedings …’ As a consequence, do you need to amend the bill to take a belt-and-braces approach to ensure that it does exclude disciplinary procedures? We have heard some evidence that it could include fines in various state jurisdictions. If there are fines in state jurisdictions, that would amount to a pecuniary penalty and therefore it could apply.

Mr Curtis —The difficulty with these provisions is that they have to try to get across police legislation in each state and territory. What we have adopted is a general approach that sets a standard at pecuniary penalty. As Mr Burgess stated, the only matters that attract pecuniary penalty under the legislation would enable access, and that will in practice exclude a lot of the more minor or administrative offences. It is also important to note in this context that all the information that would be disclosed would in any case be available to internal investigators for those offences under the usual existing 282 provisions, and also that the information that would be disclosed for the purposes of that police disciplinary offence is material that the investigators actually have and know is relevant to a particular investigation. Our view is that, from a public policy point of view, it is appropriate that they should be able to pass on that information and disclose it when it is held.

Senator LUDWIG —In summary, the view of the Attorney-General’s Department is that there is no need to change; it includes a pecuniary penalty and the protection of public revenue and that that should remain and that there is no need to change the bill?

Mr Curtis —Yes.

Senator LUDWIG —With respect to the protection of public revenue, is that a usual phrase that is found in these types of bills? Can you explain what that means?

Ms Smith —It is taken out of the current Telecommunications act, and I understand it has been there since 1997. Agencies such as the Taxation Office, the Child Support Agency and ASIC all take advantage of that particular interpretation in obtaining information to enforce their particular role.

Senator LUDWIG —Have you had an opportunity to look at the Electronic Frontiers submission?

Ms Smith —Yes, we have.

Senator LUDWIG —Is there a document that sets out a response to the Blunn report in terms of the findings and recommendations that have been made and those accepted and those rejected by the AGD?

Ms Smith —It is my understanding that, assuming those provisions are in the current bill, only two or three recommendations have not yet been implemented. A number of the recommendations by Mr Blunn were administrative in nature. But it is something that we could certainly put together in a very short space of time.

Senator LUDWIG —That would be helpful. The question really went to whether there was a government response to the Blunn report?

Ms Smith —No, there was no government response to the Blunn report.

Senator LUDWIG —Do you know whether there is an intention to provide a government response to the Blunn report?

Ms Smith —I would have to take that on notice.

Senator LUDWIG —We can then follow on to the next question, which is of course: can you provide an outline in terms of the Blunn report of those recommendations that have been implemented and those that have not been implemented?

Ms Smith —The department could provide that information to you.

Senator LUDWIG —That would be helpful. Can you comment on those that have not been implemented as to the reason they have not been implemented?

Ms Smith —No, I cannot.

Senator LUDWIG —Do the current bill and the schedules fall under the Blunn report? In other words, were all of the findings and recommendations made by him and, if not, which ones were not?

Ms Smith —No, there are one or two additional provisions.

Ms Kelly —Basically, schedule 1 of the bill falls under the recommendations of the Blunn review. It is schedule 2 that we would be looking at. Where we have provided the definition of ‘child pornography’ into a serious offence that is an additional amendment and is outside the Blunn report. There are also a number of technical amendments in relation to state and territory legislation, which has been changed over time and is referred to in the TIA act and that we have carried through.

Senator LUDWIG —It would be helpful if you had a table that set out those in schedule 2 that fell outside and where they came from—in other words, impetus for those amendments. It does not have to be particularly detailed.

Ms Kelly —There are probably three or four.

Ms Smith —One of the tables that we provided to you today addresses all of those provisions that have been moved over to create the overarching legislation. There are some references in the current act and in the current bill.

CHAIR —Is that the comparison of provisions table?

Ms Smith —Yes. We can do one for schedule 2 as well.

Senator LUDWIG —That would be helpful. EFA raised concerns about prospective information concerning access powers in relation to mobile phones. I am not sure I understand the technology particularly well. You might be able to help me with that. I am speaking about the ability to track mobile phones using GPS data. The Law Council also mentions in its submission that it has some concerns about that and whether or not any consideration has been given for provisions under the surveillance devices legislation laws to operate here. If they can track mobile telephones in real time or in near real time then are you effectively tracking the person? Should that then fall within the surveillance devices legislation? If that is the case, it could be dealt with there. If it is more appropriate here then shouldn’t at least the provisions be consistent? That is the general tenor of the arguments being put forward.

Ms Smith —Access to prospective data already exists under the current regime. In moving it over to the TIA act, we have acknowledged that there are two accesses under section 282 of the act—that is, historical data and information in real time. It is the same information that is accessed under both regimes. It is basically that I called you—my phone number, your phone number. It is the sort of information that is on a telephone bill. If we are using our mobile phones, it will say something like I was in Barton and you were in Parkes. It is that sort of information. As to the idea that it can be used for tracking, a mobile phone sends certain signals up to a cell site indicating that we are in a certain location. At the moment the technology is not such that it will pinpoint where either of us are to any level that you could actually track a person to any point. It could not say that my phone is on at the moment and on silent, but it can say that I am in a particular geographic area. It will not say that I am at Parliament House necessarily and it will not say that I am in this room.

Prospective access is about allowing law enforcement to have access to information that is in existence in telecommunications networks, and it is giving them a near real time so that they can actually investigate crimes. For example, if they have particular numbers under watch because they know a drug deal is going down and they have a belief that a person is in a particular region, be it Sydney at the wharfs to collect something or at a post office roughly in a geographic area, they can use that with other technology that they currently use under surveillance devices to find whether someone is at a place at one time. It may be possible in the future, if industry develops this technology, to pinpoint people; this provision might give that sort of access. But that is something that is certainly a futuristic type situation.

In the comparison between surveillance devices, Commonwealth legislation, what we are proposing here and what currently happens, the Surveillance Devices Act, in providing a warrant, is in effect giving you power to trespass upon a person or a place to implement a device that will then be used to track someone. In relation to a mobile phone, to get a tracking device or get a surveillance devices warrant on a mobile phone, you would have to get some sort of technology that you stick onto the telephone to actually follow the person. That is not capable of happening under a surveillance devices warrant at the moment, because a surveillance devices warrant is all about applying something to a person, to a car, to a place or to a parcel. A tracking device, under the Surveillance Devices Act, is similar in that it allows law enforcement, the Australian Federal Police and the ACC, with the authorisation of a senior officer within that agency, to track a person where there is no trespass involved. They can follow that person, do certain things and use optical where they are not attaching something to a person.

To access prospective information in nil to real time, you need the assistance of the telecommunications provider. It has been the policy that, with any assistance that is needed from a telecommunications provider, there can be no interference by law enforcement without the assistance of the actual provider involved. That is the reason that it would sit within the TIA act rather than within the Surveillance Devices Act.

Senator LUDWIG —With respect to assisted GPS technology on mobile telephones, at the moment we think of radials around a mobile site, say, at Brackenridge. They can already detect by the strength and weakness of the signal how far away you are on that radial. It does not take much to then pinpoint you on that radial with another intersecting line, if you have sufficient technology or new technology to be able to intersect that line, to say whether you are on this side of the radial or that side of the radial. When you have an intersection of the two lines you know precisely where you are. That type of technology is currently being mooted to be introduced in 2007-08. If that is the case, you then ask the provider to provide information, for argument’s sake, in near real time what that data stream is—in other words, what those coordinates are—and that will then give you the location of that mobile phone. It does not have to have a device attached to it. If that is the case, you can ask for a 45-day warrant for the mobile phone. You can then ask the internet service provider, if they have the technology, to provide in near real time where that device is by that system of coordinates, and they can then update that literally by the minute to detect where that mobile phone is and where it is going. And we assume they have a unique identifier of the mobile phone so they know the person who might be carrying it. That seems to be the concern of the EFA. I am not sure that you addressed that point.

Ms Smith —From our perspective that is addressed by the fact that we have acknowledged that there is potentially a greater breach of privacy if a person can access prospective data, and that is why we have separated it out from historical data. We have placed a time limitation on it. We have also limited the agencies that can access this information to criminal law enforcement and national security agencies, and we have made it an offence that is punishable by three years, which is consistent with the surveillance devices legislation.

Senator LUDWIG —The argument seems to be from the EFA that it is an easier process to obtain that prospective data from the ISP than it is to obtain a surveillance device. In other words, the procedure should be the same as their fallback position. Do you agree or disagree with that?

Ms Smith —I do not agree, because I believe that we are establishing certain hurdles that they will have to get through to access this information. There is also something called the Communications Access Coordinator’s determination, in which we will prescribe all of the hurdles that an agency must go through before they can obtain this information and the kind of form that it has to be in. We will dictate fairly stringent guidelines for how this information is accessed. We obviously do not have any guidelines at the moment, because that is something that will be developed. That relates to section 183 of the bill, which talks about the kind of information that we can put into these standard authorisations. I think it is equivalent to the tracking devices underneath the Surveillance Devices Act, namely, that a senior officer within the Australian Federal Police can obtain one of these prospective warrants. It is an authorisation and not a warrant in both cases. If we are talking about tracking, certainly the AFP can track now with one of these authorisations. As far as commenting on the capabilities of what might be available in the network—

Senator LUDWIG —I am only guessing.

Ms Smith —I was going to say, firstly, I do not know and, secondly, I would not comment on capabilities, anyway.

Federal Agent Lammers —As you know, we can already track mobile phones pursuant to the Surveillance Devices Act. That is the physical method of locating and tracking a mobile phone. The thing that has interfered with our ability to do that has not been a technical ability but an ability to get information in near or close to real time from the carriers. That has always been our obstacle. You might remember the AFP saying before that the technology already exists to do this, but it is just not possible given some of the constraints from the carriers. With the emergence of technology the carriers now have the capacity to provide the Australian Federal Police and other law enforcement agencies with that information close to real time. We see that as little more than police’s ability to perform its normal function—a tool of the trade, if you will—and not elevated to anything that is possibly captured by the T(IA) Act, which is why it has been removed. The Surveillance Devices Act gives us the ability to track a mobile phone and a number of other targets, and these amendments give us access to the information, because if not for this information then we could not even track the mobile phones. The internal authorisation process that has been established for the Surveillance Devices Act we say is at sufficient threshold to allow us to get access to the data that the telcos currently have.

Senator LUDWIG —Are you saying that they are related but distinct matters, that one is about the actual device and surveillance devices and one is about access to the information?

Federal Agent Lammers —That is exactly right. Up until now we have been able to do what we do in terms of tracking or, more accurately, locating a mobile phone and then following that mobile phone using historical data. The difficulty there is by the time we get that from the telcos the person whom we are tracking or trying to locate may be well outside the cell site that you spoke about just a moment ago. In times of emergency it makes that real time tracking very difficult and cumbersome. So, with the advent of technology and the way the carriers have moved on, we now have the possibility of locating and tracking mobile phones. This is much easier than in the past, and with the safeguards that we are not accessing any of the content associated with any messages that might flow backwards and forwards from a mobile phone. It is just the information that allows us to locate that in a geographical sense.

Senator LUDWIG —The CrimTrac agency is now being sought to be included to apply for stored communication. What was the basis for CrimTrac being included?

Ms Kelly —They are not an enforcement agency for stored communications. They are an enforcement agency in terms of telecommunications data. That is an existing provision under the Telecommunications Act. You may be aware that CrimTrac had a name change from the National Exchange of Police Information, which was existing. At this stage we have transferred over the agencies provided within the definition of ‘enforcement agency’ under the Telecommunications Act and we are looking to see whether or not it is appropriate that they continue to be within that definition. Until such time as we can actually establish that it is not appropriate, we have not removed them.

Senator LUDWIG —That was on the basis of their role and function from whence they came. But can you say clearly that they cannot apply for stored communication?

Ms Kelly —They cannot apply for stored communications. I believe they have a role in terms of accessing data for some state and territory police organisations but we are working through those issues.

Senator LUDWIG —With respect to stored communication, my recollection of that bill was that it ultimately came down to what was overt and covert. Covert was said to be an appropriate use of stored communication. In other words, you could not access it at that point. Does this bill change that in any way regarding the near real time data obtained?

Ms Smith —No. The near real time data only has to do with data that is not content.

Senator LUDWIG —Is it the content that would then be subject to the stored communication warrant?

Ms Smith —That is correct.

Senator LUDWIG —Is it still subject to the stored communication warrant?

Ms Smith —Yes.

Senator LUDWIG —It is still not covert and is not affected by it?

Ms Smith —Access to stored communications is covert to the extent that the law enforcement agency goes directly to the provider and accesses it, so that is unchanged. If they want that information in near to real time then they have to do an interception warrant.

Senator LUDWIG —Whilst it had not been delivered it was in the transitory stage, before delivery, and then they would require a warrant?

Ms Smith —Yes. They would require a warrant in both circumstances once it was delivered as well if they wanted to get it from the provider.

Senator LUDWIG —That is the content?

Ms Smith —That is correct. The other information—

Senator LUDWIG —That is the call data?

Ms Smith —If they only want call data, then they can go down the third limb. If they want content and call data they have to go to the higher threshold.

Senator LUDWIG —I raised this earlier but perhaps you can resolve the matter for me. There are probably many explanations but I would like to hear them from you, Ms Smith. Page 13 of the explanatory memorandum, where it deals with secondary disclosure, says:

For example, if during the course of an investigation in relation to taxation fraud, the Australian Taxation Office obtains telecommunications data that concerns drug trafficking ...

Does that presuppose that they have already admitted their occupation of being a drug trafficker to the ATO?

Ms Smith —That would be one reasonable answer. It is possibly more likely that, as part of the investigation, they have found that they have an enormous amount of money—

Senator LUDWIG —There is no other conclusion; they did not win Gold Lotto?

Ms Smith —that they have received information about whom they called with the numbers and that sort of thing; it may be a known drug trafficker they are dealing with and they feel that the information should be passed on. In fact I did listen to that evidence before I left the office, and there would be no way that the Australian Taxation Office would have any content, so it would obviously be very difficult for them to decide that it relates to a drug trafficker. There would have to be information in those numbers they have called or perhaps there were internet sites they visited—if they are making calls to Columbia and that sort of thing—which would give rise to a presumption that that information is to do with drug trafficking. Another possible, more sensible, example may be that, if they have information about particular websites they are visiting and that has to do with child pornography, it might be referred on to the Australian Federal Police for investigation.

Senator LUDWIG —That is what came to my mind as a more practical example, rather than drug trafficking, where you could have a clear relationship with the crime.

Ms Smith —Indeed. In fact we are looking at amending the EM in a couple of other cases, and I think we will pick that one up.

Senator LUDWIG —It just seemed to me that they would have to have the occupation, and I presume the ATO may have already passed that information on if that was recorded.

Senator PARRY —We had some evidence earlier today from the Australian Mobile Telecommunications Association that clause 187(2) of the bill may extend to information that they will not have in their possession. Did you hear that evidence at all?

Ms Smith —Yes, I did hear that evidence.

Senator PARRY —Do you want to make any comment on that?

Ms Smith —I think what they were referring to was being asked by law enforcement or by the Attorney-General’s Department in developing interception capability to provide assistance on something outside their network control, whether it be an overseas provider or whether it be a handset provider. The comments that I would make are that you may be aware of some recent amendments that an agency can access a warrant to intercept an actual handset, an IMEI, but there has to be a relationship between that IMEI and the INSI, being the sim card, so law enforcement will seek assistance from a provider in relation to a handset but they will not ask them to dissect a particular handset manufacturer’s new handset to see all the technology in it, they will only ask to the extent that they are providing a service over that.

Senator PARRY —There would be no penalty or imposition upon the provider if they cannot provide information that is not within their realm to provide?

Ms Smith —That is correct. It is only with regard to the intercept capability over services within their control. Of course, they have control in their network over services that are not handled by them because they have commercial relationships with smaller providers to carry their traffic. We would seek their assistance on occasion on those ones.

Senator PARRY —Thank you. I refer to clause 188, concerning delivery points. I am still not sure of the department’s position and why the department wants one point of access or control of access points or delivery points. I have read the EM, and it seems to be a fairly important point. Can you explain the reasoning behind delivery points: why there is a control over where the delivery points shall be and the right of the CAC to say that they do not approve of a particular delivery point, that they want a better delivery point? What is the reasoning?

Ms Smith —I will pass to my colleague, Mr Markey, but first off I will say that we moved the provisions over from the current Telecommunications Act, as they stand.

Mr Markey —To clarify the delivery point: the first step in deciding the delivery point is that the carriage service provider decides where that delivery point is, so they make that decision.

Senator PARRY —Is the delivery point the place or the location where the information provided is transmitted to the agency requesting, or is it where the information that is intercepted is first obtained? What is the delivery point?

Mr Markey —If you refer to the diagram provided, it would probably better explain delivery points and the interception capability and delivery capability. Interception capability obviously happens within the domain of the carrier at certain points within their network. It was decided for a telecommunications service that an agreed delivery point to deliver that intercepted data be delivered to that delivery point and then be mediated by the delivery capability before then sending it on to the intercepting agencies.

Senator PARRY —What do you mean by mediated?

Mr Markey —Mediated is with regard to the format of the data. For example, the interceptor putting in headers saying, for example, ‘warrant ID’.

Senator PARRY —Presented in a reportable form?

Mr Markey —Exactly.

Senator PARRY —It has nothing to do with the physical interception. It is just a location where it is put into some form that can then be delivered to the agency requiring it?

Mr Markey —Yes. It is also a cost demarcation line of the obligations of the carrier and also the obligations of the government, of who pays for interception capability and who pays for delivery capability.

Senator PARRY —I think we are getting to the crux of the matter. My final question is on costs. How are you going to determine what is a fair and reasonable cost that the operator or agency will charge?

Ms Smith —It is interesting that you say that. That is often the complaint of both industry and agencies alike: what is a reasonable cost. There is an arbitration role that ACMA can undertake if either side is unhappy with how that is determined. Essentially, in relation to the provision of this information, contracts are developed between the agencies and the carriers in relation to the interception capability. In relation to call associated data, there tends to not be any contracts in place; it is based on the actual cost to the carrier. For example, if someone were to be called out at midnight on a public holiday, the costs for that are much higher. It is based on the costs that the carrier has to actually physically pay that person as well as going into that part of the infrastructure, because they get their money back on what they have spent. The premise in the Telecommunications Act is that there should be no profit or loss on the part of either party. There have not been complaints about this where they have been prepared to take it to ACMA, from either side. It is an area that we often provide advice on and suggest that matters are referred. I checked with ACMA last week to see if they have had anything referred to them in the last couple of years, and there have not been any.

Senator PARRY —At a different committee and a different format, we were discussing costs and a commissioner of police indicated that it was a fairly substantial cost to his agency to undertake telephone interceptions. Are you saying that it will only be cost recovery for labour and it will not be return on investment or return on infrastructure components?

Mr Markey —As far as the agreement between the Commonwealth and the carrier is concerned, it is on a carrier basis and it includes the cost of infrastructure, the labour, the project management, the administration and the logistic costs, probably up to periods of three years, of maintaining that capability.

Senator PARRY —Do you feel that these costs are fair and reasonable?

Ms Smith —We are not involved in the costs at all. As I have said, ACMA holds that role quite clearly as arbitrator so we refer any concerns to ACMA. We do not make comment on that.

Senator PARRY —Your evidence is based upon the fact that there is really no complaint and that it seems to be working smoothly as it currently exists. Will the costing arrangements under the new provisions stay the same?

Ms Smith —There has been one very minor change under the costing, and that is that we have made it clear that anyone who gets access to call associated data from a carrier for whatever reason must pay. In the past some Commonwealth and state agencies have sought information under the powers of their own legislation and have not paid for that information. Law enforcement, who always apply under certain provisions and certain Commonwealth agencies, have always paid. We are amending it in this bill to make it that everyone pays.

Senator PARRY —It is fairer and more equitable?

Ms Smith —Yes, it should be fairer and more equitable.

Senator PARRY —The industry should be happy with that. Do you anticipate an increase in interceptions under the new provisions or just business as usual?

Ms Smith —I would say business as usual.

Senator PARRY —Finally I turn to the cost side of it. You have the delineation that the agency costs are basically up to the delivery point and the costs on the carrier are when you do the physical handover—at that point the costing stops. Are there any other costs involved that industry would have to bear?

Ms Smith —No, other than the legal costs in negotiating contracts with the Commonwealth.

Senator PARRY —Does that happen very often?

Ms Smith —No.

Mr Markey —With regard to negotiations for contracts, the lead agency negotiates contracts on behalf of the government with a number of carriers or carriage service providers to provide delivery capability from that delivery point.

Senator PARRY —Thank you.

Senator KIRK —I have a few questions arising out of the evidence given to us today by the Australian Mobile Telecommunications Association. They have suggested that there be an amendment to schedule 1, item 11 of the new section 6R, regarding the requirement for CAC to take into account the objects and regulatory policy of the Telecommunications Act. They suggest that amendment in order to clarify matters. I wonder what the department’s view is about that.

Ms Smith —Our view is that that is unnecessary. The objects of the Telecommunications Act are picked up under several of the powers of the Communications Access Coordinator, also known as the CAC. There are particular provisions where the minister can make determinations in relation to interception capability plans. The objectives of the act are picked up there. The applications for exemptions and the objectives are picked up there. We feel that the decision-making powers that the CAC has refer implicitly but we have made them explicit in particular of the provisions. You will note that those provisions have also picked up the interests of national security and law enforcement and particular ones have picked up the interests of privacy, and there is a required consultation with the Privacy Commissioner. We feel that they are already in there. The role of the CAC is to make decisions on behalf of law enforcement—national security—in relation to particular things, so we are not sure that it would add anything. The definition, except for the change of the name from the agency coordinator, is exactly as it has been since 1997 and it has worked extremely successfully.

Senator KIRK —They also had some difficulties with the definition of ‘interception capability’ in the bill. Did you hear what they had to say about that?

Ms Smith —Yes, we did.

Mr Markey —In going back to the diagram, the interception capability refers to the carrier or carriage service provider having the capability to intercept the telecommunications service and deliver it to a delivery point. It is in regard to any telecommunications service that they provide that that service should be interceptable.

Senator KIRK —They are concerned that it would extend to handsets which are not within the control of the carrier and/or applications hosted overseas.

Mr Markey —AMTA were talking about customer premise equipment and they referred to the Telecommunications Act. Within the Telecommunications Act ‘customer premise equipment’ refers to the equipment that resides within the premise of the customer—for example, mainframes, network terminating units, routers and switches. They gave examples of how in the new technology age these are becoming less in control of the carrier. In our view in some cases in the industry they manage or remotely manage those routers, switches or mainframes. Therefore, we believe with regard to the definition under the act that the physical location does not dictate whether or not the equipment is under the control of the carrier.

Senator KIRK —What about a mobile phone handset—that is not within the control of the carrier?

Mr Markey —That is correct. I will redefine that. If it is not in the control of the carrier then they have no obligation.

Senator KIRK —I see. So that control element is taken into account?

Mr Markey —I believe so.

Ms Smith —Except to the extent that a handset is connected with a service and that the provider is intercepting on behalf of the agency, they can intercept on the handset. There is a warrant that lawfully allows them to intercept an IMEI. To the extent that we need their assistance in relation to intercepting the handset that is connected to one of their services, we seek that assistance. What we do not ask them to do is to provide us with information on how to intercept a handset. A handset is of no significance unless there is a service attached to it.

You also mentioned overseas providers. The reality is that many providers in Australia are currently rolling out overseas services that they purchase overseas and repackaging them as their own. To the extent that they repackage it or badge it as a particular phone service of their own, clearly they will have to provide assistance with that. There is an exemption regime if they are unable to assist law enforcement—they go to the CAC and the CAC will consider their request. The underlying premise of this is that it is not an opt-in system interception capability; it is an opt-out system. All services on an equal, level playing field must have interception capability unless currently the agency coordinator, and in the future the CAC, decides for certain reasons, including the objects of the Telecommunications Act, that interception capability is not viable in that case.

Senator KIRK —I wanted to ask about exemption power. AMTA also suggested that there should be some kind of cap or time limit on the period during which a refusal of an exemption by the CAC under section 193(6) can take place. They were suggesting a period of 180 days. I understand that at the moment it is unlimited.

Ms Smith —No. An amendment came in a few years ago to the Telecommunications Act that places a 60-day time limit upon the agency coordinator to make a decision in relation to an exemption. The reality is that all decisions are made well within those 60 days. The 60-day time limit is a limit upon the department to actually administratively move this forward and make a decision. If after those 60 days the department has not made a decision in relation to that application then there is an automatic exemption granted so that a carrier will not be in breach of the legislation, because if it was automatically granted that no exemption existed then they would be in breach of the legislation. The situation is such that when any application for exemption is made, if it is a complex one—if there is a potential that an exemption will not be granted—we engage immediately with the provider so that there will be no potential surprises. We try to work with them to come up with a solution if we believe that they strongly need interception capability. What was not mentioned in the evidence from AMTA or Telstra—I am not sure which one it was—was that we seek that the providers ask for an exemption from their capability prior to the rollout of that service, because we do not want to slow down the rollout of services and that sort of thing. If it can all be done prior to the rollout of service then there will not be that 180-day concern that they are talking about. We do not ask them to retrofit; we ask them to talk to us in advance of rolling out a service. They all know they have to have capability. If they cannot meet it or for some reason they think it is not appropriate, we want to work with them on the exemption issue. There are many compromises, which I would not want to go into on the public record but I could go into in camera, as to how we would work that exemption process.

Senator KIRK —The matter really should not arise?

Ms Smith —No. I asked my staff before I came out if we had had one in the last two years that went over the 60 days and the answer to that was no.

CHAIR —Some witnesses here today have talked about the consultation process. Are you happy with the consultation process, that it has picked up the different measures and amendments that needed to be made and that they have all been addressed and taken into account?

Ms Smith —There has been exceptional consultation on this particular bill. We have had a very broad-ranging level of consultation and a lot of that is because we now have a branch within the department that is putting resources into spending much time with our stakeholders. I will pass to Mr Curtis, who ran our consultation process, to talk about it. Essentially, the only comment I would make is where it is clear that there is an impasse and we need to do a lot more work, we prefer to move the provisions over as they are in a standard form that has been accepted for 10 years rather than try to change them at this point. In talking to our stakeholders we acknowledged that more work would be needed in the longer term on that, and standards was the case that was mentioned earlier.

Mr Curtis —In the first place we developed the draft legislation in close consultation with Commonwealth government agencies. That was an internal consultation process. We released the exposure draft of the bill in February and we received 32 submissions addressing the various provisions. To follow up on that we also had a number of meetings and conversations with industry groups and various submitters to work through some of the issues that they raised. Quite a few of the issues that they have raised have resulted in amendments between the exposure draft and the one that was subsequently introduced.

CHAIR —I note that we have received a couple of later submissions. I am not sure whether you have had a chance to have a look at them. They include the Law Council, Western Australian Police and the Office of the Privacy Commissioner. I will draw those to your attention. If there is anything in them in particular that you would wish to draw to our attention, please do so. The Office of the Privacy Commissioner recommended that there should be a provision inserted into the bill to mandate the destruction of any call data voluntarily disclosed to ASIO. I was just wondering if you had a view on that.

Ms Smith —If we are going to provide comments on each of the submissions then we are more than happy to include that. There are destruction provisions within the TIA Act relating to interception and some stored communications. We have not really turned our mind to destruction. We have turned our mind to making an overarching piece of legislation and passing elements over from the current Telecommunications Act.

CHAIR —The privacy issues are obviously equally as important. I will just go back to an answer Mr Curtis gave earlier to a question from Senator Ludwig about the Police Federation’s concerns about pecuniary interest. We have the response from the Attorney-General in that letter that was referred to, but could that definition of ‘pecuniary interest’ be narrowed to perhaps just focus on exempting disciplinary proceedings for those police officers concerned? Or can the definition of ‘pecuniary interest’ just be narrowed to some degree? Has any thought been given to that? The Police Federation were fervent in their views to the committee earlier as to the importance of this to their members. I am happy for Mr Lammers to respond as well if he wishes.

Federal Agent Lammers —I cannot comment directly on the PFA’s comments. However, from the Australian Federal Police point of view, we do not have a problem with any system that adds accountability to our processes.

Mr Curtis —In general terms it would not be appropriate to exclude pecuniary penalties overall. Obviously under some of the individual state and territory police acts some of the pecuniary penalties that would trigger the secondary disclosure provisions would be quite serious. Given that ‘pecuniary penalty’ is a fairly broad term, the alternative would be to try to insert more detailed definitions that relate and encompass all those different state and territory police acts. Before we did that we would need to consult closely with each of the state and territory police commissioners. It should also be said that, because the definitions in question that are giving the Police Federation trouble are in the state and territory legislation, our view is that it is probably better that they deal with it as a matter under the state employment legislation. Many of the police employment acts do not contain pecuniary penalties. I understand that the AFP is one of those, so it is very broad.

CHAIR —They indicated two jurisdictions. AFP was one and I am not sure what the other one was but it did not include a pecuniary interest provision. Thank you for your feedback. I know Mr Curtis has the ability to consider both sides of the argument, having been on this side of the table and now on that side of the table.

Mr Curtis —I have been well trained in this.

Ms Smith —He has been.

CHAIR —We appreciate your impartiality. You have answered some of the questions from EFA. EFA also raised the definition of content and data with regard to web browsing and the internet. If you are looking at a site and it tells you about a certain event on a certain date, it is pretty clear what is going on. From my perspective it appears that there is a possible blurring of the definition. Do you see that as a concern, that it is problematic or not specifically?

Ms Smith —We are thankful to EFA because they picked up a problem with the EM, which we will correct. On one page we say, ‘URL is content’ and then on another page we say that it is not. So we will certainly clarify that. In relation to getting call-associated data regarding an IP address that can identify a web page, that is not content because all it does is tell a law enforcement agency that a certain target went to a certain website. It does not tell them any other details. It does not tell them that they then went into their bookings online or via their travel agent or that they downloaded particular information. It does not give them any knowledge of the substance as to why they were on that web page. URLs are a little different because they will then point out the continuum of where the person actually went to. Mr Markey is the technical person, so I will ask him to comment on the differentiation. But I will just say one other thing. It is very important that we keep this technologically neutral. Every day a new technology comes up, a new name comes up. We generally talk about metadata, which is all of the information that is not content, but what I would assure the committee is that we do provide legal advice to law enforcement and to industry alike. They will come to us when they get a warrant. They will come to us when they get a request and they will say that they are concerned about it. We will take any new technology on board and provide advice as quickly as we can on these particular issues.

Mr Markey —With regard to web URLs—or URIs—and how an apparatus finds that on the internet, I will go back to the analogy of when we used to make telephone calls; if we had call charge records we would have a list of numbers that a person called but it does not show content. It is the same reason with the URL. It would have a web server log with a list of URLs and by that nature it does not show content, it just shows a list of URLs. If an officer wants to phone those numbers and find out what they are they could ring them systematically. It is the same with a computer. When they go and click that button to search that URL, it is the same thing. The request is done automatically from that PC to a domain name server or system to find that URL over the internet. But it does not actually look at content; it is just trying to find that address within the internet.

Ms Kelly —A practical example of that is: if you have call-associated data from a telephone call and you find the number is associated with, say, the Medicare office, when somebody is looking up the Medicare office on the internet the call-associated data is the same thing. It just provides you with the information of who that person communicated with, whether or not it is the Medicare telephone number or the Medicare home page, so it is very much akin to that.

Ms Smith —But that access and that information that you get, that IP address, does not give them a glimpse of my typing in my Medicare number and my claiming back a doctor’s appointment on 6 December. It does not give any of that information. Another example would be that you went to the library and borrowed a book. It does not tell you what page you were reading. It just says that you have an interest in a particular book, which is publicly available information. We are very careful to ensure that no content whatsoever is available under these provisions. There are two very strong regimes for access to content, being stored communication and intercept. We are very, very careful about that.

CHAIR —You have been asked questions about CrimTrac. That has been an issue that has come up today on a number of occasions. Concerns have been expressed that it is not a law enforcement agency, but nevertheless the information is being transferred over. You have answered that. I will have a look at the Hansard, but if there is anything further that you wanted to do to alleviate any concerns about that issue, that would be appreciated.

Ms Smith —We are dealing with CrimTrac. We need to go back to the basic policy of why they were placed in there in the first instance. That is something we are certainly working on and, again, we thank those who put in the submissions for bringing it to our attention.

Mr Curtis —We have sought clarification from them already.

CHAIR —What is your position then on CrimTrac?

Ms Smith —We do not have a position yet because we are still working on it. They gave us some information, and we have gone back to them to say, ‘On this basis, should we recommend your removal from this system?’ They are obviously talking to the head of CrimTrac. Again, this is one of those historical situations where NEPI was given access by the communications department some years ago, so we need to go into that further.

CHAIR —Are we likely to get an answer in the near future?

Ms Smith —We will be responding to the different things that have been raised in that, so we hope to be able to give you something on that.

CHAIR —Thank you very much for your evidence today.

Committee adjourned at 5.06 pm