Title Schedule 2—Computer access warrants etc.
Database Bills & Legislation
Long Title a Bill for an Act to amend the law relating to telecommunications, computer access warrants and search warrants, and for other purposes
Date 20-09-2018 11:33 AM
Source House of Reps
Parl No. 45
Bill Number 204/18
Bill Type Government
Portfolio Home Affairs
Reps Bill Code O
Status Act
System Id legislation/bills/r6195_first-reps/0002


Schedule 2—Computer access warrants etc.

Schedule 2—Computer access warrants etc.

Part 1—Amendments

Australian Security Intelligence Organisation Act 1979

1  Section 4

Insert:

intercept a communication passing over a telecommunications system has the same meaning as in the Telecommunications (Interception and Access) Act 1979.

2  Subsection 24(4) (definition of relevant device recovery provision)

After “subsection”, insert “25A(8),”.

3  Subsection 24(4) (definition of relevant device recovery provision)

Omit “or (3B)”, substitute “, (3B) or (3C), 27E(6)”.

4  Paragraph 25A(4)(ab)

Repeal the paragraph, substitute:

                   (ab)  if, having regard to other methods (if any) of obtaining access to the relevant data which are likely to be as effective, it is reasonable in all the circumstances to do so:

                              (i)  using any other computer or a communication in transit to access the relevant data; and

                             (ii)  if necessary to achieve that purpose—adding, copying, deleting or altering other data in the computer or the communication in transit;

5  After paragraph 25A(4)(ab)

Insert:

                    (ac)  removing a computer or other thing from premises for the purposes of doing any thing specified in the warrant in accordance with this subsection, and returning the computer or other thing to the premises;

6  After paragraph 25A(4)(b)

Insert:

                   (ba)  intercepting a communication passing over a telecommunications system, if the interception is for the purposes of doing any thing specified in the warrant in accordance with this subsection;

7  At the end of section 25A

Add:

Concealment of access etc.

             (8)  If any thing has been done in relation to a computer under:

                     (a)  the warrant; or

                     (b)  this subsection;

the Organisation is authorised to do any of the following:

                     (c)  any thing reasonably necessary to conceal the fact that any thing has been done under the warrant or under this subsection;

                     (d)  enter any premises where the computer is reasonably believed to be, for the purposes of doing the things mentioned in paragraph (c);

                     (e)  enter any other premises for the purposes of gaining entry to or exiting the premises referred to in paragraph (d);

                      (f)  remove the computer or another thing from any place where it is situated for the purposes of doing the things mentioned in paragraph (c), and returning the computer or other thing to that place;

                     (g)  if, having regard to other methods (if any) of doing the things mentioned in paragraph (c) which are likely to be as effective, it is reasonable in all the circumstances to do so:

                              (i)  use any other computer or a communication in transit to do those things; and

                             (ii)  if necessary to achieve that purpose—add, copy, delete or alter other data in the computer or the communication in transit;

                     (h)  intercept a communication passing over a telecommunications system, if the interception is for the purposes of doing any thing mentioned in this subsection;

                      (i)  any other thing reasonably incidental to any of the above;

at the following time:

                      (j)  at any time while the warrant is in force or within 28 days after it ceases to be in force;

                     (k)  if none of the things mentioned in paragraph (c) are done within the 28‑day period mentioned in paragraph (j)—at the earliest time after that 28‑day period at which it is reasonably practicable to do the things mentioned in paragraph (c).

8  After subsection 27A(3B)

Insert:

          (3C)  If any thing has been done in relation to a computer under:

                     (a)  a warrant under this section that authorises the Organisation to do acts or things referred to in subsection 25A(4); or

                     (b)  this subsection;

the Organisation is authorised to do any of the following:

                     (c)  any thing reasonably necessary to conceal the fact that any thing has been done under the warrant or under this subsection;

                     (d)  enter any premises where the computer is reasonably believed to be, for the purposes of doing the things mentioned in paragraph (c);

                     (e)  enter any other premises for the purposes of gaining entry to or exiting the premises referred to in paragraph (d);

                      (f)  remove the computer or another thing from any place where it is situated for the purposes of doing the things mentioned in paragraph (c), and returning the computer or other thing to that place;

                     (g)  if, having regard to other methods (if any) of doing the things mentioned in paragraph (c) which are likely to be as effective, it is reasonable in all the circumstances to do so:

                              (i)  use any other computer or a communication in transit to do those things; and

                             (ii)  if necessary to achieve that purpose—add, copy, delete or alter other data in the computer or the communication in transit;

                     (h)  intercept a communication passing over a telecommunications system, if the interception is for the purposes of doing any thing mentioned in this subsection;

                      (i)  any other thing reasonably incidental to any of the above;

at the following time:

                      (j)  at any time while the warrant is in force or within 28 days after it ceases to be in force;

                     (k)  if none of the things mentioned in paragraph (c) are done within the 28‑day period mentioned in paragraph (j)—at the earliest time after that 28‑day period at which it is reasonably practicable to do the things mentioned in paragraph (c).

9  Paragraph 27E(2)(d)

Repeal the paragraph, substitute:

                     (d)  if, having regard to other methods (if any) of obtaining access to the relevant data which are likely to be as effective, it is reasonable in all the circumstances to do so:

                              (i)  use any other computer or a communication in transit for the purpose referred to in paragraph (c); and

                             (ii)  if necessary to achieve that purpose—add, copy, delete or alter other data in the computer or the communication in transit;

10  After paragraph 27E(2)(d)

Insert:

                   (da)  remove a computer or other thing from premises for the purposes of doing any thing authorised under this subsection, and returning the computer or other thing to the premises;

11  After paragraph 27E(2)(e)

Insert:

                    (ea)  intercept a communication passing over a telecommunications system, if the interception is for the purposes of doing any thing authorised under this subsection;

12  At the end of section 27E

Add:

Concealment of access etc.

             (6)  If any thing has been done in relation to a computer under:

                     (a)  a subsection (2) authorisation; or

                     (b)  under this subsection;

the Organisation is authorised to do any of the following:

                     (c)  any thing reasonably necessary to conceal the fact that any thing has been done under the subsection (2) authorisation or under this subsection;

                     (d)  enter any premises where the computer is reasonably believed to be, for the purposes of doing the things mentioned in paragraph (c);

                     (e)  enter any other premises for the purposes of gaining entry to or exiting the premises referred to in paragraph (d);

                      (f)  remove the computer or another thing from any place where it is situated for the purposes of doing the things mentioned in paragraph (c), and returning the computer or other thing to that place;

                     (g)  if, having regard to other methods (if any) of doing the things mentioned in paragraph (c) which are likely to be as effective, it is reasonable in all the circumstances to do so:

                              (i)  use any other computer or a communication in transit to do those things; and

                             (ii)  if necessary to achieve that purpose—add, copy, delete or alter other data in the computer or the communication in transit;

                     (h)  intercept a communication passing over a telecommunications system, if the interception is for the purposes of doing any thing mentioned in this subsection;

                      (i)  any other thing reasonably incidental to any of the above;

at the following time:

                      (j)  at any time while the authorisation is in force or within 28 days after it ceases to be in force;

                     (k)  if none of the things mentioned in paragraph (c) are done within the 28‑day period mentioned in paragraph (j)—at the earliest time after that 28‑day period at which it is reasonably practicable to do the things mentioned in paragraph (c).

13  Subsection 33(1)

Repeal the subsection.

14  Paragraph 34(2)(b)

After “25A(4)”, insert “or (8) or 27A(3C)”.

15  Paragraph 34(2)(b)

After “27E(2)”, insert “or (6)”.

16  At the end of section 34

Add:

             (3)  For the purposes of this section, any thing done under subsection 25A(8) is taken to have been done under a warrant issued under section 25A.

             (4)  For the purposes of this section, any thing done under subsection 27A(3C) is taken to have been done under a warrant issued under section 27A.

             (5)  For the purposes of this section, any thing done under subsection 27E(6) is taken to have been done under a warrant issued under section 27C.

17  Subsection 34AA(5) (definition of relevant authorising provision)

Before “26B(5)”, insert “25A(8),”.

18  Subsection 34AA(5) (definition of relevant authorising provision)

Omit “or (3B)”, substitute “, (3B) or (3C), 27E(6)”.

Mutual Assistance in Criminal Matters Act 1987

25  Subsection 3(1) (definition of protected information)

After “44(1)(a),”, insert “(aa),”.

26  After Part IIIBA

Insert:

Part IIIBB—Assistance in relation to data held in computers

  

15CB  Simplified outline of this Part

•      If a foreign country requests the Attorney‑General to arrange for access to data held in a computer, the Attorney‑General may authorise an eligible law enforcement officer to apply for a computer access warrant under section 27A of the Surveillance Devices Act 2004.

•      The authorisation relates to an investigation, or investigative proceeding, relating to a criminal matter involving an offence against the law of the foreign country.

Note:          See subsection 27A(4) of the Surveillance Devices Act 2004.

15CC  Requests by foreign countries for assistance in relation to data held in computers

             (1)  The Attorney‑General may, in the Attorney‑General’s discretion, authorise an eligible law enforcement officer, in writing, to apply for a computer access warrant under section 27A of the Surveillance Devices Act 2004 if the Attorney‑General is satisfied that:

                     (a)  an investigation, or investigative proceeding, relating to a criminal matter involving an offence against the law of a foreign country (the requesting country) that is punishable by a maximum penalty of imprisonment for 3 years or more, imprisonment for life or the death penalty has commenced in the requesting country; and

                     (b)  the requesting country requests the Attorney‑General to arrange for access to data held in a computer (the target computer); and

                     (c)  the requesting country has given appropriate undertakings in relation to:

                              (i)  ensuring that data obtained as a result of access under the warrant will only be used for the purpose for which it is communicated to the requesting country; and

                             (ii)  the destruction of a document or other thing containing data obtained as a result of access under the warrant; and

                            (iii)  any other matter the Attorney‑General considers appropriate.

             (2)  The target computer may be any one or more of the following:

                     (a)  a particular computer;

                     (b)  a computer on particular premises;

                     (c)  a computer associated with, used by or likely to be used by, a person (whose identity may or may not be known).

             (3)  In this section:

computer has the same meaning as in the Surveillance Devices Act 2004.

data has the same meaning as in the Surveillance Devices Act 2004.

data held in a computer has the same meaning as in the Surveillance Devices Act 2004.

eligible law enforcement officer means a person mentioned in column 3 of item 5 of the table in subsection 6A(6), or in column 3 of item 5 of the table in subsection 6A(7), of the Surveillance Devices Act 2004.

Surveillance Devices Act 2004

27  Title

After “devices”, insert “and access to data held in computers”.

28  After paragraph 3(a)

Insert:

                  (aaa)  to establish procedures for law enforcement officers to obtain warrants and emergency authorisations that:

                              (i)  are for access to data held in computers; and

                             (ii)  relate to criminal investigations and the location and safe recovery of children to whom recovery orders relate; and

29  After paragraph 3(aa)

Insert:

                (aaaa)  to establish procedures for law enforcement officers to obtain warrants for access to data held in computers in cases where a control order is in force, and access to the data would be likely to substantially assist in:

                              (i)  protecting the public from a terrorist act; or

                             (ii)  preventing the provision of support for, or the facilitation of, a terrorist act; or

                            (iii)  preventing the provision of support for, or the facilitation of, the engagement in a hostile activity in a foreign country; or

                            (iv)  determining whether the control order, or any succeeding control order, has been, or is being, complied with; and

30  After paragraph 3(b)

Insert:

                   (ba)  to restrict the use, communication and publication of information that is obtained through accessing data held in computers or that is otherwise connected with computer data access operations; and

31  Paragraph 3(c)

After “surveillance device operations”, insert “and computer data access operations”.

32  Subsection 4(1)

Omit all the words after “Territory,”, substitute:

that:

                     (a)  prohibits or regulates the use of surveillance devices; or

                     (b)  prohibits or regulates access to data held in computers.

33  After subsection 4(4)

Insert:

          (4A)  For the avoidance of doubt, it is intended that a warrant may be issued, or an emergency authorisation given, under this Act:

                     (a)  for access to data held in a computer; and

                     (b)  in relation to a relevant offence or a recovery order.

34  After subsection 4(5)

Insert:

          (5A)  For the avoidance of doubt, it is intended that a warrant may be issued under this Act for access to data held in a computer in a case where a control order is in force, and access to the data would be likely to substantially assist in:

                     (a)  protecting the public from a terrorist act; or

                     (b)  preventing the provision of support for, or the facilitation of, a terrorist act; or

                     (c)  preventing the provision of support for, or the facilitation of, the engagement in a hostile activity in a foreign country; or

                     (d)  determining whether the control order, or any succeeding control order, has been, or is being, complied with.

35  Subsection 6(1)

Insert:

carrier means:

                     (a)  a carrier within the meaning of the Telecommunications Act 1997; or

                     (b)  a carriage service provider within the meaning of that Act.

communication in transit means a communication (within the meaning of the Telecommunications Act 1997) passing over a telecommunications network (within the meaning of that Act).

36  Subsection 6(1) (definition of computer)

Repeal the definition, substitute:

computer means all or part of:

                     (a)  one or more computers; or

                     (b)  one or more computer systems; or

                     (c)  one or more computer networks; or

                     (d)  any combination of the above.

37  Subsection 6(1)

Insert:

computer access warrant means a warrant issued under section 27C or subsection 35A(4) or (5).

control order access warrant means a computer access warrant issued in response to an application under subsection 27A(6).

data includes:

                     (a)  information in any form; and

                     (b)  any program (or part of a program).

data held in a computer includes:

                     (a)  data held in any removable data storage device for the time being held in a computer; and

                     (b)  data held in a data storage device on a computer network of which the computer forms a part.

data storage device means a thing (for example, a disk or file server) containing (whether temporarily or permanently), or designed to contain (whether temporarily or permanently), data for use by a computer.

38  Subsection 6(1) (definition of data surveillance device)

Omit “a computer”, substitute “an electronic device for storing or processing information”.

39  Subsection 6(1)

Insert:

general computer access intercept information has the same meaning as in the Telecommunications (Interception and Access) Act 1979.

intercepting a communication passing over a telecommunications system has the same meaning as in the Telecommunications (Interception and Access) Act 1979.

40  Subsection 6(1) (definition of mutual assistance application)

Repeal the definition, substitute:

mutual assistance application means:

                     (a)  an application for a surveillance device warrant; or

                     (b)  an application for a computer access warrant;

made under a mutual assistance authorisation.

41  Subsection 6(1) (definition of mutual assistance authorisation)

Omit “subsection 15CA(1)”, substitute, “subsection 15CA(1) or 15CC(1)”.

42  Subsection 6(1) (paragraph (db) of the definition of relevant offence)

After “warrant,”, insert “a computer access warrant,”.

43  Subsection 6(1) (definition of remote application)

Omit “or 23”, substitute, “, 23 or 27B”.

44  Subsection 6(1)

Insert:

telecommunications facility means a facility within the meaning of the Telecommunications Act 1997.

45  Subsection 6(1) (definition of unsworn application)

Omit “or 22(4) and (5)”, substitute “, 22(4) and (5), 27A(9) and (10), 27A(11) and (12) or 27A(13) and (14)”.

46  Subsection 6(1) (definition of warrant)

Repeal the definition, substitute:

warrant means:

                     (a)  a surveillance device warrant; or

                     (b)  a retrieval warrant; or

                     (c)  a computer access warrant.

47  At the end of subsection 10(1)

Add:

                   ; (c)  a computer access warrant.

48  Subsection 10(2)

Before “warrant”, insert “surveillance device warrant or a retrieval”.

49  At the end of Part 2

Add:

Division 4—Computer access warrants

27A  Application for computer access warrant

Warrants sought for offence investigations

             (1)  A law enforcement officer (or another person on the law enforcement officer’s behalf) may apply for the issue of a computer access warrant if the law enforcement officer suspects on reasonable grounds that:

                     (a)  one or more relevant offences have been, are being, are about to be, or are likely to be, committed; and

                     (b)  an investigation into those offences is being, will be, or is likely to be, conducted; and

                     (c)  access to data held in a computer (the target computer) is necessary, in the course of that investigation, for the purpose of enabling evidence to be obtained of:

                              (i)  the commission of those offences; or

                             (ii)  the identity or location of the offenders.

             (2)  If the application is being made by or on behalf of a State or Territory law enforcement officer, the reference in subsection (1) to a relevant offence does not include a reference to a State offence that has a federal aspect.

Warrants sought for recovery orders

             (3)  A law enforcement officer (or another person on the law enforcement officer’s behalf) may apply for the issue of a computer access warrant if:

                     (a)  a recovery order is in force; and

                     (b)  the law enforcement officer suspects on reasonable grounds that access to data held in a computer (the target computer) may assist in the location and safe recovery of the child to whom the recovery order relates.

Warrants sought for mutual assistance investigations

             (4)  A law enforcement officer (or another person on the law enforcement officer’s behalf) may apply for the issue of a computer access warrant if the law enforcement officer:

                     (a)  is authorised to do so under a mutual assistance authorisation; and

                     (b)  suspects on reasonable grounds that access to data held in a computer (the target computer) is necessary, in the course of the investigation or investigative proceeding to which the authorisation relates, for the purpose of enabling evidence to be obtained of:

                              (i)  the commission of the offence to which the authorisation relates; or

                             (ii)  the identity or location of the persons suspected of committing the offence.

Warrants sought for integrity operations

             (5)  A federal law enforcement officer (or another person on the federal law enforcement officer’s behalf) may apply for the issue of a computer access warrant if:

                     (a)  an integrity authority is in effect authorising an integrity operation in relation to an offence that it is suspected has been, is being or is likely to be committed by a staff member of a target agency; and

                     (b)  the federal law enforcement officer suspects on reasonable grounds that access to data held in a computer (the target computer) will assist the conduct of the integrity operation by enabling evidence to be obtained relating to the integrity, location or identity of any staff member of the target agency.

Control order access warrants

             (6)  A law enforcement officer (or another person on the law enforcement officer’s behalf) may apply for the issue of a computer access warrant if:

                     (a)  a control order is in force in relation to a person; and

                     (b)  the law enforcement officer suspects on reasonable grounds that access to data held in a computer (the target computer) to obtain information relating to the person would be likely to substantially assist in:

                              (i)  protecting the public from a terrorist act; or

                             (ii)  preventing the provision of support for, or the facilitation of, a terrorist act; or

                            (iii)  preventing the provision of support for, or the facilitation of, the engagement in a hostile activity in a foreign country; or

                            (iv)  determining whether the control order, or any succeeding control order, has been, or is being, complied with.

Note:          For control orders that have been made but not come into force, see section 6C.

Procedure for making applications

             (7)  An application under subsection (1), (3), (4), (5) or (6) may be made to an eligible Judge or to a nominated AAT member.

             (8)  An application:

                     (a)  must specify:

                              (i)  the name of the applicant; and

                             (ii)  the nature and duration of the warrant sought; and

                     (b)  subject to this section, must be supported by an affidavit setting out the grounds on which the warrant is sought.

Unsworn applications—warrants sought for offence investigations

             (9)  If a law enforcement officer believes that:

                     (a)  immediate access to data held in the target computer referred to in subsection (1) is necessary as described in paragraph (1)(c); and

                     (b)  it is impracticable for an affidavit to be prepared or sworn before an application for a warrant is made;

an application for a warrant under subsection (1) may be made before an affidavit is prepared or sworn.

           (10)  If subsection (9) applies, the applicant must:

                     (a)  provide as much information as the eligible Judge or nominated AAT member considers is reasonably practicable in the circumstances; and

                     (b)  not later than 72 hours after the making of the application, send a duly sworn affidavit to the eligible Judge or nominated AAT member, whether or not a warrant has been issued.

Unsworn applications—warrants sought for recovery orders

           (11)  If a law enforcement officer believes that:

                     (a)  immediate access to data held in the target computer referred to in subsection (3) may assist as described in paragraph (3)(b); and

                     (b)  it is impracticable for an affidavit to be prepared or sworn before an application for a warrant is made;

an application for a warrant under subsection (3) may be made before an affidavit is prepared or sworn.

           (12)  If subsection (11) applies, the applicant must:

                     (a)  provide as much information as the eligible Judge or nominated AAT member considers is reasonably practicable in the circumstances; and

                     (b)  not later than 72 hours after the making of the application, send a duly sworn affidavit to the eligible Judge or nominated AAT member, whether or not a warrant has been issued.

Unsworn applications—control order access warrants

           (13)  If a law enforcement officer believes that:

                     (a)  immediate access to data held in the target computer referred to in subsection (6) would be likely to substantially assist as described in paragraph (6)(b); and

                     (b)  it is impracticable for an affidavit to be prepared or sworn before an application for a warrant is made;

an application for a warrant under subsection (6) may be made before an affidavit is prepared or sworn.

           (14)  If subsection (13) applies, the applicant must:

                     (a)  provide as much information as the eligible Judge or nominated AAT member considers is reasonably practicable in the circumstances; and

                     (b)  not later than 72 hours after the making of the application, send a duly sworn affidavit to the eligible Judge or nominated AAT member, whether or not a warrant has been issued.

Target computer

           (15)  The target computer referred to in subsection (1), (3), (4), (5) or (6) may be any one or more of the following:

                     (a)  a particular computer;

                     (b)  a computer on particular premises;

                     (c)  a computer associated with, used by or likely to be used by, a person (whose identity may or may not be known).

27B  Remote application

             (1)  If a law enforcement officer believes that it is impracticable for an application for a computer access warrant to be made in person, the application may be made under section 27A by telephone, fax, email or any other means of communication.

             (2)  If transmission by fax is available and an affidavit has been prepared, the person applying must transmit a copy of the affidavit, whether sworn or unsworn, to the eligible Judge or to the nominated AAT member who is to determine the application.

27C  Determining the application

             (1)  An eligible Judge or a nominated AAT member may issue a computer access warrant if satisfied:

                     (a)  in the case of a warrant sought in relation to a relevant offence—that there are reasonable grounds for the suspicion founding the application for the warrant; and

                     (b)  in the case of a warrant sought in relation to a recovery order—that such an order is in force and that there are reasonable grounds for the suspicion founding the application for the warrant; and

                     (c)  in the case of a warrant sought in relation to a mutual assistance authorisation—that such an authorisation is in force and that there are reasonable grounds for the suspicion founding the application for the warrant; and

                     (d)  in the case of a warrant sought for the purposes of an integrity operation—that the integrity authority for the operation is in effect, and that there are reasonable grounds for the suspicions founding the application for the warrant (as mentioned in paragraphs 27A(5)(a) and (b)); and

                     (e)  in the case of a control order access warrant—that a control order is in force in relation to a person, and that access to data held in the relevant target computer to obtain information relating to the person would be likely to substantially assist in:

                              (i)  protecting the public from a terrorist act; or

                             (ii)  preventing the provision of support for, or the facilitation of, a terrorist act; or

                            (iii)  preventing the provision of support for, or the facilitation of, the engagement in a hostile activity in a foreign country; or

                            (iv)  determining whether the control order, or any succeeding control order, has been, or is being, complied with; and

                      (f)  in the case of an unsworn application—that it would have been impracticable for an affidavit to have been sworn or prepared before the application was made; and

                     (g)  in the case of a remote application—that it would have been impracticable for the application to have been made in person.

Note:          For control orders that have been made but not come into force, see section 6C.

             (2)  In determining whether a computer access warrant should be issued, the eligible Judge or nominated AAT member must have regard to:

                     (a)  in the case of a warrant sought in relation to a relevant offence or a mutual assistance authorisation, or for the purposes of an integrity operation—the nature and gravity of the alleged offence; and

                     (b)  in the case of a warrant sought to assist in the location and safe recovery of a child to whom a recovery order relates—the circumstances that gave rise to the making of the order; and

                     (c)  the extent to which the privacy of any person is likely to be affected; and

                     (d)  the existence of any alternative means of obtaining the evidence or information sought to be obtained; and

                     (e)  in the case of a warrant sought in relation to a relevant offence or a recovery order, or for the purposes of an integrity operation—the likely evidentiary or intelligence value of any evidence or information sought to be obtained; and

                      (f)  in the case of a warrant sought in relation to a mutual assistance authorisation—the likely evidentiary or intelligence value of any evidence or information sought to be obtained, to the extent that this is possible to determine from information obtained from the foreign country to which the authorisation relates; and

                     (g)  in the case of a control order access warrant issued on the basis of a control order that is in force in relation to a person—the likely value of the information sought to be obtained, in:

                              (i)  protecting the public from a terrorist act; or

                             (ii)  preventing the provision of support for, or the facilitation of, a terrorist act; or

                            (iii)  preventing the provision of support for, or the facilitation of, the engagement in a hostile activity in a foreign country; or

                            (iv)  determining whether the control order, or any succeeding control order, has been, or is being, complied with; and

                     (h)  in the case of a control order access warrant issued on the basis of a control order that is in force in relation to a person—whether the access to data held in the relevant target computer in accordance with the warrant would be the means of obtaining the evidence or information sought to be obtained, that is likely to have the least interference with any person’s privacy; and

                      (i)  in the case of a control order access warrant issued on the basis of a control order that is in force in relation to a person—the possibility that the person:

                              (i)  has engaged, is engaging, or will engage, in a terrorist act; or

                             (ii)  has provided, is providing, or will provide, support for a terrorist act; or

                            (iii)  has facilitated, is facilitating, or will facilitate, a terrorist act; or

                            (iv)  has provided, is providing, or will provide, support for the engagement in a hostile activity in a foreign country; or

                             (v)  has facilitated, is facilitating, or will facilitate, the engagement in a hostile activity in a foreign country; or

                            (vi)  has contravened, is contravening, or will contravene, the control order; or

                           (vii)  will contravene a succeeding control order; and

                      (j)  in the case of a warrant sought in relation to a relevant offence or a recovery order—any previous warrant sought or issued under this Division in connection with the same alleged offence or the same recovery order; and

                     (k)  in the case of a control order access warrant issued on the basis of a control order that is in force in relation to a person—any previous control order access warrant sought or issued on the basis of a control order relating to the person.

27D  What must a computer access warrant contain?

             (1)  A computer access warrant must:

                     (a)  state that the eligible Judge or nominated AAT member issuing the warrant is satisfied of the matters referred to in subsection 27C(1) and has had regard to the matters referred to in subsection 27C(2); and

                     (b)  specify:

                              (i)  the name of the applicant; and

                             (ii)  if the warrant relates to one or more alleged relevant offences—the alleged offences in respect of which the warrant is issued; and

                            (iii)  if the warrant relates to a recovery order—the date the order was made and the name of the child to whom the order relates; and

                            (iv)  if the warrant relates to a mutual assistance authorisation—the offence or offences against the law of a foreign country to which the authorisation relates; and

                             (v)  if the warrant is issued for the purposes of an integrity operation—the integrity authority for the operation and each alleged relevant offence in relation to which the authority was granted; and

                            (vi)  the date the warrant is issued; and

                           (vii)  if the target computer is or includes a particular computer—the computer; and

                          (viii)  if the target computer is or includes a computer on particular premises—the premises; and

                            (ix)  if the target computer is or includes a computer associated with, used by or likely to be used by, a person—the person (whether by name or otherwise); and

                             (x)  the period during which the warrant is in force (see subsection (3)); and

                            (xi)  the name of the law enforcement officer primarily responsible for executing the warrant.

             (2)  If a control order access warrant is issued on the basis of a control order that is in force in relation to a person, the warrant must also specify the following details in relation to the control order:

                     (a)  the name of the person;

                     (b)  the date the control order was made;

                     (c)  whether the control order is an interim control order or a confirmed control order.

             (3)  A warrant may only be issued:

                     (a)  for a period of no more than 90 days; or

                     (b)  if the warrant is issued for the purposes of an integrity operation—for a period of no more than 21 days.

Note:          The access to data held in the target computer pursuant to a warrant may be discontinued earlier—see section 27H.

             (4)  In the case of a warrant authorising the access to data held in the target computer on premises that are vehicles, the warrant need only specify the class of vehicle in relation to which the access to data held in the target computer is authorised.

             (5)  A warrant must be signed by the person issuing it and include the person’s name.

             (6)  As soon as practicable after completing and signing a warrant issued on a remote application, the person issuing it must:

                     (a)  inform the applicant of:

                              (i)  the terms of the warrant; and

                             (ii)  the date on which, and the time at which, the warrant was issued; and

                     (b)  give the warrant to the applicant while retaining a copy of the warrant for the person’s own record.

27E  What a computer access warrant authorises

             (1)  A computer access warrant must authorise the doing of specified things (subject to any restrictions or conditions specified in the warrant) in relation to the relevant target computer.

             (2)  The things that may be specified are any of the following that the eligible Judge or nominated AAT member considers appropriate in the circumstances:

                     (a)  entering specified premises for the purposes of doing the things mentioned in this subsection;

                     (b)  entering any premises for the purposes of gaining entry to, or exiting, the specified premises;

                     (c)  using:

                              (i)  the target computer; or

                             (ii)  a telecommunications facility operated or provided by the Commonwealth or a carrier; or

                            (iii)  any other electronic equipment; or

                            (iv)  a data storage device;

                            for the purpose of obtaining access to data (the relevant data) that is held in the target computer at any time while the warrant is in force, in order to determine whether the relevant data is covered by the warrant;

                     (d)  if necessary to achieve the purpose mentioned in paragraph (c)—adding, copying, deleting or altering other data in the target computer;

                     (e)  if, having regard to other methods (if any) of obtaining access to the relevant data which are likely to be as effective, it is reasonable in all the circumstances to do so:

                              (i)  using any other computer or a communication in transit to access the relevant data; and

                             (ii)  if necessary to achieve that purpose—adding, copying, deleting or altering other data in the computer or the communication in transit;

                      (f)  removing a computer or other thing from premises for the purposes of doing any thing specified in the warrant in accordance with this subsection, and returning the computer or other thing to the premises;

                     (g)  copying any data to which access has been obtained, and that:

                              (i)  appears to be relevant for the purposes of determining whether the relevant data is covered by the warrant; or

                             (ii)  is covered by the warrant;

                     (h)  intercepting a communication passing over a telecommunications system, if the interception is for the purposes of doing any thing specified in the warrant in accordance with this subsection;

                      (i)  any other thing reasonably incidental to any of the above.

Note:          As a result of the warrant, a person who, by means of a telecommunications facility, obtains access to data stored in a computer etc. will not commit an offence under Part 10.7 of the Criminal Code or equivalent State or Territory laws (provided that the person acts within the authority of the warrant).

             (3)  For the purposes of paragraph (2)(g), if:

                     (a)  access has been obtained to data; and

                     (b)  the data is subject to a form of electronic protection;

the data is taken to be relevant for the purposes of determining whether the relevant data is covered by the warrant.

When data is covered by a warrant

             (4)  For the purposes of this section, data is covered by a warrant if:

                     (a)  in the case of a warrant sought in relation to a relevant offence—access to the data is necessary as described in paragraph 27A(1)(c); or

                     (b)  in the case of a warrant sought in relation to a recovery order—access to the data may assist as described in paragraph 27A(3)(b); or

                     (c)  in the case of a warrant sought in relation to a mutual assistance authorisation—access to the data is necessary as described in paragraph 27A(4)(b); or

                     (d)  in the case of a warrant sought for the purposes of an integrity operation—access to the data will assist as described in paragraph 27A(5)(b); or

                     (e)  in the case of a control order access warrant—access to the data would be likely to substantially assist as described in paragraph 27A(6)(b).

Certain acts not authorised

             (5)  Subsection (2) does not authorise the addition, deletion or alteration of data, or the doing of any thing, that is likely to:

                     (a)  materially interfere with, interrupt or obstruct:

                              (i)  a communication in transit; or

                             (ii)  the lawful use by other persons of a computer;

                            unless the addition, deletion or alteration, or the doing of the thing, is necessary to do one or more of the things specified in the warrant; or

                     (b)  cause any other material loss or damage to other persons lawfully using a computer.

Warrant must provide for certain matters

             (6)  A computer access warrant must:

                     (a)  authorise the use of any force against persons and things that is necessary and reasonable to do the things specified in the warrant; and

                     (b)  if the warrant authorises entering premises—state whether entry is authorised to be made at any time of the day or night or during stated hours of the day or night.

Concealment of access etc.

             (7)  If any thing has been done in relation to a computer under:

                     (a)  a computer access warrant; or

                     (b)  this subsection;

then, in addition to the things specified in the warrant, the warrant authorises the doing of any of the following:

                     (c)  any thing reasonably necessary to conceal the fact that any thing has been done under the warrant or under this subsection;

                     (d)  entering any premises where the computer is reasonably believed to be, for the purposes of doing the things mentioned in paragraph (c);

                     (e)  entering any other premises for the purposes of gaining entry to or exiting the premises referred to in paragraph (d);

                      (f)  removing the computer or another thing from any place where it is situated for the purposes of doing the things mentioned in paragraph (c), and returning the computer or other thing to that place;

                     (g)  if, having regard to other methods (if any) of doing the things mentioned in paragraph (c) which are likely to be as effective, it is reasonable in all the circumstances to do so:

                              (i)  using any other computer or a communication in transit to do those things; and

                             (ii)  if necessary to achieve that purpose—adding, copying, deleting or altering other data in the computer or the communication in transit;

                     (h)  intercepting a communication passing over a telecommunications system, if the interception is for the purposes of doing any thing mentioned in this subsection;

                      (i)  any other thing reasonably incidental to any of the above;

at the following time:

                      (j)  at any time while the warrant is in force or within 28 days after it ceases to be in force;

                     (k)  if none of the things mentioned in paragraph (c) are done within the 28‑day period mentioned in paragraph (j)—at the earliest time after that 28‑day period at which it is reasonably practicable to do the things mentioned in paragraph (c).

27F  Extension and variation of computer access warrant

             (1)  A law enforcement officer to whom a computer access warrant has been issued (or another person on the law enforcement officer’s behalf) may apply, at any time before the expiry of the warrant:

                     (a)  for an extension of the warrant for a period of no more than:

                              (i)  90 days after the day the warrant would otherwise expire; or

                             (ii)  if the warrant is issued for the purposes of an integrity operation—21 days after the day the warrant would otherwise expire; or

                     (b)  for a variation of any of the other terms of the warrant.

             (2)  The application is to be made to an eligible Judge or to a nominated AAT member and must be accompanied by the original warrant.

             (3)  Sections 27A and 27B apply, with any necessary changes, to an application under this section as if it were an application for the warrant.

             (4)  The eligible Judge or nominated AAT member may grant an application if satisfied that the matters referred to in subsection 27C(1) still exist, having regard to the matters in subsection 27C(2).

             (5)  If the eligible Judge or nominated AAT member grants the application, the eligible Judge or nominated AAT member must endorse the new expiry date or the other varied term on the original warrant.

             (6)  An application may be made under this section more than once.

27G  Revocation of computer access warrant

             (1)  A computer access warrant may, by instrument in writing, be revoked by an eligible Judge or nominated AAT member on the initiative of the eligible Judge or nominated AAT member at any time before the expiration of the period of validity specified in the warrant.

             (2)  If the circumstances set out in paragraphs 27H(2)(a) and (b), 27H(3)(a) and (b), 27H(4)(a) and (b), 27H(5)(a) and (b), 27H(6)(a) and (b) or 27H(7)(a) and (b) apply in relation to a computer access warrant, the chief officer of the law enforcement agency to which the law enforcement officer to whom the warrant was issued belongs or is seconded must, by instrument in writing, revoke the warrant.

             (3)  The instrument revoking a warrant must be signed by the eligible Judge, the nominated AAT member or the chief officer of the law enforcement agency, as the case requires.

             (4)  If an eligible Judge or nominated AAT member revokes a warrant, the eligible Judge or nominated AAT member must give a copy of the instrument of revocation to the chief officer of the law enforcement agency to which the law enforcement officer to whom the warrant was issued belongs or is seconded.

             (5)  If:

                     (a)  an eligible Judge or nominated AAT member revokes a warrant; and

                     (b)  at the time of the revocation, a law enforcement officer is executing the warrant;

the law enforcement officer is not subject to any civil or criminal liability for any act done in the proper execution of that warrant before the officer is made aware of the revocation.

27H  Discontinuance of access under warrant

Scope

             (1)  This section applies if a computer access warrant is issued to a law enforcement officer.

Discontinuance of access

             (2)  If:

                     (a)  the computer access warrant has been sought by or on behalf of a law enforcement officer in relation to a relevant offence; and

                     (b)  the chief officer of the law enforcement agency to which the law enforcement officer belongs or is seconded is satisfied that access to data under the warrant is no longer required for the purpose of enabling evidence to be obtained of:

                              (i)  the commission of the relevant offence; or

                             (ii)  the identity or location of the offender;

the chief officer must, in addition to revoking the warrant under section 27G, take the steps necessary to ensure that access to data authorised by the warrant is discontinued.

             (3)  If:

                     (a)  the computer access warrant has been sought by or on behalf of a law enforcement officer in relation to a recovery order; and

                     (b)  the chief officer of the law enforcement agency to which the law enforcement officer belongs or is seconded is satisfied that access to data under the warrant is no longer required for the purpose of locating and safely recovering the child to whom the recovery order relates;

the chief officer must, in addition to revoking the warrant under section 27G, take the steps necessary to ensure that access to data authorised by the warrant is discontinued.

             (4)  If:

                     (a)  the computer access warrant has been sought by or on behalf of a law enforcement officer as authorised under a mutual assistance authorisation; and

                     (b)  the chief officer of the law enforcement agency to which the law enforcement officer belongs or is seconded is satisfied that access to data under the warrant is no longer required for the purpose of enabling evidence to be obtained of:

                              (i)  the commission of the offence against a law of a foreign country to which the authorisation relates; or

                             (ii)  the identity or location of the persons suspected of committing the offence;

the chief officer must, in addition to revoking the warrant under section 27G, take the steps necessary to ensure that access to data authorised by the warrant is discontinued.

             (5)  If:

                     (a)  the computer access warrant has been sought by or on behalf of a federal law enforcement officer for the purposes of an integrity operation; and

                     (b)  the chief officer of the law enforcement agency to which the law enforcement officer belongs or is seconded is satisfied that:

                              (i)  access to data under the warrant is no longer necessary for the purposes of the integrity operation; or

                             (ii)  the integrity authority for the integrity operation is no longer in effect;

the chief officer must, in addition to revoking the warrant under section 27G, take the steps necessary to ensure access to data authorised by the warrant is discontinued.

             (6)  If:

                     (a)  the computer access warrant is a control order access warrant issued on the basis of a control order that was in force in relation to a person; and

                     (b)  the chief officer of the law enforcement agency to which the law enforcement officer belongs or is seconded is satisfied that access to data under the warrant to obtain information relating to the person is no longer required for any of the following purposes:

                              (i)  protecting the public from a terrorist act;

                             (ii)  preventing the provision of support for, or the facilitation of, a terrorist act;

                            (iii)  preventing the provision of support for, or the facilitation of, the engagement in a hostile activity in a foreign country;

                            (iv)  determining whether the control order, or any succeeding control order, has been, or is being, complied with;

the chief officer must, in addition to revoking the warrant under section 27G, take the steps necessary to ensure that access to data authorised by the warrant is discontinued as soon as practicable.

             (7)  If:

                     (a)  the computer access warrant is a control order access warrant issued on the basis of a control order that was in force in relation to a person; and

                     (b)  no control order is in force in relation to the person;

the chief officer must, in addition to revoking the warrant under section 27G, take the steps necessary to ensure that access to data authorised by the warrant is discontinued as soon as practicable.

             (8)  If the chief officer of a law enforcement agency is notified that a warrant has been revoked by an eligible Judge or a nominated AAT member under section 27G, the eligible Judge or nominated AAT member must take the steps necessary to ensure that access to data authorised by the warrant is discontinued as soon as practicable.

             (9)  If the law enforcement officer to whom the warrant is issued, or who is primarily responsible for executing the warrant, believes that access to data under the warrant is no longer necessary for the purpose:

                     (a)  if the warrant was issued in relation to a relevant offence—of enabling evidence to be obtained of the commission of the relevant offence or the identity or location of the offender; or

                     (b)  if the warrant was issued in relation to a recovery order—of enabling the location and safe recovery of the child to whom the order relates; or

                     (c)  if the warrant was issued in relation to a mutual assistance authorisation—of enabling evidence to be obtained of:

                              (i)  the commission of the offence against a law of a foreign country to which the authorisation relates; or

                             (ii)  the identity or location of the persons suspected of committing the offence;

the law enforcement officer must immediately inform the chief officer of the law enforcement agency to which the law enforcement officer belongs or is seconded.

           (10)  In the case of a warrant issued for the purposes of an integrity operation, if the law enforcement officer to whom the warrant is issued, or who is primarily responsible for executing the warrant, believes that:

                     (a)  access to data under the warrant is no longer necessary for those purposes; or

                     (b)  the integrity authority for the integrity operation is no longer in effect;

the law enforcement officer must immediately inform the chief officer of the law enforcement agency to which the law enforcement officer belongs or is seconded.

50  After subsection 28(1)

Insert:

          (1A)  A law enforcement officer may apply to an appropriate authorising officer for an emergency authorisation for access to data held in a computer (the target computer) if, in the course of an investigation of a relevant offence, the law enforcement officer reasonably suspects that:

                     (a)  an imminent risk of serious violence to a person or substantial damage to property exists; and

                     (b)  access to data held in the target computer is immediately necessary for the purpose of dealing with that risk; and

                     (c)  the circumstances are so serious and the matter is of such urgency that access to data held in the target computer is warranted; and

                     (d)  it is not practicable in the circumstances to apply for a computer access warrant.

          (1B)  The target computer may be any one or more of the following:

                     (a)  a particular computer;

                     (b)  a computer on particular premises;

                     (c)  a computer associated with, used by or likely to be used by, a person (whose identity may or may not be known).

51  Subsections 28(2), (3) and (4)

After “application”, insert “mentioned in subsection (1) or (1A)”.

52  After subsection 29(1)

Insert:

          (1A)  A law enforcement officer may apply to an appropriate authorising officer for an emergency authorisation for access to data held in a computer (the target computer) if:

                     (a)  a recovery order is in force; and

                     (b)  the law enforcement officer reasonably suspects that:

                              (i)  the circumstances are so urgent as to warrant immediate access to data held in the target computer; and

                             (ii)  it is not practicable in the circumstances to apply for a computer access warrant.

          (1B)  The target computer may be any one or more of the following:

                     (a)  a particular computer;

                     (b)  a computer on particular premises;

                     (c)  a computer associated with, used by or likely to be used by, a person (whose identity may or may not be known).

53  Subsections 29(2) and (3)

After “application”, insert “mentioned in subsection (1) or (1A)”.

54  After subsection 30(1)

Insert:

          (1A)  If:

                     (a)  a law enforcement officer is conducting an investigation into:

                              (i)  an offence against section 233BAA of the Customs Act 1901 (with respect to goods listed in Schedule 4 to the Customs (Prohibited Imports) Regulations 1956 or in Schedule 8 or 9 to the Customs (Prohibited Exports) Regulations 1958); or

                             (ii)  an offence under theCrimes (Traffic in Narcotic Drugs and Psychotropic Substances) Act 1990 or an offence against Part 9.1 of the Criminal Code (other than section 308.1 or 308.2); or

                            (iii)  an offence against section 73.2 or 73.3 or Division 91 of the Criminal Code; or

                            (iv)  an offence under Subdivision A of Division 72 or Division 80, 101, 102, 103, 270, 272 or 273 of the Criminal Code; or

                             (v)  an offence against section 233B or 233C of the Migration Act 1958;

                            or more than one offence; and

                     (b)  the law enforcement officer reasonably suspects that:

                              (i)  access to data held in a computer (the target computer) is immediately necessary to prevent the loss of any evidence relevant to that investigation; and

                             (ii)  the circumstances are so serious and the matter is of such urgency that access to data held in the target computer is warranted; and

                            (iii)  it is not practicable in the circumstances to apply for a computer access warrant;

the law enforcement officer may apply to an appropriate authorising officer for an emergency authorisation for access to data held in the target computer.

          (1B)  The target computer may be any one or more of the following:

                     (a)  a particular computer;

                     (b)  a computer on particular premises;

                     (c)  a computer associated with, used by or likely to be used by, a person (whose identity may or may not be known).

55  Subsection 30(2)

After “application”, insert “mentioned in subsection (1) or (1A)”.

56  Subsection 30(3)

Omit “The”, substitute “In the case of an application mentioned in subsection (1), the”.

57  At the end of section 30

Add:

             (4)  In the case of an application mentioned in subsection (1A), the appropriate authorising officer may give the emergency authorisation if satisfied that:

                     (a)  an investigation is being conducted into an offence referred to in paragraph (1A)(a); and

                     (b)  there are reasonable grounds for the suspicion referred to in paragraph (1A)(b).

58  Subsections 32(1) and (2)

After “authorisation”, insert “for the use of a surveillance device”.

59  After subsection 32(2)

Insert:

          (2A)  An emergency authorisation for access to data held in a computer may authorise anything that a computer access warrant may authorise.

60  After subsection 32(3)

Insert:

          (3A)  A law enforcement officer may, under an emergency authorisation, access data held in a computer only if the officer is acting in the performance of the officer’s duty.

61  Subsection 33(2)

Omit “The”, substitute “In the case of an application for an emergency authorisation for the use of a surveillance device, the”.

62  After subsection 33(2)

Insert:

          (2A)  In the case of an application for an emergency authorisation for access to data held in a computer, the application:

                     (a)  must specify:

                              (i)  the name of the applicant for the approval; and

                             (ii)  if a warrant is sought—the nature and duration of the warrant; and

                     (b)  must be supported by an affidavit setting out the grounds on which the approval (and warrant, if any) is sought; and

                     (c)  must be accompanied by a copy of the written record made under section 31 in relation to the emergency authorisation.

63  Subsection 34(1)

Omit “section 28”, substitute “subsection 28(1)”.

64  After subsection 34(1)

Insert:

          (1A)  Before deciding an application for approval of the giving of an emergency authorisation given in response to an application under subsection 28(1A), the eligible Judge or nominated AAT member considering the application must, in particular, and being mindful of the intrusive nature of accessing data held in the target computer mentioned in that subsection, consider the following:

                     (a)  the nature of the risk of serious violence to a person or substantial damage to property;

                     (b)  the extent to which issuing a computer access warrant would have helped reduce or avoid the risk;

                     (c)  the extent to which law enforcement officers could have used alternative methods of investigation to help reduce or avoid the risk;

                     (d)  how much the use of alternative methods of investigation could have helped reduce or avoid the risk;

                     (e)  how much the use of alternative methods of investigation would have prejudiced the safety of the person or property because of delay or for another reason;

                      (f)  whether or not it was practicable in the circumstances to apply for a computer access warrant.

65  Subsection 34(2)

Omit “section 29”, substitute “subsection 29(1)”.

66  After subsection 34(2)

Insert:

          (2A)  Before deciding an application for approval of the giving of an emergency authorisation given in response to an application under subsection 29(1A), the eligible Judge or nominated AAT member considering the application must, in particular, and being mindful of the intrusive nature of accessing data held in the target computer mentioned in that subsection, consider the following:

                     (a)  the urgency of enforcing the recovery order;

                     (b)  the extent to which access to data held in the target computer mentioned in that subsection would assist in the location and safe recovery of the child to whom the recovery order relates;

                     (c)  the extent to which law enforcement officers could have used alternative methods to assist in the location and safe recovery of the child;

                     (d)  how much the use of alternative methods to assist in the location and safe recovery of the child might have prejudiced the effective enforcement of the recovery order;

                     (e)  whether or not it was practicable in the circumstances to apply for a computer access warrant.

67  Subsection 34(3)

Omit “section 30”, substitute “subsection 30(1)”.

68  At the end of section 34

Add:

             (4)  Before deciding an application for approval of the giving of an emergency authorisation given in response to an application under subsection 30(1A), the eligible Judge or nominated AAT member must, in particular, and being mindful of the intrusive nature of accessing data held in the target computer mentioned in that subsection, consider the following:

                     (a)  the nature of the risk of the loss of evidence;

                     (b)  the extent to which issuing a computer access warrant would have helped reduce or avoid the risk;

                     (c)  the extent to which law enforcement officers could have used alternative methods of investigation to help reduce or avoid the risk;

                     (d)  how much the use of alternative methods of investigation could have helped reduce or avoid the risk;

                     (e)  whether or not it was practicable in the circumstances to apply for a computer access warrant.

69  Section 35 (heading)

Repeal the heading, substitute:

35  Judge or nominated AAT member may approve giving of an emergency authorisation for the use of a surveillance device

70  Subsection 35(1)

Omit “under section 28”, substitute “in response to an application under subsection 28(1)”.

71  Subsection 35(1)

Omit “approve the application”, substitute “give the approval”.

72  Subsection 35(2)

Omit “under section 29”, substitute “in response to an application under subsection 29(1)”.

73  Subsection 35(2)

Omit “approve the application”, substitute “give the approval”.

74  Subsection 35(3)

Omit “under section 30”, substitute “in response to an application under subsection 30(1)”.

75  Subsection 35(3)

Omit “approve the application”, substitute “give the approval”.

76  After section 35

Insert:

35A  Judge or nominated AAT member may approve giving of an emergency authorisation for access to data held in a computer

             (1)  After considering an application for approval of the giving of an emergency authorisation in response to an application under subsection 28(1A), the eligible Judge or nominated AAT member may give the approval if satisfied that there were reasonable grounds to suspect that:

                     (a)  there was a risk of serious violence to a person or substantial damage to property; and

                     (b)  accessing data held in the target computer mentioned in that subsection may have helped reduce the risk; and

                     (c)  it was not practicable in the circumstances to apply for a computer access warrant.

             (2)  After considering an application for approval of the giving of an emergency authorisation in response to an application under subsection 29(1A) in relation to a recovery order, the eligible Judge or nominated AAT member may give the approval if satisfied that:

                     (a)  the recovery order was in force at the time the emergency authorisation was given; and

                     (b)  there were reasonable grounds to suspect that:

                              (i)  the enforcement of the recovery order was urgent; and

                             (ii)  accessing data held in the target computer mentioned in that subsection may have assisted in the prompt location and safe recovery of the child to whom the order relates; and

                            (iii)  it was not practicable in the circumstances to apply for a computer access warrant.

             (3)  After considering an application for approval of the giving of an emergency authorisation in response to an application under subsection 30(1A), the eligible Judge or nominated AAT member may give the approval if satisfied that:

                     (a)  there were reasonable grounds to suspect that:

                              (i)  there was a risk of loss of evidence; and

                             (ii)  accessing data held in the target computer mentioned in that subsection may have helped reduce the risk; and

                     (b)  it was not practicable in the circumstances to apply for a computer access warrant.

             (4)  If, under subsection (1), (2) or (3), the eligible Judge or nominated AAT member approves the giving of an emergency authorisation, the eligible Judge or nominated AAT member may:

                     (a)  unless paragraph (b) applies—issue a computer access warrant relating to the continued access to data held in the relevant target computer as if the application for the approval were an application for a computer access warrant under Division 4 of Part 2; or

                     (b)  if the eligible Judge or nominated AAT member is satisfied that, since the application for the emergency authorisation, the activity that required access to data held in the relevant target computer has ceased—order that access to data held in that computer cease.

             (5)  If, under subsection (1), (2) or (3), the eligible Judge or nominated AAT member does not approve the giving of an emergency authorisation, the eligible Judge or nominated AAT member may:

                     (a)  order that access to data held in the relevant target computer cease; or

                     (b)  if the eligible Judge or nominated AAT member is of the view that, although the situation did not warrant the emergency authorisation at the time that authorisation was given, the use of a computer access warrant under Division 4 of Part 2 is currently justified—issue a computer access warrant relating to the subsequent access to such data as if the application for the approval were an application for a computer access warrant under Division 4 of Part 2.

             (6)  In any case, the eligible Judge or nominated AAT member may order that any information obtained from or relating to the exercise of powers under the emergency authorisation, or any record of that information, be dealt with in a manner specified in the order, so long as the manner does not involve the destruction of that information.

77  Section 36

After “section 35”, insert “or 35A”.

78  Section 41 (definition of appropriate consenting official)

Repeal the definition, substitute:

appropriate consenting official, in relation to a foreign country:

                     (a)  when used in section 42 or 43—means an official of that country having authority in that country to give consent to the use of surveillance devices in that country or on a vessel or aircraft registered under the laws of that country; or

                     (b)  when used in section 43A or 43B—means an official of that country having authority in that country to give consent to access to data held in computers in that country or on a vessel or aircraft registered under the laws of that country.

79  Section 42 (heading)

Repeal the heading, substitute:

42  Extraterritorial operation of surveillance device warrants

80  Subsection 42(1)

Before “warrant” (first occurring), insert “surveillance device”.

81  After paragraph 42(2)(a)

Insert:

                    (aa)  the emergency authorisation was given in response to an application under subsection 28(1); and

82  Paragraph 42(2)(b)

After “of that”, insert “section 33”.

83  Subsection 42(2)

After “whom the”, insert “section 33”.

84  Subsection 42(2)

After “consideration of that”, insert “section 33”.

85  Paragraph 42(3)(a)

Before “warrant”, insert “surveillance device”.

86  Subsections 42(6) and (9)

Before “warrant” (first occurring), insert “surveillance device”.

87  At the end of Part 5

Add:

43A  Extraterritorial operation of computer access warrants

             (1)  If, before the issue of a computer access warrant in relation to the investigation of a relevant offence in response to an application made by or on behalf of a federal law enforcement officer, it becomes apparent to the applicant that there will be a need for access to data held in a computer:

                     (a)  in a foreign country; or

                     (b)  on a vessel or aircraft that is registered under the law of a foreign country and is in or above waters beyond the outer limits of the territorial sea of Australia;

to assist in that investigation, the eligible Judge or nominated AAT member considering the application for the warrant must not permit the warrant to authorise that access unless the eligible Judge or nominated AAT member is satisfied that the access has been agreed to by an appropriate consenting official of the foreign country.

             (2)  If:

                     (a)  application is made under section 33 by an appropriate authorising officer who is a federal law enforcement officer for approval of the giving of an emergency authorisation relating to the investigation of a relevant offence; and

                     (b)  the emergency authorisation was given in response to an application under subsection 28(1A); and

                     (c)  before the completion of consideration of that section 33 application, it becomes apparent to the applicant that there will be a need for access to data held in a computer:

                              (i)  in a foreign country; or

                             (ii)  on a vessel or aircraft that is registered under the law of a foreign country and is in or above waters beyond the outer limits of the territorial sea of Australia;

                            to assist in the investigation to which the emergency authorisation related;

the eligible Judge or nominated AAT member to whom the section 33 application was made must not permit any computer access warrant issued on consideration of that section 33 application to authorise that access unless the eligible Judge or nominated AAT member is satisfied that the access has been agreed to by an appropriate consenting official of the foreign country.

             (3)  If:

                     (a)  a computer access warrant has been issued in relation to the investigation of a relevant offence in response to an application by or on behalf of a federal law enforcement officer; and

                     (b)  after the issue of the warrant, it becomes apparent to the law enforcement officer primarily responsible for executing the warrant that there will be a need for access to data held in a computer that is:

                              (i)  in a foreign country; or

                             (ii)  on a vessel or aircraft that is registered under the law of a foreign country and is in or above waters beyond the outer limits of the territorial sea of Australia;

                            to assist in that investigation;

the warrant is taken to permit that access if, and only if, the access has been agreed to by an appropriate consenting official of the foreign country.

             (4)  Subsections (1), (2) and (3) do not apply to a computer access warrant authorising access to data if:

                     (a)  the person, or each of the persons, responsible for executing the warrant will be physically present in Australia; and

                     (b)  the location where the data is held is unknown or cannot reasonably be determined.

             (5)  Despite subsections (1), (2) and (3), if:

                     (a)  a vessel that is registered under the law of a foreign country is in waters beyond the outer limits of the territorial sea of Australia but not beyond the outer limits of the contiguous zone of Australia; and

                     (b)  the relevant offence in respect of which it becomes apparent that access to data held in a computer on the vessel will be required is an offence relating to the customs, fiscal, immigration or sanitary laws of Australia;

there is no requirement for the agreement of an appropriate consenting official of the foreign country concerned in relation to that access while the vessel is in such waters.

             (6)  Despite subsections (1), (2) and (3), if:

                     (a)  a vessel that is registered under the law of a foreign country is in waters beyond the outer limits of the territorial sea of Australia but not beyond the outer limits of the Australian fishing zone; and

                     (b)  the relevant offence in respect of which it becomes apparent that access to data held in a computer on the vessel will be required is an offence against section 100, 100A, 100B, 101, 101A or 101AA of the Fisheries Management Act 1991 or section 46A, 46B, 46C, 46D, 49A or 51A of the Torres Strait Fisheries Act 1984;

there is no requirement for the agreement of an appropriate consenting official of the foreign country concerned in relation to that access while the vessel is in those waters.

             (7)  As soon as practicable after the commencement of access to data held in a computer under the authority of a computer access warrant in circumstances where consent to that access is required:

                     (a)  in a foreign country; or

                     (b)  on a vessel or aircraft that is registered under the law of a foreign country;

the chief officer of the law enforcement agency to which the law enforcement officer who applied for the warrant belongs or is seconded must give the Minister evidence in writing that the access has been agreed to by an appropriate consenting official of the foreign country.

             (8)  An instrument providing evidence of the kind referred to in subsection (7) is not a legislative instrument.

             (9)  If a vessel or aircraft that is registered under the laws of a foreign country is in or above the territorial sea of another foreign country, subsections (1), (2) and (3) have effect as if the reference to an appropriate consenting official of the foreign country were a reference to an appropriate consenting official of each foreign country concerned.

           (10)  For the avoidance of doubt, there is no requirement for the agreement of an appropriate consenting official of the foreign country to the access to data held in a computer under the authority of a computer access warrant of a vessel or aircraft of a foreign country that is in Australia or in or above waters within the outer limits of the territorial sea of Australia.

43B  Evidence obtained from extraterritorial computer access not to be tendered in evidence unless court satisfied properly obtained

                   Evidence obtained from access to data held in a computer undertaken in a foreign country in accordance with subsection 43A(1), (2) or (3) in relation to a relevant offence cannot be tendered in evidence to a court in any proceedings relating to the relevant offence unless the court is satisfied that the access was agreed to by an appropriate consenting official of the foreign country.

88  Subsection 44(1) (after paragraph (a) of the definition of protected information)

Insert:

                    (aa)  any information (other than general computer access intercept information) obtained from access to data under:

                              (i)  a computer access warrant; or

                             (ii)  an emergency authorisation for access to data held in a computer; or

90  Subsection 44(1) (at the end of subparagraph (d)(iii) of the definition of protected information)

Add “or”.

91  Subsection 44(1) (after subparagraph (d)(iii) of the definition of protected information)

Insert:

                            (iv)  in a case where the information was obtained through access to data held in a computer in a foreign country, or on a vessel or aircraft that is registered under the law of a foreign country and that is in or above waters beyond the outer limit of Australia’s territorial sea—without the agreement of the appropriate consenting official of that foreign country, and of any other foreign country, whose agreement is required under section 43A;

91A  Subsection 44(1) (at the end of the definition of protected information)

Add:

Note:          For protection of general computer access intercept information, see Part 2‑6 of the Telecommunications (Interception and Access) Act 1979.

92  Section 46 (heading)

Repeal the heading, substitute:

46  Dealing with records obtained by using a surveillance device or accessing data held in a computer

93  Paragraph 46(1)(a)

After “protected information”, insert “or general computer access intercept information”.

94  Subsection 46(2)

Omit “The officer in charge of any agency that is not a law enforcement agency but that, as described in subsection 45(4) or (5) or 45A(1), receives records or reports obtained by use of a surveillance device:”, substitute:

                   If an agency is not a law enforcement agency but, as described in subsection 45(4) or (5) or 45A(1), receives records or reports obtained by:

                    (aa)  using a surveillance device; or

                   (ab)  accessing data held in a computer;

the officer in charge of the agency:

95  After subsection 46A(1)

Insert:

          (1A)  If:

                     (a)  a record or report is in the possession of a law enforcement agency; and

                     (b)  the record or report comprises information obtained from access to data under a control order access warrant issued on the basis of a control order made in relation to a person; and

                     (c)  the warrant was issued for the purpose, or for purposes that include the purpose, of obtaining information that would be likely to substantially assist in connection with determining whether the control order, or any succeeding control order, has been, or is being, complied with; and

                     (d)  access to the data occurred when the control order had been made, but had not come into force because it had not been served on the person; and

                     (e)  the chief officer of the agency is satisfied that none of the information obtained from accessing the data is likely to assist in connection with:

                              (i)  the protection of the public from a terrorist act; or

                             (ii)  preventing the provision of support for, or the facilitation of, a terrorist act; or

                            (iii)  preventing the provision of support for, or the facilitation of, the engagement in a hostile activity in a foreign country;

the chief officer of the agency must cause the record or report to be destroyed as soon as practicable.

96  Subsection 46A(2)

After “subsection (1)”, insert “or (1A)”.

97  After section 47

Insert:

47A  Protection of computer access technologies and methods

             (1)  In a proceeding, a person may object to the disclosure of information on the ground that the information, if disclosed, could reasonably be expected to reveal details of computer access technologies or methods.

             (2)  If the person conducting or presiding over the proceeding is satisfied that the ground of objection is made out, the person may order that the person who has the information not be required to disclose it in the proceeding.

             (3)  In determining whether or not to make an order under subsection (2), the person conducting or presiding over the proceeding must take into account whether disclosure of the information:

                     (a)  is necessary for the fair trial of the defendant; or

                     (b)  is in the public interest.

             (4)  Subsection (2) does not affect a provision of another law under which a law enforcement officer cannot be compelled to disclose information or make statements in relation to the information.

             (5)  If the person conducting or presiding over a proceeding is satisfied that publication of any information disclosed in the proceeding could reasonably be expected to reveal details of computer access technologies or methods, the person must make any orders prohibiting or restricting publication of the information that the person considers necessary to ensure that those details are not revealed.

             (6)  Subsection (5) does not apply to the extent that the person conducting or presiding over the proceeding considers that the interests of justice require otherwise.

             (7)  In this section:

computer access technologies or methods means:

                     (a)  technologies or methods relating to the use of:

                              (i)  a computer; or

                             (ii)  a telecommunications facility operated or provided by the Commonwealth or a carrier; or

                            (iii)  any other electronic equipment; or

                            (iv)  a data storage device;

                            for the purpose of obtaining access to data held in the computer; or

                     (b)  technologies or methods relating to adding, copying, deleting or altering other data in a computer, if doing so is necessary to achieve the purpose mentioned in paragraph (a);

where the technologies or methods have been, or are being, deployed in giving effect to:

                     (c)  a computer access warrant; or

                     (d)  an emergency authorisation given in response to an application under subsection 28(1A), 29(1A) or 30(1A).

proceeding includes a proceeding before a court, tribunal or Royal Commission.

98  Subsection 49(2)

Omit “an authorisation referred to in paragraph (1)(b) or (c),”, substitute “an emergency authorisation for the use of a surveillance device, or a tracking device authorisation,”.

99  After subsection 49(2A)

Insert:

          (2B)  In the case of a computer access warrant, or an emergency authorisation, for access to data held in a computer, the report must:

                     (a)  state whether the warrant or authorisation was executed; and

                     (b)  if so:

                              (i)  state the name of the person primarily responsible for the execution of the warrant or authorisation; and

                             (ii)  state the name of each person involved in accessing data under the warrant or authorisation; and

                            (iii)  state the period during which the data was accessed; and

                            (iv)  state the name, if known, of any person whose data was accessed; and

                             (v)  give details of any premises at which the computer was located; and

                            (vi)  if the warrant is issued, or the authorisation is given, in respect of the investigation of a relevant offence—give details of the benefit to the investigation of the accessed data and of the general use made, or to be made, of any evidence or information obtained by the access to data; and

                           (vii)  if the warrant is issued, or the authorisation is given, in respect of the location and safe recovery of a child to whom a recovery order relates—give details of the use of the accessed data in assisting with the location and safe recovery of the child; and

                          (viii)  if the warrant is issued, or the authorisation is given, for the purposes of an integrity operation—give details of the benefit to the operation of the accessed data and of the general use made, or to be made, of any evidence or information obtained by the access to data; and

                            (ix)  if the warrant is a control order access warrant—give the details specified in subsection (2C); and

                             (x)  give details of the communication of evidence or information obtained by access to data held in the computer to persons other than officers of the agency; and

                            (xi)  give details of the compliance with the conditions (if any) to which the warrant or authorisation was subject; and

                     (c)  if the warrant or authorisation was extended or varied, state:

                              (i)  the number of extensions or variations; and

                             (ii)  the reasons for them.

          (2C)  For the purposes of subparagraph (2B)(b)(ix), the details are:

                     (a)  the benefit of obtaining access to data held in the computer in:

                              (i)  protecting the public from a terrorist act; or

                             (ii)  preventing the provision of support for, or the facilitation of, a terrorist act; or

                            (iii)  preventing the provision of support for, or the facilitation of, the engagement in a hostile activity in a foreign country; or

                            (iv)  determining whether a control order has been, or is being, complied with; and

                     (b)  the general use to be made of any evidence or information obtained by access to data held in the computer.

100  Subsection 49A(1)

After “control order warrant”, insert “or control order access warrant”.

101  Paragraph 49A(2)(a)

After “control order warrant”, insert “or control order access warrant”.

102  After paragraph 49A(2)(b)

Insert:

                   (ba)  subsection 27G(2), to the extent it applies to a control order access warrant;

103  After paragraph 49A(2)(c)

Insert:

                    (ca)  section 45 or subsection 46(1), to the extent it applies to protected information obtained, under a control order access warrant, from access to data held in a computer;

104  Subsection 49A(3)

After “control order warrant”, insert “or control order access warrant”.

105  Paragraphs 50(1)(g), (h) and (i)

Repeal the paragraphs, substitute:

                     (g)  the number of arrests made by law enforcement officers of the agency during that year on the basis (wholly or partly) of information obtained by:

                              (i)  the use of a surveillance device under a warrant; or

                             (ii)  access under a warrant to data held in a computer; or

                            (iii)  an emergency authorisation for the use of a surveillance device; or

                            (iv)  an emergency authorisation for access to data held in a computer; or

                             (v)  a tracking device authorisation; and

                     (h)  the number of instances during that year in which the location and safe recovery of children to whom recovery orders related was assisted (wholly or partly) by information obtained by:

                              (i)  the use of a surveillance device under a warrant; or

                             (ii)  access under a warrant to data held in a computer; or

                            (iii)  an emergency authorisation for the use of a surveillance device; or

                            (iv)  an emergency authorisation for access to data held in a computer; or

                             (v)  a tracking device authorisation; and

                      (i)  the number of prosecutions for relevant offences that were commenced during that year in which information obtained by:

                              (i)  the use of a surveillance device under a warrant; or

                             (ii)  access under a warrant to data held in a computer; or

                            (iii)  an emergency authorisation for the use of a surveillance device; or

                            (iv)  an emergency authorisation for access to data held in a computer; or

                             (v)  a tracking device authorisation;

                            was given in evidence and the number of those prosecutions in which a person was found guilty; and

106  Paragraph 50(1)(j)

After “surveillance devices”, insert “, access to data held in computers”.

107  Subsection 50A(6) (definition of control order information)

Repeal the definition, substitute:

control order information means:

                     (a)  information that, if made public, could reasonably be expected to enable a reasonable person to conclude that a control order warrant authorising:

                              (i)  the use of a surveillance device on particular premises; or

                             (ii)  the use of a surveillance device in or on a particular object or class of object; or

                            (iii)  the use of a surveillance device in respect of the conversations, activities or location of a particular person;

                            is likely to be, or is not likely to be, in force; or

                     (b)  information that, if made public, could reasonably be expected to enable a reasonable person to conclude that a control order access warrant authorising:

                              (i)  access to data held in a particular computer; or

                             (ii)  access to data held in a computer on particular premises; or

                            (iii)  access to data held in a computer associated with, used by or likely to be used by, a particular person;

                            is likely to be, or is not likely to be, in force.

108  Paragraph 51(b)

Omit “or 27(4)”, substitute “, 27(4) or 27G(4)”.

109  Paragraphs 52(1)(e), (f), (g) and (h)

Repeal the paragraphs, substitute:

                     (e)  details of each use by the agency, or by a law enforcement officer of the agency, of information obtained by:

                              (i)  the use of a surveillance device by a law enforcement officer of the agency; or

                             (ii)  access, by a law enforcement officer of the agency, to data held in a computer;

                      (f)  details of each communication by a law enforcement officer of the agency to a person other than a law enforcement officer of the agency of information obtained by:

                              (i)  the use of a surveillance device by a law enforcement officer of the agency; or

                             (ii)  access, by a law enforcement officer of the agency, to data held in a computer;

                     (g)  details of each occasion when, to the knowledge of a law enforcement officer of the agency, information obtained by:

                              (i)  the use of a surveillance device by a law enforcement officer of the agency; or

                             (ii)  access, by a law enforcement officer of the agency, to data held in a computer;

                            was given in evidence in a relevant proceeding;

                     (h)  details of each occasion when, to the knowledge of a law enforcement officer of the agency, information obtained by:

                              (i)  the use of a surveillance device by a law enforcement officer of the agency; or

                             (ii)  access, by a law enforcement officer of the agency, to data held in a computer;

                            was used in the location and safe recovery of a child to whom a recovery order related;

110  Paragraph 52(1)(j)

After “subsection 46A(1)”, insert “or (1A)”.

111  After subparagraph 53(2)(c)(iiic)

Insert:

                          (iiid)  if the warrant is a control order access warrant that was issued on the basis of a control order—the date the control order was made; and

112  At the end of subsection 62(1)

Add:

               ; or (c)  anything done by the law enforcement officer in connection with:

                              (i)  the communication by a person to another person; or

                             (ii)  the making use of; or

                            (iii)  the making of a record of; or

                            (iv)  the custody of a record of;

                            information obtained from access to data under:

                             (v)  a computer access warrant; or

                            (vi)  an emergency authorisation for access to data held in a computer.

113  Subsection 62(3)

After “section 35”, insert “or 35A”.

114  After section 64

Insert:

64A  Person with knowledge of a computer or a computer system to assist access etc.

             (1)  A law enforcement officer (or another person on the officer’s behalf) may apply to an eligible Judge or to a nominated AAT member for an order (the assistance order) requiring a specified person to provide any information or assistance that is reasonable and necessary to allow the law enforcement officer to do one or more of the following:

                     (a)  access data held in a computer that is the subject of:

                              (i)  a computer access warrant; or

                             (ii)  an emergency authorisation given in response to an application under subsection 28(1A), 29(1A) or 30(1A);

                     (b)  copy data held in the computer described in paragraph (a) to a data storage device;

                     (c)  convert into documentary form or another form intelligible to a law enforcement officer:

                              (i)  data held in the computer described in paragraph (a); or

                             (ii)  data held in a data storage device to which the data was copied as described in paragraph (b).

Warrants and emergency authorisations relating to relevant offences

             (2)  In the case of a computer that is the subject of:

                     (a)  a computer access warrant issued in relation to a relevant offence; or

                     (b)  an emergency authorisation given in response to an application under subsection 28(1A);

the eligible Judge or nominated AAT member may grant the assistance order if the eligible Judge or nominated AAT member is satisfied that:

                     (c)  there are reasonable grounds for suspecting that access to data held in the computer is necessary in the course of the investigation for the purpose of enabling evidence to be obtained of:

                              (i)  the commission of those offences; or

                             (ii)  the identity or location of the offenders; and

                     (d)  the specified person is:

                              (i)  reasonably suspected of having committed any of the offences to which the warrant or emergency authorisation relates; or

                             (ii)  the owner or lessee of the computer or device; or

                            (iii)  an employee of the owner or lessee of the computer or device; or

                            (iv)  a person engaged under a contract for services by the owner or lessee of the computer or device; or

                             (v)  a person who uses or has used the computer or device; or

                            (vi)  a person who is or was a system administrator for the system including the computer or device; and

                     (e)  the specified person has relevant knowledge of:

                              (i)  the computer or device or a computer network of which the computer or device forms or formed a part; or

                             (ii)  measures applied to protect data held in the computer or device.

Warrants and emergency authorisations relating to recovery orders

             (3)  In the case of a computer that is the subject of:

                     (a)  a computer access warrant issued in relation to a recovery order; or

                     (b)  an emergency authorisation given in response to an application under subsection 29(1A);

the eligible Judge or nominated AAT member may grant the assistance order if the eligible Judge or nominated AAT member is satisfied that:

                     (c)  there are reasonable grounds for suspecting that access to data held in the computer may assist in the location and safe recovery of the child to whom the recovery order relates; and

                     (d)  the specified person is:

                              (i)  the owner or lessee of the computer or

                             (ii)  an employee of the owner or lessee of the computer; or

                            (iii)  a person engaged under a contract for services by the owner or lessee of the computer; or

                            (iv)  a person who uses or has used the computer; or

                             (v)  a person who is or was a system administrator for the system including the computer; and

                     (e)  the specified person has relevant knowledge of:

                              (i)  the computer or a computer network of which the computer forms or formed a part; or

                             (ii)  measures applied to protect data held in the computer.

Warrants relating to mutual assistance authorisations

             (4)  In the case of a computer that is the subject of a computer access warrant issued in relation to a mutual assistance authorisation, the eligible Judge or nominated AAT member may grant the assistance order if the eligible Judge or nominated AAT member is satisfied that:

                     (a)  there are reasonable grounds for suspecting that access to data held in the computer is necessary, in the course of the investigation or investigative proceeding to which the authorisation relates, for the purpose of enabling evidence to be obtained of:

                              (i)  the commission of the offence to which the authorisation relates; or

                             (ii)  the identity or location of the persons suspected of committing the offence; and

                     (b)  the specified person is:

                              (i)  reasonably suspected of committing the offence to which the authorisation relates; or

                             (ii)  the owner or lessee of the computer; or

                            (iii)  an employee of the owner or lessee of the computer; or

                            (iv)  a person engaged under a contract for services by the owner or lessee of the computer; or

                             (v)  a person who uses or has used the computer; or

                            (vi)  a person who is or was a system administrator for the system including the computer; and

                     (c)  the specified person has relevant knowledge of:

                              (i)  the computer or a computer network of which the computer forms or formed a part; or

                             (ii)  measures applied to protect data held in the computer.

Warrants relating to integrity operations

             (5)  In the case of a computer that is the subject of a computer access warrant issued in relation to an integrity operation, the eligible Judge or nominated AAT member may grant the assistance order if the eligible Judge or nominated AAT member is satisfied that:

                     (a)  there are reasonable grounds for suspecting that access to data held in the computer will assist the conduct of the integrity operation by enabling evidence to be obtained relating to the integrity, location or identity of a particular staff member of the target agency; and

                     (b)  the specified person is:

                              (i)  the staff member; or

                             (ii)  the owner or lessee of the computer; or

                            (iii)  an employee of the owner or lessee of the computer; or

                            (iv)  a person engaged under a contract for services by the owner or lessee of the computer; or

                             (v)  a person who uses or has used the computer; or

                            (vi)  a person who is or was a system administrator for the system including the computer; and

                     (c)  the specified person has relevant knowledge of:

                              (i)  the computer or a computer network of which the computer forms or formed a part; or

                             (ii)  measures applied to protect data held in the computer.

Warrants relating to control orders

             (6)  In the case of a computer that is subject to a computer access warrant issued on the basis of a control order, the eligible Judge or nominated AAT member may grant the assistance order if the eligible Judge or nominated AAT member is satisfied that:

                     (a)  there are reasonable grounds for suspecting that access to the data held in the computer would be likely to substantially assist in:

                              (i)  protecting the public from a terrorist act; or

                             (ii)  preventing the provision of support for, or the facilitation of, a terrorist act; or

                            (iii)  preventing the provision of support for, or the facilitation of, the engagement in a hostile activity in a foreign country; or

                            (iv)  determining whether the control order, or any succeeding control order, has been, or is being, complied with; and

                     (b)  the specified person is:

                              (i)  the subject of the control order; or

                             (ii)  the owner or lessee of the computer; or

                            (iii)  an employee of the owner or lessee of the computer; or

                            (iv)  a person engaged under a contract for services by the owner or lessee of the computer; or

                             (v)  a person who uses or has used the computer; or

                            (vi)  a person who is or was a system administrator for the system including the computer; and

                     (c)  the specified person has relevant knowledge of:

                              (i)  the computer or a computer network of which the computer forms or formed a part; or

                             (ii)  measures applied to protect data held in the computer.

Emergency authorisations relating to risk of loss of evidence

             (7)  In the case of a computer that is the subject of an emergency authorisation given in response to an application under subsection 30(1A), the eligible Judge or nominated AAT member may grant the assistance order if the eligible Judge or nominated AAT member is satisfied that:

                     (a)  there are reasonable grounds for suspecting that access to data held in the computer is necessary to prevent the loss of any evidence relevant to the investigation to which the subsection 30(1A) application relates; and

                     (b)  the specified person is:

                              (i)  reasonably suspected of having committed any of the offences to which the emergency authorisation relates; or

                             (ii)  the owner or lessee of the computer or device; or

                            (iii)  an employee of the owner or lessee of the computer or device; or

                            (iv)  a person engaged under a contract for services by the owner or lessee of the computer or device; or

                             (v)  a person who uses or has used the computer or device; or

                            (vi)  a person who is or was a system administrator for the system including the computer or device; and

                     (c)  the specified person has relevant knowledge of:

                              (i)  the computer or device or a computer network of which the computer or device forms or formed a part; or

                             (ii)  measures applied to protect data held in the computer or device.

Offence

             (8)  A person commits an offence if:

                     (a)  the person is subject to an order under this section; and

                     (b)  the person is capable of complying with a requirement in the order; and

                     (c)  the person omits to do an act; and

                     (d)  the omission contravenes the requirement.

Penalty for contravention of this subsection:        Imprisonment for 10 years or 600 penalty units, or both.

115  After subsection 65(1)

Insert:

          (1A)  If:

                     (a)  information or a record is purportedly obtained through accessing, under a computer access warrant or emergency authorisation, particular data held in a computer; and

                     (b)  there is a defect or irregularity in relation to the warrant or emergency authorisation; and

                     (c)  but for that defect or irregularity, the warrant or emergency authorisation would be a sufficient authority for accessing the data;

then:

                     (d)  access to the data is taken to be as valid; and

                     (e)  the information or record obtained through accessing the data may be dealt with, or given in evidence in any proceeding;

as if the warrant or emergency authorisation did not have that defect or irregularity.

116  Subsection 65(2)

After “subsection (1)”, insert “or (1A)”.

117  After subsection 65A(2)

Insert:

Control order access warrant

          (2A)  If:

                     (a)  a control order access warrant was issued on the basis that an interim control order was in force; and

                     (b)  a court subsequently declares the interim control order to be void;

a criminal proceeding does not lie against a person in respect of anything done, or omitted to be done, in good faith by the person:

                     (c)  in the purported execution of the warrant; or

                     (d)  in the purported exercise of a power, or the purported performance of a function or duty, in a case where the purported exercise of the power, or the purported performance of the function or duty, is consequential on the warrant.

          (2B)  Subsection (2A) does not apply to a thing done, or omitted to be done, at a particular time if, at that time, the person knew, or ought reasonably to have known, of the declaration.

118  Section 65B (heading)

Repeal the heading, substitute:

65B  Dealing with information obtained under a control order warrant, control order access warrant, tracking device authorisation etc.—control order declared to be void

119  After subparagraph 65B(1)(a)(i)

Insert:

                            (ia)  a control order access warrant was issued on the basis that an interim control order was in force;

Telecommunications Act 1997

119A  After paragraph 313(7)(c)

Insert:

                  (caa)  giving effect to authorisations under section 31A of that Act; or

Telecommunications (Interception and Access) Act 1979

120  Subsection 5(1)

Insert:

ASIO computer access intercept information means information obtained under:

                     (a)  an ASIO computer access warrant; or

                     (b)  subsection 25A(8) of the Australian Security Intelligence Organisation Act 1979; or

                     (c)  subsection 27A(3C) of the Australian Security Intelligence Organisation Act 1979; or

                     (d)  an authorisation under section 27E of the Australian Security Intelligence Organisation Act 1979; or

                     (e)  subsection 27E(6) of the Australian Security Intelligence Organisation Act 1979;

by intercepting a communication passing over a telecommunications system.

ASIO computer access warrant means:

                     (a)  a warrant issued under section 25A of the Australian Security Intelligence Organisation Act 1979; or

                     (b)  a warrant issued under section 27A of the Australian Security Intelligence Organisation Act 1979 that authorises the Organisation to do any of the acts or things referred to in subsection 25A(4) or (8) of that Act; or

                     (c)  an authorisation under section 27E of the Australian Security Intelligence Organisation Act 1979.

general computer access intercept information means information obtained under a general computer access warrant by intercepting a communication passing over a telecommunications system.

general computer access warrant means a warrant issued under section 27C of the Surveillance Devices Act 2004.

121  Subsection 5(1) (at the end of the definition of restricted record)

Add “, but does not include a record of general computer access intercept information”.

122  Subsection 5(1) (paragraph (b) of the definition of warrant)

After “definition)”, insert “, a general computer access warrant or an ASIO computer access warrant”.

123  After paragraph 7(2)(b)

Insert:

                   (ba)  the interception of a communication under subsection 25A(4) or (8), 27A(1) or (3C), 27E(2) or 27E(6) of the Australian Security Intelligence Organisation Act 1979; or

                   (bb)  the interception of a communication under subsection 27E(7) of the Surveillance Devices Act 2004; or

123A  Subsection 31(1)

Omit “system by employees of the authority authorised under section 31B.”, substitute:

                   system:

                     (a)  if one or more carriers are specified in the request for the purposes of this paragraph—by:

                              (i)  employees of the security authority authorised under section 31B; and

                             (ii)  employees of those carriers; or

                     (b)  if no carriers are specified in the request for the purposes of paragraph (a)—by employees of the security authority authorised under section 31B.

123B  Subsection 31A(1)

Omit “system by employees of the security authority authorised under section 31B.”, substitute:

                   system:

                     (a)  if one or more carriers are specified in the request for the purposes of paragraph 31(1)(a)—by:

                              (i)  employees of the security authority authorised under section 31B; and

                             (ii)  employees of those carriers; or

                     (b)  if no carriers are specified in the request for the purposes of paragraph 31(1)(a)—by employees of the security authority authorised under section 31B.

123BA  After subsection 31A(4)

Insert:

          (4A)  If paragraph (1)(a) applies to the authorisation, this Part does not require that an authorised interception must involve:

                     (a)  one or more employees of the security authority referred to in that paragraph; and

                     (b)  one or more employees of a carrier referred to in that paragraph;

acting together or in the presence of each other.

123C  After section 31A

Insert:

31AA  Carrier to be notified of authorisation etc.

             (1)  If:

                     (a)  the Attorney‑General gives a section 31A authorisation in response to an application made by:

                              (i)  the head (however described) of a security authority; or

                             (ii)  a person acting as that head; and

                     (b)  the authorisation covers the employees of a carrier;

the head (however described) of the security authority, or a person acting as that head, must cause a copy of the authorisation to be given to the authorised representative of the carrier as soon as practicable.

             (2)  If:

                     (a)  the Attorney‑General has given a section 31A authorisation in response to an application made by:

                              (i)  the head (however described) of a security authority; or

                             (ii)  a person acting as that head; and

                     (b)  the authorisation is varied or revoked; and

                     (c)  the authorisation covers the employees of a carrier;

the head (however described) of the security authority, or a person acting as that head, must cause:

                     (d)  an authorised representative of the carrier to be immediately informed of the variation or revocation; and

                     (e)  a copy of the variation or revocation to be given to the authorised representative as soon as practicable.

123D  At the end of Part 2‑4

Add:

31E  Employees of security authorities

             (1)  For the purposes of this Part:

                     (a)  an ASIO employee is taken to be an employee of the Organisation; and

                     (b)  an ASIO affiliate is taken to be an employee of the Organisation.

             (2)  For the purposes of this Part, if:

                     (a)  a person is a staff member (within the meaning of the Intelligence Services Act 2001) of an agency (within the meaning of that Act); and

                     (b)  the agency is a security authority;

the person is taken to be an employee of the security authority.

124  After section 63AA

Insert:

63AB  Dealing in general computer access intercept information

             (1)  A person may, for the purposes of doing a thing authorised by a general computer access warrant:

                     (a)  communicate general computer access intercept information to another person; or

                     (b)  make use of general computer access intercept information; or

                     (c)  make a record of general computer access intercept information; or

                     (d)  give general computer access intercept information in evidence in a proceeding.

             (2)  A person may:

                     (a)  communicate general computer access intercept information to another person; or

                     (b)  make use of general computer access intercept information; or

                     (c)  make a record of general computer access intercept information;

if the information relates, or appears to relate, to the involvement, or likely involvement, of a person in one or more of the following activities:

                     (d)  activities that present a significant risk to a person’s safety;

                     (e)  acting for, or on behalf of, a foreign power (within the meaning of the Australian Security Intelligence Organisation Act 1979);

                      (f)  activities that are, or are likely to be, a threat to security;

                     (g)  activities that pose a risk, or are likely to pose a risk, to the operational security (within the meaning of the Intelligence Services Act 2001) of the Organisation or of ASIS, AGO or ASD (within the meanings of that Act);

                     (h)  activities related to the proliferation of weapons of mass destruction or the movement of goods listed from time to time in the Defence and Strategic Goods List (within the meaning of regulation 13E of the Customs (Prohibited Exports) Regulations 1958);

                      (i)  activities related to a contravention, or an alleged contravention, by a person of a UN sanction enforcement law (within the meaning of the Charter of the United Nations Act 1945).

63AC  Dealing in ASIO computer access intercept information

             (1)  A person may, for the purposes of doing a thing authorised by an ASIO computer access warrant:

                     (a)  communicate ASIO computer access intercept information to another person; or

                     (b)  make use of ASIO computer access intercept information; or

                     (c)  make a record of ASIO computer access intercept information; or

                     (d)  give ASIO computer access intercept information in evidence in a proceeding.

             (2)  A person may:

                     (a)  communicate ASIO computer access intercept information to another person; or

                     (b)  make use of ASIO computer access intercept information; or

                     (c)  make a record of ASIO computer access intercept information;

if the information relates, or appears to relate, to the involvement, or likely involvement, of a person in one or more of the following activities:

                     (d)  activities that present a significant risk to a person’s safety;

                     (e)  acting for, or on behalf of, a foreign power (within the meaning of the Australian Security Intelligence Organisation Act 1979);

                      (f)  activities that are, or are likely to be, a threat to security;

                     (g)  activities that pose a risk, or are likely to pose a risk, to the operational security (within the meaning of the Intelligence Services Act 2001) of the Organisation or of ASIS, AGO or ASD (within the meanings of that Act);

                     (h)  activities related to the proliferation of weapons of mass destruction or the movement of goods listed from time to time in the Defence and Strategic Goods List (within the meaning of regulation 13E of the Customs (Prohibited Exports) Regulations 1958);

                      (i)  activities related to a contravention, or an alleged contravention, by a person of a UN sanction enforcement law (within the meaning of the Charter of the United Nations Act 1945).

124A  At the end of section 63B

Add:

             (5)  If an employee of a carrier has obtained lawfully intercepted information under a section 31A authorisation that was given in response to an application made by the head (however described) of a security authority or a person acting as that head, the employee may:

                     (a)  communicate the information to:

                              (i)  an employee of the security authority; or

                             (ii)  another employee of the carrier; or

                            (iii)  if the authorisation covers the employees of one or more other carriers—an employee of any of those other carriers; or

                     (b)  make use of the information; or

                     (c)  make a record of the information;

if:

                     (d)  the employee does so for the purposes of the development or testing of technologies, or interception capabilities, to which the authorisation relates; and

                     (e)  the communication or use of the information, or the making of the record, as the case may be, does not contravene a condition to which the authorisation is subject.

125  Paragraph 64(1)(a)

After “foreign intelligence information”, insert “or ASIO computer access intercept information”.

126  Paragraph 65(1)(a)

After “information”, insert “other than ASIO computer access intercept information”.

126AA  At the end of section 65 (after the note)

Add:

             (4)  If lawfully intercepted information was obtained under a section 31A authorisation, subsection (1) of this section does not authorise the communication of the information in accordance with subsection 18(3) of the Australian Security Intelligence Organisation Act 1979 to:

                     (a)  a staff member of an authority of the Commonwealth; or

                     (b)  a staff member of an authority of a State;

unless the communication is for the purpose of the development or testing of technologies, or interception capabilities, of:

                     (c)  that authority; or

                     (d)  the Organisation.

             (5)  If lawfully intercepted information was obtained under a section 31A authorisation, subsection (1) of this section does not authorise the communication of the information in accordance with subsection 18(4A) of the Australian Security Intelligence Organisation Act 1979 to a staff member of ASIS, ASD or AGO unless the communication is for the purpose of the development or testing of technologies, or interception capabilities, of:

                     (a)  ASIS, ASD or AGO, as the case requires; or

                     (b)  the Organisation.

             (6)  If lawfully intercepted information was obtained under a section 31A authorisation, subsection (1) of this section does not authorise the communication of the information in accordance with subsection 19A(4) of the Australian Security Intelligence Organisation Act 1979 to a staff member of a body referred to in paragraph 19A(1)(d) or (e) of that Act unless the communication is for the purpose of the development or testing of technologies, or interception capabilities, of:

                     (a)  that body; or

                     (b)  the Organisation.

             (7)  For the purposes of subsections (4), (5) and (6), authority of the Commonwealth, authority of a State, ASIS, ASD, AGO and staff member have the same respective meanings as in the Australian Security Intelligence Organisation Act 1979.

126A  Paragraph 65A(1)(a)

After “foreign intelligence information”, insert “or information obtained under a section 31A authorisation”.

127  Paragraph 67(1)(a)

After “foreign intelligence information”, insert “or general computer access intercept information”.

128  Section 68

After “communicate lawfully intercepted information”, insert “(other than general computer access intercept information)”.

129  Subsection 74(1)

After “foreign intelligence information”, insert “, general computer access intercept information or ASIO computer access intercept information”.

130  Subsection 75(1)

After “other than”, insert “a general computer access warrant or”.

131  Paragraphs 77(1)(a) and (b)

After “63A,”, insert “63AB, 63AC,”.

131A  After paragraph 108(2)(ca)

Insert:

                   (cb)  accessing a stored communication under a general computer access warrant; or

Part 2—Application provisions

132  Application—computer access warrants

(1)       The amendments of sections 25A and 27A of the Australian Security Intelligence Organisation Act 1979 made by this Schedule apply in relation to a warrant issued after the commencement of this item.

(2)       The amendments of section 27E of the Australian Security Intelligence Organisation Act 1979 made by this Schedule apply in relation to an authorisation given after the commencement of this item.

(3)       The amendments of sections 50 and 50A of the Surveillance Devices Act 2004 made by this Schedule apply in relation to a report in respect of:

                     (a)  the financial year in which this item commences; or

                     (b)  a later financial year.

(4)       The amendment of section 31 of the Telecommunications (Interception and Access) Act 1979 made by this Schedule applies in relation to a request made after the commencement of this item.

(5)       The amendments of section 31A of the Telecommunications (Interception and Access) Act 1979 made by this Schedule apply in relation to an authorisation given in response to a request made after the commencement of this item.

Part 3—Amendments contingent on the commencement of the Crimes Legislation Amendment (International Crime Cooperation and Other Measures) Act 2018

International Criminal Court Act 2002

133  After Division 12A of Part 4

Insert:

Division 12B—Requests for access to data held in computers

79B  Authorising applications for computer access warrants

             (1)  The Attorney‑General may authorise, in writing, an eligible law enforcement officer to apply for a computer access warrant under section 27A of the Surveillance Devices Act 2004 if:

                     (a)  the ICC has requested the Attorney‑General to arrange for the access to data held in a computer (the target computer); and

                     (b)  the Attorney‑General is satisfied that an investigation is being conducted by the Prosecutor, or a proceeding is before the ICC; and

                     (c)  the Attorney‑General is satisfied that the ICC has given appropriate undertakings for:

                              (i)  ensuring that data obtained as a result of access under the warrant will only be used for the purpose for which it is communicated to the ICC; and

                             (ii)  the destruction of a document or other thing containing data obtained as a result of access under the warrant; and

                            (iii)  any other matter the Attorney‑General considers appropriate.

Note:          The eligible law enforcement officer can only apply for the warrant if the officer reasonably suspects that the access to data held in the target computer is necessary for the investigation or proceeding (see subsection 27A(4) of the Surveillance Devices Act 2004).

             (2)  The target computer may be any one or more of the following:

                     (a)  a particular computer;

                     (b)  a computer on particular premises;

                     (c)  a computer associated with, used by or likely to be used by, a person (whose identity may or may not be known).

             (3)  In this section:

computer has the same meaning as in the Surveillance Devices Act 2004.

data has the same meaning as in the Surveillance Devices Act 2004.

data held in a computer has the same meaning as in the Surveillance Devices Act 2004.

eligible law enforcement officer means a person mentioned in column 3 of table item 5 in subsection 6A(6), or column 3 of table item 5 in subsection 6A(7), of the Surveillance Devices Act 2004.

International War Crimes Tribunals Act 1995

134  After Division 1A of Part 4

Insert:

Division 1B—Requests for access to data held in computers

32B  Authorising applications for computer access warrants

             (1)  The Attorney‑General may authorise, in writing, an eligible law enforcement officer to apply for a computer access warrant under section 27A of the Surveillance Devices Act 2004 if:

                     (a)  a Tribunal has requested the Attorney‑General to arrange for access to data held in a computer (the target computer); and

                     (b)  the Attorney‑General is satisfied that a proceeding is before, or an investigation is being conducted by, the Tribunal; and

                     (c)  the Attorney‑General is satisfied that the Tribunal has given appropriate undertakings for:

                              (i)  ensuring that data obtained as a result of the access under the warrant will only be used for the purpose for which it is communicated to the Tribunal; and

                             (ii)  the destruction of a document or other thing containing data obtained as a result of access under the warrant; and

                            (iii)  any other matter the Attorney‑General considers appropriate.

Note:          The eligible law enforcement officer can only apply for the warrant if the officer reasonably suspects that the access to data held in the target computer is necessary for the investigation or proceeding (see subsection 27A(4) of the Surveillance Devices Act 2004).

             (2)  In this section:

computer has the same meaning as in the Surveillance Devices Act 2004.

data has the same meaning as in the Surveillance Devices Act 2004.

data held in a computer has the same meaning as in the Surveillance Devices Act 2004.

eligible law enforcement officer means a person mentioned in column 3 of table item 5 in subsection 6A(6), or column 3 of table item 5 in subsection 6A(7), of the Surveillance Devices Act 2004.

Surveillance Devices Act 2004

135  Subsection 6(1) (definition of international assistance application)

Repeal the definition, substitute:

international assistance application means:

                     (a)  an application for a surveillance device warrant; or

                     (b)  an application for a computer access warrant;

made under an international assistance authorisation.

136  Subsection 6(1) (paragraph (a) of the definition of international assistance authorisation)

After “15CA(1)”, insert “or 15CC(1)”.

137  Subsection 27A(4)

Repeal the subsection, substitute:

Warrants sought for international assistance investigations

             (4)  A law enforcement officer (or a person on the officer’s behalf) may apply for the issue of a computer access warrant if the officer:

                     (a)  is authorised to do so under an international assistance authorisation; and

                     (b)  suspects on reasonable grounds that access to data held in a computer (the target computer) is necessary, in the course of the investigation or investigative proceeding to which the authorisation relates, for the purpose of enabling evidence to be obtained of:

                              (i)  the commission of an offence to which the authorisation relates; or

                             (ii)  the identity or location of the persons suspected of committing the offence.

138  Paragraphs 27C(1)(c) and (2)(a)

Omit “a mutual assistance authorisation”, substitute “an international assistance authorisation”.

139  Paragraph 27C(2)(f)

Repeal the paragraph, substitute:

                      (f)  in the case of a warrant sought in relation to an international assistance authorisation—the likely evidentiary or intelligence value of any evidence or information sought to be obtained, to the extent that this is possible to determine from information obtained from the international entity to which the authorisation relates; and

140  Subparagraph 27D(1)(b)(iv)

Repeal the paragraph, substitute:

                    (iv)  if the warrant relates to an international assistance authorisation—each offence to which the authorisation relates; and

141  Paragraph 27E(3)(c)

Omit “a mutual assistance authorisation”, substitute “an international assistance authorisation”.

142  Paragraph 27H(4)(a)

Omit “a mutual assistance authorisation”, substitute “an international assistance authorisation”.

143  Subparagraph 27H(4)(b)(i)

Repeal the subparagraph, substitute:

                              (i)  the commission of any offence to which the authorisation relates; or

144  Paragraph 27H(9)(c)

Repeal the paragraph, substitute:

                     (c)  if the warrant was issued in relation to an international assistance authorisation—of enabling evidence to be obtained of:

                              (i)  the commission of any offence to which the authorisation relates; or

                             (ii)  the identity or location of the persons suspected of committing the offence;

145  Subsection 64A(4)

Repeal the subsection, substitute:

Warrants relating to international assistance authorisations

             (4)  In the case of a computer that is the subject of a computer access warrant issued in relation to an international assistance authorisation, the eligible Judge or nominated AAT member may grant the assistance order if the eligible Judge or nominated AAT member is satisfied that:

                     (a)  there are reasonable grounds for suspecting that access to data held in the computer is necessary, in the course of the investigation or investigative proceeding to which the authorisation relates, for the purpose of enabling evidence to be obtained of:

                              (i)  the commission of an offence to which the authorisation relates; or

                             (ii)  the identity or location of the persons suspected of committing the offence; and

                     (b)  the specified person is:

                              (i)  reasonably suspected of committing an offence to which the authorisation relates; or

                             (ii)  the owner or lessee of the computer; or

                            (iii)  an employee of the owner or lessee of the computer; or

                            (iv)  a person engaged under a contract for services by the owner or lessee of the computer; or

                             (v)  a person who uses or has used the computer; or

                            (vi)  a person who is or was a system administrator for the system including the computer; and

                     (c)  the specified person has relevant knowledge of:

                              (i)  the computer or a computer network of which the computer forms or formed a part; or

                             (ii)  measures applied to protect data held in the computer.

146  Application of amendments

            The amendments made by this Part apply in relation to a request made to the Attorney‑General by the ICC, a Tribunal or a foreign country:

                     (a)  at or after the commencement of this item; or

                     (b)  before the commencement of this item, if, immediately before that commencement, the Attorney‑General had yet to make a decision on the request;

whether conduct, a crime or an offence to which the request relates occurred before, on or after that commencement.