Commonwealth of Australia Explanatory Memoranda Commonwealth of Australia Explanatory Memoranda[Index] [Search] [Download] [Bill] [Help]
2008 - 2009
THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA
HOUSE OF REPRESENTATIVES
TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) AMENDMENT BILL 2009
EXPLANATORY MEMORANDUM
(Circulated by authority of the Attorney-General,
the Honourable Robert McClelland MP)
TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) AMENDMENT BILL 2009
OUTLINE
The Bill will amend the Telecommunications (Interception and Access) Act
1979 (the TIA Act) to implement a full legislative solution that clarifies
the basis on which communications can be accessed for the purposes of
protecting a computer network.
Increased use of online services by individuals, governments, business and
the
not-for-profit sector means sensitive information is regularly transmitted
and stored electronically. Accessing or disrupting the carriage of this
information can provide significant financial and other benefits for
criminal elements. Consequently, protecting information and computer
infrastructure from malicious attack is a key concern both for governments
and for the growing number of computer network owners whose networks hold
and transmit such information.
Not all network protection activities are currently lawful under the TIA
Act. Whether an activity is lawful depends on the particular
characteristics of the activity that is undertaken, where it is undertaken,
by whom, and whether or not there is awareness by the affected person that
it is being done. For example, persons undertaking network protection
activities may need to copy a communication before it is delivered to the
intended recipient. However, under the TIA Act, copying is only allowed at
certain points in the delivery of that communication and under certain
conditions. This means that network owners and operators are vulnerable to
inadvertently breaching the law prohibiting interception.
The TIA Act currently includes special exemptions that enable interception
and security agencies, as well as certain Government Departments, to access
communications on their own computer network for network protection
activities. However, these provisions are not permanent. Rather, they
were intended to operate on an interim basis while a comprehensive solution
covering both the public and private sectors was developed. These
provisions cease to have effect after 12 December 2009.
The amendments contained in the Bill will:
. enable all owners and operators of computer networks to undertake
activities to operate, maintain and protect their networks
. enable Commonwealth agencies, security authorities and eligible State
authorities to ensure that their computer network is appropriately used
by employees, office holders or contractors of the agency or authority
. limit secondary use and disclosure of information obtained through
network protection activities to:
a. network protection purposes
b. undertaking disciplinary action against an employee, office
holder or contractor of a Commonwealth agency, security
authority and eligible authority of a State who has been given
access to a network, and
c. reporting illegal behaviour that attracts a minimum of three
years' imprisonment penalty threshold to the relevant
authorities
. require the destruction of records obtained by undertaking network
protection activities when the information is no longer required for
those purposes.
Under the Bill network protection activities include activities intended to
protect the communication of and access to information on the network, as
well as network infrastructure.
Network protection information will only be able to be communicated or used
for disciplinary purposes by Commonwealth agencies, security authorities
and eligible authorities as defined under the TIA Act. Use for these
purposes is consistent with the current network protection provisions.
Additional protections for workers in these agencies and authorities will
be inserted by this Bill. Under these requirements network protection
information will only be able to be communicated or used for disciplinary
purposes where a user has undertaken to comply with reasonable conditions
and where that communication or use is not prohibited by another State,
Territory or Commonwealth law. Any initial or subsequent disclosures made
by an individual who has received information for the purpose of
disciplinary action must also accord with Commonwealth, State or Territory
laws.
This Bill will also improve the effectiveness of the Australian
telecommunications access regime by:
. extending the evidentiary certificate regime to lawful access to
telecommunications data authorised under Chapter 4 of the TIA Act and
allowing the Managing Director or the secretary of a carrier to
delegate their evidentiary certificate functions
. clarifying that lawfully intercepted information can be used,
communicated and used in proceedings by the Australian Federal Police
(AFP) in applications for interim and final control orders and initial
and final preventative detention orders under Divisions 104 and 105 of
the Criminal Code Act 1995, and
. making consequential amendments to reflect amendments to the Police
Integrity Commission Act 1996 (NSW) in relation to the investigation of
the corrupt conduct of an administrative officer of the New South
Wales Police Force (NSWPF) or the misconduct of an officer of the New
South Wales Crime Commission (NSWCC).
FINANCIAL IMPACT STATEMENT
The amendments made by the Telecommunications (Interception and
Access) Amendment Bill 2009 will have no financial impact.
NOTES ON CLAUSES
Clause 1 Short title
Clause 1 is a formal provision specifying the short title of the Bill. It
provides that the Act may be cited as the Telecommunications (Interception
and Access) Amendment Act 2009.
Clause 2 Commencement
Clause 2 provides for the commencement of the Bill.
This Act will commence on the day after this Act receives Royal Assent.
Clause 3 Schedule(s)
Clause 3 provides that each Act that is specified in a Schedule is amended
or repealed as set out in the applicable items in the Schedule concerned,
and any other item in a Schedule to this Act has effect according to its
terms.
Schedule 1 - Amendments
Telecommunications (Interception and Access) Act 1979
Computer networks are protected from security risks by the use of gateway
controlled systems. The use of these systems (such as virus protection
applications) is generally consistent with interception legislation.
Automated systems can screen and reject incoming communications if they are
suspected of containing a virus, and network operators are able to monitor
internal and outbound communications (including emails and internet
browsing) provided they have notified the people using the computer
network. However, some network protection activities that take place at
the threshold of a computer network such as the copying or recording of
communications for purposes such as quarantining, analysing or filtering
may constitute a technical breach of the
TIA Act.
Activities undertaken for the purpose of protecting a network are
critical to the efficient operation of network infrastructure and the
protection of data stored and transmitted on the network. Such data
may include sensitive government and business data held on the network,
as well as any personal and financial data which individuals have
supplied, for example in the course of their employment or in
requesting or purchasing services.
The Bill ensures that all legitimate activities in relation to
protecting computer networks, whether it is the infrastructure or the
information stored or transmitted by them, which are undertaken by
network administrators in either the government or non-government
sectors, do not inadvertently constitute an offence under the TIA Act.
However, the new provisions do not make such activities compulsory.
Utilising the provisions in relation to network protection remains at
the discretion of the owner or operator of the network.
Item 1 - Subsection 5(1)
Item 1 amends subsection 5(1) by inserting the definition of appropriately
used.
The term appropriately used in relation to a computer network is to be
defined according to section 6AAA of the TIA Act, which provides the terms
on which the computer network is appropriately used by an employee, office
holder or contractor of a Commonwealth agency, security authority or
eligible State authority.
A computer network is part of the telecommunications system that is
controlled by the owner or operator of that computer network. A computer
network will include the network infrastructure, stored information and any
mobile devices that have been permitted access to that computer network.
A computer network is a part of a telecommunications network that is solely
controlled by an individual or an organisation.
The terms Commonwealth agency, security authority and eligible authority in
relation to a State are defined in subsection 5(1).
For the purposes of the TIA Act, a Commonwealth agency is limited to the
Australian Federal Police, the Australian Commission for Law Enforcement
Integrity and the Australian Crime Commission.
A security authority is an authority of the Commonwealth whose functions
primarily relate to security, collection of foreign intelligence, the
defence of Australia or the conduct of the Commonwealth's international
affairs.
An eligible authority in relation to a State includes State Police, as well
as anti-corruption bodies, such as the Independent Commission Against
Corruption and the Victorian Office of Police Integrity.
Item 2 - Subsection 5(1)
Item 2 amends subsection 5(1) by inserting the definition of network
protection duties.
Network protection duties, undertaken in relation to a computer network,
are duties relating to the operation, protection or maintenance of the
computer network.
Where the computer network is operated by, or on behalf of, a Commonwealth
agency, security authority or eligible authority of a State, network
protection duties also include ensuring that the network is appropriately
used by employees, office holders or contractors of the agency or
authority. This is the basis for the exception to the general prohibition
on the interception of a communication at Item 11.
Network protection duties encompass activities undertaken to protect the
network infrastructure, the information transmitted by the network and
information stored on the network.
Item 3 - Subsection 5(1)
Item 3 amends subsection 5(1) by inserting the definition of office holder.
An office holder is a person who holds, occupies or performs the duties of
an office, position or appointment. This definition is intended to ensure
that the appropriate use provisions apply to all employment arrangements.
Item 4 - Subsection 5(1)
Item 4 amends subsection 5(1) by inserting the definition of responsible
person.
Under this Bill, network protection activities can only be lawfully
undertaken if certain conditions are met. One condition is that a person
must be authorised in writing by a responsible person to perform network
protection duties.
In a small organisation, the responsible person is the individual who owns
or operates the computer network or on whose behalf the computer network is
operated. This would include a sole trader who owns or operates the
computer network in their business.
In the case of a body, including a body corporate, the responsible person
is the head of the body who owns or controls the computer network or on
whose behalf the computer network is operated, or a person acting as that
head, or a person holding (or acting in) a position nominated by the head
(or the acting head) of that body. For example, the responsible person
could include the Chief Executive Officer of the corporation owning the
network, and the responsible person functions may be delegated to one or
more other positions in the corporation such as the Head of IT, or the Head
of IT Security.
Allowing more than one person to be nominated as the responsible person
means organisations have the capacity to respond to network protection
issues as they arise.
Items 5 and 6 - Subsections 5F(1), (2) and (3)
Items 7 and 8 - Subsections 5G(1), (2), (3) and (4)
The Telecommunications (Interception) Amendment Act 2006 inserted the
existing network protection provisions into sections 5F and 5G of the TIA
Act. These provisions are limited to law enforcement agencies, security
authorities and eligible authorities of a State. They are subject to a
sunset clause and are due to expire at the end of 12 December 2009.
The existing section 5F operates by providing that a message does not start
its passage over the telecommunications system until such time as it exits
the relevant agency or authority's network. It enables communications
which are within the network boundaries of the relevant agency or
authority's network to be copied or recorded in order to allow network
protection duties concerning the operation, protection or maintenance of
the network, or upholding professional standards, to be performed by
personnel within those bodies other than the sender.
The existing section 5G operates by modifying the definition of the
intended recipient of a communication for Commonwealth agencies, security
authorities and eligible authorities of a State. It enables communications
which are within the network boundaries of the relevant agency or
authority's network to be copied or recorded in order to allow duties
concerning the operation, protection or maintenance of the network, or
upholding professional standards, to be performed by personnel within those
bodies other than the addressee.
The effect of Items 5 - 8 is to repeal these provisions so that they can be
replaced with the solution for network protection introduced by this Bill.
Items 7 and 8 remove the modification of the definition of intended
recipient so that with the introduction of the new solution the intended
recipient of a communication does not vary depending on whether or not it
is a Commonwealth agency, security authority or eligible authority of a
State.
Item 9 - After section 6
Item 9 inserts new section 6AAA.
New section 6AAA specifies when a computer network is appropriately used.
An employee, office holder or contractor of a Commonwealth agency, security
authority or eligible authority of a State, who has legitimate access to a
computer network, appropriately uses that network, when they have made a
written undertaking to comply with any conditions specified by the agency
or authority, those conditions are reasonable and the person complies with
those conditions when using the network.
When read in conjunction with the Acts Interpretation Act 1901 (Cth), the
requirement for an agreement in writing includes any mode of representing
or reproducing words, figures, drawings or symbols in a visible form.
This means that an electronic agreement that otherwise complies with new
section 6AAA will satisfy the written requirement in that section.
The concept of appropriate use is flexible enough to recognise that what
constitutes an appropriate use of a computer network will vary between
agencies. User agreements must be reasonable for the agency or authority
involved and complies with all relevant Commonwealth, State and Territory
laws.
The Bill does not require a new user agreement to be entered into.
Existing user agreements will suffice where an employee, office holder or
contractor of an agency or authority has undertaken to comply with the
conditions set out in the agreement and those conditions are reasonable.
The absence of user agreements does not preclude an agency or authority
from recording information transiting their computer network for duties
relating to the operation, protection or maintenance of the network.
However, an agency or authority will not be able to record information
transiting their network to ensure the network is appropriately used, nor
secondarily use or disclose information accessed for disciplinary purposes.
This is because new subsection 63D(2) at Item 15 only authorises
disciplinary action to be taken in relation to 'appropriate use' of the
network, not 'use' of the network.
Allowing specified government agencies and authorities to undertake network
protection activities for disciplinary purposes is consistent with the
existing network protection provisions. These agencies are subject to
additional statutory requirements not applicable to other public sector or
non-government employers which prescribe particular information handling
obligations. The requirement to act in accordance with reasonable
conditions set out in a written user agreement is new and will provide
additional protection to workers in the agencies and authorities covered by
these provisions.
Item 10 - At the end of paragraph 6E(2)(b)
Item 10 amends subsection 6E(2) by adding 'or 63E' at the end of paragraph
6E(2)(b).
This amendment extends the definition of lawfully intercepted information
to include information communicated to an agency or authority by a
responsible person for a computer network in accordance with the provisions
of section 63E at Item 15.
This ensures that information communicated to an agency (including a law
enforcement agency) by a responsible person for the purposes of determining
whether a person has committed a prescribed offence can only be used and
disclosed by that agency in accordance with the existing limitations on use
and disclosure set out in the TIA Act.
A prescribed offence is defined in subsection 5(1) and is generally an
offence punishable by imprisonment for a maximum period of at least three
years.
Item 11 - After paragraph 7(2)(aa)
Item 11 amends subsection 7(2) by inserting new paragraph 7(2)(aaa).
New paragraph 7(2)(aaa) creates an exception to the prohibition on the
interception of communications by persons lawfully engaged in network
protection duties in relation to a computer network where that interception
is reasonably necessary for the person to effectively perform their duties.
New paragraph 7(2)(aaa) ensures that a person, who is lawfully engaged, in
writing, by the responsible person to perform duties relating to the
protection, operation or maintenance of the network, may intercept
communications within that computer network without breaching the TIA Act
where that interception is reasonably necessary for the performance of
those duties. This exception to the general prohibition on the
interception of communications applies to both government and non-
government computer networks.
New paragraph 7(2)(aaa) also enables a lawfully engaged person to undertake
network protection duties to ensure that a network operated by or on behalf
of a Commonwealth agency, security authority or eligible authority of a
State is being used appropriately by employees, office holders or
contractors of the agency or authority.
The engagement of persons to undertake network protection duties is not
restricted to internal appointments and can be outsourced to one or more
third party providers. There is no requirement that a person can only
perform network protection duties, merely that network protection duties
must be within their responsibilities.
Paragraph 7(2)(aaa) does not allow the interception of speech for network
protection purposes. Voice communication in the form of packet data, such
as Voice over Internet Protocol (VoIP), may be interrogated but the data
cannot be reconstructed in order to listen to the actual voice
communication.
This limitation is intended to preserve the integrity of the interception
warrant regime by excluding telephone conversations and communications from
the exception so that normal voice communications cannot be listened to.
The limitation does not prevent recorded voice communications embedded in
video or audio files such as music videos or audio files downloaded from
the internet that may be attached to an email communication from being
intercepted, reconstituted and listened to for the purposes of
communicating or making use of communications intercepted under new
paragraph 7(2)(aaa).
Information that is intercepted under this provision will be lawfully
intercepted information for the purposes of section 6E of the TIA Act and
will, therefore, be subject to the existing limitations on the secondary
use and disclosure of lawfully intercepted information in Part 2-6 of the
TIA Act.
Item 12 - Subsection 7(2A)
Item 12 amends subsection 7(2A) to incorporate a reference to new paragraph
7(2)(aaa) which provides that in determining whether an act or thing done
by a person under the network protection exemption was reasonably necessary
in order for the person to perform their duties effectively, a court is to
have regard to such matters that are specified in or ascertained in
accordance with the regulations.
No regulations have been issued at this time.
Item 13 - After subsection 7(2A)
Item 13 amends section 7 by inserting new subsection 7(3).
New subsection 7(3) clarifies that the network protection exception to the
prohibition of the interception of telecommunications does not apply to
voice communications in the form of speech, which includes a communication
that involves a recorded or synthetic voice.
In the case of Voice over Internet Protocol (VoIP), the voice communication
in the form of packet data may be intercepted and interrogated but the data
may not be reconstructed in order to listen to the actual voice
communication.
This limitation is intended to preserve the integrity of the interception
warrant regime by excluding telephone conversations and communications from
the exception so that normal voice communications cannot be listened to.
Recorded voice communications embedded in video or audio files such as a
music video or audio file downloaded from the internet that may be attached
to an email communication can be intercepted, reconstituted and listened to
for the purposes of communicating or making use of communications
intercepted under new paragraph 7(2)(aaa).
Item 14 - After subsection 35(1)
Item 14 amends section 35 by inserting new subsection 35(1A).
New subsection 35(1A) applies to the operation of paragraphs 35(1)(f) and
35(1)(g).
Section 35 of the TIA Act sets out the conditions State law must meet
before the Minister can declare an eligible State authority to be an
interception agency under section 34 of the TIA Act. Paragraphs 35(1)(f)
and 35(1)(g) specify security and destruction requirements for information
lawfully intercepted in accordance with the TIA Act. While these
requirements are appropriate for information accessed under a warrant by an
interception agency, if applied to communications intercepted under
paragraph 7(2)(aaa), they would impose an onerous administrative burden on
interception agencies that would not be imposed on any other computer
network operator.
With the commencement of new subsection 35(1A), the effect of these
amendments will be that a relevant State law will not have to place a
personal requirement on the chief officer of an eligible authority of a
State to keep in a secure place or limit access to a restricted record that
is a record of a communication that was intercepted under paragraph
7(2)(aaa).
Nor will a State law have to require the chief officer of an eligible
authority of a State to cause the destruction of a restricted record that
is a record of a communication intercepted under paragraph 7(2)(aaa). This
is consistent with new section 79A at Item 22 which imposes destruction
requirements on the responsible person for the computer network of an
eligible State authority rather than the chief officer.
As new subsection 35(1A) removes restricted records that are records of
communications intercepted under the provisions of 7(2)(aaa) from the
record-keeping and destruction requirements imposed by subsections 35(1)(f)
and 35(1)(g), such records will not be a factor when the Minister is
considering preconditions in relation to a declaration under section 34.
Item 15 - After section 63B
Item 15 inserts new sections 63C, 63D and 63E.
New section 63C sets out the terms under which a person engaged in network
protection duties may communicate or make use of information lawfully
intercepted in relation to those duties.
New subsection 63C(1) allows a person legitimately engaged in network
protection duties to communicate, cause to be communicated or make use of
information which was lawfully intercepted in the performance of those
duties. Network protection duties mean duties relating to the operation,
protection or maintenance of the network, including its infrastructure.
Where the computer network is operated by, or on behalf of, a Commonwealth
agency, security authority or eligible authority of a State, network
protection duties also include ensuring that the network, including its
infrastructure, is appropriately used.
New subsection 63C(1) is subject to new subsection 63C(3) which does not
allow the use or disclosure of a communication intercepted under new
paragraph 7(2)(aaa) that has been converted into a voice communication in
the form of speech.
Under new subsection 63C(2), a person engaged in network protection duties
may disclose lawfully intercepted information to either the responsible
person for the network or to another person if it is reasonably necessary
to enable the other person to perform their duties in relation to
protecting the network.
New subsection 63C(2) is also subject to the limitations of new subsection
63C(3) regarding voice communications.
New section 63D allows a person engaged in network protection duties to
disclose lawfully intercepted information to another person in order to
determine whether disciplinary action should be taken in relation to the
use of the network by an employee, office holder or contractor of a
Commonwealth agency, security authority or eligible State authority who has
legitimate access to the network, taking disciplinary action in relation to
the use of the network by such an employee, office holder or contractor or
reviewing a decision to take disciplinary action.
Whether a computer network has been used appropriately is defined by
reference to new section 6AAA at Item 9.
New subsection 63D(2) is limited by the operation of new subsections 63D(3)
and 63D(4).
New subsection 63D(3) does not allow the use or disclosure of a
communication intercepted under new paragraph 7(2)(aaa) that has been
converted into a voice communication in the form of speech.
New subsection 63D(4) prevents a person from communicating or making use of
information accessed under new paragraph 7(2)(aaa) relating to disciplinary
action if to do so would contravene another law of the Commonwealth, State
or Territory. This limitation further protects workers in agencies and
authorities covered by these provisions by ensuring that their employer
cannot circumvent any relevant Commonwealth, State or Territory workplace
relations requirements or workplace surveillance laws by accessing
information under the TIA Act.
New section 63E allows a responsible person for a computer network to
voluntarily communicate lawfully intercepted information, other than
foreign intelligence information, to an officer of an agency in certain
circumstances.
An agency may not compel or request the disclosure of information obtained
under new paragraph 7(2)(aaa).
The responsible person may only communicate the information if it was
communicated to the responsible person under new subsection 63C(2)(a) by a
person lawfully undertaking network protection duties and the responsible
person suspects, on reasonable grounds, that the information is relevant to
determining whether another person has committed a prescribed offence. A
prescribed offence is defined in subsection 5(1) and is generally an
offence punishable by imprisonment for a maximum period of at least three
years.
It is not necessary for the responsible person to determine that the
suspected offence is a prescribed offence. It is only necessary for the
responsible person to have a reasonable belief that it may be a prescribed
offence under the TIA Act.
Lawfully intercepted information may be communicated to an agency pursuant
to section 63E regardless of whether it was collected in accordance with a
user agreement.
Item 16 - Section 72
This is a consequential amendment to incorporate references to new sections
63C, 63D and 63E.
This amendment allows all persons who communicate information in accordance
with new sections 63C, 63D and 63E to make a record of that information.
Items 17 - 20 - Section 73
These amendments ensure that the limitations on the use and disclosure of
information related to disciplinary action will apply to further use and
disclosures regardless of the number of times the information is used or
disclosed.
These amendments will also ensure that a person who receives information
related to disciplinary action under subsection 63D(2), may only
communicate, use or record that information where doing so does not
contravene another law of the Commonwealth or a State or Territory.
Item 21 - At the end of section 79
Item 21 amends section 79 by inserting new subsection 79(3).
Section 79 sets out the destruction requirements applicable to interception
agencies in relation to records regarding intercepted information (a
restricted record).
These requirements only apply to interception agencies and when combined
with the new destruction requirements under new section 79A at Item 22
would create a different regime for interception agencies. This would
impose an onerous administrative burden on agencies as the destruction
requirements in section 79 are imposed on an agency's chief officer. In
practice this would mean that the chief officer of an agency would need to
destroy every record of a network protection activity when it is no longer
needed. In some agencies this could amount to thousands of records at any
point in time.
New subsection 79(3) will address this by ensuring that section 79 does not
apply to records of communications intercepted under new paragraph
7(2)(aaa). Rather, the new section 79A will apply to agencies.
Item 22 - At the end of Part 2-6
Item 22 inserts new section 79A.
New section 79A states that the responsible person for a computer network
must ensure the destruction of a restricted record that is a record of a
communication that was intercepted under paragraph 7(2)(aaa). This record
is a restricted record for the purposes of subsection 5(1) of the TIA Act.
The responsible person must cause the record to be destroyed once the
responsible person is satisfied that the record is not likely to be
required for network protection duties.
In the case of a network operated by, or on behalf of a Commonwealth
agency, security authority or eligible State authority, once the
responsible person is satisfied that the record is not likely to be
required for the purpose of deciding, taking or reviewing disciplinary
action in relation to the appropriate use of the network, the responsible
person must cause the record to be destroyed.
The obligation extends only to the destruction of the original record.
There is no obligation on the responsible person to destroy copies of
restricted records as often they are no longer in the possession of the
responsible person, but have been lawfully communicated to another person.
As more than one person can be designated as a responsible person the
destruction requirement can be met by more than one person.
Item 23 - Paragraph 81(1)(d)
Item 22 amends subsection 81(1) by excluding the requirement for the Chief
Officer of an agency to record every occasion a network protection activity
takes place.
While these requirements are appropriate for information accessed under a
warrant by an interception agency, they would impose an onerous
administrative burden on interception agencies that could impact on an
agency's capacity to perform network protection duties.
Consistent with Item 21, this Item will ensure that consistent requirements
apply to communications intercepted under paragraph 7(2)(aaa).
Schedule 2-Other amendments
The purpose of Schedule 2 is to make other necessary amendments to the TIA
Act to improve the ongoing effective operation of the interception and
access regime in Australia.
These amendments will:
. extend the evidentiary certificate regime to lawful access to
telecommunications data authorised under Chapter 4 of the TIA Act and
allow the Managing Director or the secretary of a carrier to delegate
their evidentiary certificate functions
. clarify that lawfully intercepted information can be used, communicated
and used in proceedings by the Australian Federal Police (AFP) in
applications for interim and final control orders and initial and final
preventative detention orders under Divisions 104 and 105 of the
Criminal Code Act 1995, and
. make consequential amendments to reflect amendments to the Police
Integrity Commission Act 1996 (NSW) in relation to the investigation of
the corrupt conduct of an administrative officer of the New South Wales
Police Force or the misconduct of an officer of the New South Wales
Crime Commission.
Part 1-Amendments
Telecommunications (Interception and Access) Act 1979
Item 1 - Subsection 5(1) (after subparagraphs (b)(i), (ii), (iia) and (iib)
of the definition of permitted purpose)
Item 1 inserts the word 'or' after each subparagraph in paragraph (b) of
permitted purpose in subsection 5(1).
This is a minor technical amendment to comply with current drafting
conventions.
Item 2 - Subsection 5(1) (at the end of paragraph (b) of the definition of
permitted purpose)
Item 2 amends the definition of permitted purpose in subsection 5(1) by
inserting new subparagraphs (b)(v) and (b)(vi).
New subparagraph (b)(v) clarifies that lawfully intercepted information can
be used or communicated in relation to control orders sought and issued
pursuant to Division 104 of the Criminal Code. Section 67 of the TIA Act
currently allows information which has been lawfully intercepted to be used
for a permitted purpose, which includes a purpose connected with an
investigation by the AFP of a prescribed offence. A prescribed offence is
defined in subsection 5(1) of the TIA Act and is generally any offence
which carries a maximum penalty of at least three years imprisonment.
This amendment clarifies the TIA Act to avoid doubt that the TIA Act
enables the AFP to use and communicate lawfully intercepted information in
relation to seeking the Attorney-General's approval to apply for an interim
control order and in applying to the court for an interim control order.
Lawfully intercepted information may also be used in proceedings relating
to interim control orders, including the declaration, revocation, variation
or confirmation of an interim control order by an issuing court.
New subparagraph (b)(vi) clarifies that lawfully intercepted information
can be used or communicated in relation to preventative detention orders
sought and issued pursuant to Division 105 of the Criminal Code.
This amendment clarifies that the AFP can use and communicate lawfully
intercepted information in relation to an application for an initial
preventative detention order or a continued preventative detention order.
Lawfully intercepted information may also be used in proceedings relating
to preventative detention orders, including the issue or extension of a
preventative detention order by an issuing authority.
Item 3 - Subsection 5(1) (subparagraph (e)(i) of the definition of
permitted purpose)
Item 3 amends the definition of permitted purpose in subsection 5(1) by
removing the phrase "of an officer of the New South Wales Police Service"
and substituting "(within the meaning of section 5 of that Act) of a police
officer (within the meaning of that Act)".
The changes reflect amendments made to the powers of the Police Integrity
Commission (PIC) through changes to the Police Integrity Commission Act
1996 (NSW)
(the PIC Act). The new provisions ensure that further changes to relevant
provisions of the New South Wales legislation will be recognised by the TIA
Act without the need for further amendments to the TIA Act.
Item 4 - Subsection 5(1) (after subparagraph (e)(i) of the definition of
permitted
purpose)
Item 4 amends the definition of permitted purpose in subsection 5(1) by
inserting new subparagraphs (e)(ia) and (e)(ib).
New subparagraph (e)(ia) extends the definition of permitted purpose to
include an investigation under the PIC Act in relation to the corrupt
conduct of an administrative officer of the New South Wales Police Force.
An administrative officer is defined in the PIC Act and includes any member
of the New South Wales Police Force who is not a police officer, for
example, a civilian or an unsworn employee.
New subparagraph (e)(ib) extends the definition of permitted purpose to
include an investigation under the PIC Act in relation to the misconduct of
a Crime Commission officer. A Crime Commission officer is defined in the
PIC Act and includes a member of staff of the NSW Crime Commission within
the meaning of the New South Wales Crime Commission Act 1985.
These amendments reflect the transfer of particular functions from the
Independent Commission Against Corruption (ICAC) to the PIC, which came
into effect on
1 July 2008, and will enable the PIC to use and communicate lawfully
intercepted information for the purpose of an investigation in relation to
any officer who falls within the PIC's jurisdiction.
These provisions apply to the use or disclosure of information on or after
commencement, regardless of whether the lawfully intercepted information
was obtained before or after commencement.
'Corruption' and 'misconduct' are defined in the PIC Act.
Item 5 - Subsection 5(1) (subparagraph (e)(ii) of the definition of
permitted
purpose)
Item 5 amends the definition of permitted purpose in subsection 5(1) by
removing the phrase "such an investigation" from subparagraph (e)(ii) and
substituting "an investigation covered by subparagraph (i), (ia) or (ib)".
Subparagraph (e)(ii) of the definition of permitted purpose currently
allows the PIC to include lawfully intercepted information in the reports
of investigations of police misconduct of an officer of the New South Wales
Police Force.
New subparagraph (e)(ii) of the definition of permitted purpose enables the
PIC to use and communicate lawfully intercepted information for the purpose
of producing a report on the expanded range of investigations to include
those covered in new subparagraphs (e)(ia) and (e)(ib).
Item 6 - Subsection 5(1) (subparagraphs (e)(iii) and (iv) of the definition
of permitted purpose)
Item 6 amends the definition of permitted purpose in subsection 5(1) by
removing the word "Service" from subparagraphs (e)(iii) and (e)(iv) and
substituting the word "Force".
This reflects the fact that the New South Wales Police Service is now known
as the New South Wales Police Force.
Item 7 - Subsection 5(1)
Item 7 amends subsection 5(1) by inserting the definition of preventative
detention order.
Preventative detention order has the same meaning as in Part 5.3 of the
Criminal Code, that is, an order under section 105.8 or 105.12 of the
Criminal Code, and is included in the expanded definition of permitted
purpose in the TIA Act in relation to the AFP.
Item 8 - After paragraph 5B(1)(ba)
Item 8 amends the definition of an exempt proceeding in subsection 5B(1) by
inserting new paragraphs (bb) and (bc).
New paragraph 5B(1)(bb) amends the definition of an exempt proceeding to
include a proceeding under, or a proceeding relating to a matter arising
under, Division 104 of the Criminal Code.
This amendment clarifies that a person may give lawfully intercepted
information in evidence in a proceeding relating to a control order
pursuant to Division 104 of the Criminal Code.
New paragraph 5B(1)(bc) extends the definition of an exempt proceeding to
include a proceeding under, or a proceeding relating to a matter arising
under, Division 105 of the Criminal Code, so far as the proceeding relates
to a preventative detention order.
This amendment clarifies that a person may give lawfully intercepted
information in evidence in a proceeding relating to a preventative
detention order pursuant to Division 105 of the Criminal Code.
Item 9 - Subsection 18(1)
Item 9 repeals subsection 18(1) and substitutes new subsection 18(1).
This enables the Managing Director or secretary of a carrier to issue a
written evidentiary certificate in relation to acts or things done to
enable the execution of an interception warrant issued to the Australian
Security and Intelligence Organisation (ASIO). Alternatively, the Managing
Director or the secretary may delegate their evidentiary certificate
functions by authorising, in writing, an employee of the carrier to issue
such a certificate.
An evidentiary certificate issued by the Managing Director, secretary or
authorised employee should be a written certificate, signed by him or her.
The certificate should set out such facts as he or she considers relevant
with respect to the acts or things done by, or in relation to, employees of
the carrier which enabled the execution of the warrant issued to ASIO.
The issuing of evidentiary certificates is an administrative function and
the Managing Director or secretary is unlikely to be involved with each
interception conducted by an agency. The delegation power will expand the
number of people who can issue evidentiary certificates on behalf of a
carrier. Enabling staff who are more accessible but of sufficient
seniority to issue the certificate gives the carrier flexibility, which
should ensure that evidentiary certificates can be issued promptly.
The delegation of this function is consistent with the current evidentiary
certificate regime applying to law enforcement interception warrants under
section 61 of the TIA Act.
Item 10 - Subsection 18(2)
Item 10 amends subsection 18(2) by inserting the phrase ", or an employee,"
after the word "secretary".
Subsection 18(2) provides that an evidentiary certificate issued by the
Managing Director or secretary of a carrier is to be received in an exempt
proceeding as conclusive evidence of the matters stated in the certificate.
Item 10 is a consequential amendment to incorporate the delegation
provision in new subsection 18(1) at Item 9.
Item 11 - Subsection 129(1)
Item 11 repeals subsection 129(1) and substitutes new subsection 129(1).
This enables the Managing Director or secretary of a carrier, or of a body
corporate of which the carrier is a subsidiary, to issue a written
evidentiary certificate in relation to acts or things done to enable the
execution of a stored communications warrant. Alternatively, the Managing
Director or the secretary may delegate their evidentiary certificate
functions by authorising, in writing, an employee of the carrier to issue
such a certificate.
An evidentiary certificate issued by the Managing Director, secretary or
authorised employee should be a written certificate, signed by him or her.
The certificate should set out such facts as he or she considers relevant
with respect to the acts or things done by, or in relation to, employees of
the carrier which enabled the execution of a stored communications warrant
issued to an enforcement agency.
The delegation power will expand the number of people who can issue
evidentiary certificates on behalf of a carrier. Enabling staff who are
more accessible than the Managing Director or the secretary of a carrier
but of sufficient seniority to issue the certificate gives the carrier
flexibility, which should ensure that evidentiary certificates can be
issued promptly.
The delegation of this function is consistent with the current evidentiary
certificate regime applying to interception warrants under section 61 of
the TIA Act.
Item 12 - Subsection 129(2)
Item 12 amends subsection 129(2) by removing the words "the Managing
Director or secretary of a carrier, or of a body corporate of which the
carrier is a subsidiary" and substituting "a person referred to in
paragraph (a), (b) or (c) of that subsection".
Subsection 129(2) provides that an evidentiary certificate issued by the
Managing Director or secretary of a carrier is to be received in an exempt
proceeding as conclusive evidence of the matters stated in the certificate.
Item 12 is a consequential amendment to incorporate the delegation
provision in subsection 129(1) at Item 11.
Item 13 - After section 185
Item 13 inserts new sections 185A, 185B and 185C, which extend the
evidentiary certificate regime to include access to telecommunications data
obtained under an authorisation.
Telecommunications data is information about a communication, but does not
include the content or substance of the communication. Telecommunications
data is available in relation to all forms of communications, including
both fixed and mobile telephony services, and for internet based
applications, including internet browsing and voice over internet protocol
(VoIP).
For telephone-based communications, telecommunications data includes
subscriber information, the telephone numbers of the parties involved, the
time of the call and its duration. In relation to internet based
applications, telecommunications data includes the Internet Protocol (IP)
address used for the session and the start and finish time of each session.
Currently, telecommunications data is able to be disclosed by a carrier or
carriage service provider to ASIO in connection with the performance of its
functions and to enforcement agencies for the investigation of the criminal
law, a law imposing a pecuniary penalty or the protection of the public
revenue.
New sections 185A, 185B and 185C apply to historical and prospective
telecommunications data disclosed in accordance with Divisions 3 and 4 of
Part 4-1 of the TIA Act.
New sections 185A, 185B and 185C are consistent with the existing
evidentiary certificate provisions for interception and stored
communications.
Section 185A
New section 185A enables the Managing Director or secretary of a carrier,
or of a body corporate of which the carrier is a subsidiary, to issue a
written evidentiary certificate which is conclusive evidence as to the acts
or things done by an employee of the carrier to enable the lawful
disclosure of telecommunications data to ASIO or an enforcement agency.
New section 185A also allows the Managing Director or the secretary of a
carrier, or of a body corporate of which the carrier is a subsidiary, to
delegate their evidentiary certificate functions by authorising, in
writing, an employee of the carrier to issue such a certificate.
For the purposes of this section, the question of whether a body corporate
is a subsidiary of another body corporate is to be determined in accordance
with the Corporations Act 2001.
An evidentiary certificate issued by the Managing Director, secretary or
authorised employee should be a written certificate, signed by him or her.
The certificate should set out such facts as he or she considers relevant
with respect to the acts or things done by, or in relation to, employees of
the carrier which enabled the disclosure of information or a document
covered by an authorisation in force under a provision of Division 3 or 4
of Part 4-1 of the TIA Act.
A certificate issued under subsection 185A(1) and signed by a person
referred to in paragraph (a), (b) or (c) of that subsection is to be
received in evidence in an exempt proceeding without further proof and is,
in an exempt proceeding, conclusive evidence of the matters stated in the
document.
The conclusive nature of the evidentiary certificate regime under the TIA
Act was upheld in Cheiko v Regina [2008] NSWCCA 191. Whealy J in an
initial application to the Supreme Court noted that Parliament had balanced
competing public interests and acknowledged that the purpose of the
provisions was to protect the identity of a carrier's employees engaged in
the execution of warrants by police and agencies and only go to formal
matters of technical evidence. Evidentiary certificates only enable a
carrier to provide evidence about what actions employees undertook to
enable the execution of a warrant and do not prove any facts in issue
before the court.
The certificates do not prevent an accused from challenging the validity of
an authorisation or the information being used against them. For example,
an accused continues to be able to lead evidence that there were other
relevant calls that may tend to exonerate them. Accordingly, there is no
disadvantage to an accused as they are able to challenge evidence being
used against them.
The conclusive certificates also assist in the protection of capabilities
and methodologies from being released on the public record and allow for
the submission of routine evidence in a consistent manner. Spigelman CJ,
Barr and Fullerton JJ in the NSW Criminal Court of Appeal unanimously
upheld the constitutional validity of the certificate in
Cheiko v Regina [2008] NSWCCA 191.
Section 185B
New section 185B enables the Director-General of Security or the Deputy
Director-General of Security to issue an evidentiary certificate which is
prima facie evidence as to anything done by an officer or employee of ASIO
in connection with information or a document covered by an authorisation
for telecommunications data under Division 3 of Part 4-1 of the TIA Act.
An evidentiary certificate issued by the Director-General or the Deputy
Director-General of Security should be a written certificate, signed by him
or her.
The certificate should set out such facts as he or she considers relevant
with respect to anything done by an officer or employee of ASIO in relation
to the disclosure, communication, use, recording, custody of records or
giving in evidence of information or a document covered by an authorisation
in force under a provision of Division 3 of Part 4-1 of the TIA Act.
A certificate issued under subsection (1) by the Director-General of
Security or the Deputy Director-General of Security and to be signed by him
or her is to be received in evidence in an exempt proceeding without
further proof and is, in an exempt proceeding, prima facie evidence of the
matters stated in the document.
Certificates issued by an ASIO are considered to be prima facie evidence as
they relate to a wider range of matters than a carrier's evidentiary
certificate, including the recording, copying and use of the information
and its content being used in evidence.
Section 185C
New section 185C enables an enforcement agency to issue a prima facie
evidentiary certificate regarding the execution of an authorisation for
telecommunications data under Division 4 of Part 4-1 of the TIA Act.
A certifying officer of an enforcement agency may issue a written
certificate signed by him or her setting out such facts as he or she
considers relevant with respect to anything done by an officer or staff
member of the agency in connection with the information or a document
covered by an authorisation in force under a provision of Division 4 of
Part 4-1, including disclosure, communication, use, making a record or the
custody of a record, or the giving in evidence of such information.
A document purporting to be a certificate issued under subsection (1) by a
certifying officer of an enforcement agency and purporting to be signed by
him or her is to be received in evidence in an exempt proceeding without
further proof and is, in an exempt proceeding, prima facie evidence of the
matters stated in the document.
Certificates issued by an enforcement agency are considered to be prima
facie evidence as they relate to a wider range of matters than a carrier's
evidentiary certificate, including the recording, copying and use of the
information and its content being used in evidence.
Part 2-Validation, application and transitional provisions
Item 14 - Validation of the dealing with information by the Australian
Federal Police
Item 14 applies to new subparagraphs (b)(v) and (b)(vi) under permitted
purpose in subsection 5(1).
Item 14 ensures that an officer or staff member of the AFP who, prior to
those subparagraphs coming into force, communicated, made use of, or made a
record of lawfully intercepted information or interception warrant
information of the kind which is now a permitted purpose under new
subparagraphs (b)(v) and (b)(vi), will not have contravened section 63 of
the TIA Act.
The amendments to permitted purpose in relation to the use or disclosure of
information related to Divisions 104 and 105 of the Criminal Code are
designed to clarify the operation of the existing legislation, rather than
expanding police powers.
Therefore, the validation provision is to ensure that any AFP officers who
have in good faith used or communicated lawfully intercepted information
for a purpose connected with Divisions 104 or 105 of the Criminal Code are
not liable for any breach of the TIA Act caused by that use or
communication.
Item 15 - Application - investigations
Item 15 applies to new subparagraphs (e)(ia) and (e)(ib) under permitted
purpose in subsection 5(1).
Item 15 clarifies that an investigation under the PIC Act, which commences
after new subparagraphs (e)(ia) and (e)(ib) come into force, may be an
investigation into complaints or actions that occurred prior to, on, or
after the commencement of these subsections.
The provisions do not retrospectively criminalise any action. They allow
the PIC access to the same techniques to investigate complaints or actions,
regardless of when the behaviour in question occurred.
Item 16 - Transitional - previously issued evidentiary certificates
Item 16 applies to subsections 18(1) and 129(1).
Item 16 clarifies that an evidentiary certificate issued under subsection
18(1) prior to commencement of new subsection 18(1) or issued under
subsection 129(1) prior to commencement of new subsection 129(1), which was
in force immediately before the commencement of the new provisions, has
effect as if it had been issued under the relevant new provision.
Item 17 - Application - issue of evidentiary certificates
Item 17 applies to sections 18, 129, 185A, 185B and 185C.
Item 17 clarifies that sections 18 and 129 apply in relation to acts or
things done before, on, or after the commencement of this item and that new
sections 185A, 185B or 185C apply in relation to an authorisation made
under Part 4-1 of the TIA Act, whether the authorisation was made before,
on or after the commencement of this item.