01 April 2015

Robotics

In 'The Path of Robotics Law' by Jack M. Balkin in California Law Review (forthcoming) the author states 
This essay, written as a response to Ryan Calo's valuable discussion in "Robotics and the Lessons of Cyberlaw," describes key problems that robotics and artificial intelligence (AI) agents present for law.
The first problem is how to distribute rights and responsibilities among human beings when non-human agents create benefits like artistic works or cause harms like physical injuries. The difficulty is caused by the fact that the behavior of robotic and AI systems is "emergent;" their actions may not be predictable in advance or constrained by human expectations about proper behavior. Moreover, the programming and algorithms used by robots and AI entities may be the work of many hands, and may employ generative technologies that allow innovation at multiple layers. These features of robotics and AI enhance unpredictability and diffusion of causal responsibility for what robots and AI agents do.
Lawrence Lessig's famous dictum that "Code is Law" argued that combinations of computer hardware and software, like other modalities of regulation, could constrain and direct human behavior. Robotics and AI present the converse problem. Instead of code as a law that regulates humans, robotics and AI feature emergent behavior that escapes human planning and expectations. Code is lawless.
The second problem raised by robotics and AI is the "substitution effect." People will substitute robots and AI agents for living things — and especially for humans. But they will do so only in certain ways and only for certain purposes. In other words, people tend to treat robots and AI agents as special-purpose animals or special-purpose human beings. This substitution is likely to be incomplete, contextual, unstable, and often opportunistic. People may treat the robot as a person (or animal) for some purposes and as an object for others. The problem of substitution touches many different areas of law, and it promises to confound us for a very long time.
Finally, the essay responds to Calo's argument about the lessons of cyberlaw for robotics. Calo argues that lawyers should identify the "essential characteristics" of robotics and then ask how the law should respond to the problems posed by those essential characteristics. I see the lessons of cyberlaw quite differently. We should not think of essential characteristics of technology independent of how people use technology in their lives and in their social relations with others. Because the use of technology in social life evolves, and because people continually find new ways to employ technology for good or for ill, it may be unhelpful to freeze certain features of use at a particular moment and label them "essential characteristics." Innovation in technology is not just innovation of tools and techniques; it may also involve innovation of economic, social and legal relations. As we innovate socially and economically, what appears most salient and important about our technologies may also change.

Regulators

'The Rise of Transnational Private Meta-Regulators' (Osgoode Legal Studies Research Paper No. 71, 2014) by Paul Verbruggen and Tetty Havinga comments
In recent years scholars from various disciplines have turned their attention to transnational regimes of regulation that are chiefly developed outside state-driven frameworks. The rise of such “transnational private regulation” has also led to the emergence of private meta-regulation. The term ‘meta regulation’ commonly refers to processes through which a regulatory body oversees another and sets standards for its activities or performance of regulation. In the public domain, meta-regulation has been associated with the devolution of regulatory activities by a statutory body to private actors with the view to enhance voluntary rule compliance, awareness of responsibilities among the regulated and reduce public enforcement costs. However, in the transnational private domain the rationale for meta-regulation appears to be a different one. We contend that meta-regulation in this domain is less concerned with the goal of enhancing rule compliance and efficiency in enforcement, but instead is more prominently concerned with the bolstering of the integrity, legitimacy and accountability of private regulatory regimes and the coordination between such regimes.
To furnish this argument the paper develops a comparative analysis of two sectoral private meta-regulators involved in transnational private regulation: the Global Food Safety Initiative in the food industry and the European Advertising Standards Alliance in the advertising industry. These two organisations have developed guidelines, benchmarks and performance indicators for other private bodies involved in transnational regulatory activities. The comparative analysis is focused around four principled and interlinked questions:
(i) What has driven the emergence of meta-regulation in the private regulatory domain?;
(ii) What are the forms and functions of private meta-regulation?;
(iii) What is its relationship with public regulation and regulators?; and
(iv) How and to what extent does private meta-regulation contribute to the legitimization of transnational private regulation?

31 March 2015

Competition Policy Review final report

The final report of the Competition Policy Review (Harper Review) states
The Review’s Terms of Reference require an assessment of Australia’s competition policy, laws and institutions to determine whether they remain fit for purpose, especially in light of the opportunities and challenges facing Australia into the foreseeable future. In this Part, we summarise the findings of this assessment and set out recommendations to address deficiencies the Panel has identified.
Chapter 2 presents the Panel’s recommendations for priority areas of reform in competition policy. These are informed by a set of competition principles attuned to the challenges and opportunities likely to face the Australian economy in coming decades. A key lesson from the National Competition Policy (NCP) experience is the importance of an agreed framework, which can then be applied by governments in their own jurisdictions and adapted to local conditions as necessary. A further lesson from NCP is that all reform initiatives cannot be progressed simultaneously. The Panel recognises the importance of assigning priorities to reform initiatives so that those with the greatest potential benefit to Australians are progressed first. Moreover, priorities will change as technology changes — for instance, the development of the National Broadband Network (NBN) and mobile telephony infrastructure have meant that access to the ‘unbundled local loop’ (i.e., the copper network) is a less significant issue than it was in 1995. Competition policy reforms most likely to generate large net benefits are those that: benefit a sizeable part of the economy or have deep links to other sectors; remove a significant barrier to competition; or subject activities with significant government involvement to greater contestability and consumer choice.
Chapter 3 outlines the Panel’s recommendations for changes to the Competition and Consumer Act 2010 (CCA). The Panel has viewed reform of the CCA through the lens of fitness for purpose. In some areas, we recommend substantive changes to the way the law is drafted. In other areas, our recommended changes go to clarifying and simplifying the law. On some issues, the Panel finds the law itself fit for purpose but shares concerns expressed by stakeholders, especially small business, about access to remedies under the law.
Chapter 4 outlines the Panel’s recommendations on the institutional structures most likely to sustain enduring reform. Like the Hilmer Review, we recognise that policy reform will only gain and sustain momentum if it is supported by all jurisdictions. Australia has been well served by its competition policy institutions, yet this is not sufficient reason to retain the framework in its current form. The flagging momentum of competition reform points to the need for reinvigoration through strong institutional frameworks. The Panel has identified a clear gap in the competition framework: an institution is needed to advocate for competition reform and to oversee the implementation of reforms instituted by governments in the wake of this Review.
Chapter 5 outlines the Panel’s recommendations relating to concerns that small business has raised with us. Access to remedies has been a roadblock for many small businesses, and the Panel finds that access should be improved. We recommend that the collective bargaining framework should be enhanced and made more flexible. We also make recommendations on competitive neutrality and regulations that can restrict the way small businesses operate.
Chapter 6 highlights recommendations made in other parts of this Report addressing issues raised with the Panel that relate to retail markets, particularly supermarkets.
Chapter 7 presents the Panel’s views on the best method to implement a national competition reform agenda. We also recommend economic modelling of the package of recommendations in this Review, which will inform governments’ discussions of policy proposals they will pursue.
It goes on to comment
As originally crafted, the National Competition Policy (NCP) reflected the challenges Australia faced more than 20 years ago. The focus of the NCP reforms was on exposing some previously sheltered activities to competition and applying a more national approach to competition issues.
The six elements of competition policy identified in the Hilmer Review were: • limiting anti competitive conduct of firms; • reforming regulation which unjustifiably restricts competition; • reforming the structure of public monopolies to facilitate competition; • providing third party access to certain facilities that are essential for competition; • restraining monopoly pricing behaviour; and • fostering ‘competitive neutrality’ between government and private businesses when they compete. The Panel endorses competition policy that focuses on making markets work in the long term interests of consumers. Legislative frameworks should continue to limit anti competitive conduct of firms. However, through its commercial arrangements entered into with market participants, the Crown (whether in right of the Commonwealth, state, territory or local governments) also has the potential to harm competition.
The Panel therefore concludes that the anti competitive conduct provisions of the Competition and Consumer Act 2010 (CCA) should cover government activities that have a trading or commercial character.
Moreover, the Crown’s capacity to enhance or harm competition reaches beyond the scope of the CCA and includes a range of policies and regulations. In particular, procurement, which ranges from buying goods and services through to public private partnerships (PPPs) and privatisations, should be designed with competition policy in mind.
The Panel believes that the focus of competition policy should be widened beyond infrastructure public monopolies and government businesses, to encompass the provision of government services more generally.
By promoting user choice and encouraging a diversity of providers, competition policy plays an important role in improving performance in sectors such as human services. Choice and diversity have the potential to improve outcomes for users, especially but not only by stimulating innovation. Independent regulation can encourage market entry since it provides a level of certainty about the regulatory environment. Similarly, separating the interests of providers from those of funders and regulators encourages accountability, innovation and a level playing field between public and other providers.
The Panel believes that declaration and third party access to infrastructure should only be mandated when it is in the public interest. The onus of proof should lie with those seeking access to demonstrate that it would promote the public interest rather than on infrastructure owners to demonstrate that access would be contrary to the public interest.
Acknowledging the diverse circumstances of each jurisdiction, the Panel supports the flexibility built into the NCP for the Australian Government and state and territory governments to decide how best to implement competition principles in their jurisdictions. Competition policy should continue to apply explicitly to local government.
Agreeing a set of principles would guide the Australian Government, state, territory and local governments in implementing those aspects of competition policy for which they are responsible. The principles in Recommendation 1 broaden the NCP agenda to include all government services in trade or commerce and promote the role of choice.
In applying these principles the Panel endorses a ‘public interest’ test as a central tenet of competition policy. The Panel recommends continuing with the NCP public interest test, namely that legislation or government policy should not restrict competition unless: • the benefits of the restriction to the community as a whole outweigh the costs; and • the objectives of the legislation or government policy can only be achieved by restricting competition.
The report makes the following recommendations -
R1 — Competition principles
The Australian Government, state and territory and local governments should commit to the following principles: • Competition policies, laws and institutions should promote the long term interests of consumers. • Legislative frameworks and government policies and regulations binding the public or private sectors should not restrict competition. • Governments should promote consumer choice when funding, procuring or providing goods and services and enable informed choices by consumers. • The model for government provision or procurement of goods and services should separate the interests of policy (including funding), regulation and service provision, and should encourage a diversity of providers. • Governments should separate remaining public monopolies from competitive service elements, and also separate contestable elements into smaller independent business activities. • Government business activities that compete with private provision, whether for profit or not for profit, should comply with competitive neutrality principles to ensure they do not enjoy a net competitive advantage simply as a result of government ownership. • A right to third party access to significant bottleneck infrastructure should be granted where it would promote a material increase in competition in dependent markets and would promote the public interest. • Independent authorities should set, administer or oversee prices for natural monopoly infrastructure providers. Applying these principles should be subject to a public interest test, such that legislation or government policy should not restrict competition unless: • the benefits of the restriction to the community as a whole outweigh the costs; and • the objectives of the legislation or government policy can only be achieved by restricting competition.
R2 — Human services
Each Australian government should adopt choice and competition principles in the domain of human services. Guiding principles should include: • User choice should be placed at the heart of service delivery. • Governments should retain a stewardship function, separating the interests of policy (including funding), regulation and service delivery. • Governments commissioning human services should do so carefully, with a clear focus on outcomes. • A diversity of providers should be encouraged, while taking care not to crowd out community and volunteer services. • Innovation in service provision should be stimulated, while ensuring minimum standards of quality and access in human services.
R3 — Road transport
Governments should introduce cost reflective road pricing with the aid of new technologies, with pricing subject to independent oversight and revenues used for road construction, maintenance and safety. To avoid imposing higher overall charges on road users, governments should take a cross jurisdictional approach to road pricing. Indirect charges and taxes on road users should be reduced as direct pricing is introduced. Revenue implications for different levels of government should be managed by adjusting Australian Government grants to the States and Territories.
R4 — Liner shipping
Part X of the CCA should be repealed. A block exemption granted by the ACCC should be available for liner shipping agreements that meet a minimum standard of pro competitive features (see Recommendation 39). The minimum standard of pro competitive features to qualify for the block exemption should be determined by the ACCC in consultation with shippers, their representative bodies and the liner shipping industry. Other agreements that risk contravening the competition provisions of the CCA should be subject to individual authorisation, as needed, by the ACCC. Repeal of Part X will mean that existing agreements are no longer exempt from the competition provisions of the CCA. Transitional arrangements are therefore warranted. A transitional period of two years should allow for the necessary authorisations to be sought and to identify agreements that qualify for the proposed block exemption.
R5 — Cabotage — coastal shipping and aviation
Noting the current Australian Government Review of Coastal Trading, cabotage restrictions on coastal shipping should be removed, unless it can be demonstrated that the benefits of the restrictions to the community as a whole outweigh the costs, and the objectives of the government policy can only be achieved by restricting competition. The current air cabotage restrictions should be removed for all air cargo as well as passenger services to specific geographic areas, such as island territories and on poorly served routes, unless it can be demonstrated that the benefits of the restrictions to the community as a whole outweigh the costs, and the objectives of the restrictions can only be achieved by restricting competition. Introducing an air cabotage permit system would be one way of regulating air cabotage services more effectively where necessary.
R6 — Intellectual property review
The Australian Government should task the Productivity Commission to undertake an overarching review of intellectual property. The Review should be a 12 month inquiry. The review should focus on: competition policy issues in intellectual property arising from new developments in technology and markets; and the principles underpinning the inclusion of intellectual property provisions in international trade agreements. A separate independent review should assess the Australian Government processes for establishing negotiating mandates to incorporate intellectual property provisions in international trade agreements. Trade negotiations should be informed by an independent and transparent analysis of the costs and benefits to Australia of any proposed intellectual property provisions. Such an analysis should be undertaken and published before negotiations are concluded.
R7 — Intellectual property exception
Subsection 51(3) of the CCA should be repealed.
R8 — Regulation review
All Australian governments should review regulations, including local government regulations, in their jurisdictions to ensure that unnecessary restrictions on competition are removed. Legislation (including Acts, ordinances and regulations) should be subject to a public interest test and should not restrict competition unless it can be demonstrated that: • the benefits of the restriction to the community as a whole outweigh the costs; and • the objectives of the legislation can only be achieved by restricting competition. Factors to consider in assessing the public interest should be determined on a case by case basis and not narrowed to a specific set of indicators. Jurisdictional exemptions for conduct that would normally contravene the competition law (by virtue of subsection 51(1) of the CCA) should also be examined as part of this review, to ensure they remain necessary and appropriate in their scope. Any further exemptions should be drafted as narrowly as possible to give effect to their policy intent. The review process should be transparent, with highest priority areas for review identified in each jurisdiction, and results published along with timetables for reform. The review process should be overseen by the proposed Australian Council for Competition Policy (see R43) with a focus on the outcomes achieved rather than processes undertaken. The Australian Council for Competition Policy should publish an annual report for public scrutiny on the progress of reviews of regulatory restrictions.
R9 — Planning and zoning
Further to R8, state and territory governments should subject restrictions on competition in planning and zoning rules to the public interest test, such that the rules should not restrict competition unless it can be demonstrated that the benefits of the restriction to the community as a whole outweigh the costs, and the objectives of the rules can only be achieved by restricting competition. The following competition policy considerations should be taken into account: • Arrangements that explicitly or implicitly favour particular operators are anti competitive. • Competition between individual businesses is not in itself a relevant planning consideration. • Restrictions on the number of a particular type of retail store contained in any local area is not a relevant planning consideration. • The impact on the viability of existing businesses is not a relevant planning consideration. • Proximity restrictions on particular types of retail stores are not a relevant planning consideration. • Business zones should be as broad as possible. • Development permit processes should be simplified. • Planning systems should be consistent and transparent to avoid creating incentives for gaming appeals. An independent body, such as the Australian Council for Competition Policy (see R43) should be tasked with reporting on the progress of state and territory governments in assessing planning and zoning rules against the public interest test.
R10 — Priorities for regulation review
Further to R8, and in addition to reviewing planning and zoning rules (R9), the following should be priority areas for review: • Taxis and ride sharing: in particular, regulations that restrict numbers of taxi licences and competition in the taxi industry, including from ride sharing and other passenger transport services that compete with taxis. • Mandatory product standards: i.e., standards that are directly or indirectly mandated by law, including where international standards can be adopted in Australia.
R11 — Standards review
Given the unique position of Australian Standards under paragraph 51(2)(c) of the CCA, Australian Standards that are not mandated by government should be subject to periodic review against the public interest test (see R8) by Standards Australia.
R12 — Retail trading hours
Remaining restrictions on retail trading hours should be removed. To the extent that jurisdictions choose to retain restrictions, these should be strictly limited to Christmas Day, Good Friday and the morning of ANZAC Day, and should be applied broadly to avoid discriminating among different types of retailers. Deregulating trading hours should not prevent jurisdictions from imposing specific restrictions on trading times for alcohol retailing or gambling services in order to achieve the policy objective of harm minimisation.
R13 — Parallel imports
Restrictions on parallel imports should be removed unless it can be shown that: • the benefits of the restrictions to the community as a whole outweigh the costs ; and • the objectives of the restrictions can only be achieved by restricting competition. Consistent with the recommendations of recent Productivity Commission reviews, parallel import restrictions on books and second hand cars should be removed, subject to transitional arrangements as recommended by the Productivity Commission. Remaining provisions of the Copyright Act 1968 that restrict parallel imports, and the parallel importation defence under the Trade Marks Act 1995, should be reviewed by an independent body, such as the Productivity Commission.
R14 — Pharmacy
The Panel considers that current restrictions on ownership and location of pharmacies are not needed to ensure the quality of advice and care provided to patients. Such restrictions limit the ability of consumers to choose where to obtain pharmacy products and services, and the ability of providers to meet consumers’ preferences. The Panel considers that the pharmacy ownership and location rules should be removed in the long term interests of consumers. They should be replaced with regulations to ensure access to medicines and quality of advice regarding their use that do not unduly restrict competition. Negotiations on the next Community Pharmacy Agreement offer an opportunity for the Australian Government to implement a further targeted relaxation of the location rules, as part of a transition towards their eventual removal. If changes during the initial years of the new agreement prove too precipitate, there should be provision for a mid term review to incorporate easing of the location rules later in the life of the next Community Pharmacy Agreement. A range of alternative mechanisms exist to secure access to medicines for all Australians that are less restrictive of competition among pharmacy service services providers. In particular, tendering for the provision of pharmacy services in underserved locations and/or funding through a community service obligation should be considered. The rules targeted at pharmacies in urban areas should continue to be eased at the same time that alternative mechanisms are established to address specific issues concerning access to pharmacies in rural locations.
R15 — Competitive neutrality policy
All Australian governments should review their competitive neutrality policies. Specific matters to be considered should include: guidelines on the application of competitive neutrality policy during the start up stages of government businesses; the period of time over which start up government businesses should earn a commercial rate of return; and threshold tests for identifying significant business activities. The review of competitive neutrality policies should be overseen by an independent body, such as the proposed Australian Council for Competition Policy (see R43).
R16 — Competitive neutrality complaints
All Australian governments should increase the transparency and effectiveness of their competitive neutrality complaints processes. This should include at a minimum: • assigning responsibility for investigation of complaints to a body independent of government; • a requirement for government to respond publicly to the findings of complaint investigations; and • annual reporting by the independent complaints bodies to the proposed Australian Council for Competition Policy (see R43) on the number of complaints received and investigations undertaken.
R17 — Competitive neutrality reporting
To strengthen accountability and transparency, all Australian governments should require government businesses to include a statement on compliance with competitive neutrality principles in their annual reports. The proposed Australian Council for Competition Policy (see R43) should report on the experiences and lessons learned from the different jurisdictions when applying competitive neutrality policy to human services markets.
R18 — Government procurement and other commercial arrangements
All Australian governments should review their policies governing commercial arrangements with the private sector and non government organisations, including procurement policies, commissioning, public private partnerships and privatisation guidelines and processes. Procurement and privatisation policies and practices should not restrict competition unless: • the benefits of the restrictions to the community as a whole outweigh the costs; and • the objectives of the policy can only be achieved by restricting competition. An independent body, such as the Australian Council for Competition Policy (see R43), should be tasked with reporting on progress in reviewing government commercial policies and ensuring privatisation and other commercial processes incorporate competition principles.
R19 — Electricity and gas
State and territory governments should finalise the energy reform agenda, including through: • application of the National Energy Retail Law with minimal derogation by all National Electricity Market jurisdictions; • deregulation of both electricity and gas retail prices; and • the transfer of responsibility for reliability standards to a national framework administered by the proposed Access and Pricing Regulator (see R50) and the Australian Energy Market Commission (AEMC). The Panel supports moves to include Western Australia and the Northern Territory in the National Electricity Market, noting that this does not require physical connection. The Australian Government should undertake a detailed review of competition in the gas sector.
R20 — Water
All governments should progress implementation of the principles of the National Water Initiative, with a view to national consistency. Governments should focus on strengthening economic regulation in urban water and creating incentives for increased private participation in the sector through improved pricing practices. State and territory regulators should collectively develop best practice pricing guidelines for urban water, with the capacity to reflect necessary jurisdictional differences. To ensure consistency, the Australian Council for Competition Policy (see R43) should oversee this work. State and territory governments should develop clear timelines for fully implementing the National Water Initiative, once pricing guidelines are developed. The Australian Council for Competition Policy should assist States and Territories to do so. Where water regulation is made national, the responsible body should be the proposed national Access and Pricing Regulator (see R50) or a suitably accredited state body.
R21 — Informed choice
Governments should work with industry, consumer groups and privacy experts to allow consumers to access information in an efficient format to improve informed consumer choice. The proposed Australian Council for Competition Policy (see R43) should establish a working group to develop a partnership agreement that both allows people to access and use their own data for their own purposes and enables new markets for personal information services. This partnership should draw on the lessons learned from similar initiatives in the US and UK. Further, governments, both in their own dealings with consumers and in any regulation of the information that businesses must provide to consumers, should draw on lessons from behavioural economics to present information and choices in ways that allow consumers to access, assess and act on them.
R22 — Competition law concepts
The central concepts, prohibitions and structure enshrined in the current competition law should be retained, since they are appropriate to serve the current and projected needs of the Australian economy.
R23 — Competition law simplification
The competition law provisions of the CCA should be simplified, including by removing overly specified provisions and redundant provisions. The process of simplifying the CCA should involve public consultation. Provisions that should be removed include:  subsection 45(1) concerning contracts made before 1977; and ss 45B and 45C concerning covenants.
R24 — Application of the law to government activities
Ss 2A, 2B and 2BA of the CCA should be amended so that the competition law provisions apply to the Crown in right of the Commonwealth and the States and Territories (including local government) insofar as they undertake activity in trade or commerce.
R25 — Definition of market and competition
The current definition of ‘market’ in section 4E of the CCA should be retained but the current definition of ‘competition’ in section 4 should be amended to ensure that competition in Australian markets includes competition from goods imported or capable of being imported, or from services rendered or capable of being rendered, by persons not resident or not carrying on business in Australia.
R26 — Extra territorial reach of the law
S 5 of the CCA, which applies the competition law to certain conduct engaged in outside Australia, should be amended to remove the requirement that the contravening firm has a connection with Australia in the nature of residence, incorporation or business presence and to remove the requirement for private parties to seek ministerial consent before relying on extra territorial conduct in private competition law actions. Instead, the competition law should apply to overseas conduct insofar as the conduct relates to trade or commerce within Australia or between Australia and places outside Australia. The in principle view of the Panel is that the foregoing changes should also be made in respect of actions brought under the Australian Consumer Law.
R27 — Cartel conduct prohibition
The prohibitions against cartel conduct in Part IV, Division 1 of the CCA should be simplified and the following specific changes made: • The provisions should apply to cartel conduct involving persons who compete to supply goods or services to, or acquire goods or services from, persons resident in or carrying on business within Australia. • The provisions should be confined to conduct involving firms that are actual or likely competitors, where ‘likely’ means on the balance of probabilities. • A broad exemption should be included for joint ventures, whether for the production, supply, acquisition or marketing of goods or services, recognising that such conduct will be prohibited by section 45 of the CCA if it has the purpose, effect or likely effect of substantially lessening competition. • An exemption should be included for trading restrictions that are imposed by one firm on another in connection with the supply or acquisition of goods or services (including intellectual property licensing), recognising that such conduct will be prohibited by section 45 of the CCA (or section 47 if retained) if it has the purpose, effect or likely effect of substantially lessening competition.
R28 — Exclusionary provisions
The CCA should be amended to remove the prohibition of exclusionary provisions in subparagraphs 45(2)(a)(i) and 45(2)(b)(i), with an amendment to the definition of cartel conduct to address any resulting gap in the law.
R29 — Price signalling
The ‘price signalling’ provisions of Part IV, Division 1A of the CCA are not fit for purpose in their current form and should be repealed. Section 45 should be extended to prohibit a person engaging in a concerted practice with one or more other persons that has the purpose, effect or likely effect of substantially lessening competition.
R30 — Misuse of market power
The primary prohibition in section 46 of the CCA should be re framed to prohibit a corporation that has a substantial degree of power in a market from engaging in conduct if the proposed conduct has the purpose, or would have or be likely to have the effect, of substantially lessening competition in that or any other market. To mitigate concerns about inadvertently capturing pro competitive conduct, the legislation should direct the court, when determining whether conduct has the purpose, effect or likely effect, of substantially lessening competition in a market, to have regard to: • the extent to which the conduct has the purpose, effect or likely effect of increasing competition in the market, including by enhancing efficiency, innovation, product quality or price competitiveness; and • the extent to which the conduct has the purpose, effect or likely effect of lessening competition in the market, including by preventing, restricting or deterring the potential for competitive conduct in the market or new entry into the market. Such a re framing would allow the provision to be simplified. Amendments introduced since 2007 would be unnecessary and could be repealed. These include specific provisions prohibiting predatory pricing, and amendments clarifying the meaning of ‘take advantage’ and how the causal link between the substantial degree of market power and anti competitive purpose may be determined. Authorisation should be available in relation to s 46, and the ACCC should issue guidelines regarding its approach to the provision.
R31 — Price discrimination
A specific prohibition on price discrimination should not be reintroduced into the CCA. Where price discrimination has an anti competitive impact on markets, it can be dealt with by the existing provisions of the law (including through the Panel’s recommended revisions to s 46 (see R30)). Attempts to prohibit international price discrimination should not be introduced into the CCA on account of significant implementation and enforcement complexities and the risk of negative unintended consequences. Instead, the Panel supports moves to address international price discrimination through market solutions that empower consumers. These include removing restrictions on parallel imports (see R13) and ensuring that consumers are able to take lawful steps to circumvent attempts to prevent their access to cheaper legitimate goods.
R32— Third line forcing test
Third line forcing (subsections 47(6) and (7) of the CCA) should only be prohibited where it has the purpose, effect or likely effect of substantially lessening competition.
R33 — Exclusive dealing coverage
S 47 of the CCA should be repealed and vertical restrictions (including third line forcing) and associated refusals to supply addressed by sections 45 and 46 (as amended in accordance with R30).
R34 — Resale price maintenance
The prohibition on resale price maintenance (RPM) in s 48 of the CCA should be retained in its current form as a per se prohibition, but notification should be available for RPM conduct.  The prohibition should also be amended to include an exemption for RPM conduct between related bodies corporate, as is the case under ss 45 and 47.
R35 — Mergers
There should be further consultation between the ACCC and business representatives with the objective of delivering more timely decisions in the informal merger review process. The formal merger exemption processes (i.e., the formal merger clearance process and the merger authorisation process) should be combined and reformed to remove unnecessary restrictions and requirements that may have deterred their use. The specific features of the review process should be settled in consultation with business, competition law practitioners and the ACCC. However, the general framework should contain the following elements: • The ACCC should be the decision maker at first instance. • The ACCC should be empowered to authorise a merger if it is satisfied that the merger does not substantially lessen competition or that the merger would result, or would be likely to result, in a benefit to the public that would outweigh any detriment. • The formal process should not be subject to any prescriptive information requirements, but the ACCC should be empowered to require the production of business and market information. • The formal process should be subject to strict timelines that cannot be extended except with the consent of the merger parties. • Decisions of the ACCC should be subject to review by the Australian Competition Tribunal under a process that is also governed by strict timelines. • The review by the Australian Competition Tribunal should be based upon the material that was before the ACCC, but the Tribunal should have the discretion to allow a party to adduce further evidence, or to call and question a witness, if the Tribunal is satisfied that there is sufficient reason. Merger review processes and analysis would also be improved by implementing a program of post merger evaluations, looking back on a number of past merger decisions to determine whether the ACCC’s processes were effective and its assessments borne out by events. This function could be performed by the Australian Council for Competition Policy (see R44).
R36 — Secondary boycotts
The prohibitions on secondary boycotts in ss 45D - 45DE of the CCA should be maintained and effectively enforced. The ACCC should pursue secondary boycott cases with increased vigour, comparable to that which it applies in pursuing other contraventions of the competition law. It should also publish in its annual report the number of complaints made to it in respect of different parts of the CCA, including secondary boycott conduct and the number of such matters investigated and resolved each year. The maximum penalty level for secondary boycotts should be the same as that applying to other breaches of the competition law.
R37 — Trading restrictions in industrial agreements
Ss 45E and 45EA of the CCA should be amended so that they apply to awards and industrial agreements, except to the extent they relate to the remuneration, conditions of employment, hours of work or working conditions of employees. Further, the present limitation in ss 45E and 45EA, such that the prohibitions only apply to restrictions affecting persons with whom an employer ‘has been accustomed, or is under an obligation,’ to deal, should be removed.  The ACCC should be given the right to intervene in proceedings before the Fair Work Commission and make submissions concerning compliance with ss 45E and 45EA. A protocol should be established between the ACCC and the Fair Work Commission. The maximum penalty for breaches of ss 45E and 45EA should be the same as that applying to other breaches of the competition law.
R38 — Authorisation and notification
The authorisation and notification provisions in Part VII of the CCA should be simplified to: • ensure that only a single authorisation application is required for a single business transaction or arrangement; and • empower the ACCC to grant an exemption from ss 45, 46 (as proposed to be amended), 47 (if retained) and 50 if it is satisfied that the conduct would not be likely to substantially lessen competition or that the conduct would result, or would be likely to result, in a benefit to the public that would outweigh any detriment.
R39 — Block exemption power
A block exemption power, exercisable by the ACCC, should be introduced and operate alongside the authorisation and notification frameworks in Part VII of the CCA. This power would enable the ACCC to create safe harbours, where conduct or categories of conduct are unlikely to raise competition concerns, on the same basis as the test proposed by the Panel for authorisations and notifications (see R38). The ACCC should also maintain a public register of all block exemptions, including those no longer in force. The decision to issue a block exemption would be reviewable by the Australian Competition Tribunal.
R40 — Section 155 notices
The s 155 power should be extended to cover the investigation of alleged contraventions of court enforceable undertakings. The ACCC should review its guidelines on section 155 notices having regard to the increasing burden imposed by notices in the digital age. S 155 should be amended so that it is a defence to a ‘refusal or failure to comply with a notice’ under paragraph 155(5)(a) of the CCA that a recipient of a notice under paragraph 155(1)(b) can demonstrate that a reasonable search was undertaken in order to comply with the notice. The fine for non compliance with s 155 of the CCA should be increased in line with similar notice based evidence gathering powers in the Australian Securities and Investments Commission Act 2001.
R41 — Private actions
S 83 of the CCA should be amended so that it extends to admissions of fact made by the person against whom the proceedings are brought in addition to findings of fact made by the court.
R42 — National Access Regime
The declaration criteria in Part IIIA of the CCA should be targeted to ensure that third party access only be mandated where it is in the public interest. To that end: • Criterion (a) should require that access on reasonable terms and conditions through declaration promote a substantial increase in competition in a dependent market that is nationally significant. • Criterion (b) should require that it be uneconomical for anyone (other than the service provider) to develop another facility to provide the service. • Criterion (f) should require that access on reasonable terms and conditions through declaration promote the public interest. The Competition Principles Agreement should be updated to reflect the revised declaration criteria. The Australian Competition Tribunal should be empowered to undertake a merits review of access decisions, while maintaining suitable statutory time limits for the review process.
R43 — Australian Council for Competition Policy — Establishment
The National Competition Council should be dissolved and the Australian Council for Competition Policy (ACCP) established. Its mandate should be to provide leadership and drive implementation of the evolving competition policy agenda. The ACCP should be established under legislation by one State and then by application in all other States and Territories and at the Commonwealth level. It should be funded jointly by the Australian Government and the States and Territories. The ACCP should have a five member board, consisting of two members nominated by state and territory Treasurers and two members selected by the Australian Government Treasurer, plus a Chair. Nomination of the Chair should rotate between the Australian Government and the States and Territories combined. The Chair should be appointed on a full time basis and other members on a part time basis. Funding should be shared by all jurisdictions, with half of the funding provided by the Australian Government and half by the States and Territories in proportion to their population size.
R44 — Australian Council for Competition Policy — Role
The Australian Council for Competition Policy should have a broad role encompassing: • advocacy, education and promotion of collaboration in competition policy; • independently monitoring progress in implementing agreed reforms and publicly reporting on progress annually; • identifying potential areas of competition reform across all levels of government; • making recommendations to governments on specific market design issues, regulatory reforms, procurement policies and proposed privatisations; • undertaking research into competition policy developments in Australia and overseas; and • ex post evaluation of some merger decisions.
R45 — Market studies power
Australian Council for Competition Policy (ACCP) should have the power to undertake competition studies of markets in Australia and make recommendations to relevant governments on changes to regulation, or to the ACCC for investigation of potential breaches of the CCA. The ACCP should have mandatory information gathering powers to assist in its market studies function; however, these powers should be used sparingly.
R46 — Market studies requests
All governments, jointly or individually, should have the capacity to issue a reference to the Australian Council for Competition Policy (ACCP) to undertake a competition study of a particular market or competition issue. All market participants, including small business and regulators (such as the ACCC), should have the capacity to request market studies be undertaken by the ACCP. The work program of the ACCP should be overseen by the Ministerial Council on Federal Financial Relations to ensure that resourcing addresses priority issues.
R47 — Annual competition analysis
The Australian Council for Competition Policy should be required to undertake an annual analysis of developments in the competition policy environment, both in Australia and internationally, and identify specific issues or markets that should receive greater attention.
R48 — Competition payments
The Productivity Commission should be tasked to undertake a study of reforms agreed to by the Australian Government and state and territory governments to estimate their effect on revenue in each jurisdiction. If disproportionate effects across jurisdictions are estimated, competition policy payments should ensure that revenue gains flowing from reform accrue to the jurisdictions undertaking the reform. Reform effort should be assessed by the Australian Council for Competition Policy based on actual implementation of reform measures, not on undertaking reviews.
R49 — ACCC functions
Competition and consumer functions should be retained within the single agency of the ACCC.
R50 — Access and Pricing Regulator
The following regulatory functions should be transferred from the ACCC and the NCC and be undertaken within a single national Access and Pricing Regulator: • the telecommunications access and pricing functions of the ACCC; • price regulation and related advisory roles of the ACCC under the Water Act 2007 (Cth); • the powers given to the ACCC under the National Access Regime; • the functions undertaken by the Australian Energy Regulator under the National Electricity Law, the National Gas Law and the National Energy Retail Law; • the powers given to the NCC under the National Access Regime; and • the powers given to the NCC under the National Gas Law. Other consumer protection and competition functions should remain with the ACCC. Price monitoring and surveillance functions should also be retained by the ACCC. The Access and Pricing Regulator should be constituted as a five member board. The board should comprise two Australian Government appointed members, two state and territory nominated members and an Australian Government appointed Chair. Two members (one Australian Government appointee and one state and territory appointee) should be appointed on a part time basis. Decisions of the Access and Pricing Regulator should be subject to review by the Australian Competition Tribunal. The Access and Pricing Regulator should be established with a view to it gaining further functions if other sectors are transferred to national regimes.
R51 — ACCC governance
Half of the ACCC Commissioners should be appointed on a part time basis. This could occur as the terms of the current Commissioners expire, with every second vacancy filled with a part time appointee. The Chair could be appointed on either a full time or a part time basis, and the positions of Deputy Chair should be abolished. The Panel believes that current requirements in the CCA (paras 7(3)(a) and 7(3)(b)) for experience and knowledge of small business and consumer protection, among other matters, to be considered by the Minister in making appointments to the Commission are sufficient to represent sectoral interests in ACCC decision making. Therefore, the Panel recommends that the further requirements in the CCA that the Minister, in making all appointments, be satisfied that the Commission has one Commissioner with knowledge or experience of small business matters (subsection 10(1B)) and one Commissioner with knowledge or experience of consumer protection matters (subsection 7(4)) be abolished. The ACCC should report regularly to a broad based committee of the Parliament, such as the House of Representatives Standing Committee on Economics.
R52 — Media Code of Conduct
The ACCC should establish, publish and report against a Code of Conduct for its dealings with the media with the aim of strengthening the perception of its impartiality in enforcing the law. The Code of Conduct should be developed with reference to the principles outlined in the 2003 Review of the Competition Provisions of the Trade Practices Act.
R53 — Small business access to remedies
The ACCC should take a more active approach in connecting small business to alternative dispute resolution schemes where it considers complaints have merit but are not a priority for public enforcement. Where the ACCC determines it is unable to pursue a particular complaint on behalf of a small business, the ACCC should communicate clearly and promptly its reasons for not acting and direct the business to alternative dispute resolution processes. Where the ACCC pursues a complaint raised by a small business, the ACCC should provide that business with regular updates on the progress of its investigation. Resourcing of the ACCC should allow it to test the law on a regular basis to ensure that the law is acting as a deterrent to unlawful behaviour. Small business commissioners, small business offices and ombudsmen should work with business stakeholder groups to raise awareness of their advice and dispute resolution services. The Panel endorses the following recommendations from the Productivity Commission’s Access to Justice Arrangements report: • R8.2 and 8.4 to ensure that small businesses in each Australian jurisdiction have access to effective and low cost small business advice and dispute resolution services; • R8.3 to ensure that small business commissioners, small business offices or ombudsmen provide a minimum set of services, which are delivered in an efficient and effective manner; • R9.3 to ensure that future reviews of industry codes consider whether dispute resolution services provided pursuant to an industry code, often by industry associations or third parties, are provided instead by the Australian Small Business Commissioner under the framework of that industry code; • R11.1 to broaden the use of the Federal Court’s fast track model to facilitate lower cost and more timely access to justice; and • R13.3 to assist in managing the costs of litigation, including through the use of costs budgets for parties engaged in litigation
R54 — Collective bargaining
The CCA should be reformed to introduce greater flexibility into the notification process for collective bargaining by small business. Reform should include allowing: • the nomination of members of the bargaining group, such that a notification could be lodged to cover future (unnamed) members; • the nomination of the counterparties with whom the group seeks to negotiate, such that a notification could be lodged to cover multiple counterparties; and • different timeframes for different collective bargaining notifications, based on the circumstances of each application. Additionally, the ACCC should be empowered to impose conditions on notifications involving collective boycott activity, the timeframe for ACCC assessment of notifications for conduct that includes collective boycott activity should be extended from 14 to 60 days to provide more time for the ACCC to consult and assess the proposed conduct, and the ACCC should have a limited ‘stop power’ to require collective boycott conduct to cease, for use in exceptional circumstances where a collective boycott is causing imminent serious detriment to the public. The current maximum value thresholds for a party to notify a collective bargaining arrangement should be reviewed in consultation with representatives of small business to ensure that they are high enough to include typical small business transactions. The ACCC should take steps to enhance awareness of the exemption process for collective bargaining and how it might be used to improve the bargaining position of small businesses in dealings with large businesses. The ACCC should also amend its collective bargaining notification guidelines. This should include providing information about the range of factors considered relevant to determining whether a collective boycott may be necessary to achieve the benefits of collective bargaining.
R55 — Implementation
The Australian Government should discuss this Report with the States and Territories as soon as practicable following its receipt.
R56 — Economic modelling
The Productivity Commission should be tasked with modelling the recommendations of this Review as a package (in consultation with jurisdictions) to support discussions on policy proposals to pursue.

29 March 2015

UK Privacy and Security Framework report

Privacy and Security: A modern and transparent legal framework by the UK Intelligence and Security Committee of Parliament comments
i. The internet has transformed the way we communicate and conduct our day-to-day lives. However, this has led to a tension between the individual right to privacy and the collective right to security, which has been the focus of considerable debate over the past 18 months.
ii. The leak by Edward Snowden of stolen intelligence material in June 2013 led to allegations regarding the UK Agencies’ use of intrusive capabilities – in particular those relating to GCHQ’s interception of internet communications. This Committee investigated the most serious of those allegations – that GCHQ were circumventing UK law – in July 2013. We concluded that that allegation was unfounded. However, we considered that a more in-depth Inquiry into the full range of the Agencies’ intrusive capabilities was required – not just in terms of how they are used and the scale of that use, but also the degree to which they intrude on privacy and the extent to which existing legislation adequately defines and constrains these capabilities.
iii. All those who contributed to this Inquiry agreed that the intelligence and security Agencies have a crucial role protecting UK citizens from threats to their safety. The UK intelligence and security Agencies (MI5, SIS and GCHQ) exist to protect the country from threats and to obtain intelligence in the interests of the UK’s national security or economic well-being and for the detection and prevention of serious crime. The importance of this work is reflected in the fact that Parliament has provided the Agencies with a range of intrusive powers which they use to generate leads, to discover threats, to identify those who are plotting in secret against the UK and to track those individuals.
iv. However, in a democratic society those powers cannot be unconstrained: limits and safeguards are essential. First and foremost, the Agencies are public bodies and therefore everything they do must be in accordance with the Human Rights Act 1998 (which incorporates the European Convention on Human Rights into UK law). While the Agencies work to protect our national security, they must do so while upholding our basic human rights. Some rights are not absolute: the right to privacy, for example, is a qualified right – as all the witnesses to our Inquiry accepted – which means that there may be circumstances in which it is appropriate to interfere with that right. In the UK, the legal test is that action can be taken which intrudes into privacy only where it is for a lawful purpose and it can be justified that it is necessary and proportionate to do so. The question that we have considered in relation to each of the Agencies’ capabilities is whether the intrusion it entails is justified and whether the safeguards are sufficient.
v. Our Inquiry has involved a detailed investigation into the intrusive capabilities that are used by the UK intelligence and security Agencies. This Report contains an unprecedented amount of information about those capabilities, including how they are used, the legal framework that regulates their use, the authorisation process, and the oversight and scrutiny arrangements that apply.
The Committee summarises its key findings
  • We are satisfied that the UK’s intelligence and security Agencies do not seek to circumvent the law – including the requirements of the Human Rights Act 1998, which governs everything that the Agencies do. 
  • However, that legal framework has developed piecemeal, and is unnecessarily complicated. We have serious concerns about the resulting lack of transparency, which is not in the public interest. 
  • Our key recommendation therefore is that the current legal framework be replaced by a new Act of Parliament governing the intelligence and security Agencies. This must clearly set out the intrusive powers available to the Agencies, the purposes for which they may use them, and the authorisation required before they may do so. 
  • Our Report also contains substantial recommendations about each of the Agencies’ intrusive capabilities, which we consider are essential to improve transparency, strengthen privacy protections and increase oversight. 
  • We have scrutinised GCHQ’s bulk interception capability in particular detail, since it is this that has been the focus of recent controversy: 
  • Our Inquiry has shown that the Agencies do not have the legal authority, the resources, the technical capability, or the desire to intercept every communication of British citizens, or of the internet as a whole: GCHQ are not reading the emails of everyone in the UK. 
  • GCHQ’s bulk interception systems operate on a very small percentage of the bearers that make up the internet. We are satisfied that they apply levels of filtering and selection such that only a certain amount of the material on those bearers is collected. Further targeted searches ensure that only those items believed to be of the highest intelligence value are ever presented for analysts to examine: therefore only a tiny fraction of those collected are ever seen by human eyes. 
  • The current legal framework of external and internal communications has led to much confusion. However, we have established that bulk interception cannot be used to target the communications of an individual in the UK without a specific authorisation naming that individual, signed by a Secretary of State. 
  • While these findings are reassuring, they nevertheless highlight the importance of a new, transparent legal framework. There is a legitimate public expectation of openness and transparency in today’s society, and the intelligence and security Agencies are not exempt from that. 
The Report goes on to comment
Interception of communications
While we have considered the entire range of intrusive capabilities available to the Agencies, public controversy has centred on GCHQ’s interception of internet communications which some have alleged means that GCHQ are ‘hoovering up’ the communications of everyone in the UK. Such ‘blanket surveillance’ would not only be unlawful, but also unacceptable. We have therefore scrutinised GCHQ’s capability to intercept internet communications in detail, including how GCHQ collect communications and the circumstances in which they may then examine those communications (paragraphs 49–128).
Why do the Agencies intercept communications?
The Agencies conduct two types of interception, depending on the information they have and what they are trying to achieve:
a) As an investigative tool. Where there is specific knowledge about a threat (e.g. a specific email address has been linked to terrorist activity), the Agencies may intercept that individual’s communications, provided they can demonstrate to a Secretary of State that it is necessary and proportionate to do so. This is known as ‘targeted interception’ and must be authorised by a warrant signed by a Secretary of State under Section 8(1) of the Regulation of Investigatory Powers Act 2000 (RIPA). Contributors to this Inquiry broadly accepted the principle of targeted interception. (Specific aspects of ‘targeted interception’ – and detailed recommendations for improvements in procedures – are covered in paragraphs 28–48.)
b) As a ‘discovery’, or intelligence-gathering, tool. The Agencies can use targeted interception only after they have discovered that a threat exists. They require separate capabilities to uncover those threats in the first place, so that they can generate leads and obtain the information they need to then target those individuals. It is this ‘bulk interception’ capability that has led to allegations that GCHQ are monitoring the communications of everyone in the UK.
How much of the internet do GCHQ ‘hoover up’?
We have investigated in considerable detail the processes by which GCHQ intercept internet communications in bulk. These processes involve first the collection of communications (which is authorised by a warrant signed by a Secretary of State under RIPA) and then the examination of a small number of those communications (if the material is listed in the Certificate that accompanies that warrant).
The first of the major processing systems we have examined is targeted at a very small percentage of the ‘bearers’ that make up the internet. As communications flow across those particular bearers, the system compares the traffic against a list of ‘simple selectors’. These are specific identifiers relating to a known target. Any communications which match are collected (paragraphs 60–64).
Analysts must then carry out a ‘triage process’ to determine which of these are of the highest intelligence value and should therefore be opened and read. Only a very small proportion (***%) of the items collected under this process xxxx (around *** items per day) are ever opened and read by an analyst. Even when GCHQ know that a communication relates to a known target, they still do not have the capacity to read all of them; they have to prioritise (paragraphs 74–75).
Another major processing system by which GCHQ may collect communications is targeted at an even smaller number (just ***%) of the bearers that make up the internet (these are a subset of those accessed by the process just described). GCHQ apply *** ‘selection rules’ and, as a result, the processing system automatically discards the majority of the traffic that is carried across these bearers. The remainder – which GCHQ consider most likely to contain items of intelligence value – are collected (paragraphs 65–73).
The processing system then runs both automated and bespoke searches on these communications in order to draw out communications of intelligence value. By performing complex searches combining a number of criteria, the odds of a ‘false positive’ are considerably reduced. The system does not permit GCHQ analysts to search these communications freely (i.e. they cannot conduct fishing expeditions). The complex searches draw out only those items most likely to be of highest intelligence value. These search results – around *** items per day – are then presented to analysts in list form: it is only the communications on this list that analysts are able to open and read. They cannot open any communications which have not matched the complex searches. (This can be thought of as using a magnet to draw the needle out of a haystack instead of combing through the straw yourself.) Analysts then rank the communications on the list in order of intelligence value, in order to decide which ones to examine: they open and read only a very tiny percentage of the communications collected (around *** items per day) (paragraphs 76–77).
GCHQ’s bulk interception systems operate on a very small percentage (***%) of the bearers that make up the internet. It cannot therefore realistically be considered blanket interception.
There are nevertheless still vast numbers of communications travelling across these bearers (hence it is described as bulk interception). GCHQ therefore filter this traffic still further, resulting in the collection of only a fraction of the traffic that is carried by this small number of bearers: ***.
This collection is based on specific criteria and filters: GCHQ do not therefore conduct interception indiscriminately.
Further, GCHQ do not open and read all the communications they collect. Collection and examination are two separate processes: only a very tiny percentage (***%) of the communications that GCHQ collect are ever opened and read by an analyst.
In practice, this means that fewer than *** of *** per cent of the items that transit the internet in one day are ever selected to be read by a GCHQ analyst, and these have gone through several stages of targeting, filtering and searching so that they are believed to be the ones of the very highest intelligence value.
Are GCHQ reading the communications of people in the UK?
We address this point in some detail, and provide examples, in paragraphs 105–115. However, in summary:
  • Communications between people in the UK are classed as internal communications: they can therefore only be searched for, examined and read through targeted interception, which requires the authority of an 8(1) warrant signed by a Secretary of State which names the individual being targeted. 
  • GCHQ are authorised to collect ‘external’ communications (where at least one end is outside the UK) under the broader authority of an 8(4) warrant signed by a Secretary of State. Of these, they are then authorised to search for and select communications to examine on the basis of a selector (such as an email address) of an individual overseas – provided that their reason for doing so is one or more of the categories described in the Certificate that accompanies the 8(4) warrant. 
  • Crucially, GCHQ can only search for and select communications to examine on the basis of a selector of an individual in the UK if – and only if – they first obtain separate additional authorisation from a Secretary of State which names that individual. It is unlawful for them to search for and examine the communications of someone in the UK without that additional targeted authorisation.
Do they need to intercept these communications?
While we are reassured that bulk interception is tightly drawn, it is nevertheless an intrusive capability. It is therefore essential that it is for a legal purpose, but also that it is necessary and proportionate. We have examined cases which demonstrate that this capability has been used to find communications indicating involvement in threats to national security. Bulk interception has exposed previously unknown threats or plots which threatened our security that would not otherwise have been detected (paragraphs 78–90). While we recognise privacy concerns about bulk interception as a matter of principle, we do not subscribe to the point of view voiced by some of our witnesses that it is preferable to let some terrorist attacks happen rather than to allow any form of bulk interception. It is right that the Agencies have this capability: what is important is that it is tightly controlled and subject to proper safeguards.
Is it properly controlled and regulated?
GCHQ must operate within the existing legal framework. Equally important is whether the existing legal framework is appropriate, particularly given changing technology and expectations about privacy. We have made a number of substantial recommendations for immediate improvements to the existing system of authorisation and oversight – we also recommend a more thorough overhaul of the legislation which we set out below. These short-term changes are broadly to address: the need for greater transparency; a more streamlined, simpler process; greater safeguards in relation to British citizens overseas, and for individuals who work in ‘sensitive’ professions that require privacy for their work; and increased oversight by the Interception of Communications Commissioner (we have recommended an increased role for both the Interception of Communications Commissioner and the Intelligence Services Commissioner in a number of areas covered by this Report).
Communications Data
While much of the recent controversy has focused on GCHQ’s interception of emails, there has also been concern over the use the Agencies make of Communications Data (CD). This encompasses the details about a communication – the ‘who, when and where’ – but not the content of what was said or written. CD is a critical capability for the Agencies: it is used to develop leads, focus on those who pose a threat and illuminate networks. However, concerns have been raised as to whether the distinction between data and content is still meaningful, and also whether changes in technology mean that CD is now just as intrusive as content. xiii. In our opinion the definition of CD used in RIPA is narrowly drawn and, while the volume of CD available has made it possible to build a richer picture of an individual, this remains considerably less intrusive than content. It does not therefore require the same safeguards as content does. However, we have found this debate to be complicated by the confusion as to what information is categorised as CD and what is treated as content – particularly in relation to internet communications and web browsing histories (paragraphs 136–143).
It is essential to be clear what constitutes CD. In particular, there is a ‘grey’ area of material which is not content, but neither does it appear to fit within the narrow ‘who, when and where’ of a communication, for example information such as web domains visited or the locational tracking information in a smartphone. This information, while not content, nevertheless has the potential to reveal a great deal about a person’s private life – his or her habits, tastes and preferences – and there are therefore legitimate concerns as to how that material is protected.
We have therefore recommended that this latter type of information should be treated as a separate category which we call ‘Communications Data Plus’. This should attract greater safeguards than the narrowly drawn category of Communications Data.
Other intrusive capabilities
We have also examined a number of other intrusive capabilities that are used by the Agencies (paragraphs 151–193). These include both the explicit capabilities defined in RIPA (such as the use of surveillance and the use of agents), and those capabilities that are implicitly authorised through general provisions in the Security Service Act 1989 and the Intelligence Services Act 1994 (such as the use of IT Operations against targets overseas and the acquisition of Bulk Personal Datasets). Our Report contains a number of detailed recommendations, primarily in relation to: greater transparency, to the extent that this is possible without damaging national security; and specific statutory oversight by either the Intelligence Services Commissioner or the Interception of Communications Commissioner in those areas where oversight is currently undertaken on a non-statutory basis.
Authorisation of intrusive action
The Agencies’ most intrusive capabilities are authorised by a warrant or other authorisation signed by a Secretary of State, with officials authorising those capabilities considered to be less intrusive. The primary question we have considered in this area is whether Ministers or judges should sign warrants for intrusive activity. We recognise the concerns put to us by some witnesses about public trust. However, the deciding factor for us is that while both Ministers and judges can assess legal compliance, Ministers can then apply an additional test in terms of the diplomatic and political context and the wider public interest. This additional test would be lost if responsibility were transferred to judges and might result in more warrant applications being authorised. Furthermore, judges are not held accountable, or asked to justify their decisions to Parliament and the public, as Minsters are. It is therefore right that responsibility for authorising warrants for intrusive activity remains with Ministers (paragraphs 194–203).
The legislative framework
There is no one piece of legislation that governs what the intelligence and security Agencies can and cannot do: broadly, the Security Service Act 1989 and the Intelligence Services Act 1994 provide the legal basis for the Agencies’ activities, but that is subject to the overarching requirements of the Human Rights Act 1998, and further constraints on certain of those activities as set out in a number of other pieces of legislation (for example, the Regulation of Investigatory Powers Act 2000). This is not just opaque, it is unnecessarily complicated. Further, it is inappropriate that many key capabilities – for example, the exchange of intelligence with international partners – are implicitly authorised rather than formally defined in statute (paragraphs 220–275).
The Committee has serious concerns about the adequacy of the current legislative framework governing and constraining the Agencies’ activities. We have seen no evidence that the Agencies are seeking to circumvent the law: in fact, the care and attention given to complying with the law within the Agencies is highly commendable. But the lack of clarity in the existing laws, and the lack of transparent policies beneath them, has not only fuelled suspicion and allegations but has also meant that the Agencies could be open to challenge for failing to meet their human rights obligations due to a lack of ‘foreseeability’. The adequacy of the legal framework and the greater need for transparency have been at the forefront of this Inquiry throughout.
While the Committee has concluded that the legal framework governing the Agencies’ use of intrusive powers requires greater transparency, this is a political view rather than a legal judgment. The narrower question as to whether the legislation and Agencies’ policies adequately meet the legal requirement for ‘foreseeability’ under the European Convention on Human Rights is, rightly, a matter for the Investigatory Powers Tribunal (IPT) and the European Court of Human Rights. In this respect, we note the recent IPT judgments on this issue on 5 December 2014 and 6 February 2015. Nevertheless, whatever decision the courts may reach in relation to compliance with the legal requirements of the Convention, we consider that additional improvements can and should be made as a matter of good practice.
While we have made specific recommendations in relation to specific capabilities throughout this Report, these are only short-term solutions: such reforms and improvements around the edges of the existing legislation are not sufficient in the long term. Rather than reforming RIPA, as some have suggested, we consider that the entire legal framework governing the intelligence and security Agencies needs replacing.
The purposes, functions, capabilities and obligations of the Agencies should be clearly set out in a new single Act of Parliament. This should be distinct from legislation covering law enforcement and other bodies currently covered by RIPA: the purpose, scale and use of intrusive activities conducted by the intelligence Agencies are not the same as those conducted by the police or local authorities.
We have set out the key principles which must underpin this new legal framework in detail. These are based on explicit avowed capabilities, together with the privacy constraints, transparency requirements, targeting criteria, sharing arrangements and other safeguards that apply to the use of those capabilities.
These changes are overdue.
Not only is there a legal requirement of ‘foreseeability’ to ensure compliance with human rights law, there is also a legitimate public expectation of openness and transparency in today’s society and, while the Agencies require secrecy in order to conduct much of their work, the Government must make every effort to ensure that as much information as possible is placed in the public domain. This is essential to improve public understanding and retain confidence in the work of the intelligence and security Agencies.
In its recommendations the Committee states
The Committee considers that the Government should introduce a new Intelligence Services Bill setting out, in one Act of Parliament, the functions of the three UK intelligence and security Agencies. This should consolidate the intelligence and security related provisions of the following legislation:
  • Security Service Act 1989
  • Intelligence Services Act 1994
  • Regulation of Investigatory Powers Act 2000
  • Wireless Telegraphy Act 2006
  • Telecommunications Act 1984
  • Counter-Terrorism Act 2008; and 
  • the relevant provisions of other legislation as appropriate.
The new legislation should clearly list each intrusive capability available to the Agencies (including those powers which are currently authorised under the implicit authorities contained in the Intelligence Services Act and the Security Service Act) and, for each, specify:
a. The purposes for which the intrusive power can be used (one or more of: the protection of national security, the safeguarding of the economic well-being of the UK, or the detection or prevention of serious crime).
b. The overarching human rights obligations which constrain its use.
c. Whether the capability may be used in pursuit of a specific person, location or target, or in relation to a wider search to discover unknown threats.
d. The authorisation procedures that must be followed, including the review, inspection and oversight regime.
e. Specific safeguards for certain individuals or categories of information – for example, UK nationals, legally privileged information, medical information etc. (This should include incidental collection where it could not reasonably have been foreseen that these categories of information or individuals might be affected.)
f. Retention periods, storage and destruction arrangements for any information obtained.
g. The circumstances (including the constraints that might apply) in which any intelligence obtained from that capability may be shared with intelligence, law enforcement or other bodies in the UK, or with overseas partners.
h. The offence which would be committed by Agency personnel abusing that capability.
i. The transparency and reporting requirements.
In terms of the authorisation procedure, the following principles should apply:
a. The most intrusive activities must always be authorised by a Secretary of State.
b. When considering whether to authorise the activity, the Secretary of State must take into account, first, legal compliance and, if this is met, then the wider public interest.
c. All authorisations must include a summary of the expected collateral intrusion, including an estimate of the numbers of innocent people who may be impacted, and the extent to which the privacy of those innocent people will be intruded upon.
d. Any capability or operation which would result in significant collateral intrusion must be authorised by a Secretary of State.
e. All authorisations must be time limited (usually for no longer than six months).
f. Where an authorisation covers classes of activity conducted overseas, this must include the requirements for recording individual operations conducted under those authorisations, and the criteria for seeking separate Ministerial approval.
g. Where intelligence is sought from overseas partners, the same authorisation must be obtained as if the intrusive activity was undertaken by the UK Agency itself.
h. Where unsolicited material is received, the circumstances in which it may be temporarily held and assessed, and the arrangements for obtaining retrospective authority (or where authority is not given, destruction of the material) must be explicitly defined.
In relation to communications, given the controversy and confusion around access to Communications Data, we believe that the legislation should clearly define the following terms:
– ‘Communications Data’ should be restricted to basic information about a communication, rather than data which would reveal a person’s habits, preferences or lifestyle choices. This should be limited to basic information such as identifiers (email address, telephone number, username, IP address), dates, times, approximate location, and subscriber information.
– ‘Communications Data Plus’ would include a more detailed class of information which could reveal private information about a person’s habits, preferences or lifestyle choices, such as websites visited. Such data is more intrusive and therefore should attract greater safeguards.
– ‘Content-Derived Information’ would include all information which the Agencies are able to generate from a communication by analysing or processing the content. This would continue to be treated as content in the legislation.
The Committee has identified a number of areas where we believe there is scope for the Government to be more transparent about the work of the Agencies. The first step – as previously set out – is to consolidate the relevant legislation and avow all of the Agencies’ intrusive capabilities. This will, in itself, be a significant step towards greater transparency. Where it is not practicable to specify the detail of certain arrangements in legislation, the Government must nevertheless publish information as to how these arrangements will work (for example, in Codes of Practice). We recognise that much of the detail regarding the Agencies’ capabilities must be kept secret. There is, however, a great deal that can be discussed publicly and we believe that the time has come for much greater openness and transparency regarding the Agencies’ work.

Metadata Access

The SMH reports that around 2500 officials - mostly in the Australian Federal Police and state police forces - will be able to sign off on access to phone and internet records under the new metadata regime, which provides for warrantless access to metadata on the basis that a request has been authorised by a 'senior official'.

The SMH states that
NSW Police leads the way with more than 900 senior officers able to sign off on junior colleagues' requests to get data. Victoria Police have more than 400 officers who meet the threshold of seniority to approve the requests and Queensland Police more than 300. The Australian Federal Police have 190 sworn officers who can authorise requests, though a spokesman said fewer than 55 did so in the regular course of their jobs.  ...
 Most state police forces authorise officers at the rank of Inspector and above to approve requests.
In addition to police forces, the Australian Taxation Office has 276 senior staff who can approve requests, the Australian Crime Commission has 21 staff, the Australian Competition and Consumer Commission has three staff and the NSW Independent Commission Against Corruption has eight staff.
The Australian Customs and Border Protection Service refused to say how many of its staff approved access to people's metadata, but its latest annual report shows it has 65 staff at Senior Executive Service level – typically the level required to authorise requests.
A range of integrity and anti-corruption agencies can also access metadata, generally with fewer than 10 staff empowered to approve access.
In practice we now have a self-serve model for access, given the bureaucratic incapacity of the Office of the Australian Information Commissioner and under-resourcing of the Commonwealth Ombudsman.

28 March 2015

PSO breach

The Ballarat Courier reports that a Victorian Protective Services Officer (PSO) has been fined $500, placed on a six-month diversion plan and ordered to write a letter of apology to the victim after accessing and sending personal details of his brother's old flame "for a laugh".

He had pleaded guilty to disclosing information when not authorised to do so.

Concerns regarding 'undertrained, undersupervised and overauthorised' PSOs - transport personnel with policing powers - have been noted elsewhere in this blog. The offender was on duty at Ballarat Railway Station  in July last year when he encountered his brother's friend.
Back at the police pod at the railway station, [the offender]'s colleague logged into the police database to conduct checks on individuals they had spoken to.
After asking his colleague to search the woman, police documents state [the offender] took a photo of her personal details, telling the officer he was only "sending it to his brother for a laugh".
[His] colleague challenged him, suggesting it was inappropriate, and later reported the security breach to police.
[The offender] was interviewed on July 22 and made to surrender his phone, where the picture of the private information was saved. 
The Ballarat Magistrate was reportedly satisfied that the offender's actions were not sinister or calculated, but ordered him to resign from his position. "It does show a foolish failure to understand and comply with regulations in respect to accessing this private data".