08 March 2014

Sharing

The annual report [PDF] about the Telecommunications (Interception and Access) Act 1979 (Cth) - aka the TIA Act - last year indicated that there were 319,874 authorisations by Australian governments for access to telecommunications information between July 2012 and June 2013.

Those authorisations included the national and state police forces, the Clean Energy Regulator, Australia Post, Australian Health Practitioner Regulation Agency, Workcover NSW, Tax Practitioners Board, Medicare, Department of Immigration & Citizenship, Harness Racing NSW and Bankstown City Council.

That report indicated that information obtained under interception and stored communications warrants was used in 3,083 arrests, 6,898 prosecutions and 2,765 convictions. Access under the TIA Act was used in 895 cases regarding a missing person.

Telstra's new transparency report [PDF] indicates that in the second half of 2013 it received 40,644 requests from government agencies for customer data under that Act.

From 1 July  to 31 December Telstra received 36,053 warrantless requests for customer information, carriage service records, and pre-warrant checks from Australian government agencies. A further 2,871 requests related to emergencies, along with 270 court orders and 1,450 interception warrants.

Those requests were not necessarily accepted; Telstra does not disclose the number of requests it complied with.

Telstra indicated that it received under 100 requests for customer information in that period in other countries.

A perspective is provided in last month's submission [PDF] by the Inspector-General of Intelligence & Security to the Senate Legal and Constitutional Affairs References Committee Inquiry into comprehensive revision of the Telecommunications (Interception and Access) Act 1979.

The submission reflects the Committee's  consideration of inclusion of an objectives clause within the Telecommunications (Interception and Access) Act 1979 (Cth) to expresses the dual objectives of the legislation (protect the privacy of communications; enable interception and access to communications in order to investigate serious crime and threats to national security) and be consistent with with the privacy principles contained in the Privacy Act 1988 (Cth).

IGIS commented
Although the primary objective of the Act is to prohibit interception of telecommunications or access to stored communications except in certain prescribed and regulated circumstances, the range of exceptions has grown and may continue to expand. An objectives clause along the lines proposed recognises the need to balance the privacy of users of the telecommunications services in Australia with ASIO’s investigative requirements for security and foreign intelligence purposes. The privacy principles in the Privacy Act 1988 would provide a useful benchmark reflecting community expectations. 
The Committee considered whether the Attorney-General’s Department should undertake an examination of proportionality tests within the Telecommunications (Interception and Access) Act 1979 (Cth), indicating that actors to be considered in proportionality tests include the privacy impacts of proposed investigative activity; public interest served by the proposed investigative activity, including the gravity of the conduct being investigated; and availability and effectiveness of less privacy intrusive investigative techniques.

The Committee also recommended that the examination of the proportionality tests consider the appropriateness of applying a consistent proportionality test across the interception, stored communications and access to telecommunications data powers in the TIA Act.

IGIS commented that it
has a particular interest in whether proposed changes place sufficient weight on maintaining the privacy of individuals, and whether proposals reflect the concept of proportionality – that is, that the means for obtaining information must be proportionate to the gravity of the threat posed and the likelihood of its occurrence. The exercise of ASIO’s TIA powers will, almost always, not be apparent to the subject. Further, the use of ASIO’s powers is not usually subject to scrutiny by a court or through legal processes as can often occur for law enforcement agencies. As ASIO’s use of TIA powers is often highly intrusive, these powers should only be considered for use when other, less intrusive, means of obtaining information are likely to be ineffective or are not reasonably available. 
Any proposal to apply a consistent proportionality test will need to be examined carefully to ensure that it does not compromise privacy objectives.
In relation to warrants the Committee  considered whether A-G’s Department should examine the Telecommunications (Interception and Access) Act 1979 "with a view to revising the reporting requirements to ensure that the information provided assists in the evaluation of whether the privacy intrusion was proportionate to the public outcome sought".

IGIS states that
Relevant agencies are required to keep records relating to documents associated with the warrants issued and particulars relating to warrant applications and each time lawfully intercepted information is used, disclosed, communicated, entered into evidence or destroyed.
Chief officers of law enforcement agencies are required to report to the Attorney-General on the use and communication of intercepted information and the Attorney-General must table a statistical report in Parliament. The Commonwealth Ombudsman oversights the use of TIA powers by Commonwealth law enforcement agencies and reporting requirements are set out in the TIA Act.
ASIO’s use of TIA powers are not included in the Attorney-General’s report to Parliament. The Attorney-General’s Department could consider whether the public reporting regimes of similar organisations overseas might provide useful models of alternative reporting approaches.
The oversight regime for ASIO is not specified in the TIA Act. In practice, my office oversights ASIO’s use of TIA powers under the inspection function in the IGIS Act. To assist the Committee in understanding the way this oversight occurs I have summarised the current inspection regime.
Warrant related papers are examined so that we may be properly satisfied that:
  • the intelligence or security case that ASIO has made in support of the application is soundly based and that all necessary legislative requirements have been met 
  • the individuals identified in each warrant are actually identical with, or closely linked to, persons of security interest (this is particularly relevant where a ‘B-Party’ telecommunications interception warrant is being sought) 
  • appropriate internal and external approvals for the request have been obtained 
  • the Director-General of Security has identified in writing those individuals who may execute the warrant, or communicate information obtained from the warrant 
  • written reports to the Attorney-General on the outcome of executed warrants are factual and provided in a timely manner 
  • the activity concerned did not begin before, or continue after, the period authorised by the warrant 
  • in the small number of cases where unauthorised collection has occurred, including through carrier error, prompt and appropriate remedial action has been undertaken.
Warrant related papers are examined after the Attorney-General has authorised the activity. If any issues with warrants are identified, they are raised with the Director-General of Security to ensure that remedial action is taken and that processes are reviewed to prevent future errors. Where appropriate I can also advise the Attorney-General of any concerns. I also include a summary of inspection activity in my annual report. Generally the standard of warrant materials is high and the error rate is low. Comprehensive recordkeeping in ASIO is essential to ensure ASIO complies with the legislation and to enable effective oversight. Any proposal to change the recordkeeping regime should enhance accountability requirements.