27 March 2015

Senate report on the TIA Act

The 140 page Senate Legal and Constitutional Affairs References Committee Comprehensive revision of the Telecommunications (Interception and Access) Act 1979 report - hot on the heels of passage of the mandatory metadata retention Bill - states that
The committee's inquiry has spanned 15 months. During that time, the committee received much evidence highlighting the need for urgent and comprehensive reform of the Telecommunications (Interception and Access) Act 1979 (TIA Act) including substantial comment on the matter of mandatory data retention. During the later stages of the committee's inquiry, the government announced that it would be introducing a mandatory telecommunications data retention regime.
Although the issues of comprehensive reform of the TIA Act and mandatory data retention are not mutually exclusive, to the extent possible, they have been considered separately to ensure that adequate consideration is given to both matters. This majority consensus report details the need for reform of the existing TIA Act. Separate additional remarks on the matters of data access and data retention are provided by the committee Chair, the government members of the committee and the opposition members of the committee.
The referral
1.1 On 12 December 2013, the Senate referred the following matter to the Legal and Constitutional Affairs References Committee for inquiry and report by 10 June 2014: Comprehensive revision of the Telecommunications (Interception and Access) Act 1979 (the TIA Act), with regard to: a) the recommendations of the Australian Law Reform Commission For Your Information: Australian Privacy Law and Practice report, dated May 2008, particularly recommendation 71.2; and b) recommendations relating to the Act from the Parliamentary Joint Committee on Intelligence and Security Inquiry into the potential reforms of Australia’s National Security Legislation report, dated May 2013.
1.2 The Senate later extended the reporting date – to 27 August 2014, 29 October 2014, 3 December 2014, 12 February 2015 and 18 March 2015.2 As a result of the introduction of the Abbott Government's Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 and its referral to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) for inquiry and report by 27 February 2015, the Senate again extended the reporting date of the inquiry to enable the committee to consider the government’s proposed data retention policy and the findings of the PJCIS.
Background to the terms of reference
1.3 As the terms of reference indicate, the committee was required to comprehensively review the Telecommunications (Interception and Access) Act 1979 (TIA Act) having regard to recommendations made by two other bodies—the Australian Law Reform Commission (ALRC) in its report, For Your Information: Australian Privacy Law and Practice, and the PJCIS, in its report of the Inquiry into Potential Reforms of Australia's National Security Legislation. These earlier inquiries are briefly discussed below.
1.4 On 30 January 2006, the then Attorney-General, the Hon Philip Ruddock MP, referred 'matters relating to the extent to which the Privacy Act 1988 and related laws continue to provide an effective framework for the protection of privacy in Australia' to the ALRC for inquiry and report. In referring the matter, the Attorney-General requested that, among other things, the ALRC have regard to:
  • the rapid advances in information, communication, storage, surveillance and other relevant technologies; 
  • possible changing community perceptions of privacy and the extent to which it should be protected by legislation; and 
  • emerging areas that may require privacy protection.
1.5 The ALRC presented its report, titled For Your Information: Australian Privacy Law and Practice, on 30 May 2008 making 295 recommendations. The primary focus of the ALRC's report was information privacy, however, the issue of privacy and telecommunications7 was considered in Part J of its report. In Part J the ALRC acknowledged 'the need for telecommunications regulation to respond to a convergent communications environment'8 but noted that as issues relating to convergence were beyond the scope of its terms of reference they should be considered separately. To that end, in recommendation 71.2 the ALRC called for a review of telecommunications legislation.
Recommendation 71.2 reads as follows: The Australian Government should initiate a review to consider whether the Telecommunications Act 1997 (Cth) and the Telecommunications (Interception and Access) Act 1979 (Cth) continue to be effective in light of technological developments (including technological convergence), changes in the structure of communication industries and changing community perceptions and expectations about communication technologies. In particular, the review should consider: (a) whether the Acts continue to regulate effectively communication technologies and the individuals and organisations that supply communication technologies and communication services; (b) how these two Acts interact with each other and with other legislation; (c) the extent to which the activities regulated under the Acts should be regulated under general communications legislation or other legislation; (d) the roles and functions of the various bodies currently involved in the regulation of the telecommunications industry, including the Australian Communications and Media Authority, the Attorney-General’s Department, the Office of the Privacy Commissioner, the Telecommunications Industry Ombudsman, and Communications Alliance; and (e) whether the Telecommunications (Interception and Access) Act should be amended to provide for the role of a public interest monitor.
1.6 The Rudd Labor Government released its first stage response to the ALRC's report on 14 August 2009. The response committed the government to first reforming the 'privacy foundations' and to enhancing the role of the Privacy Commissioner. Reform would be 'technology neutral' to ensure the protection of personal information held in any medium. Although the first stage response addressed 197 of the ALRC's 295 recommendations, it did not address the matters set out in recommendation 71.2 or broader issues relating to reform of the TIA Act. Rather, the government stated that it would consider the remaining recommendations of the ALRC after the first stage response reforms had progressed. Legislation giving effect to the government's first stage response was enacted in November 2012.
The Parliamentary Joint Committee on Intelligence and Security—Inquiry into potential reforms of Australia’s National Security Legislation
1.7 In May 2012, the then Attorney-General (the Hon Nicola Roxon MP) requested that the PJCIS conduct an inquiry into a package of potential reforms to Australia's national security legislation. The package of reforms put to the PJCIS was comprised of 'telecommunications interception reform, telecommunications sector security reform and Australian intelligence community reform'. Along with the referral of the PJCIS inquiry, the Attorney-General's Department (the department) released a discussion paper that canvassed issues covered by the ALRC's report, including matters set out in Part J (which, as noted above, included recommendation 71.2).
1.8 The PJCIS tabled its report in June 2013 making 43 recommendations.
Recommendations 1–18 related to the TIA Act and recommendations 42 and 43 concerned data retention. These recommendations are listed at Appendix 1. It is noted by the committee that in February 2015 the PJCIS handed down its inquiry report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 which seeks to introduce a two year mandatory data retention regime in respect of telecommunications data (metadata) and implement recommendation 42 of the PJCIS's recommendations.
The current inquiry
1.9 The committee advertised the inquiry in The Australian newspaper on 5 February 2014. Details of the inquiry were published on the committee's website at www.aph.gov.au/senate_legalcon. The committee also wrote to over 110 organisations and individuals inviting submissions by 27 February 2014.
1.10 The committee received 46 submissions. Public submissions were published on the committee’s website and are listed at Appendix 2. The committee held six public hearings: on 22 and 23 April 2014, 21 July 2014, 26 September 2014 and 2 February 2015 in Canberra, and on 29 July 2014 in Sydney. The committee also took evidence in camera. A list of witnesses who appeared at the public hearings is at Appendix 3. The Hansard transcripts from the public hearings can be accessed on the committee’s website. ...
Scope and structure of the report
1.13 During this inquiry the committee sought to address the matters referred to it by examining issues raised since the reviews of the ALRC and the PJCIS. The committee took the approach that the recommendations of the ALRC's report relating to the TIA Act (including recommendation 71.2) were, to some extent, realised by the then Labor Government's referral of a review of potential reforms of Australia's national security legislation to the PJCIS committee. In that referral, the PJCIS was asked to examine many of the considerations set out in the ALRC's recommendation 71.2.
1.14 The committee notes the breadth of the recommendations of the PJCIS that related to the TIA Act: recommendations 1 to 18 related specifically to the existing provisions of the TIA Act; and recommendations 42 and 43 considered the broader policy issue of mandatory data retention. This committee notes that although the PJCIS did not reach a consensus view on mandatory data retention in its 2013 report, it recommended considerations that should be had if the government were persuaded to implement such a regime. The committee acknowledges that the 2015 PJCIS report into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 examines issues relating to data retention with greater specificity and detail than does the 2013 report.
1.15 This report comprises three chapters. The current chapter outlines the inquiry process. Chapter 2 considers the need for reform to the TIA Act and chapter 3 discusses warranted access to telecommunications content.
1.16 The committee could not reach agreement in relation to access to data and mandatory data retention. The minority reports at the conclusion of this committee report outline committee members' views on these issues.