by leave—I present a...: 19 Mar 2015: House debates (OpenAustralia.org)

House debates

Thursday, 19 March 2015

Bills

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014; Consideration in Detail

11:53 am

Malcolm Turnbull (Wentworth, Liberal Party, Minister for Communications) Share this | Hansard source

by leave—I present a supplementary explanatory memorandum to the bill and move government amendments (1) to (41) and (49) to (74) as circulated together:

(1) Schedule 1, item 1, page 3 (line 11), after "to be kept,", insert "in accordance with section 187BA and".

(2) Schedule 1, item 1, page 3 (line 13), omit "prescribed by the regulations", substitute "specified in or under section 187AA".

(3) Schedule 1, item 1, page 3 (line 22) to page 4 (line 9), omit subsection 187A(2).

(4) Schedule 1, item 1, page 4 (line 19), omit "prescribed by the regulations", substitute "for which a declaration under subsection (3A) is in force".

(5) Schedule 1, item 1, page 4 (after line 24), after subsection 187A(3), insert:

(3A) The Minister may, by legislative instrument, declare a service to be a service to which this Part applies.

(3B) A declaration under subsection (3A):

(a) comes into force when it is made, or on such later day as is specified in the declaration; and

(b) ceases to be in force at the end of the period of 40 sitting days of a House of the Parliament after the declaration comes into force.

(3C) If a Bill is introduced into either House of the Parliament that includes an amendment of subsection (3), the Minister:

(a) must refer the amendment to the Parliamentary Joint Committee on Intelligence and Security for review; and

(b) must not in that referral specify, as the period within which the Committee is to report on its review, a period that will end earlier than 15 sitting days of a House of the Parliament after the introduction of the Bill.

(6) Schedule 1, item 1, page 5 (lines 6 to 11), omit paragraph 187A(4)(c), substitute:

(i) that is of a kind referred to in paragraph (3)(a); and

(ii) that is operated by another person using the relevant service operated by the service provider;

or a document to the extent that the document contains such information; or

Note: This paragraph puts beyond doubt that service providers are not required to keep information or documents about communications that pass "over the top" of the underlying service they provide, and that are being carried by means of other services operated by other service providers.

(7) Schedule 1, item 1, page 6 (lines 3 to 6), omit subsection 187A(7).

(8) Schedule 1, item 1, page 6 (after line 6), after section 187A, insert:

187AA Information to be kept

(1) The following table sets out the kinds of information that a service provider must keep, or cause to be kept, under subsection 187A(1):

(2) The Minister may, by legislative instrument, make a declaration modifying (including by adding, omitting or substituting) the table in subsection (1), or that table as previously modified under this subsection.

(3) A declaration under subsection (2):

(a) comes into force when it is made, or on such later day as is specified in the declaration; and

(b) ceases to be in force at the end of the period of 40 sitting days of a House of the Parliament after the declaration comes into force.

(4) If a Bill is introduced into either House of the Parliament that includes an amendment of subsection 187A(4) or subsection (1) or (5) of this section, the Minister:

(a) must refer the amendment to the Parliamentary Joint Committee on Intelligence and Security for review; and

(5) For the purposes of items 2, 3, 4 and 6 of the table in subsection (1) and any modifications of those items under subsection (2), 2 or more communications that together constitute a single communications session are taken to be a single communication.

(9) Schedule 1, item 1, page 6 (after line 21), after subsection 187B(2), insert:

(2A) Before making the declaration, the Communications Access Co-ordinator may consult the Privacy Commissioner.

(10) Schedule 1, item 1, page 6 (after line 25), after paragraph 187B(3)(b), insert:

(ba) the objects of the Privacy Act 1988; and

(bb) any submissions made by the Privacy Commissioner because of the consultation under subsection (2A); and

(11) Schedule 1, item 1, page 6 (after line 30), at the end of section 187B, add:

(6) As soon as practicable after making a declaration under subsection (2), the Communications Access Co-ordinator must give written notice of the declaration to the Minister.

(7) As soon as practicable after receiving the notice under subsection (6), the Minister must give written notice of the declaration to the Parliamentary Joint Committee on Intelligence and Security.

(12) Schedule 1, item 1, page 6 (after line 30), after section 187B, insert:

187BA Ensuring the confidentiality of information

A service provider must protect the confidentiality of information that, or information in a document that, the service provider must keep, or cause to be kept, under section 187A by:

(a) encrypting the information; and

(b) protecting the information from unauthorised interference or unauthorised access.

(13) Schedule 1, item 1, page 7 (line 6), omit "paragraph 187A(2)(a)", substitute "paragraph (a) or (b) in column 2 of item 1 of the table in subsection 187AA(1)".

(14) Schedule 1, item 1, page 7 (line 16), omit "paragraph 187A(2)(a)", substitute "paragraph (a) or (b) in column 2 of item 1 of the table in subsection 187AA(1)".

(15) Schedule 1, item 1, page 7 (line 31), omit "section 187C", substitute "section 187BA or 187C".

(16) Schedule 1, item 1, page 8 (line 6), after "keeping", insert ", and ensuring the confidentiality of,".

(17) Schedule 1, item 1, page 8 (line 11), after "keeping", insert ", and ensuring the confidentiality of,".

(18) Schedule 1, item 1, page 8 (line 13), omit "section 187C", substitute "sections 187BA and 187C".

(19) Schedule 1, item 1, page 8 (line 15), omit "section 187C", substitute "sections 187BA and 187C".

(20) Schedule 1, item 1, page 9 (line 4), omit "section 187C", substitute "sections 187BA and 187C".

(21) Schedule 1, item 1, page 9 (line 9), omit "section 187C", substitute "section 187BA or 187C".

(22) Schedule 1, item 1, page 12 (line 1), omit "the end of".

(23) Schedule 1, item 1, page 13 (line 16), omit "exemption", substitute "decision".

(24) Schedule 1, item 1, page 14 (line 19), after "data retention", insert "or information security".

(25) Schedule 1, item 1, page 14 (after line 22), at the end of Division 3, add:

187KA Review of exemption or variation decisions

(1) A service provider may apply in writing to the ACMA for review of a decision under subsection 187K(1) relating to the service provider.

(2) The ACMA must:

(a) confirm the decision; or

(b) substitute for that decision another decision that could have been made under subsection 187K(1).

A substituted decision under paragraph (b) has effect (other than for the purposes of this section) as if it were a decision of the Communications Access Co-ordinator under subsection 187K(1).

(3) Before considering its review of the decision under subsection 187K(1), the ACMA must give a copy of the application to:

(a) the Communications Access Co-ordinator; and

(b) any enforcement agencies and security authorities that were given, under subparagraph 187K(5)(a)(i), a copy of the application for the decision under review; and

(c) any other enforcement agencies and security authorities that, in the opinion of the ACMA, are likely to be interested in the application.

Matters to be taken into account

(4) Before making a decision under subsection (2) in relation to a service provider, the ACMA must take into account:

(a) the interests of law enforcement and national security; and

(b) the objects of the Telecommunications Act 1997; and

(d) the service provider's costs, or anticipated costs, of complying with this Part; and

(e) any alternative data retention or information security arrangements that the service provider has identified.

(5) The ACMA may take into account any other matter it considers relevant.

(26) Schedule 1, item 1, page 14 (before line 24), before section 187L, insert:

187KB Commonwealth may make a grant of financial assistance to service providers

(1) The Commonwealth may make a grant of financial assistance to a service provider for the purpose of assisting the service provider to comply with the service provider's obligations under this Part.

(2) The terms and conditions on which that financial assistance is granted are to be set out in a written agreement between the Commonwealth and the service provider.

(3) An agreement under subsection (2) may be entered into on behalf of the Commonwealth by the Minister.

(27) Schedule 1, item 1, page 14 (after line 33), after subsection 187L(1), insert:

(1A) If the ACMA receives a service provider's application under section 187KA for review of a decision under subsection 187K(1), the ACMA must:

(a) treat the application as confidential; and

(b) ensure that it is not disclosed to any other person or body (other than the Communications Access Co-ordinator, an enforcement agency or a security authority) without the written permission of the service provider.

(28) Schedule 1, item 1, page 15 (lines 1 and 2), omit ", an enforcement agency or a security authority must, if it receives under paragraph 187G(1)(a) or 187K(5)(a)", substitute ", the Communications Access Co-ordinator, an enforcement agency or a security authority must, if it receives under subsection 187G(1), paragraph 187K(5)(a) or subsection 187KA(3)".

(29) Schedule 1, item 1, page 15 (after line 6), after section 187L, insert:

187LA Application of the Privacy Act 1988

(1) The Privacy Act 1988 applies in relation to a service provider, as if the service provider were an organisation within the meaning of that Act, to the extent that the activities of the service provider relate to retained data.

(2) Information that is kept under this Part, or information that is in a document kept under this Part is taken, for the purposes of the Privacy Act 1988, to be personal information about an individual if the information relates to:

(a) the individual; or

(b) a communication to which the individual is a party.

(30) Schedule 1, item 1, page 15 (lines 14 to 17), omit subsection 187N(1), substitute:

(1) The Parliamentary Joint Committee on Intelligence and Security must review the operation of this Part.

(1A) The review:

(a) must start on or before the second anniversary of the end of the implementation phase; and

(b) must be concluded on or before the third anniversary of the end of the implementation phase.

(31) Schedule 1, item 1, page 15 (after line 19), at the end of section 187N, add:

(3) Until the review is completed, the head (however described) of an enforcement agency must keep:

(a) all of the documents that he or she is required to retain under section 185; and

(b) all of the information that he or she is required, by paragraphs 186(1)(e) to (k), to include in a report under subsection 186(1);

relating to the period starting on the commencement of this Part and ending when the review is completed.

(4) Until the review is completed, the Director-General of Security must keep:

(a) all of the authorisations made under Division 3 of Part 4-1; and

(b) all of the information that he or she is required, by paragraphs 94(2A)(c) to (j) of the Australian Security Intelligence Organisation Act 1979, to include in a report referred to in subsection 94(1) of that Act;

relating to the period starting on the commencement of this Part and ending when the review is completed.

(5) Subsections (3) and (4) do not limit any other obligation to keep information under this Act or another law.

(32) Schedule 1, item 1, page 15 (after line 23), after subsection 187P(1), insert:

(1A) Without limiting the matters that may be included in a report under subsection (1), it must include information about:

(a) the costs to service providers of complying with this Part; and

(b) the use of data retention implementation plans approved under Division 2 of this Part.

(33) Schedule 1, page 16 (after line 1), after the heading to Part 2, insert:

Australian Security Intelligence Organisation Act 1979

1A Section 4

Insert:

retained data has the same meaning as in the Telecommunications (Interception and Access) Act 1979.

(34) Schedule 1, page 16, after proposed item 1A, insert:

1B Paragraphs 94(2A)(a) and (b)

Omit "year", substitute "period".

1C At the end of subsection 94(2A)

Add:

; and (c) the number of authorisations made during the period under section 175 and subsection 176(3) of the Telecommunications (Interception and Access) Act 1979; and

(d) the purposes for which those authorisations were made; and

(e) the lengths of time for which the information or documents that were, or would have been, covered by those authorisations had been held when access was sought; and

(f) the number of those authorisations that related to retained data that included information of a kind referred to in item 1 of the table in subsection 187AA(1) of that Act; and

(g) the number of those authorisations that related to retained data that included information of a kind referred to in item 2, 3, 4, 5 or 6 of the table in subsection 187AA(1) of that Act; and

(h) the number of those authorisations that were made under journalist information warrants issued under Subdivision B of Division 4C of Part 4-1 of that Act; and

(i) the number of journalist information warrants issued under that Subdivision during the period; and

(j) information of a kind declared under subsection (2C) of this section.

1D After subsection 94(2A)

Insert:

(2B) A report under subsection (1) is to set out the matters referred to in paragraph (2A)(e) by specifying:

(a) in relation to each of 8 successive periods of 3 months, the number of the authorisations sought for information or documents held for lengths of time included in that period; and

(b) the number of the authorisations sought for information or documents held for lengths of time exceeding 24 months.

(2C) The Minister may, by legislative instrument, declare kinds of information that are to be set out in a report under subsection (1).

(35) Schedule 1, page 16, after proposed item 1D, insert:

Intelligence Services Act 2001

1E Section 3

Insert:

retained data activity means an activity relating to information, or documents, that a service provider has been required to keep under Part 5-1A of the Telecommunications (Interception and Access) Act 1979.

service provider has the same meaning as in the Telecommunications (Interception and Access) Act 1979.

(36) Schedule 1, page 16, after proposed item 1E, insert:

1F After paragraph 29(1)(bb)

Insert:

(bc) to conduct the review under section 187N of the Telecommunications (Interception and Access) Act 1979; and

(bd) subject to subsection (5), to review any matter that:

(i) relates to the retained data activities of ASIO; and

(ii) is included, under paragraph 94(2A)(c), (d), (e), (f), (g), (h), (i) or (j) of the Australian Security Intelligence Organisation Act 1979, in a report referred to in subsection 94(1) of that Act; and

(be) subject to subsection (5), to review any matter that:

(i) relates to the retained data activities of the AFP in relation to offences against Part 5.3 of the Criminal Code; and

(ii) is set out, under paragraph 186(1)(e), (f), (g), (h), (i), (j) or (k) of the Telecommunications (Interception and Access) Act 1979, in a report under subsection 186(1) of that Act; and

1G At the end of section 29

Add:

(4) Subject to subsection (5), paragraphs (3)(c) and (k) do not apply to things done in the performance of the Committee's functions under paragraphs (1)(bd) and (be).

(5) The Committee's functions under paragraphs (1)(bd) and (be):

(a) are to be performed for the sole purpose of assessing, and making recommendations on, the overall operation and effectiveness of Part 5-1A of the Telecommunications (Interception and Access) Act 1979; and

(b) do not permit reviewing the retained data activities of service providers; and

Note: The performance of the Committee's functions under paragraphs (1)(bd) and (be) are also subject to the requirements of Schedule 1.

(37) Schedule 1, page 16, after proposed item 1G, insert:

Privacy Act 1988

1H Subsection 6(1) (at the end of the definition of personal information )

Add:

Note: Section 187LA of the Telecommunications (Interception and Access) Act 1979 extends the meaning of personal information to cover information kept under Part 5-1A of that Act.

(38) Schedule 1, page 16, after proposed item 1H, insert:

1J Subsection 6C(1) (note)

Repeal the note, substitute:

Note 1: Under section 187LA of the Telecommunications (Interception and Access) Act 1979, service providers are, in relation to their activities relating to retained data, treated as organisations for the purposes of this Act.

Note: 2: Regulations may prescribe an instrumentality by reference to one or more classes of instrumentality. See subsection 13(3) of the Legislative Instruments Act 2003.

(39) Schedule 1, page 16 (after line 17), after item 3, insert:

3A After subsection 280(1A)

Insert:

(1B) Subject to subsection (1C), paragraph (1)(b) does not apply to a disclosure of information or a document if:

(a) the disclosure is required or authorised because of:

(i) a subpoena; or

(ii) a notice of disclosure; or

(iii) an order of a court;

in connection with a civil proceeding; and

(b) the information or document is kept, by a service provider (within the meaning of the Telecommunications (Interception and Access) Act 1979), solely for the purpose of complying with Part 5-1A of that Act; and

(c) the information or document is not used or disclosed by the service provider for any purpose other than one or more of the following purposes:

(i) complying with Part 5-1A of that Act;

(ii) complying with the requirements of warrants under Chapters 2 and 3 of that Act or authorisations under Chapter 4 of that Act;

(iii) complying with requests or requirements to make disclosures provided for by sections 284 to 288 of this Act;

(iv) providing persons with access to their personal information in accordance with the Privacy Act 1988;

(v) a purpose prescribed by the regulations;

(vi) a purpose incidental to any of the purposes referred to in subparagraphs (i) to (v).

(1C) Subsection (1B) does not apply:

(a) in circumstances of a kind prescribed by the regulations; or

(b) to a disclosure to an enforcement agency (within the meaning of the Telecommunications (Interception and Access) Act 1979); or

(40) Schedule 1, page 16, after proposed item 3A, insert:

3B Section 281

Before "Division 2", insert "(1)".

3C At the end of section 281

Add:

(2) Subject to subsection (3), this section does not apply to a disclosure of information or a document by a person as a witness in a civil proceeding if the information or document:

(a) is kept, by a service provider (within the meaning of the Telecommunications (Interception and Access) Act 1979), solely for the purpose of complying with Part 5-1A of that Act; and

(b) is not used or disclosed by the service provider for any purpose other than one or more of the following purposes:

(i) complying with Part 5-1A of that Act;

(ii) complying with the requirements of warrants under Chapters 2 and 3 of that Act or authorisations under Chapter 4 of that Act;

(iii) complying with requests or requirements to make disclosures provided for by sections 284 to 288 of this Act;

(iv) providing persons with access to their personal information in accordance with the Privacy Act 1988;

(v) a purpose prescribed by the regulations;

(vi) a purpose incidental to any of the purposes referred to in subparagraphs (i) to (v).

(3) Subsection (2) does not apply:

(a) in circumstances of a kind prescribed by the regulations; or

(b) to a disclosure to an enforcement agency (within the meaning of the Telecommunications (Interception and Access) Act 1979); or

(41) Schedule 1, item 5, page 16 (lines 24 to 28), omit the item, substitute:

5 Subsection 5(1)

Insert:

Defence Minister has the same meaning as in the Intelligence Services Act 2001.

Foreign Affairs Minister has the same meaning as in the Intelligence Services Act 2001.

IGIS official has the same meaning as in the Australian Security Intelligence Organisation Act 1979.

implementation phase has the meaning given by subsection 187H(2).

infrastructure means any line or equipment used to facilitate communications across a telecommunications network.

journalist information warrant means a warrant issued under Division 4C of Part 4-1.

Part 4 -1 issuing authority means a person in respect of whom an appointment is in force under section 6DC.

Public Interest Advocate means a person declared under section 180X to be a Public Interest Advocate.

related account, service or device, in relation to a service to which Part 5-1A applies, means:

(a) an account; or

(b) a telecommunications device; or

that is related to the service.

retained data means information, or documents, that a service provider is or has been required to keep under Part 5-1A.

service provider has the meaning given by subsection 187A(1).

source (except in item 2 of the table in subsection 187AA(1)) means a person who provides information:

(a) to another person who is working in a professional capacity as a journalist; and

(b) in the normal course of the other person's work in such a capacity; and

(i) news, current affairs or a documentary; or

(ii) commentary or opinion on, or analysis of, news, current affairs or a documentary.

(49) Schedule 1, page 17 (after proposed item 6Q), at the end of Part 2, add:

6R After subparagraph 181B(3)(b)(i)

Insert:

(ia) to enable a person to comply with his or her obligations under section 185D or 185E; or

6S Before subparagraph 181B(6)(b)(i)

Insert:

(ia) to enable a person to comply with his or her obligations under section 185D or 185E; or

(50) Schedule 1, page 17 (after proposed item 6S), at the end of Part 2, add:

6T Subsection 182(2)

Repeal the subsection, substitute:

Exempt disclosures

(2) Paragraph (1)(b) does not apply to a disclosure of non-missing person information if:

(a) the disclosure is reasonably necessary:

(i) for a person to comply with his or her obligations under section 185D or 185E; or

(ii) for the performance by the Organisation of its functions; or

(iii) for the enforcement of the criminal law; or

(iv) for the enforcement of a law imposing a pecuniary penalty; or

(v) for the protection of the public revenue; or

(b) the disclosure is:

(i) to an IGIS official for the purpose of the Inspector-General of Intelligence and Security exercising powers, or performing functions or duties, under the Inspector-General of Intelligence and Security Act 1986; or

(ii) by an IGIS official in connection with the IGIS official exercising powers, or performing functions or duties, under that Act.

Note: A defendant bears an evidential burden in relation to the matter in subsection (2) (see subsection 13.3(3) of the Criminal Code).

6U Subsection 182(3)

Repeal the subsection, substitute:

Exempt uses

(3) Paragraph (1)(b) does not apply to a use of non-missing person information if:

(a) the use is reasonably necessary:

(i) for a person to comply with his or her obligations under section 185D or 185E; or

(ii) for the enforcement of the criminal law; or

(iii) for the enforcement of a law imposing a pecuniary penalty; or

(iv) for the protection of the public revenue; or

(b) the use is by an IGIS official in connection with the IGIS official exercising powers, or performing functions or duties, under the Inspector-General of Intelligence and Security Act 1986.

Note: A defendant bears an evidential burden in relation to the matter in subsection (3) (see subsection 13.3(3) of the Criminal Code).

(51) Schedule 1, page 17 (after propose

See this speech in context

Comments

No comments

House debates

Thursday, 19 March 2015

What are House debates?

Bills

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014; Consideration in Detail

Comments