George Brandis (Queensland, Liberal Party, Shadow Attorney-General) Share this | Link to this | Hansard source

The primary purpose of the Telecommunications (Interception and Access) Amendment Bill 2008 is to extend the operation of network protection provisions which are due to expire on 13 June 2008. It will also propose some technical amendments to the Telecommunications (Interception and Access) Act. The principal act prohibits the interception of telecommunications but also provides for interception by law enforcement and security agencies under warrant if the Attorney-General is satisfied that the telecoms system is being used by a person reasonably suspected of engaging in activities prejudicial to security.

Recent advances in technology have made it possible to communicate without a message passing over the telecommunications system—for example, storing emails or text messages in draft without sending them, swapping SIM cards and so on. These are known as stored communications. In 2004 the coalition government introduced interim legislation to permit security and law enforcement agencies access to stored communications using a normal search warrant as opposed to a telecommunications interception warrant.

In March 2005 the then government commissioned a report by Anthony Blunn to review the regulation of access to telecommunications. His report, which was tabled on 14 September 2005, recommended legislation dealing with access to telecommunications data. In 2006 the coalition government introduced legislation responding to the first tranche of the Blunn report recommendations, the 2006 act. This provided for a warrant regime for access to stored communications. In 2007 the second phase was enacted, implementing a two-tier access regime for access to historic and real-time data.

The provisions of the current legislation which are acceptable to the opposition are the proposed amendments to sections 5F(3) and 5G(3), which have an existing sunset provision of 13 June 2008. The bill proposes that this be extended until 12 December 2009. These are provisions which provide for exemptions to the general prohibition on the interception of telecommunications for Commonwealth and state law enforcement and security agencies. They contain the so-called network protection provisions. These provisions are necessary because automated systems to screen communications for viruses may constitute a technical breach of the prohibition on interception under the T(IA) Act. There is a risk that network administrators may incidentally intercept communications in the performance of that important function.

The Blunn report recognised that an exemption would permit the incidental interception of communications in the course of developing new technologies but recommended that access by law enforcement and security agencies without warrant should be permitted where it is necessarily incidental to the protection of data systems or the authorised development of new technologies or interception capabilities. The need is recognised for more comprehensive legislation to deal with this issue. Under the extended sunset provision, 20 Commonwealth and state agencies will have access exemptions, in the limited circumstances to which I have referred, until the end of 2009.

There are a number of technical amendments. Item 3 proposes to amend the T(IA) Act to allow a device based warrant—that is, for a particular telecommunications device used or likely to be used by a person to intercept communications from multiple devices. The 2006 amending act used the example of a person using multiple SIM cards in a mobile phone in quick succession to attempt to thwart interception, and other methods can be imagined. I note that these warrants are to be used only as a second-tier measure—that is, only if it would not be practicable to intercept the telecommunications services used or likely to be used by the person in respect of whom the warrant is issued. There are also consequential amendments.

The 2006 and 2007 amending acts resulted in some duplication in notification and reporting requirements. These are not controversial. I note that there were amendments proposed by the Senate committee that reviewed this legislation which have been accepted by the government, and the opposition welcomes the government’s concessions in that regard. These provide for, firstly, the requirement to identify multiple devices in device based named person warrants rather than for the warrants to extend presumptively to any device used or likely to be used by a person and, secondly, the removal of the power retrospectively to extend a warrant to devices not identified in the warrant. The opposition commends the work of the committee in this regard. The recommendations were unanimous. I make particular mention of the work of my friend and colleague Senator Guy Barnett in the committee.

In conclusion, the extension of the sunset clauses and the technical amendments does not create new powers for security and law enforcement agencies, but the network protection provisions do allow exemptions in limited circumstances’. The opposition recognises the complexity of the technical and privacy issues that arise in this area and urges the government to come forward with a legislative solution well before the 2009 sunset date. Having said that, and with the concessions the government has made to the recommendations of the Senate committee, the opposition will be supporting the bill.

Guy Barnett (Tasmania, Liberal Party) Share this | Link to this | Hansard source

Like the shadow minister, Senator George Brandis, I stand to speak in support of the Telecommunications (Interception and Access) Amendment Bill 2008 and also to commend to the Senate the Senate Standing Committee on Legal and Constitutional Affairs report on this legislation, which notes seven recommendations at the back. I note that the government has taken those recommendations on board. I thank the government for acknowledging the work of the committee and for taking those recommendations on board. It is really appreciated and it highlights the importance of the work of the Senate and the Senate committees. It was a unanimous report and it was released in May, just a short time ago. Senator Patricia Crossin chaired the committee and I was the deputy chair. The committee included Senator Andrew Bartlett, Senator Mary Jo Fisher, Senator Annette Hurley, Senator Linda Kirk, Senator Gavin Marshall and Senator Russell Trood. Senator Bob Brown was a participating member, as was Senator John Hogg.

I want to commend to the Senate the submissions made to that committee by 14 submitters: the Law Council of Australia; the New South Wales Council for Civil Liberties; the Office of New South Wales Privacy Commissioner; the Attorney-General’s Department; the Victorian Privacy Commissioner; ASIO, which made a confidential submission; the Office of the Privacy Commissioner; the Castan Centre for Human Rights Law; Victorian Police; the Australian Privacy Foundation, which also made a supplementary submission; Electronic Frontiers Australia; the Australian Federal Police; Tasmania Police; and the Queensland Police Service. All of those submissions were very much appreciated by the committee. The committee took on board those submissions, as well as the submissions of the witnesses who appeared before our committee, to come up with the seven recommendations. We had to balance the importance of protecting privacy and privacy rights with the importance of ensuring appropriate law enforcement measures and the operation by those various law enforcement agencies so that they can do their job. That is the role of Senate committees and the Senate—to improve the legislation wherever possible. It is a very good example of where it is working and working well.

The bill sought to amend the Telecommunications (Interception and Access) Act 1979, and its primary objective was to protect the privacy of individuals who use the Australian telecommunications system. The act makes it an offence to intercept communications or to access stored communications other than in accordance with the provisions of the act. There were three main amendments set out in the bill. The first was the extension of the sunset date for the network protection provisions. I think there was unanimous support for that being done. The second was the ‘clarification’—that is the word used by the government department—that a device based named person warrant gives the authority to intercept multiple telecommunications devices, and that additional devices not identified when the warrant was issued may be added. Now, of course, that objective has changed and the government has seen fit not to proceed with that particular objective but rather to wait until they can, with due consideration, come up with a better form of words, a better form of amendments, so that we can get consent and agreement through the Senate for such legislation. The third and final amendment was the removal of mandatory requirements for state interception agencies to provide copies of warrants and revocation instruments to state ministers, and for the ministers to forward these to the Attorney-General’s Department. Basically, that means to make it voluntary for relevant state ministers, for emergency services or for police to use their own discretion in that regard.

I want to note that the committee reviewed and used the previous efforts and past reports of the Senate Legal and Constitutional Affairs Legislation Committee when it was chaired by Senator Marise Payne, who I again commend in the Senate for her leadership of that committee over many years and for the reports that were prepared by that committee. The committee, in this instance, has produced a report that is consistent with past Senate Legal and Constitutional Affairs Legislation Committee reports and recommendations. We have also tried to be consistent with the Blunn report. Senators will recall that in 2005 the Howard government appointed Anthony Blunn AO to undertake a review of the regulation of access to communications under the T(IA) Act. Mr Blunn found that from a privacy point of view, uncontrolled access is simply not satisfactory. In his report of 2005, on page 59, he said:

An access regime should be established which provides appropriate protections and prevents backdoor use and access to obtain content.

That is referred to in our Senate committee report. In terms of the background and in terms of a telecommunications device and technology generally, things are changing and changing fast. A terminal device that is capable of being used for transmitting or receiving a communication over a communications system is a telecommunications device and it includes things such as a computer and a computer terminal, a personal digital assistant and a mobile telephone handset. They can be used to access more than one telecommunications service. For example, it is a simple matter to change a SIM card in a mobile phone or, in fact, for the user to use more than one mobile phone. Examples were put to our committee where over a dozen mobile phones and over a dozen SIM cards had been used. Law enforcement agencies want to do their job and do it well, and they want to be able to ensure that they cover the field.

That was where the legislation was heading, and we had to weigh that up to ensure that we got a proper balance between allowing law enforcement agencies to do their job, and do it effectively, and the privacy measures, because third parties could certainly be impacted by these new measures through no fault of their own—for example, because they used a certain computer terminal or a certain mobile phone that was used by the suspect concerned. So their interests need to be properly protected. The government’s explanatory memorandum sets out that:

… interception agencies are required to provide copies of warrants and revocations to the Secretary of the Commonwealth Attorney-General’s Department, who in turn provides them to the Commonwealth Minister ...

In chapter 3 of the report we talk about the sunset dates and we make a recommendation there that is consistent with the Blunn report. In recommendation 1, we say that we need to get ‘a balance between individual privacy rights and network protection requirements’.

In chapter 4 we talk about the device based named person warrants. Most of the witnesses who appeared before the committee raised concerns in relation to the proposal in the bill to permit devices to be added to a warrant after it had been issued and without further reference to the issuing authority. This is an area where we made a number of recommendations, and I am pleased to say that the government has acceded to those recommendations and has removed the concerns about adding devices to those warrants retrospectively—that is, after a warrant has been issued. I think that is a good move. It certainly ensures that the privacy of the individual will be protected.

In the report we made the point that ‘allowing interception agencies to add additional devices to a device-based named person warrant without further referral to an issuing authority’ was a major change to the bill. It was not, as the government had initially said in its second reading speech and in its explanatory memorandum, simply a matter of clarification. It was a significant change, and the government has seen fit not to proceed down that track, which is certainly appreciated. One of the conclusions we reached in the report was:

The committee is not convinced, however that an issuing authority can adequately consider potential interference with the privacy of any person(s), and also consider the other factors against which this should be balanced, if it is unaware of the identity of the devices that an interception agency may add subsequently to a device-based named person warrant.

We made that clear and we put that in a recommendation, and it has been noted. I also want to refer to the conclusion regarding accountability, where we said:

In regards to the accountability mechanisms internal to interception agencies, the committee commends the work done by interception agencies to improve their processes and accountability mechanisms.

From the submissions from Tasmania Police, the Queensland Police Service and others, it seemed quite clear that the law enforcement agencies are trying to get it right and are trying to keep up with changing technology and changing reforms. The committee also noted the importance of maintaining ‘independent scrutiny should agencies be authorised to add devices to a warrant, except in exceptional circumstances’. That was certainly taken into account in our report and in the government’s response.

I particularly appreciate the submissions from the Law Council of Australia, the New South Wales Council for Civil Liberties and Electronic Frontiers Australia. They made a lot of important submissions on the issue of privacy and reporting arrangements. You will see in the report that, with regard to reporting arrangements, the committee recommended that the bill be amended to insert a requirement that the annual report in relation to the bill incorporate additional information. That was recommended on the basis of the privacy of the individual—those third parties that may be affected—to require there to be an open, transparent and accountable arrangement where that reporting is put in place and becomes public information. I have referred to the removal of the mandatory arrangement for state ministers to report accordingly, and that is outlined in chapter 5 of the committee’s report. In chapter 6 we touched on some other issues and recommended that there should be an independent review of the act within three years. We also made further recommendations regarding reviews of the legislation.

I want to take this opportunity to thank the secretariat of the committee, Peter Hallahan and his team, for the work that they have done. I appreciate the long hours that are put in in pulling together a report like this in a very short time frame. The government had a sunset clause in the previous legislation and they and the Senate committee had to act swiftly. We delivered the report a week or two ago, and this legislation is now a priority for the government. The coalition supports the move to have this legislation reviewed and passed. I, together with Senator Brandis and the other members of my committee, support the legislation.

Andrew Bartlett (Queensland, Australian Democrats) Share this | Link to this | Hansard source

In following on from Senator Barnett, I might say that that is a nice beard, Senator Barnett—a very distinguished look. You risk being mistaken for me even more, though, if you are not careful! The Telecommunications (Interception and Access) Amendment Bill 2008 and, most importantly, the amendments that have been circulated by the government and the committee report that Senator Barnett has just referred to are further examples of the essential work of Senate committees. It is work that is mostly unsung, so I think it is important to sing about it—not literally, people will be relieved to know, but to highlight it and note its importance. In many cases it should really be unsung; it is simply getting down to the nitty-gritty of legislative detail and assessing what its actual impact will be and whether or not what is actually in the legislation before us matches the explanations given to us by the executive wing of government.

The government contends that the main purpose of this bill is to amend the Telecommunications (Interception and Access) Act 1979 to extend by 18 months the operation of the network protection provisions which are due to sunset on 13 June—just a month away. For this reason, we were asked back in March to consider the bill time critical. The government initially sought to have it included in the non-controversial legislation list at that time. It was asserted that the remainder of the bill implements a number of ‘minor yet important technical amendments’ and that it ‘contains no new powers for security or law enforcement agencies in relation to telecommunications interception, stored communications or access to data, but the bill ensures that these agencies have the necessary tools to combat crime in this age of rapid technological change’.

Before speaking to the substantive aspects of the bill, I would like to say something on behalf of the Democrats and, in particular, on behalf of the party spokesperson in this area, Senator Stott Despoja, who has some amendments that will be discussed in the committee stage. It is important to reflect on the attitude that the new government is displaying towards legislation affecting national security. While this legislation is not as huge as some of the other legislation on national security and related issues, it is still part of that same continuum. It is a concern to the Democrats that, on the first occasion that the new government has turned its mind to any form of legislation that impacts on Australia’s national security regime, we once again get this time-critical mantra being used. I accept the sunset provisions are time critical but the other provisions were not and are not. These provisions have simply been tacked on. When the government said that they were all time critical and that the bill was non-controversial—it contained no new powers and these were just minor amendments—some far too familiar and very concerning bells rang for me. It is the same approach that the previous government used to take in this area.

I reflect here on the detailed debate of an amendment bill in 2006 to the Telecommunications (Interception and Access) Act 1979. That bill—the Telecommunications (Interception and Access) Amendment Bill 2006—has same name as the bill before us. The debate on the 2006 bill was carried over three days in the Senate chamber. At that time, the ALP opposition moved a series of amendments to the bill which focused on the ALP’s concern that the legislation did not adequately protect individual privacy, particularly in relation to B-party warrants. Senator Ludwig, the then shadow minister for justice and customs, carried the debate on the legislation for the Labor Party. In his third reading contribution to the bill, he said:

The position we have now got to is that the government has voted down sensible amendments which came out of the committee process.

…            …            …

It is unfortunate that this government has not picked up the amendments that Labor has proposed, safeguards which would have struck the right balance. It really comes down to a lazy Attorney-General, who has not had the opportunity to look at the recommendations, to bring forward amendments and to argue for them in here.

…            …            …

The government could have picked up our recommendations during this debate. They have not. Therefore, they have not struck the right balance. Privacy is not sufficiently protected so far as B-party intercept warrants are concerned.

That was the Labor Party position expressed in this chamber in 2006 in their amendments to the bill; yet, four months into government, the Labor Party, in bringing forward this bill, have revisited the previous legislation and have suggested that it is a time-critical debate that could be put through in a non-controversial way. They initially made no attempt to address the numerous concerns that they themselves had expressed with the legislation in 2006.

As part of being balanced, I should indicate that the difference here is that the Labor government has picked up some of the concerns raised in the committee inquiry and is putting forward amendments to reflect some of those concerns. Thankfully, after the Democrats referred this bill to the Senate Standing Committee on Legal and Constitutional Affairs for inquiry, the legislation before us emerged. It is clear from the nature and extent of submissions received by the committee and, indeed, from the committee’s conclusions in their report, that the amendments proposed by the original bill were far from minor or just technical. Indeed, the chair concluded that the amendments in relation to device based warrants proposed to remove an important, existing safeguard and refuted the assertion by the Attorney-General’s Department that the current bill merely clarifies the intention of the 2006 bill.

The government has belatedly acknowledged some of the effects of this bill by the amendments that it is now proposing—and that should be acknowledged. That also reflects the importance of the Senate committee process—not widespread headlines but just focusing on the facts, getting submissions from people that have expertise in the area and filtering through the evidence to look at the actual impacts of the legislation. That evidence included submissions from law enforcement officers, who have to deal with the daily reality of wrestling with fast-changing technology and all of the different competing issues that have been reflected on in previous contributions. The committee heard evidence from the law enforcement officers, which is important, and I acknowledge the different perspectives there. By simply doing that, the committee was able to significantly improve the legislation and also to go forward in a much more informed way.

On a more personal level, apart from the alarm bells that ring when I hear statements from ministers that legislation contains ‘minor technical amendments’—and I discover when I look at them that they are not minor—there is another statement by ministers that always concerns me, and that is: ‘We are just making changes to reflect what was the parliament’s original intention.’ This occurred when the previous amendment bill was passed a few years ago. Frankly, as a parliamentarian, I resent being told what my intention is and, in particular, being told what the Senate’s intention is by ministers who are not part of Senate. This statement is simply ludicrous. I know that you could have a whole lot of legal argument about what the phrase ‘the parliament’s intention’ means and does not mean.

However, in simple, real-world language, to try and suggest that a law that has a particular set of words was passed by the parliament and that the parliament’s actual intention was to adopt something completely different is, I think, bordering on dishonesty, frankly—and that is being polite. It is a lazy phrase to use and it is one that, to me, always suggests that there is something dodgy going on. I am not saying that there is something dodgy going on here, but it is my automatic response when I hear that justification being used that the parliament actually meant to do this a few years ago and somehow or other the parliament just got it wrong, and now we are just doing what the parliament really wanted to do back then but we could not get it right at the time. Unless there is very compelling evidence to back up those sorts of statements, I would suggest that they are more likely to be misleading rather than factual. It is disappointing to see that sort of justification put forward.

The government can argue all it wants about what the government’s intention at the time was, but I think it is very dodgy to argue what the parliament’s intention was in regard to the final legislation passed. It is particularly dubious, given that the government now arguing this was not the government from a couple of years earlier. The wording in the act, whilst there are some inconsistencies within it as it currently exists, is quite clear in not permitting what is being proposed by this legislation. Whether or not what was being proposed by this legislation is a good or a bad thing is a separate matter.

This is actually the third time in as many years that this act has been amended. On each previous occasion the Democrats, the Greens and the Labor Party, as then opposition, expressed serious concern about the operation of the act and the lack of privacy safeguards. To try and seek to rush through a series of amendments and label them time critical without revisiting those concerns is unfortunate. We do consider that the act, as a whole, still requires significant amendment in some of those areas which are not addressed by this bill. We do urge the government to consider some of those wider issues as a matter of urgency.

Notwithstanding those views, we do understand the government does find itself in the position where aspects of the legislation enacted by the former government and passed by the previous parliament are due to expire, and thus there is an imperative that parts of this bill are passed expeditiously. Sections 5F(2) and 5G(2) are subject to sunset clauses, and will cease to have effect in June this year. Items 1 and 2 in schedule 1of the bill seek to extend these sunset provisions by a further 18 months. The Democrats agree with the committee’s conclusion that extension of the sunset provisions under subsections 5F(2) and 5G(2) of the act should be allowed to pass without amendment. We also support the committee’s recommendation that any further legislation to address network protections provisions should include a thorough and considered response to achieving a balance between individual privacy rights and network protection requirements.

However, the Democrats are concerned that progress in relation to a permanent legislative solution has not progressed beyond a draft discussion paper. According to evidence provided to the committee inquiry, that has not yet been circulated outside the Attorney-General’s Department. We consider that such progress is unacceptably slow. You put in place sunset clauses to provide some idea of when the task is meant to be completed. To have made such little progress when the sunset clause is about due to expire is of concern. We do urge the government to work towards a permanent solution to this issue as fast as possible.

We also note that there are still, undoubtedly, uncertainties surrounding the application of the act to organisations other than law enforcement and intelligence agencies that do not have the benefit of an exemption. As Electronic Frontiers Australia stated during the committee inquiry:

Simply put, it seems now that ASIO, the police and anticorruption agencies may be able to legally filter viruses and spam from their incoming email but there is a good chance that organisations in the private sector and indeed governmental organisations not specifically provided for in the legislation may be committing an offence by doing that.

The Democrats note recent comments from the Attorney-General that indicate the department is developing a solution to this problem, and we consider that any uncertainties surrounding the application of the act to non-exempt organisations should be addressed as a matter of urgency. If clarifying legislation is required, it should be developed commensurate with the permanent legislative solution in respect of law enforcement and intelligence agencies.

The device based named person interception warrants were introduced by the 2006 bill, which I have referred to already. During the committee inquiry into that amending bill the Democrats considered that there was significant uncertainty surrounding the ability to uniquely identify communications devices and recommended that the provisions of that 2006 bill relating to device based warrants be delayed until it was possible to determine the full scope of their operation. We note the concern expressed still by privacy and civil liberties groups, as reflected in the committee’s report on this occasion, regarding the continued uncertainty in relation to unique identifiers. We support the committee’s recommendation to implement recommendation 3.2.5 of the Blunn report and support priority being given to developing a unique and indelible identifier of the source of telecommunications.

However, we consider that the implementation of that recommendation from the Blunn report should be a condition precedent to access to telecommunications via device based warrants. The Blunn report did not recommend the introduction of device based warrants, but rather that priority be given to developing a unique and indelible identifier of the source of telecommunications and emphasising that as a basis for access. Accordingly, the Democrats still have strong reservations about allowing any expansion of the device based warrant regime. We consider that to allow the development and expansion of the device based warrant regime before the development of a unique and indelible identifier is to risk putting the cart before the horse.

While the government’s amendments are a significant improvement on the original form of the bill, they are also a stopgap measure and not one that the Senate should condone as a matter of course or as a permanent solution. On the one hand, the amendments will require that only devices that are identified in the warrant can be subject to interception; on the other hand, provisions remain in the act, such as section 16(1)(a) and 60(4)(a), which contemplate situations where a device has not been identified but is nonetheless subject to surveillance.

By its own admission, the government is leaving the door open to revisit this legislation at a later date to achieve its original aims—which may or may not have been the parliament’s original aims—in relation to device based warrants. It is a messy way of legislating, caused by the government’s effort in tacking these amendments on to the time critical sunset provision amendments. That is the only reason why we are dealing with those issues at the same time.

Notwithstanding these significant reservations, the Democrats will not oppose the government’s amendments that had been circulated to the amending legislation, on the basis that they improve the privacy protections in the original bill considerably. The Democrats also welcome the committee’s consideration of this bill in light of Australia’s international obligations. We support the committee’s recommendation that the government commission an independent review of the operation of the act within three years and that the act be amended to provide a statutory requirement for independent review every five years. However, we see no reason why the latter amendment should be delayed and we have circulated an amendment to achieve this aim immediately. We also support the committee’s conclusion that a summary statement in the explanatory memorandum of consistency with international obligations, in lieu of an express right to privacy under Australian law, would be a useful guide when considering any further legislative amendments.

In reality, like previous amendments to this act, this bill amounts to an incremental expansion of the telecommunications monitoring powers of the Commonwealth. As a result, there is a significant risk that the powers of law enforcement and security agencies under the act could breach the privacy rights of Australian citizens. As such it is appropriate, in the Democrats’ view, that there be an independent umpire to balance necessary, lawful and proportionate access by law enforcement agencies to telecommunications data with the public’s right to communicate free from surveillance. They are competing principles and they are difficult to reconcile—I accept that. But I think that having an independent umpire to consider some of those balances is an important part of the mix.

The Democrats note that, in relation to the area of listening devices, a model can be found in my own state of Queensland, where a public interest monitor is authorised under the Police Powers and Responsibilities Act 2000 to intervene in applications for listening device warrants and to monitor and report on the use and effectiveness of the warrants. We see merit in adopting the Queensland public interest monitor model to improve accountability. I am sure that Senator Ludwig would not want in any way to reflect poorly on his own state government’s legislation in that area.

Finally, in circumstances where there are competing views from government and key stakeholders, it is the role of the Senate to analyse the legislation carefully and recommend any appropriate changes. I urge the government to ensure that we do not slip back into what we have seen too often, particularly in the last three years or so, with legislation being rushed through unnecessarily or components of amendments that are time critical being tacked onto others that are not as a mechanism to try to curtail adequate examination of amendments to law.

However, again, it should be emphasised, particularly due to the efforts of the Democrats in getting this bill referred to a committee rather than being put through as non-controversial, that a number of deficiencies in this bill have been identified through the committee process and the government has moved from its original position. It should always be acknowledged when that happens, particularly when the government members of the committee are part of that process. It is encouraging that the committee and its new chair have operated effectively in scrutinising the legislation and recommending amendments to government—which, again, has not always happened as clearly as I would have liked in the past. I do think the committee’s report also contains some valuable components for the government for further consideration.

Kerry Nettle (NSW, Australian Greens) Share this | Link to this | Hansard source

The primary concern that the Australian Greens had with the Telecommunications (Interception and Access) Amendment Bill 2008 was with the ability to add new devices that could be intercepted without the need to get a warrant for that particular device. The reason we had that concern was that we can envisage a whole range of different circumstances where this might be problematic. One example that particularly comes to mind for me is the idea of somebody who is having some form of their telecommunications monitored and who might use a library computer. There are a whole range of other people who could also use that library computer. It is a problem if you are able to add additional devices that people use for communication and expand the interception that occurs without having to get a warrant to say, ‘This is why we think we need to be able to intercept the communications that this person has when they use that library computer.’ It is fair enough if you have a legitimate reason to monitor them while they are using that computer but not, potentially, if everyone who is using that computer has their communications monitored. We are not saying that that was necessarily going to occur, but it is one of the scenarios that could have occurred. That was the primary concern that we had in relation to this bill.

I appreciate the work of organisations such as the Law Council, Electronic Frontiers Australia, who was mentioned, and also the New South Wales Council for Civil Liberties in pointing out the difficulties with what was originally proposed in relation to this bill and the expansion of interception powers. The New South Wales Council for Civil Liberties in particular gathered together some really useful information for the Senate inquiry and for general discussion on this issue on the number of interceptions of telephone communications that currently occur in Australia. They made international comparisons that showed that a telephone in Australia is 23 times more likely to be bugged than a telephone in the United States. It is perhaps quite stark for the public to hear about and to understand that in the United States you only get your telephone communications intercepted if a judge approves it. That is not the case in Australia. I think those international comparisons are important for the public debate and the public understanding about what we have seen, particularly since September 2001, with incremental increases—not always incremental either—in the security powers that we give to intelligence organisations in relation to monitoring the activities of Australian citizens and others living in Australia. I think that has been a really helpful contribution. I want to acknowledge, as everyone has said, that it is pleasing to see the government amendments that address this particular issue, which was the central concern that the Greens had in relation to this bill.

I want to particularly acknowledge those organisations like the Law Council and the Council for Civil Liberties that have been part of the community pressure and that have been campaigning on this issue. We have certainly been hearing from them for a long time and have been involved in discussions with them for some time. I think it is worth acknowledging the contributions that they make to the public debate, whether it be through those figures and statistics about the way that telecommunication interception happens in Australia in a far more frequent way than it does in many other countries, including the United States, or in other areas. It is important to understand those differences as well as the potential consequences for people using a public library and the other people who will have their communications monitored if we simply add on more and more devices without having to get a warrant in each instance. These are the potential areas of difficulty that you get. That is what we need to be dealing with here. We have all seen instances of enthusiastic intelligence operatives gathering a whole range of different pieces of information. We may have different views—I am sure we do have different views in here!—about what is appropriate and at what level, but it is a concern that the community has and that the government has. That is why it is pleasing to see these amendments, as I understand them. Perhaps the minister can outline some more detail for us in relation to these amendments and the fact that now we are not going to see the situation where you can just add on more devices without having to get a warrant. That was our particular concern.

The whole reason we have the telecommunications interception issue that we have is that people’s communication is an issue of privacy—it is a significant issue around people’s liberties and freedoms—and should only be intervened in in extraordinary circumstances where that is deemed to be appropriate. That is why we have the system that we have. When you make exemptions to that and say, ‘We can monitor your communications without a warrant,’ it has got to be in extraordinary circumstances. Our view was that, in the previous form of this bill and how we originally saw it, it was not extraordinary circumstances at all but allowed for there to be extra things. That is why, as I understand these amendments, it is pleasing for them to indicate that you will need a warrant if you are going to add another device onto the monitoring system. That is why we have the monitoring system—it is something people are concerned about.

People think they can have a conversation with their friend and it is a conversation precisely of that nature: with their friend, not with a whole range of other organisations that might happen to be listening in. It is a fundamental principle that people hold dear in this country and all around the world. We need to be careful. We have a responsibility to ensure that those exemptions are in extraordinary circumstances. That is why I am pleased to see this set of government amendments that—I think I understand them correctly—address that central concern that we had. You should not be just adding on devices where interception can occur without needing a warrant. That has the potential to spread the net far wider in terms of the number of people and the innocent communications and citizens who are caught up in this—whether they be family members, other people using the computer in the public library, other people using that email address, other people using that mobile or whatever it may be.

Let’s target our communications, let’s target any interception that occurs to those people of whom there genuinely needs to be interception and let’s ensure that we have stringent safeguards in place to ensure that that occurs. There are other examples, as I say. The judges are the people who approve them in the United States. That is not the case here in Australia. The figures from the Council for Civil Liberties say that, of the 3,287 warrants sought in the year to June 2007, only seven were rejected. I think that is useful information for the public to be aware of to get an understanding of how the existing telecommunications interception system operates in this country. Where governments are making arguments to expand that system, I think it is fundamentally important that the public understand how the system currently operates and the potential for the expansion to occur. I want to acknowledge the work of those organisations involved in the Senate committee process, involved in highlighting this issue so that the bill was sent to a committee, so that we have got it to the point it is at now in relation to these government amendments.

Joe Ludwig (Queensland, Australian Labor Party, Manager of Government Business in the Senate) Share this | Link to this | Hansard source

in reply—I would like to thank those senators who contributed to the debate this morning. Before replying specifically to the matters raised, I would like to address the findings of the Senate Legal and Constitutional Affairs Committee in their report on the Telecommunications (Interception and Access) Amendment Bill 2008, which was tabled out of session on Tuesday, 6 May. Let me begin by thanking the committee for its work in examining the bill and all those who contributed to the inquiry. I know the Attorney-General also appreciates the efforts of the committee in reporting in time to enable to consideration of the bill in this session.

In relation to the proposal to extend the network protection provisions, I note that the committee accepted the need to develop a full legislative solution to the issue. Recommendation 1 of the report stresses the need for a thorough and considered response to achieving a balance between individual privacy rights and network protection requirements. The government agrees with and accepts this recommendation. I would add that part of the reason for seeking the current extension is the considerable legal and technical complexity of developing such a solution. However, I am advised by the Attorney-General that the development of a proposal is well advanced and there is the intention to move to wider public consultation in the very near future.

Recommendation 2 addresses the issue of unique identifiers as the basis for device based named person warrants and returns to a point made previously by the committee: the importance of ensuring that devices to be intercepted under a warrant can be accurately identified. The government accepts the recommendation that priority be given to ‘developing a unique and indelible identifier of the source of telecommunications’. Several further points should be made, though, in this area. First, it is important to note that such identifiers in fact do already exist. These include individual mobile equipment identifiers, commonly known as IMEIs, and media access controls, commonly known as MAC addresses. The fact that these may occasionally be inaccurate as a result of illegal tampering does not invalidate the device based regime any more than a forged drivers licence, for instance, invalidates the state licensing system for driving motor vehicles. Second, agencies and carriers take measures to check that the device identified on a warrant is correctly associated with the person of interest. If a mistake is made and material is inadvertently collected from the wrong person, the law already requires that the material be immediately destroyed. Third, the government continues to work with the telecommunications industry and international organisations to improve the reliability of the unique identifiers. These measures are supported by offences in the Criminal Code that penalise tampering with telecommunications equipment.

Recommendations 3 and 4 also deal with device based named person warrants. The bill as introduced proposed to allow a device based named person warrant to permit the interception of multiple devices as well as to allow intercepting agencies to add further devices to the warrant as they are identified. While the committee appreciated the operational rationale for these proposals, they did not agree to the second aspect—the adding of additional devices after a warrant is issued without independent oversight. The committee took the opportunity to emphasise the importance of maintaining the direct role of issuing authorities in authorising any interception. Accordingly, recommendations 3 and 4 proposed an alternative emergency warrant regime. The government appreciates the efforts of the committee in developing this practical alternative. However, I am also mindful that enacting the recommendation would involve some complex drafting as well as consideration of various administrative and operational issues. Given the time constraints that exist, particularly associated with this legislation, this is not something that can be done within the current bill. As such, the government accepts the recommendation for further consideration. In the meantime, the government has sought to introduce amendments to the bill that remove the provisions allowing agencies to add devices to device based named person warrants. We do that in good faith to ensure that the matter can be more fully addressed.

Recommendation 5 seeks additional reporting for device based warrants. The government accepts this recommendation and has introduced amendments to the bill that provide for separate reporting on the two categories of named person warrants—those that are service based and those that are device based. A new provision also requires reporting on the number of devices intercepted under named person warrants. However, I note that the second part of the recommendation relates to reporting of the number of devices added by agencies after a warrant is issued. It is not necessary to consider this at this point, given the government’s amendments that I referred to earlier.

Finally, recommendations 6 and 7 of the report propose an independent review of the T(IA) Act within three years but with the legislative amendment to require further review every five years. The government accepts this recommendation for further consideration. It is certainly true that the pace of technological change continues to require legislative amendments to the interception regime, and it is not a bad thing for an independent reviewer to periodically reassess the state of the regime as a whole. However, I would take the opportunity to point out that the act has been regularly reviewed, with seven Senate committee legislative inquiries and four independent reviews all in the space of the past nine years. I think I participated in, if not all, the majority of the Senate committees.

I now turn to several specific matters raised in the debate today. I note that Senator Brandis seeks to ensure that any future legislative solution that we may bring forward be brought forward in sufficient time for it to be ably dealt with prior to the sunset provision. As I said in the address-in-reply, it is one of those matters that we hope to bring forward well in advance of the time.

In respect of Senator Guy Barnett, I note that he is now chair of the committee. I appreciate his role as chair and for being—in a similar way to Senator Payne—diligent in his work in this area. It is complex, it is technical and it does require a measure of responsibility to ensure that we balance the needs of the rights and privacy of individuals with the requirements of national security and the requirements of the law enforcement agencies in this area.

I thank Senator Bartlett, and I note the criticism he has raised. I understand Senator Bartlett’s interest in this area; it has extended equally with mine for some years. Senator Bartlett raised a couple of matters in respect of the unique identifiers. Recommendation 2 is that priority be given to developing a unique and indelible identifier of the source of communication as a basis for access. The 2006 amendment act did introduce a regime for access to communication based on unique identification numbers within the device based named person warrant regime, so it is there. I note also that tampering with device based identifiers is an offence, as I have said. The Attorney-General’s Department does continue to work with a broad range of stakeholders, both nationally and internationally, to improve the robustness of the unique identifiers.

In respect of the second matter that Senator Bartlett raised, which dealt with the network protection, there is, in the government’s view, no uncertainty about the application of the T(IA) Act to network protection. Under the T(IA) Act, there are a range of network protection activities, such as automated filtering and blocking of emails. Organisations can and do protect their networks without breaching the prohibition on interception. However, it is recognised that changes in technology have caused the T(IA) Act to apply in situations that were not anticipated when the legislation was enacted. This does have the effect of creating a somewhat arbitrary distinction between different types of network protection activities. I am not in a position to know all the details of individual companies or organisations that undertake different forms of network protection, but in those specific matters the Attorney-General’s Department is happy to work with those organisations or individuals who may have concerns about their current practices to ensure that they fall within the general law and do not breach the T(IA) Act itself. Those matters can be pursued. More broadly, I thank Senator Bartlett for his contribution. As I have noted, he has continued to have a significant interest in this area and continues to challenge this area.

In respect of Senator Nettle, there are two matters that I detect that she has raised, and I note them from previous times. One of them relates to comparison with the US. In response to that—and it is a difficult area, I accept; with any comparison of statistics it is usually best to ensure that we are comparing apples with apples and oranges with oranges, to use a well-worn cliche—the statistics I am aware of appear to indicate that the use of telecommunications interception by Australian authorities on a per capita basis is greater than that of our American counterparts. It is not true to claim that Australians are intercepted more than Americans. Direct comparisons between the Australian and US statistics can be misleading, because legislative controls on lawful interception differ widely between jurisdictions. US laws do not require reporting on warrants in the same manner as Australian laws. I am informed that US laws allow one warrant to authorise the interception of services for more than one person and multiple services for each person—for instance, where it becomes possible to identify criminal associates of the original suspect. This does result in fewer statistical returns than under Australian law, which allows a warrant to authorise the interception of a single telecommunications service or the service of one named person only.

I also note that Australia also reports on the total number of services which are intercepted under named person warrants—information which is not reported in the US. Additionally, the statistics published in the US do not include interceptions undertaken pursuant to the Foreign Intelligence Surveillance Act, which covers matters dealing with national security. Australian law enforcement agencies do not have this discretion and therefore all interceptions must be reported. Therefore I only urge, when making comparisons between Australia and the US, that you take those matters into account. They can provide a misleading summary that is not helpful in the debate more broadly.

In terms of innocent parties—a point that you raised, Senator Nettle, and I also acknowledge that you have continued to have a strong interest in protecting privacy in this area—the T(IA) Act contains several provisions to protect the privacy of innocent third parties, including explicit consideration by the issuing authority of how much the privacy of any person or persons would be likely to be interfered with by intercepting under a warrant. An issuing authority may impose conditions or restrictions on the warrant, requiring revocation of a warrant or ceasing interception of a particular service or device where the basis for the warrant no longer exists, and strict guidelines around the secondary use and disclosure of information obtained under an interception warrant, particularly strict destruction requirements which require that any record which is no longer required or not relevant to the investigation is destroyed. It does have regular, independent inspection by the relevant Commonwealth or state ombudsman for the destruction of records. With those matters, I will conclude.

Question agreed to.

Bill read a second time.