Scott Ludlam (WA, Australian Greens) Share this | Link to this | Hansard source

We resume debate on the Telecommunications (Interception and Access) Amendment Bill 2009. It makes a set of amendments to the Telecommunications (Interception and Access) Act, in this case to allow interception, copying, recording and disclosure of electronic communications in the name of protecting computer networks from malicious access and building confidence in the online world. I should say at the outset that the Greens will be supporting this bill for the intentions as set out by the government. It also allows specified government organisations, whether they be law enforcement, national security, defence and international relations related organisations, to intercept communications and undertake disciplinary actions to ensure that computer networks are appropriately used. I think that as our computer networks are already ubiquitous in certain fields, such as those named, the networks are also becoming much more ubiquitous in a household sense in that we are relying on them more and more as an essential service, whether it be for banking, paying the bills, education and so on. It is entirely appropriate that the government move regularly to assess the state of protection of these networks from hazards such as viruses and so on, or indeed the operation of espionage or hackers or criminal organisations, whatever it may be that threatens the networks.

The committee was unable to hold a hearing into the bill, but I should acknowledge at this point that it was improved through consultation. Quite a number of the recommendations that came through from stakeholders post the release of an August exposure draft were taken up by the government, and I would just like to put my appreciation on record that some of those recommendations were acknowledged and made their way into the final bill. It would have been really useful for the committee to have held a hearing, but unfortunately that was not the case.

This bill initially was listed by the government in noncontroversial and the Greens would have been very happy to keep it there. But there are a number of outstanding issues that were raised in submissions by the Privacy Commissioner, by online advocate Electronic Frontiers Australia, and by the Australian Law Reform Commission. So three organisations with a lot of information and a lot of expertise to share on matters like this recommended what they called ‘minor amendments’ to the bill to clarify the definition of what constitutes ‘network protection duties’ in the first place, what constitutes ‘disciplinary actions’, and to tighten requirements to destroy copies of intercepted communications. We let the government know at the time that we would be very happy to leave this bill in noncontroversial last year and we could have passed it quite quickly if the government had been prepared to move those last minor amendments that were required to make the bill just as good as it could be. The issues were thoughtfully raised and they could easily have been addressed through minor amendments. Unfortunately the government passed up that opportunity so we had it requested to be removed from noncontroversial and now we find ourselves here today, and I foreshadow that I will be moving amendments to give effect to those points that I have just raised. I will speak briefly to the intention of the amendments now and then we will move through the debate.

The Attorney-General claims that network protection duties vary for each network and therefore cannot be defined. Now the purpose of this bill is to define network protection duties and give them effect, so we believe that it is appropriate that some parameters should be set. They should not be exclusive or exhaustive but some guidance should be set on the scope and nature of the activities that we mean by network protection duties to remove any remaining ambiguity. We do not want to be prescriptive but we do want to guide the discretion of a judge in future to ensure that persons whose role is not to protect the network are not permitted to intercept communications, and that is a fairly clear distinction that we want to draw.

Persons who are authorised to intercept communications also should not be doing it for other purposes, whether through curiosity or malice for that matter. They should be only able to intercept those communications in the instance of protection of the network. This has very real relevance for all of us because these networks are so important for everything from online banking to doing the shopping, to getting the news and so on that people operating those networks, whether the Parliament House network or intranets for large or small corporations, the people we entrust to monitor and safeguard that traffic, basically have their role clearly defined and delineated. It is as much for the benefit of network operators as anything else to remove that ambiguity.

The Privacy Commissioner was supportive of clarifying what ‘network protection activities’ actually means in the bill and in that submission asked what measures are covered by the operation, protection or maintenance of the network and when an interception is reasonably necessary. So the Greens have moved an amendment, which we will get to in the committee stage, to give effect to that.

On the destruction of intercepted materials—and I would have thought that this would be the simplest one for the government to come along with—the Attorney-General has stated:

... imposing an obligation to destroy copies of lawfully intercepted information is unenforceable.

The Australian Law Reform Commission submission on that issue—and they have done quite a recent review and a very thorough inquiry into privacy issues—was that there was:

... no reason why copies of information obtained from a stored communication warrant must be destroyed, but that copies of information obtained from an interception warrant are not ... The covert nature of interception and access to communications requires the safeguard that the intercepted or accessed information is destroyed as soon as it is no longer required.

That is not complex or ambiguous and I would argue that it is entirely enforceable, just as it would be with the way we expect law enforcement operators to handle paper material that they might have seized from a filing cabinet.

We are supportive of the committee’s proposal for a review and we also support the opposition’s call for the government to make clear that disciplinary action only applies to activities that pose a risk to network security. In closing, the Australian Greens will be supporting the bill. We commend our amendments to the Senate.

Gavin Marshall (Victoria, Australian Labor Party) Share this | Link to this | Hansard source

Senator Ludlam, were they second reading amendments or are these amendments you have flagged for the committee?

Scott Ludlam (WA, Australian Greens) Share this | Link to this | Hansard source

They are for the committee stage.

Guy Barnett (Tasmania, Liberal Party, Chairman of the Scrutiny of Government Waste Committee) Share this | Link to this | Hansard source

I stand to speak on the Telecommunications (Interception and Access) Amendment Bill 2009 before the chamber. I note that this particular bill was referred to the Senate Legal and Constitutional Affairs Committee on 17 September 2009 and reported on 16 November 2009. I note that the committee received seven submissions and we have delivered our report noting that the primary objective of the bill is to protect the privacy of individuals who use the Australian telecommunications system. The act makes it an offence to intercept communications or to access stored communications other than in accordance with the provisions of the act and specifies the circumstances in which it is lawful to intercept or access communications or authorise the disclosure of telecommunications data. The report also notes that protecting information and computer infrastructure from disruption or malicious access by a criminal element seeking to gain financial or other benefits is therefore a growing priority for the government and computer network owners.

The key issue before the chamber is getting the balance right between preserving individual privacy rights and network protection requirements. Senator Ludlam has spoken in support of the bill, subject to the amendments that he has flagged. The Liberal senators, including Senator Mary Jo Fisher and I, made our views reasonably clear in the Senate committee report, where we supported the passing of the bill and made a couple of recommendations. I want to indicate, as our shadow Attorney will indicate, our support for the bill.

I also want to highlight that our additional comments in that report confirm that we will be watching and noting the government’s response to the concerns that we have expressed. Senator Ludlam has indicated that some of the fears and concerns that we expressed in our additional comments he also confirms as concerns. In particular, that applies to the definition of network protection and disciplinary purposes. Exactly what does that mean? The bill does not provide sufficient clarity as to what actions would be considered necessary to effectively undertake network protection duties and, further, how intercepted information may be used for disciplinary purposes. That is certainly a concern that the Liberal senators on the committee had at the time. We will be watching carefully to see how this legislation is acted out on the ground, in its practical operation.

The Law Council highlighted some important concerns about proposed section 63E and the potential for law enforcement agencies to bypass warrant arrangements to obtain information by using voluntary disclosure provisions—that is, basically obtaining the information via a voluntary approach, whether it be ‘wink, wink, nudge, nudge, give us the information’ or by other means. We do not know exactly how that is going to work, but I know that the shadow Attorney has expressed an understanding of it and a confidence that the bill will achieve the objectives without undue concern.

We have noted that the Office of the Privacy Commissioner suggested that additional guidance be provided to help organisations train authorised persons in what actions are lawfully enabled under the proposed exemption. The issue of what exactly is disciplinary action and how broadly it can be defined needs to be noted. It will be considered and watched in future months and years, whether it be through Senate estimates or by other arrangements. So those recommendations have been made and certainly the coalition will be supporting the bill.

I would also like to take this opportunity to thank the secretariat for their support in the preparation of this report. It was done in a short amount of time. In particular, at this juncture I want to highlight the work of Peter Hallahan, the secretary of the committee, and thank him for his contribution. As deputy chair, I have enjoyed working with Peter Hallahan, who has very recently retired. I know that other members of the committee would likewise note and acknowledge his work. There will be a special event to commend Mr Hallahan for his years of service. I take this opportunity to put on the record that he has completed 28.9 years of service with the Department of the Senate, of which 24.4 years were spent in committees. All that started on 15 December 1980. I understand that before that he worked with the Australian Bureau of Agricultural and Resource Economics and the Australian Bureau of Statistics.

During those 28.9 years, and specifically the 24.4 years in committees, he worked with the Standing Committee on Regulations and Ordinances, the Standing Committee on Social Welfare, the Select Committee on Television Equalisation, the Standing Committee on Industry, Science and Technology, the Standing Committee on Rural and Regional Affairs and Transport, the Select Committee on Superannuation, the Standing Committee on Economics, the Select Committee on the Socio-Economic Consequences of the National Competition Policy and the Standing Committee on Legal and Constitutional Affairs. He spent a further four years, from November 2004, with the economics committee, and then from February 2008 he worked with the legal and constitutional affairs legislation and references committees, where I had particular contact with Mr Peter Hallahan. I want to place on record, on behalf of coalition members—and, I am sure, all members of the committee—our sincere thanks for his service to not just our committee but also the Senate and the parliament. I commend him on his work and wish him and his family well for the months and years ahead.

Nick Xenophon (SA, Independent) Share this | Link to this | Hansard source

I can indicate my broad support for the Telecommunications (Interception and Access) Amendment Bill 2009. Technology and the ways we communicate are constantly changing, and it is important to have legislation to keep up to date with this. The widespread use of mobile phones and portable internet devices has changed the way we communicate forever. It is important that we have clear and appropriate frameworks in place to protect both network owners and operators as well as network users. I appreciate the importance of this bill, particularly as the current framework has expired. Organisations need to have the right to protect their networks and internal communications, but, on the other hand, employees and network users also have a right to privacy.

I am concerned that at this stage the bill does not include a clearer definition of what activities are covered under the term ‘network protection duties’. This term determines whether someone is able to access and intercept another person’s communication under the amendment. I believe that this definition, in its current form, is not strong enough to protect network users. Private communications should only be accessed by a third party when it is vital to network protection or in the case of professional misconduct.

In this line, I indicate my support for the amendments moved by the Greens. I believe these amendments are important because they help to keep the bill true to its intentions. Firstly, these amendments clarify the definition of ‘network protection duties’ to include automatic monitoring for network malfunctions, malicious content and viruses. This clarification is important because it separates standard network protection from the direct monitoring of individual communications. Secondly, the amendments seek to clarify the definition of ‘appropriate use’. It is important that this area of the legislation is clear so that both network owner-operators and users are aware of their responsibilities and rights. Finally, the amendments ensure that copies made of information seized under the act will be destroyed along with the originals.

I think these amendments go a long way to making this legislation fairer for both owner-operators and network users. I do have concerns about the possible abuse of the term ‘network protection duties’, but I would like to indicate my support for this bill. My preference is that it have the additional safeguards as proposed by the Greens.

Mitch Fifield (Victoria, Liberal Party, Shadow Parliamentary Secretary for Disabilities, Carers and the Voluntary Sector) Share this | Link to this | Hansard source

I rise to speak on the Telecommunications (Interception and Access) Amendment Bill 2009. The Telecommunications (Interception and Access) Act 1979 currently includes special exemptions that enable interception and security agencies, as well as certain government departments, to access communications on their own computer network for network protection activities. However, these provisions are not permanent; rather, they were intended to operate on an interim basis while a comprehensive solution covering both the public and private sectors was developed. These provisions ceased to have effect after 12 December 2009.

The bill will enable all owners and operators of computer networks to undertake activities to operate, maintain and protect their networks. This will enable Commonwealth agencies, security authorities and eligible state authorities to ensure that their computer networks are appropriately used by employees, officeholders or contractors of the agency or authority, and it will limit to network protection purposes the secondary use and disclosure of information obtained through network protection activities. Secondly, the bill will enable the undertaking of disciplinary action against an employee, officeholder or contractor of a Commonwealth agency, security authority or eligible state authority who has been given access to a network. Thirdly, the bill covers the reporting to the relevant authorities of illegal behaviour that attracts a minimum three-year imprisonment penalty threshold, and will require the destruction of records obtained in undertaking network protection activities when the information is no longer required for those purposes. The 2008 legislation, which was passed with coalition support last year, implemented some interim measures in contemplation of the presentation of this bill. The amendments are largely technical in nature but involve intrusive powers.

The bill was referred to the Senate Legal and Constitutional Affairs Legislation Committee. The committee reported on 16 November with a recommendation that the bill be passed. There was one substantive reservation by the Liberal senators on the committee: that the proposed section 63E be amended to provide that the section not apply where an agency has requested the disclosure of the information. The proposed section 63E provides that a person responsible for a network may voluntarily communicate lawfully intercepted information to an agency where that person reasonably suspects that the information is relevant to the commission of an offence. Concern had been expressed that agencies might be able to circumvent the warrant provisions of the act by suggesting voluntary disclosure. The coalition has sought advice on this point and we are satisfied that section 7 of the act would make such an attempt unlawful. There is much to recommend the view that the provision should nevertheless be amended out of an abundance of caution. However, section 7 governs the entirety of this act, creating the presumption that the interception and further communication of material is unlawful, subject only to specific authorisation. It would, I think, be ungainly to reiterate that point in disparate provisions every time the act is amended. Accordingly, the coalition supports the bill in its current form.

Joe Ludwig (Queensland, Australian Labor Party, Manager of Government Business in the Senate) Share this | Link to this | Hansard source

The Telecommunications (Interception and Access) Amendment Bill 2009 recognises the important role technology plays in the way we store and exchange information. The passage of this bill will help secure sensitive information from criminal access, protecting Australians from criminal activity and ensuring the integrity of vital infrastructure. For the first time, all Australians will be able to undertake certain activities designed to protect their computer network without breaching the Telecommunications (Interception and Access) Act 1979. This is an important step forward which matches the growth in sophisticated attacks with the capacity to defend a network at the earliest possible point. However, network protection activities will only be lawful if they are conducted in accordance with the act.

Network protection activities will also need to comply with the provisions and privacy protections set out in this bill. Under the bill, network protection activities cannot be undertaken without reason, nor can the information obtained through these activities be used for any purpose. Rather, the proposed network protection regime maintains the integrity of the interception regime by balancing the need to protect networks from malicious attack with clear limitations on the circumstances in which the access, use and disclosure of information will be permitted. The bill also includes several amendments that will improve the effective operation of the act, ensuring it continues to be clear and relevant. The network protection regime responds to a new and very real threat.

The bill has been considered by both the Senate Standing Committee for the Scrutiny of Bills and the Senate Legal and Constitutional Affairs Legislation Committee. I thank both committees for their work on the matters raised. The Attorney has responded to the Scrutiny of Bills Committee, as requested, to clarify several aspects of the bill. The majority of the legal and constitutional affairs committee has recommended that the bill be passed and that the provisions be reviewed five years after their commencement. Given the broader operation of the interception regime for the purpose of protecting computer networks, the government supports this recommendation and will conduct an administrative review of the network protection regime five years after its commencement.

I would also emphasise, as the Senate legal and constitutional affairs committee noted in its report, that the feedback on the bill has been positive. There is agreement that network owners and operators should be able to protect their networks. There is also agreement that the current capacity of designated government agencies to use network protection information for disciplinary purposes should be retained. This bill is a measured response to a growing problem that will enable network protection activities to take place within the broader framework established by the act. By ensuring that network owners can undertake legitimate activities aimed at securing their networks and the information they contain, this bill will build Australians’ confidence in, and use of, the online world. In conclusion, I would like to thank those senators who made contributions to the second reading debate.

Question agreed to.

Bill read a second time.