CLFR - Australia

Thursday, January 4, 2018 - 16:45

PROVISION OF REAL-TIME LAWFUL INTERCEPTION ASSISTANCE

TELECOMMUNICATIONS ACT 1997

Carriers and carriage service providers (carriers), such as Vodafone, have legislative obligations under the Telecommunications Act 1997 (TA) to provide assistance to law enforcement agencies and national security agencies with the interception of individual customer communications (live communications) where authorised. 

Section 313(3) of the TA requires carriers to give officers and authorities of the Commonwealth such help as is reasonably necessary for the purposes of: (i) enforcing the criminal law and laws imposing pecuniary penalties; (ii) assisting the enforcement of the criminal laws in force in a foreign country; (iii) protecting the public revenue; and (iv) safeguarding national security. Section 313(7) of the TA specifies that a reference to ‘giving help’ under section 313(3) of the TA includes the provision of interception services, including services in executing an interception warrant under the Telecommunications (Interception and Access) Act 1979, and the providing of relevant information about any communication that is lawfully intercepted under an interception warrant (sections 313(7)(a) and 313(7)(c)(i) of the TA).

Section 313(1) of the TA requires a carrier to do its best to prevent telecommunication networks and facilities from being used in, or in relation to, the commission of offences against the laws of the Commonwealth or the States and Territories. Examples of the kind of help law enforcement and national security agencies might request under section 313(3) of the TA include: (i) the provision of interception services; (ii) information from a carrier’s information base, such as billing records; and (iii) assistance in tracing a call. 

Under Part 16 of the TA, a carrier may be required to supply a carriage service for defence purposes or for the management of natural disasters.

TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979

The Telecommunications (Interception and Access) Act 1979 (the TIA Act) gives law enforcement agencies and national security agencies the power to intercept live communications in specified circumstances. Under Chapter 2 of the TIA Act, interception warrants may be issued in respect of live communications to the Australian Security Intelligence Organisation (ASIO) and certain state and federal law enforcement agencies. Interception warrants permit such agencies to intercept telecommunications for national security, in emergencies and for law enforcement purposes. 

Interception warrants may be issued by the Federal Attorney General to the DirectorGeneral of Security, or an ASIO employee or affiliate appointed by the Director-General of Security under sections 9 and 9A of the TIA Act for security purposes. Under section 10 of the TIA Act, the Director-General of Security can issue an interception warrant in certain specified emergencies where the Attorney General cannot issue the warrant in sufficient time. Under sections 11A, 11B and 11C of the TIA Act, telecommunications service warrants, named person warrants and foreign communications warrants, for the collection of foreign intelligence, may be issued to the Director General of Security or an ASIO employee or affiliate appointed by the Director General of Security. A named person warrant issued under section 11B may authorise entry on any premises specified in the warrant for the purpose of installing, maintaining, using or recovering any equipment used to intercept foreign communications (section 11B(1B) of the TIA Act). Under section 11C(4)(a), a foreign communications warrant must include a notice addressed to the carrier who operates the telecommunications system giving a description identifying the part of the telecommunications system that is covered by the warrant

Under section 30 of the TIA Act, the interception of live communications may occur (without a warrant being issued) by the police in specified urgent situations; for example, where there is risk to loss of life or the infliction of serious personal injury or where threats to kill or seriously injure another person have been made. The police are able to request a carrier to intercept individual communications in these circumstances for the purposes of tracing the location of a caller. (Part 23 of Chapter 2 of the TIA Act)

Interception of live communications may also be authorised (without a warrant) under section 31A of the TIA Act by the Attorney General to enable security authorities for the purpose of developing and testing interception capabilities (Part 24 of Chapter 2 of the TIA Act).

Under Part 2-5 of Chapter 2 of the TIA Act, interception warrants may be issued to agencies that are defined as interception agencies, which in turn are defined as Commonwealth agencies or an eligible agency of a State in relation to which a declaration under section 34 of the TIA Act is in force. These agencies could include the Australian Federal Police (AFP), the Australian Crime Commission, the Independent Commission Against Corruption and the State Police Forces. Interception warrants are issued by an ‘eligible judge’, namely a judge of a court created by the Commonwealth Parliament who has consented to being nominated, or by nominated members of the Administrative Appeals Tribunal ( AAT) (sections 46 and 46A of the TIA Act). Interception warrants may only be issued in relation to the investigation of serious offences as defined in section 5D of the TIA Act.

Parts 5-2 to 5-5 of Chapter 5 of the TIA Act impose obligations on carriers to ensure that it is possible to execute a warrant issued for interception purposes, unless an exemption has been granted. Specific technical capabilities are imposed, including, by way of example, the nomination of delivery points in respect of a particular kind of telecommunication service of a carrier (section 188). In practice, when served with a warrant, the carrier will be required to intercept all traffic transmitted, or caused to be transmitted to and from the identifier of the target service used by the interception subject and described on the face of the warrant. The carrier will also need to deliver the intercepted communications through an agreed delivery point from which the intercepting agency may access those communications. 

Under Part 5-3 of Chapter 5 of the TIA Act, the minister may make determinations in relation to interception capabilities applicable to a specified kind of telecommunication service that involves, or will involve, the use of the telecommunication system. Carriers and nominated carriage service providers may be required under such determinations to lodge annual Interception Capability Plans (IC plan) with the Communications Access Co-ordinator of the Attorney General’s Department. Part 5-4 of Chapter 5 of the TIA Act specifies the obligations of a carrier in relation to an IC plan such as the matters to be set out in an IC plan (section 195(2)) and the time for delivering IC plans (sections 196 and 197).

Under Part 5-5 of Chapter 5 of the TIA Act, the Communications Access Co-ordinator may make determinations in relation to delivery capabilities applicable to specified kinds of telecommunications services, and to one or more specified interception agencies relating to such matters as the format in which lawfully intercepted information is to be delivered to an interception agency, the place and manner in which such information is to be delivered, and any ancillary information that should accompany that information.

THE AUSTRALIAN SECURITY INTELLIGENCE ACT 1979

While the Australian Security Intelligence Organisation Act 1979 (ASIO Act) enables ASIO to use listening devices under warrants issued by the Minister (section 26 of the ASIO Act), this section, or a warrant issued under this section, does not apply or relate to the use of a listening device for a purpose that would, under the TIA Act, constitute the interception of a communication passing over a telecommunications system operated by a carrier. 

A computer access warrant may be issued under the ASIO Act and may allow the use of a telecommunications facility operated by a carrier for the purpose of obtaining access to data that is relevant to a security matter and is held in the target computer at any time while the warrant is in force (section 25A of the ASIO Act).

THE CRIMES ACT 1914

The Crimes Act 1914 (Cth) (Crimes Act) authorises certain officers of the AFP and State and Territory police to obtain information pursuant to search warrants issued under the Crimes Act from premises, computers or computer systems and information in relation to telephone accounts held by a person. The Crimes Act does not only apply to carriers. 

Section 3LA of the Crimes Act enables a constable (a member or special member of the AFP or a member of the police force or police service of a state or territory) to apply to a magistrate for an order requiring a specified person to provide any information or assistance that is reasonable and necessary to enable a constable to access data held in, or that is accessible from, a computer or data storage device.

Under section 3ZQN of the Crimes Act, an authorised AFP officer may give a person a written notice requiring that person to produce documents that relate to serious terrorism offences.

Under section 3ZQO of the Crimes Act, an authorised AFP officer may apply to a judge of the Federal Circuit Court of Australia for a notice requiring a person to disclose documents relating to serious offences. Such documents may relate to a telephone account held by a specified person and details relating to the account, such as the details in respect of calls made to, or from, the relevant telephone number.

DISCLOSURE OF COMMUNICATIONS DATA

TELECOMMUNICATIONS(INTERCEPTIONS AND ACCESS) ACT 1997

Carriers have legislative obligations under the TA to provide assistance to law enforcement and national security agencies which includes an obligation to disclose information where authorised.

Under section 284 of the TA disclosure of information to the ACMA, the Australian Competition and Consumer Commission (“ACCC”), the Telecommunications Ombudsman or the Telecommunications Universal Services Agency is permitted where the information may assist those agencies to carry out  their functions. Sections 279 and 280 of the TA permit the disclosure of information if the information is used in the performance of a person’s duties as an employee of a carrier or where the disclosure is authorised under a warrant and by law. Section 313(7) of the TA specifies that a reference to giving help under section 313 of the Act includes giving effect to a stored communications warrant and to providing relevant information about any communication that is lawfully accessed under a stored communications warrant (sections 313(7)(b) and 313(7)(c)(ii)).

TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979

Under Part 3-1A of the TIA Act, certain agencies are allowed to give preservation notices to carriers to preserve stored communications that the carrier holds that relate to a person or particular telecommunications service. There are broadly two types of preservation notices: domestic preservation notices (which can be either historic or ongoing and which relate to stored communications that might relate to contraventions of certain Australian laws or to security); and foreign preservation notices (which relate to stored communications that might relate to contraventions of certain foreign laws). The purpose of these preservation notices is to prevent stored communications being destroyed before a warrant has been issued to access these stored communications. 

Part 3 of the TIA Act enables ASIO and specified government agencies to access stored communications pursuant to a stored communication warrant issued under the TIA Act for the purpose of national security and law enforcement.

Under Part 3-3 of Chapter 3 of the TIA Act, stored communication warrants for law enforcement purposes may be issued to criminal law enforcement agencies for the purpose of investigating serious contraventions. Such agencies include but are not limited to agencies such as the ACCC, the Australian Securities and Investments Commission (ASIC) and the Independent Commission Against Corruption. ASIO can access stored communications using its existing interception warrants (section 109 of the TIA Act).

Stored communication warrants can be issued by certain nominated judges and nominated AAT members in relation to the investigation of serious contraventions. Serious contraventions, by way of example, include an offence under a law of the Commonwealth, a state or a territory that is punishable by imprisonment for a maximum period of at least three years. Stored communication warrants may also be issued as part of a statutory civil proceedings that would render the person of interest to a pecuniary penalty.

THE CRIMES ACT 1914

Under the Crimes Act an authorised AFP officer may access metadata or stored communications pursuant to a search warrant.

THE AUSTRALIAN SECURITY INTELLIGENCE ACT 1979

Under section 25A of the ASIO Act a stored communication may be accessed under a computer access warrant issued to ASIO. Additionally, a stored communication can be accessed by ASIO if the access results from, or is incidental to, action taken by an officer of ASIO, in the lawful performance of his or her duties, for the purpose of: (i) discovering whether a listening device is being used at, or in relation to, a particular place; or (ii) determining the location of a listening device (see section 108(2)(f) and (g) of the TIA Act).

DISCLOSURE OF TELECOMMUNICATIONS DATA

Chapter 4 of the TIA Act specifies the circumstances in which telecommunications data may be voluntarily disclosed to government and law enforcement agencies by carriers or carriage service providers and the conditions by which authorisations can be issued requiring the disclosure of information.

Telecommunications data is not de ned in the TIA Act but is well understood to mean the metadata relating to communications, but not the contents or substance of communications themselves.

Sections 174 and 175 of the TIA Act provide for the disclosure of information to ASIO. Information may be disclosed voluntarily if it is in connection with the performance of ASIO’s functions. Information may otherwise be disclosed pursuant to an authorisation issued by the Director General of Security, the Deputy Director General of Security or a specified employee or affiliate of ASIO. Authorisations may be in respect of existing information or prospective information (specified information or documents that come into existence during the period for which the authorisation is in force)

Sections 177 to 180 of the TIA Act specify the circumstances in which disclosure of information or a document may be made to an enforcement agency. Voluntary disclosure of information may occur if the disclosure is reasonably necessary for the enforcement of the criminal law. Disclosure of information may also occur pursuant to authorisations issued by an authorised of cer of an enforcement agency for the purpose of:

(i) the enforcement of the criminal law;

(ii) the location of missing persons; and

(iii) the enforcement of a law imposing a pecuniary penalty and for the protection of the public revenue.

Sections 180A to 180E of the TIA Act specify the circumstances in which disclosure of specified information or specified documents may be made to an officer of the AFP, or authorised by an authorised of cer of the AFP, for the enforcement of the criminal law of a foreign country.

On 13 October 2015, the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (DR Act) came into force. The DR Act amended the TIA Act and introduced a requirement for network operators to retain and secure specific telecommunications data for a period of two years for each communications service they provide.

Under the new Part 5-1A, an obligation was introduced for carriers to retain certain speci ed data for two years from the date on which the information or document is created. Carriers must keep certain types of subscriber information throughout the life of the account and for a further two years after closure of the relevant account.

The DR Act permitted network operators to apply for a time extension during which they would be exempt from complying with the requirements of the DR Act applying from 13 October 2015 through the lodging of a Data Retention Implementation Plan (DRIP) and approval of this DRIP by the Communications Access Co-ordinator. This process was introduced to allow network operators additional time to implement a fully compliant data retention system.

The DR Act limited data access to an approved list of agencies that have operational or investigative need to access the retained metadata. However, existing state and territory-based laws continue to allow access to a wide range of agencies and bodies in those states and territories. Law enforcement and security agencies will continue to make requests for access to telecommunications data as previously.

TELECOMMUNICATIONS ACT1997

Carriers have legislative obligations under the TA to provide assistance to law enforcement and national security agencies, including an obligation to disclose information where authorised.

Under section 284 of the TA, disclosure of information to the ACMA, the Australian Competition and Consumer Commission (ACCC), the Telecommunications Ombudsman or the Children’s e-Safety Commissioner is permitted where the information may assist those agencies to carry out their functions.

Sections 279 and 280 of the TA permit the disclosure of information if the information is used in the performance of a person’s duties as an employee of a carrier or where the disclosure is authorised under a warrant and by law.

 

Section 313(7) of the TA specifies that a reference to giving help under section 313 of the Act includes giving effect to a stored communications warrant and to providing relevant information about any communication that is lawfully accessed under a stored communications warrant (sections 313(7)(b) and 313(7)(c)(ii)).

THE CRIMES ACT 1914

Under the Crimes Act, an authorised AFP officer may access metadata or stored communications pursuant to a search warrant.

NATIONAL SECURITY AND EMERGENCY POWERS

TELECOMMUNICATIONS ACT 1997

The TA enables the Secretary of the Defence Department of the Chief of Defence Force to require the supply of a carriage service for defence purposes or for the management of natural disasters.

Under section 335 of the TA, a Defence authority may give a carriage service provider a written notice requiring the provider to supply a speci ed carriage service for the use of the Defence Department or the Defence Force. If a requirement is in force, the provider must supply the carriage service in accordance with the requirement, and on such terms and conditions as are agreed between the provider and the Defence authority or, failing agreement, determined by an arbitrator appointed by the parties.

Division 4 of Part 16 of the TA provides that a carrier licence condition may include a ‘designated disaster plan’ for coping with disasters and/or civil emergencies prepared by the Commonwealth, a state or a territory.

OVERSIGHT OF THE USE OF POWERS

TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979

The TIA Act contains a number of safeguards and controls in relation to interception and access to stored communications and telecommunications data as well as a number of reporting requirements. These requirements are designed to ensure that appropriate levels of accountability exist.

Under the TIA Act, records relating to interception warrants and the use, decimation and destruction of intercepted information must be maintained by law enforcement authorities. The Commonwealth Ombudsman is required to inspect certain records (such as those maintained by the AFP) and report to the Minister (Part 2-7 of Chapter 2 of the TIA Act).

Part 2-10 of Chapter 2 of the TIA Act provides that a person who was a party to a communication, or on whose behalf a communication was made, can apply for a civil remedy to the Federal Court of Australia or a court of a state or territory if that communication was intercepted in contravention of the Act. Section 7(1) of the TIA Act prohibits the interception of a communication passing over a telecommunication system except in specified circumstances, for example where conducted under a warrant or by an officer of ASIO. Division 6 of Part 4-1 of Chapter 4 of the TIA Act creates offences for certain disclosures and uses of information and documents. By way of example, it is an offence to disclose information concerning whether an authorisation has been sought and the making of an authorisation unless disclosure is reasonably necessary to enable law enforcement agencies to enforce the criminal law.

Section 186 of the TIA Act requires an enforcement agency to give the minister a written report, no later than three months after 30 June, of all authorisations issued under Chapter 4 of the TIA Act in the preceding  nancial year. The Minister must then prepare a summary report of all reports received under section 186(1) and cause a copy of that report to be tabled before Parliament.

Similar reporting requirements are placed on criminal-law enforcement agencies and the minister in respect of stored communication warrants as in relation to interception warrants (Part 3-6 of Chapter 3 of the TIA Act). Part 3-7 of Chapter 3 of the TIA Act provides that an aggrieved person can apply for a civil remedy to the Federal Court of Australia or a court of a state or territory in relation to an accessed communication, if information relating to it is disclosed in contravention of section 108 of the TIA Act.

Under Chapter 4A of the TIA Act, the Commonwealth Ombudsman must inspect records of an enforcement agency to determine compliance with Chapter 4 of the TIA Act. This Chapter sets out the powers of inspection and powers of the Commonwealth Ombudsman to request information from agencies.

TELECOMMUNICATIONS ACT 1997

Section 314 of the TA provides that, when providing help to an officer or authority of the Commonwealth, a state or a territory under section 313(3) or (4), a party (carrier) must comply with the requirement to help on such terms and conditions as are agreed between the party and relevant agency or, failing agreement, as determined by an arbitrator appointed by the parties. Where the parties fail to agree on the appointment of an arbitrator, the ACMA is to appoint the arbitrator.

JUDICIAL REVIEW

Judicial review of government decision- making by a court is available under sections 39B(1) and 39B(1A) of the Judiciary Act 1903 (Cth) and section 75(v) of the Constitution. For example, in relation to the decision by a government of cer to issue a warrant.

Section 39B(1) confers jurisdiction on the Federal Court with respect to any matter in which a writ of mandamus (that is, an order requiring a public official to perform a duty or exercise a statutory discretionary power), certiorari (that is, an order quashing an act), prohibition (that is, an order preventing someone from performing a specified act), or an injunction (a Court order requiring a person to do, or refrain from doing, a certain thing) is sought against an officer of the Commonwealth.

Section 39B(1A) provides that the Federal Court’s original jurisdiction also includes jurisdiction in any matter ‘arising under any laws made by the Parliament’ (other than a criminal matter).

Under section 75(v) of the Constitution, the High Court (Australia’s highest court) has original jurisdiction in all matters in which a writ of mandamus or prohibition or an injunction is sought against an officer of the Commonwealth.

Judicial review does not concern itself with the merits of a decision, but considers whether a decision-maker has made their decision within the limits of the powers conferred by statute, the Constitution and the common law. So, when reviewing a decision to issue an interception warrant, the Court will examine the legislation under which access to the data was granted and whether the requirements for granting access were met.

CENSORSHIP RELATED POWERS

SHUT-DOWN OF NETWORK AND SERVICES

The government does not have the legal authority to require the shutdown of Vodafone’s entire network for censorship related purposes. However, the police can request the shut-down of an individual’s mobile service in limited circumstances.

TELECOMMUNICATIONS ACT 1997

Under Section 315 of the TA a police offier, not below the rank of Assistant Commissioner, may request a network provider (such as Vodafone) to suspend the supply of a mobile service in the case of an emergency. The police officer may only make such a request of Vodafone if he or she has reasonable grounds to believe that: (i) an individual has done (or has imminently threatened to do) an act that has resulted in, or is likely to result in, loss of life or serious personal injury, or the individual has made an imminent threat to cause serious damage to property or do an act that is likely to endanger their health or safety; (ii) the individual has access to Vodafone’s mobile service; and (iii) the suspension is reasonably necessary to prevent or reduce the likelihood of those acts occurring (or, as the case may be, recurring).

BLOCKING OF URLS & IP ADDRESSES

TELECOMMUNICATIONS ACT 1997

Regulatory bodies and law enforcement agencies can require network providers (such as Vodafone) to provide assistance necessary to enforce the law including by requesting the blocking of IP addresses and/or ranges of IP addresses under Section 313 of the TA. The Australian Federal Police have put in place a section 313 request to require Vodafone to block access to Interpol’s ‘worst of’ list of websites containing child sexual abuse images.

BROADCASTING SERVICES ACT 1992

Under Schedule 5 and Schedule 7 of the Broadcasting Services Act 1992, the Australian Communications and Media Authority (ACMA) is empowered to require internet service providers (such as Vodafone) to take action in respect of websites where they contain prohibited content. Content is prohibited where it is, or in ACMA’s judgment is likely to be, a refused classification or classified X18+; classified R18+ and not protected by a restricted access system. Where the content is hosted within Australia, the ACMA may require removal of the content, the link or service, or require the use of a restricted access system (see Schedule 7, clauses 47, 56 and 62 of the Broadcasting Services Act 1992). Where the prohibited content is hosted outside of Australia, the blocking is carried out by use of filtering software that internet service providers are required to offer to their customers; the software works by referring to a list of banned websites (and their URLs) maintained by ACMA (see Schedule 5, clause 40(1)(b) of the Broadcasting Services Act 1992 and clause 19 of the Internet Industry Codes of Practice – Internet and Mobile Content 2005). ACMA also has the power to issue local websites with a ‘take-down’ notice in respect of content that must be removed (see Schedule 5, clause 47 of the Broadcasting Services Act 1992); the step of blocking the website’s URL usually follows when the requested take-down has not occurred.

POWER TO TAKE CONTROL OF VODAFONE’S NETWORK

The government does not have legal authority to take control of Vodafone’s network.

OVERSIGHT OF THE USE OF POWERS

JUDICIAL REVIEW

Under Section 75(v) of the Australian Constitution, the High Court has original jurisdiction in all matters in which a writ of mandamus, prohibition or injunction is sought against an of cer of the Commonwealth.

At a lower level in the court hierarchy, the Federal Court has original jurisdiction over any matter arising under any laws made by Australia’s parliament, except for a criminal matter pursuant to Section 39B(1A). Under Section 39B(1), the Federal Court can decide on any matter in which a writ of mandamus, certiorari, prohibition or an injunction is sought against an of cer of the Commonwealth.

Judicial review does not concern itself with the merits of a decision, but considers whether a decision-maker has made their decision within the limits of the powers conferred by Australia’s Constitution, statute and common law.

This information was originally published in the Legal Annexe to the Vodafone Group Law Enforcement Disclosure Report in June of 2014, which was updated in May of 2017