House of Representatives

Explanatory Memorandum

(Circulated by authority of the Attorney-General, the Honourable Robert McClelland MP)

SCHEDULE 4 - TELECOMMUNICATIONS DATA CONFIDENTIALITY

Telecommunications (Interception and Access) Act 1979

Schedule 4 amends the Telecommunications (Interception and Access) Act 1979 (the TIA Act) to protect the existence of authorisations for the disclosure of information or documents made under Chapter 4, access to telecommunications data, of the TIA Act.

The Council of Europe Convention on Cybercrime places requirements on Parties to adopt legislative and other measures to keep confidential the execution of powers provided for by the Convention, as well as the information obtained from the use of those powers, for example clause 20(3).

The TIA Act currently contains prohibitions on the use and disclosure of information obtained via telecommunications interception or access to stored communications under Chapters 2 and 3 of the TIA Act respectively. These prohibitions also relate to the use or disclosure of information relating to warrants which authorise such powers.

However, whilst the TIA Act limits what can be done with information obtained under an authorisation under Chapter 4 of the TIA Act, the limitation does not relate to the information contained in the actual instruments authorising the access to that information.

To achieve consistency throughout the legislation and fulfil Convention obligations, the below clauses will create offences for the use and disclosure of information about:

•

whether an authorisation has been, or is being, sought

•

the making of such an authorisation

•

the existence or non-existence of such an authorisation

•

the revocation of such an authorisation, or

•

the notification of such a revocation.

In addition to facilitating accession to the Convention, these provisions will increase the operational security provided by the TIA Act. Given that the use of authorisations is one of the main methods of identifying relevant services related to telecommunications interception and stored communications warrants, it is important to ensure that protections are in place across the life of an operation.

The changes will also provide mechanisms to address misuse of authorisation information by employees of enforcement agencies, as well as carriers.

The offences will not relate to authorisations made under section 178A, as introduced by the Telecommunications Interception and Intelligence Services Amendment Act 2011 relating to locating a person subject to a missing person report. These authorisations relate to the protection of public safety and so it is not necessary to protect operational actions in the same way. Information obtained from a section 178A authorisation is subject to specific protections set out in new subsection 182(2A), created by the same Act.

Telecommunications (Interception and Access) Act 1979

Item 1 - Subsection 171(3)

Section 171 currently provides an outline of Chapter 4 of the TIA Act The current section separates Chapter 4 into three parts:

•

circumstances where the prohibition in section 276, 277 and 278 of the Telecommunications Act 1997 , relating to the disclosure of documents, does not apply

•

circumstances where the prohibition in section 276, 277 and 278 of the Telecommunications Act 1997 , relating to the use of documents, does not apply, and

•

the creation of a general prohibition to use or disclose information obtained by way of Chapter 4.

Item 1 will amend the outline of Chapter 4 of the TIA Act to include that Chapter 4 also includes an offence in relation to other disclosures and uses of information, being those set out in the provisions below.

Item 2 - Division 6 of Part 4-1 (heading)

Item 2 of the Schedule amends the existing heading to Division 6 of Part 4-1 of the TIA Act. The current heading is 'Secondary disclosure/use offence'. Division 6 currently sets out an offence of making a secondary use or disclosure of information obtained by way of an authorisation compliant with either Division 3 or 4 of the TIA Act. Uses and disclosures relevant to why the information was originally disclosed are considered primary, whereas subsequent or unrelated uses and disclosures are secondary disclosures.

As item 3 introduces a general offence in dealing with authorisations, they are dealing with uses and disclosures which are not technically 'secondary'. Therefore, item 2 of this Schedule removes the reference to secondary in the current text of the Act, relying on the general description of offences.

Item 3 - Before section 182

Item 3 inserts new sections 181A and 181B into the TIA Act. These new section create offences relating to the use or disclosure of information that relates to authorisations. Exception are provided to allow information or documents about communications (but not the content or substance of the communications) to be disclosed for the purposes related to the performance by the Organisation of its function of obtaining intelligence relating to security, the enforcement of the criminal law, a law imposing a pecuniary penalty or for the protection of the public revenue.

New section 181A relates to authorisations made under Division 3 of Chapter 4 of the TIA Act, which are authorisations made by the Organisation for the disclosure of documents that relate to the performance by the Organisation of its function of obtaining intelligence relating to security.

New subsection 181A(1) creates an offence if a person discloses information which is about:

•

whether an authorisation under Division 3 (other than under section 178A) has been, or is being, sought

•

the making of such an authorisation

•

the existence or non-existence of such an authorisation

•

the revocation of such an authorisation, or

•

the notification of such a revocation.

New subsection 181A(2) creates an offence if a person discloses a document to a person and the document consists (wholly or partly) of any of the following:

•

an authorisation under Division 3

•

the revocation of such an authorisation or

•

the notification of such a revocation.

New subsection 181A(3) provides exemptions for these offences. It states that the offences do not apply to disclosures when:

•

the disclosure is for the purposes of the authorisation, revocation or notification concerned, or

•

the disclosure is reasonably necessary:

•

to enable the Organisation to perform its function of obtaining intelligence relating to security.

•

to enforce the criminal law

•

to enforce a law imposing a pecuniary penalty, or

•

to protect the public revenue.

These exemptions are necessary to ensure carriers have the lawful ability to use and disclose information when actioning an authorisation.

The remaining exemptions facilitate the effect of section 182, which enables the Organisation to disclose the contents of information that it receives by way of an authorisation to other agencies if that information is reasonably necessary for the enforcement of the criminal law, a law imposing a pecuniary penalty or for the protection of the public revenue.

New subsections 181A(4) and 181A(5) create offences relating to the use of the same information and documents set out in new subsections 181A(1) and (2).

New subsection 181A(6) creates exemptions to these offences, so that the Organisation can make use of the authorisations that they have made.

Item 3 also inserts new section 181B. New section 181B follows the same structure as section 181A, except that it deals with authorisations made under Division 4 of the TIA Act, which are authorisations made by enforcement agencies for the purposes of:

•

enforcing the criminal law

•

enforcing a law imposing a pecuniary penalty, or

•

protecting the public revenue.

The offences relate to the same activities set out in new section 181A. However, the offences do not relate to authorisations made under section 178A of the TIA Act. Section 178A was introduced in the Telecommunications Interception and Intelligence Services Legislation Amendment Act 2011 and relate to making authorisations to assist in the location of a person who has been reported missing. These authorisations are based on a public safety, rather than investigation function of police and so therefore their confidentiality is not needed.

The exemptions to these offences mostly mirror those contained in new section 181A. However, to reflect the fact that these authorisations are not made by the Organisation, there is no requirement to provide an exemption for use of authorisations under new subsection 181B(5) made under this Division for the Organisation to perform its function of obtaining intelligence relating to security.

This reflects the current provisions of section 182 of the TIA Act, whereby an agency can disclose the information obtained via an authorisation in connection with the Organisation's function of obtaining intelligence relating to security, but no such use is permitted.

New sections 181A and 181B include notes that the defendant bears an evidential burden in relation to the matters in subsections (3) or (6) - being that any disclosure or use was valid. These notes are consistent with current offences in the TIA Act, including sections 132, 133 and 182.

The evidential burden means the burden of adducing, or pointing to, evidence that suggests a reasonable possibility that the matter - being that a particular instance of use or disclosure was lawful pursuant to section 181A or 181B - exists. If such evidence is pointed to, the prosecution must refute the defence beyond reasonable doubt.

The evidential burden is distinct from the legal burden, which means proving the existence of the matter. In the case of a legal burden defence, the defendant bears the burden of establishing the defence on the balance of probabilities. If the defendant establishes the matter on the balance of probabilities, the prosecution must refute the defence beyond reasonable doubt.

New subsections 181A(3) and (6) and 181B(3) and (6) put a burden on the defendant to indicate which use or disclosure exemption they relied upon when making the use or disclosure. The subsections do not shift the legal burden.

There are two reasons the defendant is required to indicate which provision they made the disclosure pursuant to. First, the fact a defendant believed that a use or disclosure was reasonably necessary for a certain purpose under the TIA Act is a state of belief held by the defendant. Other than by the defendant indicating which state of belief detailed in section 181A or 181B they held, it would be difficult for the prosecution to raise and disprove every possible state of belief. Secondly, the states of belief, in many circumstances, will go to the operational procedures of enforcement agencies.

Narrowing the extent to which the operational procedures of law enforcement agencies, including when and how information or documents are disclosed to the Organisation, are subject to court proceeding helps protect the capability of these agencies.

Item 4 - Application

Item 4 is an application provision. It does not retrospectively criminalise any act. Item 4 sets out that a person commits an offence if they disclose or use information, regardless of when that information came into existence. However, the actual disclosure or use must occur after this provision comes into force.