House of Representatives

Explanatory Memorandum

(Circulated by authority of the Minister for Home Affairs, the Honourable Tony Burke MP)

GENERAL OUTLINE

The Telecommunications and Other Legislation Amendment Bill 2025 (the Bill) amends the Telecommunications (Interception and Access) Act 1979 (TIA Act), Surveillance Devices Act 2004 and Crimes Act 1914 to ensure key provisions operate as intended, and to support the proper administration of government, law enforcement, national security and criminal justice processes.

•

Schedule 1 permits protected network activity warrant information and network activity warrant intercept information to be used, communicated and recorded to meet disclosure obligations. It also allows the information to be admitted in evidence where necessary to ensure the defendant is afforded a fair trial, or to respond to any such information admitted by the defence, while retaining the intelligence-only purpose of network activity warrants.

•

Schedule 2 transfers the statutory function of the Communications Access Coordinator (CAC) from the Secretary of the Attorney-General's Department to the Secretary of the Department that is administered by the Minister administering the TIA Act (currently the Department of Home Affairs).

•

Schedule 3 permits limited access to stored communications to allow agencies to undertake development and testing activities. These amendments align the development and testing authorisation framework in Part 2-4 of the TIA Act with other parts of the TIA Act, and ensure the framework continues to achieve its intended purpose.

•

Schedule 4 corrects a technical issue with the operation of interception international production orders in Schedule 1 to the TIA Act that was preventing international production orders from being given to US-based prescribed communications providers in certain circumstances under the Agreement between the Government of Australia and the Government of the United States of America on access to electronic data for the purpose of countering serious crime.

•

Schedule 5 amends Part IAB of the Crimes Act to clarify the threshold for authorising and varying controlled operations and subsequently the circumstances in which a participant is protected from criminal responsibility and indemnified against civil liability.

FINANCIAL IMPACT STATEMENT

The amendments in the Bill have no financial impact.

STATEMENT OF COMPATIBILITY WITH HUMAN RIGHTS

The Bill is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

A statement of compatibility with human rights has been prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011, and is at Attachment A.

COMMON ABBREVIATIONS AND ACRONYMS

NOTES ON INDIVIDUAL CLAUSES

Section 1 Short title

1. Section 1 provides that the short title of this Bill, once enacted, will be the Telecommunications and Other Legislation Amendment Act 2025.

Section 2 Commencement

2. Section 2 of the Bill sets out when the Act commences once passed by the Parliament.

3. Subsection (1) provides that that each provision of the Bill specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.

4. Sections 1 to 3, Schedule 1 (relating to protected network activity warrant information), Schedule 2 (relating to the CAC), Schedule 3 (relating to testing and development authorisations), Schedule 4 (relating to international production orders) and Schedule 5 (relating to controlled operations), and anything in the Bill not elsewhere covered by this table, commence the day after the Act receives the Royal Assent.

5. Subsection (2) provides that any information in column 3 of the table is not part of this Bill.

Section 3 Schedules

6. This section provides that legislation specified in a Schedule to the Act is amended or repealed as set out in the applicable

Items in the Schedule concerned. This section also provides that any other Item in a Schedule to the Act has effect according to its terms.

SCHEDULE 1 Amendments relating to network activity warrants

Part 1 Amendments

Surveillance Devices Act 2004

Item 1 After subsection 45B(9)

7. This

Item inserts subsections 45B(9A) and 45B(9B) to ensure that protected network activity warrant information may inform decisions about prosecutions, and the Commonwealth can meet its pre-trial and ongoing disclosure obligations. These disclosure obligations are an essential element of the proper administration of criminal justice and support the fair trial of the defendant.

8. The SD Act contains provisions which strictly limit the use and disclosure of 'protected network activity warrant information', which includes information obtained from access to data or the use of a surveillance device under a network activity warrant and information about an application for, the existence of, or the expiration of a network activity warrant. These provisions are designed to ensure that information obtained under network activity warrants is used for intelligence only, and ensure that the information cannot be used in evidence against a defendant.

9. Subsection 45B(9A) confirms that, notwithstanding these limitations, protected network activity warrant information may be used, recorded or communicated for the purpose of making a decision whether or not to bring, continue or discontinue a prosecution for a relevant offence. This ensures that all information held by the prosecution can be considered in making such decisions, including potentially exculpatory information. This includes using, recording or communicating protected network activity warrant information to ascertain whether the information is required to be disclosed to the defendant.

10. Paragraph 45B(9B)(a) provides that protected network activity warrant information may be disclosed for the purposes of complying with any applicable common law or statutory disclosure duty or obligation in a criminal proceeding for a relevant offence. This will apply to any person, including the staff of agencies in possession of such information, prosecutors, external solicitors and barristers, and the Courts. These obligations include pre-trial disclosure obligations, as well as any ongoing disclosure obligations.

11. Paragraph 45B(9B)(b) allows the legal representative of the defendant to use, record or communicate information which was disclosed to them under paragraph 45B(9B)(a), for the purposes of representing the defendant in the proceeding. It removes the need for the Court to imply from new paragraph 45B(10)(ab) the use of the material for the purpose of other steps which might ordinarily be taken. The inclusion of this paragraph is not intended to limit any other implication that may be drawn from new paragraph 45B(10)(ab).

12. These new provisions are permissive and do not compel the disclosure of protected network activity warrant information. Persons may still resist the disclosure of the information by claiming public interest immunity or legal professional privilege, or by relying on any statutory provision that limits their obligation to disclose material.

Item 2 After paragraph 45B(10)(a)

13. This

Item inserts paragraph 45B(10)(ab).

14. Subsection 45B(10) provides that network activity warrant information may be admitted in evidence in certain circumstances. Paragraph 45B(10)(ab) provides that this information may be admitted in evidence in a criminal proceeding for a relevant offence if the circumstances in subsection 45B(10A) apply.

Item 3 After subsection 45B(10)

15. This

Item inserts subsection 45B(10A).

16. Subsection 45B(10A) provides the circumstances in which protected network activity warrant information may be admitted into evidence under paragraph 45B(10)(ab).

17. Paragraph 45B(10A)(a) allows a defendant to give and adduce protected network activity warrant information into evidence where necessary to support the defendant's fair trial. An example of this would include the defendant adducing exculpatory evidence. The term 'necessary' refers to whether the admission of the information is reasonably appropriate and adapted, as opposed to being critical or essential. This requirement balances the need to support the defendant's fair trial with the need to limit the admission into evidence of information which was obtained for intelligence-only purposes.

18. Paragraph 45B(10A)(a) only permits the defendant to give and adduce protected network activity warrant information to advance their case. This ensures that evidence obtained under a network activity warrant cannot be given or adduced in evidence by the prosecution against a defendant, subject to paragraph 45B(10A)(b) (discussed below), and preserves the purpose of network activity warrants as an intelligence collection power.

19. The inclusion of both the giving and adducing of protected network activity warrant information recognises the distinction between evidence adduced by a party to the proceedings and evidence given by a witness, including the defendant. For those provisions relating to the TIA Act, it also reflects the prohibition on giving network activity warrant intercept information in evidence contained within section 63 of that Act.

20. Paragraph 45B(10A)(b) enables the prosecution to give and adduce protected network activity warrant information into evidence in response to evidence given or adduced by the defendant under paragraph 45B(10A)(a). This may only occur where:

•

the defendant has chosen to give or adduce protected network activity warrant information

•

the information is in response to the protected network activity warrant information adduced by the defendant.

21. Paragraph 45B(10A)(b) is intended to preserve the interests of justice and ensure that the defendant cannot exploit the ability to give or adduce protected network activity warrant information to create a one-sided or misleading account. For example, it would permit the prosecution to adduce protected network activity warrant information to address ambiguities or inconsistencies raised by the protected network activity warrant information adduced by the defendant under paragraph 45B(10A)(a).

22. These new provisions are permissive and do not require the defendant or the prosecution to adduce protected network activity warrant information into evidence. Further, the admission of protected network activity warrant information into evidence is subject to the ordinary rules of evidence. Nothing in these provisions prevents a claim of public interest immunity or legal professional privilege. Similarly, these provisions do not interfere with the operation of any express statutory provision that restricts the admission of information into evidence in certain situations, such as section 51 of the Australian Crime Commission Act 2002, which provides that certain members of the Australian Criminal Intelligence Commission shall not be required to produce certain documents.

Telecommunications (Interception and Access) Act 1979

Item 4 After subsection 63AE(2)

23. This

Item inserts subsections 63AE(2A), 63AE(2B) and 63AE(2C). These provisions replicate those provided for in Items 1, 2 and 3 of this Schedule by providing for the disclosure and admission of network activity warrant intercept information. These provisions also deal with the giving of such information in evidence, as Part 2-6 of the TIA Act expressly regulates both the giving and admission of information in evidence.

24. The TIA Act contains its own set of use and disclosure provisions for information obtained by interception. For this reason, the use and disclosure of network activity warrant intercept information is governed by the TIA Act, not the SD Act. Network activity warrant intercept information is defined in section 5 of the TIA Act to mean information obtained under a network activity warrant by intercepting a communication passing over a telecommunications system.

25. Subsections 63AE(2A) and 63AE(2B) are designed to replicate new subsections 45B(9A) and 45B(9B) of the SD Act to ensure that the Commonwealth can meet its pre-trial and ongoing disclosure obligations, and that legal representatives of the defendant may deal with the information for the purposes of representing the defendant in the proceeding. These disclosure obligations are an essential element of the proper administration of criminal justice and support the defendant's right to a fair trial.

26. Subsection 63AE(2A) makes reference to 'a prosecution for a prescribed offence'. This differs from new subsection 45B(9A) in the SD Act, which references 'relevant offence'. The TIA Act defines 'relevant offence' differently to the SD Act and would result in a different threshold applying for each type of information. The definition of 'prescribed offence' is the most equivalent definition in the TIA Act to that of 'relevant offence' in the SD Act, and ensures that similar thresholds apply to both protected network activity warrant information and network activity warrant intercept information.

27. Subsection 63AE(2C) replicates new paragraph 45B(10)(ab) and new subsection 45B(10A) of the SD Act, by prescribing the circumstances in which network activity warrant intercept information may be admitted into evidence.

28. These new provisions are permissive and do not require a person to disclose or adduce into evidence network activity warrant intercept information. Further, the provisions are subject to the ordinary rules of evidence. Nothing in these provisions prevents a claim of public interest immunity or legal professional privilege. Similarly, these provisions do not interfere with the operation of any express statutory provision that restricts the admission of information into evidence in certain situations, such as section 51 of the Australian Crime Commission Act 2002, which provides that certain members of the Australian Criminal Intelligence Commission shall not be required to produce certain documents.

Part 2 Application of amendments

Item 5 Application of amendments

29. Subclauses (1) and (2) provide for the application of the new permissions relating to the use, recording or communication of protected network activity warrant information after the day that the Act receives Royal Assent. This is regardless of whether:

•

the information was obtained or generated before or after the commencement of the relevant provisions

•

the proceeding to which the use, recording or communication relates, was instituted before or after commencement of the relevant provisions.

30. Similarly, subclause (3) provides that new subsection 45B(10) (relating to the admission of protected network activity warrant information into evidence) applies to the admission of the information after the commencement of the Bill, regardless of when the information was obtained or when the proceedings commenced.

31. Subclauses (4) to (6) set out analogous application rules for network activity warrant intercept information.

SCHEDULE 2 Amendments relating to the Communications Access Coordinator

Telecommunications (Interception and Access) Act 1979

32. Subsection 6R(1) of the TIA Act provides that the CAC is the Secretary of the Attorney-General's Department, or a person or body covered by a legislative instrument made by the Attorney-General under subsection 6R(2) of the TIA Act. The CAC performs a number of regulatory functions under the TIA Act and the Telecommunications Act 1997. These functions include approving carriers' interception capability plans (section 198 of the TIA Act) and granting exemption or variations from the mandatory data retention scheme (section 192 of the TIA Act).

33. On 13 May 2025, Her Excellency the Governor-General, the Hon Sam Mostyn AC, made a new Administrative Arrangements Order with the effect that, relevantly, responsibility for the TIA Act transferred from the Attorney-General to the Minister for Home Affairs.

34. Subsection 5(3A) provides that, despite subsection 19(1) of the Acts Interpretation Act 1901, a reference in the TIA Act to the Attorney-General is a reference only to the Minister with that title. Subsection 19(1) of the Acts Interpretation Act 1901 would ordinarily operate to provide that references to the Attorney-General should be read as references to the Minister administering the TIA Act following a change in administrative responsibility for the TIA Act. However, subsection 5(3A) operates to displace that outcome. Further, section 6V of the TIA Act prevents the making of a substituted references order under subsection 19B(2) of the Acts Interpretation Act 1901 unless the Prime Minister is satisfied that exceptional circumstances exist.

35. Relevantly, the combined effect of subsection 5(3A) and section 6V means that the responsibility for the CAC under section 6R of the TIA Act remains with the Secretary of the Attorney-General and the Attorney-General's Department.

36. Consequently, amendments are required to ensure all aspects of this responsibility, in particular the functions of the CAC, transfer as intended to the Home Affairs portfolio.

Item 6 Paragraph 6R(1)(a)

37. Item 1 amends paragraph 6R(1)(a).

38. Paragraph 6R(1)(a) provides that the CAC includes the Secretary of the 'Attorney-General's' Department. This

Item removes the reference to 'Attorney-General's' with the effect that the CAC now includes the Secretary of 'the Department'. By virtue of section 19A of the Acts Interpretation Act 1901, this change has the effect that the Secretary of the Department of Home Affairs can carry out the functions of the CAC, consistent with the new Administrative Arrangement Order made on 13 May 2025.

Item 7 Subsection 6R(2)

39. Item 2 amends subsection 6R(2).

40. Subsection 6R(2) provides that the 'Attorney-General' may, by legislative instrument, specify one or more persons or bodies, or one or more classes of persons or bodies, for the purposes of paragraph (b) of the definition of 'Communications Access Coordinator' in subsection 6R(1). This

Item removes the reference to 'Attorney-General' and substitutes 'Minister', to ensure that ministerial arrangements for the CAC reflect the current and future Administrative Arrangement Orders.

Item 8 Subsection 6R(2A)

41. Item 3 repeals and replaces paragraph 6R(2)(a).

42. Subsection 6R(2A) provides that the Attorney-General must only specify a person or class of persons in an instrument made under subsection 6R(2) if the person is an APS employee, or the class consists wholly of APS employees, in the Attorney-General's Department. This

Item replaces the references to the 'Attorney-General' with the 'Minister, and 'the Department', to ensure that ministerial and official arrangements for the CAC reflect the current and future Administrative Arrangement Orders.

SCHEDULE 3 Amendments relating to developing and testing interception capabilities

Part 1 Amendments

Telecommunications (Interception and Access) Act 1979

Item 1 Section 5 (definition of lawfully accessed information)

43. Item 1 ensures that the use and disclosure provisions in Part 3-4—Dealing with accessed information etc. do not apply to stored communications information collected under new section 31A authorisations. Together with Item 3 (see below), this treats all information collected under these authorisations as lawfully intercepted information, which is governed by Part 2-6 of the TIA Act, rather than lawfully accessed information. This ensures that the same stringent use and disclosure provisions apply to any stored communications accessed under a testing and development authorisation as currently apply for live communications.

44. Item 1 does this by repealing the definition of 'lawfully accessed information' in section 5, and replacing it with a new definition that excludes stored communications information from the definition of 'lawfully accessed information'.

Item 2 Subsection 6E(1)

45. This Item makes a stylistic change to section 6E to enable the insertion of new subsection 6E(2A).

Item 3 After subsection 6E(2)

46. Item 3 inserts subsection 6E(2A).

47. Subsection 6E(2A) ensures that the use and disclosure provisions in Part 2-6 apply to stored communications information collected under new section 31A authorisations. It achieves this by amending the definition of 'lawfully intercepted information' in section 6E to include 'information obtained by accessing a stored communication under a section 31A authorisation'.

48. The use and disclosure provisions in Part 2-6 are more restrictive than those in Part 3-4 and, in conjunction with subparagraph 31A(2)(a)(ii), only allow the use of information collected under a section 31A authorisation for the purpose of the development or testing of technologies, or interception capabilities.^[1]

49. Together with Item 1 (see above), Item 3 ensures that consistent use and disclosure provisions apply to all information collection under these authorisations, regardless of whether that information is a stored communication or intercepted communication.

Item 4 At the end of section 31

50. This Item inserts subsection 31(3).

51. Subsection 31(3) amends the requirements in subsection 31(2) of the TIA Act for requests from the head (or acting head) of a security authority to the Attorney-General to authorise interception for development and testing capabilities under section 31A.

52. Currently, paragraph 31(2)(c) of the TIA Act requires requests from the head (or acting head) of a security authority to include details of the extent to which the proposed development or testing would involve, or would be likely to involve, interception of communications passing over a telecommunications system.

53. New subsection 31(3) ensures that a head (or acting head) of a security authority making a request to the Attorney-General under subsection 31(1) will also be required to include details of the extent to which the proposed development or testing would involve, or would be likely to involve, accessing stored communications after they have ceased to pass over the telecommunications system.

54. The purpose of subsection 31(3) is to ensure that both the interception of live communications and the accessing of stored communications are subject to the same requirements, and that the Attorney-General has sufficient information to determine whether or not to grant the authorisation.

Item 5 After subsection 31A(4A)

55. This Item inserts subsections 31A(4B) and (4C).

56. Currently, subparagraph 31A(2)(a)(ii) imposes a condition on section 31A authorisations that prohibits 'communicating, using or recording' communications intercepted under such authorisations, except for development or testing purposes. This is an important safeguard to ensure that section 31A authorisations cannot be used for investigative or intelligence collection purposes.

57. New subsection 31A(4B) amends section 31A to clarify that persons authorised under a section 31A authorisation can communicate, use or record lawfully intercepted information obtained under the authorisation for the purposes of development or testing of technologies, or interception capabilities. This has been included for the avoidance of doubt and makes explicit what is implied from the condition in subparagraph 31A(2)(a)(ii). The term 'lawfully intercepted information' is used to ensure that the provision covers information obtained by accessing a stored communication under a section 31A authorisation (see the amendment to the definition of 'lawfully intercepted information' in section 6E explained above) and to ensure consistency with the language used in Part 2-6—Dealing with intercepted information etc.

58. Subsection 31A(4C) states that the reference to interception in subsection (1) should be read as including accessing stored communications after they have ceased to pass over a telecommunication system. This ensures that the Attorney-General can authorise access to stored communications under section 31A authorisations. This amendment supports new section 31AB, which sets out the scope of a section 31A authorisation (see explanation of new section 31AB below).

59. Subsection 31A(4C) also provides that the reference to 'interception' in subparagraph 31A(2)(a)(i) includes accessing stored communications after they have ceased to pass over a telecommunication system. This extends the conditions contained in that subparagraph, relating to the communication, use or recording of intercepted information collected under a section 31A authorisation, to also apply to stored communications. This ensures that the same conditions apply to both the live communications and the stored communications portion of the information.

Item 6 After section 31AA

60. This Item inserts section 31AB.

61. Section 31AB provides that a section 31A authorisation allows for access to stored communications passing over a telecommunications system, as well as interception.

62. Currently, the Attorney-General may only authorise interception of live communications passing over a telecommunications system under a section 31A authorisation. However, there are limited circumstances in which stored communications may pass over the telecommunications system alongside live communications (factually, rather than within the meaning of section 5F of the TIA Act which defines when a communication is passing over a telecommunications system for the purposes of the Act), such as when webmail provided by a carrier is synced to a device. In these situations, live communications and stored communications can be inextricably intermingled, with the result that it is not possible to intercept live communications under a section 31A authorisation without also accessing stored communications.

63. New section 31AB ensures that the Attorney-General can authorise access to stored communications under section 31A authorisations, in addition to the interception of live communications. This amendment aligns section 31A with provisions that apply to all interception warrants under the TIA Act—including subsection 108(2) and section 109—which currently authorise access to stored communications as well as interception. The practical effect of this amendment is to ensure that section 31A authorisations can be used to collect communications for development and testing purposes, in circumstances where live and stored communications are unable to be distinguished at the point of collection.

Item 7 Section 31C

64. This Item makes an editorial change to section 31C to enable the insertion of new subsection 31C(2).

Item 8 At the end of section 31C

65. This Item inserts subsection 31C(2).

66. Subsection 31C(2) provides that the head of the security authority must destroy, as soon as practicable, information or records obtained by the authority as a result of accessing stored communications under the authorisation. It achieves this by amending the reference to interception in paragraph 31C(1)(a) (which requires the destruction of information or records obtained via a section 31A authorisation) to also include stored communications after they have ceased to pass over a telecommunication system.

Item 9 After paragraph 108(2)(cd)

67. This Item inserts paragraph 108(2)(ce).

68. Paragraph 108(2)(ce) amends subsection 108(2) to provide that the prohibition against accessing stored communications in subsection 108(1) does not apply to stored communications accessed under a section 31A authorisation. This amendment complements the insertion of new section 31AB.

Item 10 After subsection 108(3)

69. This Item inserts subsection 108(3A).

70. New subsection 108(3A) provides that paragraph 108(2)(ce) only applies if the authorisation would have authorised interception of the communication if it were still passing over a telecommunications system.

71. The purpose of this provision is to ensure that the authority to access stored communications under a section 31A authorisation is the same in scope as the authority to intercept a communication passing over a telecommunications system, and does not operate to expand that authority. Accessing a stored communication other than in these circumstances is not permitted and would amount to a breach of section 108 (unless separately authorised).

Part 2 Application provisions

Item 11 Application of amendments

72. Subclause (1) provides that the new requirements for requests to the Attorney-General for section 31A authorisations apply to requests submitted on, or after, the day the Schedule commences. All requests made on or after this day must include details of the extent to which the proposed development or testing would involve, or would be likely to involve, accessing stored communications after they have ceased to pass over the telecommunications system.

73. Similarly, subclause (2) provides that on, or after, the day after the day the Schedule commences, security authorities will be permitted under development and testing authorisations to collect stored communications after they have ceased to pass over the telecommunications system.

SCHEDULE 4 Amendments relating to international production orders

Part 1 Amendments

Telecommunications (Interception and Access) Act 1979

Item 1 Paragraphs 30(2)(g) and (h) of Schedule 1

74. This Item replaces 'intercepting' with the technology neutral term 'accessing' in the relevant paragraphs.

75. By using the term 'accessing' instead of 'intercepting', this amendment ensures the eligible judge or nominated Administrative Review Tribunal (ART) member must consider the agency's 'access' to the communications, messages, voice calls or video calls, rather than the concept of 'interception', when assessing the utility of the information to the agency's investigation of a relevant offence. Using a broader term ensures the focus of the issuing person's considerations remains on the impact of accessing the information, regardless of the technical method by which that information is captured, stored or retrieved by the agency.

Item 2 Subparagraphs 30(5)(a)(i) and (iv) and 30(5)(b)(i) and (iv) of Schedule 1

76. This Item replaces 'intercepting' with the technology neutral term 'accessing' in the relevant subparagraphs.

77. These subparagraphs provide that the eligible judge or nominated ART member must have regard to the privacy impacts of issuing an interception IPO.

78. By using the term 'accessing' instead of 'intercepting', this amendment ensures the eligible judge or nominated ART member must consider the agency's 'access' to the communications, messages, voice calls or video calls, rather than the concept of 'interception', when assessing the privacy impact of issuing the IPO. Using a broader term ensures the focus of the issuing person's considerations remains on the impact of accessing the information, regardless of the technical method by which that information is captured, stored or retrieved by the agency.

Item 3 Paragraph 30(6)(b) of Schedule 1

79. This Item inserts '(as permitted under an international production order)' into this paragraph which deals with considerations for issuing what are commonly referred to as B-party IPOs – that is, IPOs aimed at services used by a person other than the target.

80. A key requirement for such an IPO is that the agency is unable to receive the information by means of an order aimed at services used by the target.

81. This amendment means that the eligible judge or nominated ART member needs to consider the broader concept of whether the target's information could be intercepted through an interception IPO, rather than simply the definition of 'intercept' in clause 2.

82. In practice, this will include consideration of whether the agency could receive information on the target by means of a provider complying with an interception IPO by providing a copy of stored communications, not just 'recording' or 'live streaming' those messages, voice calls or video calls. This amendment is required to ensure the threshold being considered by the eligible judge or nominated ART member is not inadvertently changed.

Item 4 Paragraph 30(7)(b) of Schedule 1

83. This Item inserts '(as permitted under an international production order)' into this paragraph which deals with considerations for issuing what are commonly referred to as B-party IPOs – that is, IPOs aimed at services used by a person other than the target.

84. A key requirement for such an IPO is that the agency is unable to receive the information by means of an order aimed at services used by the target.

85. This amendment means the eligible judge or nominated ART member needs to consider the broader concept of whether the target's messages, voice calls or video calls could be intercepted through an interception IPO, rather than the definition of 'intercept' in clause 2.

86. In practice, this will include consideration of whether the agency could receive information on the target by means of a provider complying with an interception IPO by providing a copy of stored communications, not just 'recording' or 'live streaming' those messages, voice calls or video calls. This amendment is required to ensure the threshold being considered by the eligible judge or nominated ART member is not inadvertently changed.

Item 5 At the end of clause 30 of Schedule 1

87. This Item adds subclause 30(8) 'copying stored communications' after existing subclause 30(7).

88. Paragraph 30(8)(i) provides that if a prescribed communications provider is directed to intercept communications, messages, voice calls or video calls then they can do so by copying stored communications that consist of the communications, messages, voice calls or video calls.

89. Further, paragraph 30(8)(ii) provides that such copies are taken to be communications, messages, voice calls or video calls (as the case may be) intercepted under the IPO.

90. The purpose of subclause 30(8) is to capture the widest extent of technical methods by which prescribed communications providers will produce prospective content data in response to an interception IPO. This is important, as, given the variety of prescribed communications providers which could be the subject to an interception IPO, it is virtually impossible to accurately describe how each will produce prospective content data in response to an interception IPO.

91. Specifically, prescribed communications providers may hold communications, messages, voice calls and video calls on equipment that is operated by, and is in the possession of, the prescribed communications provider regardless of whether an interception IPO is in place. By doing so, the communications, messages, voice calls and video calls may fall within the definition of 'stored communication' in clause 2 of Schedule 1 to the TIA Act. At the same time, the communications may not be being 'intercepted' (because the communications are not recorded or live streamed to the agency).

92. In such instances, there is uncertainty that providing those communications, messages, voice calls and video calls to an interception agency in response to an interception IPO would fall within the definition of 'intercept'.

93. The amendment addresses that uncertainty by making it clear that prescribed communications providers can comply with an interception IPO by providing copies of stored communications to the interception agency. The intention of these amendments is that the prescribed communications provider is permitted to provide communications within the scope of the order issued by the issuing authority, regardless of whether they do so by, for example:

•

intercepting the communications in real-time and directly streaming these communications to the agency

•

recording the communications onto their servers, and at a later time, making those communications available to the agency

•

providing copies of communications stored on their server intermittently throughout the period of the IPO, for example, once every 24 hours

•

using another technical method to make prospective communications within the scope of the interception IPO available to the agency.

94. The amendments do not override existing safeguards contained in the Industry Assistance framework under Part 15 of the Telecommunications Act 1997, nor do they create new powers to compel a provider to build new capabilities. The industry assistance framework explicitly prohibits agencies from requiring operators to remove, or build a capacity to remove, end-to-end encryption or other forms of electronic protection. The framework also explicitly prohibits agencies from requesting providers to create a systemic weakness or vulnerability into a form of electronic protection, or from rectifying a systemic weakness or vulnerability in an existing system.

95. The Australian Designated Authority will work with agencies and communications providers to determine the most appropriate method/timing for providing information in particular circumstances – for example, the frequency with which stored communications are made available.

96. By virtue of subparagraphs 30(2)(i)(i) and 30(2)(j)(i), those stored communications must still consist of communications, messages, voice calls and video calls that were made during the period specified in the IPO, and which cannot have been made prior to the IPO being given to the provider (paragraph 30(3)).

97. Further, deeming those communications, messages, voice calls or video calls to be 'communications messages, voice calls or video calls' intercepted under the IPO is necessary to ensure they are treated appropriately under other provisions of Schedule 1. This includes provisions related to:

•

requiring providers to provide intercepted information to agencies and prescribing how that is to be done (paragraphs 30(2)(i) and (j) and clause 31)

•

obligations for agencies to provide an issuing authority with information on the use of intercepted communications from previous related IPOs (paragraphs 25(3)(c) and 25(4)(c))

•

reporting, record keeping and destruction obligations (Part 9)

•

disclosure restrictions (Part 10)

•

evidentiary certificates (Part 11).

Item 6 Paragraphs 60(2)(i) and (j), 60(5)(a), (c) and (f), 60(6)(a), (c) and (f) of Schedule 1

98. This Item replaces 'intercepting' with the technology neutral term 'accessing' in the relevant paragraphs and subparagraphs. Using a broader term ensures the focus of the issuing person's considerations remains on the impact of accessing the information, regardless of the technical method by which that information is provided to the agency.

99. These paragraphs are criteria of which the eligible judge or nominated ART member must be satisfied of prior to issuing an IPO, as well as providing that the eligible judge or nominated ART member must have regard to the privacy impacts of issuing an interception IPO.

100. By using the term 'accessing' instead of 'intercepting', in paragraphs 60(2)(i) and (j), this amendment ensures the eligible judge or nominated ART member must consider the agency's 'access' to the communications, messages, voice calls or video calls, rather than the concept of 'interception', when assessing the utility of the information to the agency's Part 5.3 object or whether the Part 5.3 supervisory order has been, or is being, complied with.

101. By using the term 'accessing' instead of 'intercepting' in paragraphs 60(5)(a), (c) and (f) and 60(6)(a), (c) and (f) this amendment ensures the eligible judge or nominated ART member must consider the agency's 'access' to the communications, messages, voice calls or video calls, rather than the concept of 'interception', when assessing the privacy impact of issuing the IPO.

Item 7 Paragraph 60(7)(b) of Schedule 1

102. This Item inserts '(as permitted under an international production order)' into this paragraph which deals with considerations for issuing what are commonly referred to as B-party IPOs – that is, IPOs aimed at services used by a person other than the target.

103. A key requirement for such an IPO is that the agency is unable to receive the information by means of an order aimed at services used by the target.

104. This amendment means the eligible judge or nominated ART member needs to consider the broader concept of whether the target's communications could be intercepted through an interception IPO, rather than the definition of 'intercept' in clause 2.

105. In practice, this will include consideration of whether the agency could receive information on the target by means of a provider complying with an interception IPO by providing a copy of stored communications, not just 'recording' or 'live streaming' those communications. This amendment is required to ensure the threshold being considered by the eligible judge or ART member is not inadvertently changed as a result of the other amendments.

Item 8 Paragraph 60(8)(b) of Schedule 1

106. This Item inserts '(as permitted under an international production order)' into this paragraph which deals with considerations for issuing what are commonly referred to as B-party IPOs – that is, IPOs aimed at services used by a person other than the target.

107. A key requirement for such an IPO is that the agency is unable to receive the information by means of an order aimed at services used by the target.

108. This amendment means the eligible judge or nominated ART member needs to consider the broader concept of whether the target's communications could be intercepted through an interception IPO, rather than the definition of 'intercept' in clause 2.

109. In practice, this will include consideration of whether the agency could receive information on the target by means of a provider complying with an interception IPO by providing a copy of stored communications, not just 'recording' or 'live streaming' those communications. This amendment is required to ensure the threshold being considered by the eligible judge or ART member is not inadvertently changed as a result of the other amendments.

Item 9 At the end of clause 60 of Schedule 1

110. This Item adds subclause 60(9) 'copying stored communications' after existing subclause 60(8) which deals with interception IPOs related to Part 5.3 supervisory orders.

111. Paragraph 60(9)(i) provides that if a prescribed communications provider is directed to intercept communications, messages, voice calls or video calls then they can do so by copying stored communications that consist of the communications, messages, voice calls or video calls.

112. Further, paragraph 60(9)(ii) provides that such copies are taken to be communications, messages, voice calls or video calls (as the case may be) intercepted under the IPO.

113. The purpose of subclause 60(9) is to capture the widest extent of technical methods by which prescribed communications providers will produce prospective content data in response to an interception IPO. This is important, as, given the variety of prescribed communications providers which could be the subject to an interception IPO, it is virtually impossible to accurately describe how each will produce prospective content data in response to an interception IPO.

114. Specifically, prescribed communications providers may hold communications, messages, voice calls and video calls on equipment that is operated by, and is in the possession of, the prescribed communications provider regardless of whether an interception IPO is in place. By doing so, the communications, messages, voice calls and video calls may fall within the definition of 'stored communication' in clause 2 of Schedule 1 to the TIA Act. At the same time, the communications may not be being 'intercepted' (because the communications are not recorded or livestreamed to the agency).

115. In such instances, therefore, there is uncertainty that providing those communications, messages, voice calls and video calls to a Part 5.3 IPO agency in response to an interception IPO would fall within the definition of 'intercept'.

116. The amendment addresses that uncertainty by making it clear that prescribed communications providers can comply with an interception IPO by providing copies of stored communications to the Part 5.3 IPO agency. The intention of these amendments is that the prescribed communications provider is permitted to provide communications within the scope of the order issued by the issuing authority, regardless of whether they do so by, for example:

•

intercepting the communications in real-time and directly streaming these communications to the agency

•

recording the communications onto their servers, and at a later time, making those communications available to the agency

•

providing copies of communications stored on their server intermittently throughout the period of the IPO, for example, once every 24 hours

•

using another technical method to make prospective communications within the scope of the interception IPO available to the agency.

117. The Australian Designated Authority will work with agencies and communications providers to determine the most appropriate method/timing for providing information in particular circumstances – for example, the frequency with which stored communications are made available.

118. By virtue of subparagraphs 60(2)(i)(i) and 60(2)(j)(i), those stored communications must still consist of communications, messages, voice calls and video calls that were made during the period specified in the IPO, and which cannot have been made prior to the IPO being given to the provider (paragraph 60(3)).

119. Further, deeming those communications, messages, voice calls or video calls to be 'communications messages, voice calls or video calls' intercepted under the IPO is necessary to ensure they are treated appropriately under other provisions of Schedule 1. This includes provisions related to:

•

requiring providers to provide intercepted information to agencies and prescribing how this is to be done (paragraphs 60(2)(k) and (l) and clause 61)

•

obligations for agencies to provide an issuing authority with information on the use of intercepted communications from previous related IPOs (paragraphs 55(3)(c) and 55(4)(c))

•

reporting, record keeping and destruction obligations (Part 9)

•

disclosure restrictions (Part 10)

•

evidentiary certificates (Part 11).

Item 10 Paragraphs 83(6)(b), 83(7)(b) and 89(2)(g) and (h) of Schedule 1

120. This Item replaces 'intercepting' with the technology neutral term 'accessing' in the relevant paragraphs and subparagraphs. Using a broader term ensures the focus of the relevant person's considerations remains on the impact of accessing the information, regardless of the technical method by which that information is provided to the agency.

121. These paragraphs are criteria of which the Attorney-General and nominated ART Intelligence and Security members must be satisfied of prior to consenting to the making of an application and issuing an IPO respectively.

122. By using the term 'accessing' instead of 'intercepting', in paragraphs 83(6)(b) and 83(7)(b) this amendment ensures the Attorney-General must consider the Organisation's 'access' to the communications, messages, voice calls or video calls, rather than the concept of 'interception', when assessing whether the information would be likely to assist the Organisation in carrying out its function of obtaining intelligence relating to security.

123. By using the term 'accessing' instead of 'intercepting' in paragraphs 89(2)(g) and 89(2)(h) this amendment ensures the nominated ART Intelligence and Security member must consider the Organisation's 'access' to the communications, messages, voice calls or video calls, rather than the concept of 'interception', when assessing the whether the information would be likely to assist the Organisation in carrying out its function of obtaining intelligence relating to security.

Item 11 Subparagraphs 89(5)(a)(i) and 89(5)(b)(i) of Schedule 1

124. This Item replaces 'intercepting' with the technology neutral term 'accessing' in the relevant subparagraphs.

125. These subparagraphs provide that the nominated ART Intelligence and Security member must have regard to the use of less intrusive methods than issuing an interception IPO.

126. By using the term 'accessing' instead of 'intercepting', this amendment ensures the nominated ART Intelligence and Security member must consider less intrusive methods than the Organisation's access to the communications, messages, voice calls or video calls under the proposed IPO, rather than the concept of 'interception' of those communications, messages, voice calls or video calls.

Item 12 Paragraph 89(6)(b) of Schedule 1

127. This Item inserts '(as permitted under an international production order)' into this paragraph which deals with considerations for issuing what are commonly referred to as B-party IPOs – that is, IPOs aimed at services used by a person other than the target.

128. A key requirement for such a warrant is that the Organisation is unable to receive the information by means of an order aimed at services used by the target.

129. This amendment means the ART Intelligence and Security member needs to consider the broader concept of whether the target's communications could be intercepted through an interception IPO, rather than the definition of 'intercept' in clause 2.

130. In practice, this will include consideration of whether the Organisation could receive information on the target by means of a provider complying with an interception IPO by providing a copy of stored communications, not just 'recording' or 'live streaming' those communications. This amendment is required to ensure the threshold being considered by the member is not inadvertently changed as a result of the other amendments.

Item 13 Paragraph 89(7)(b) of Schedule 1

131. This Item inserts '(as permitted under an international production order)' into this paragraph which deals with considerations for issuing what are commonly referred to as B-party IPOs – that is, IPOs aimed at services used by a person other than the target.

132. A key requirement for such an IPO is that the Organisation is unable to receive the information by means of an order aimed at services used by the target.

133. This amendment means the ART Intelligence and Security member needs to consider the broader concept of whether the target's messages, voice calls or video calls could be intercepted through an interception IPO, rather than the definition of 'intercept' in clause 2. This amendment is required to ensure the threshold being considered by the member is not inadvertently changed as a result of the other amendments.

134. In practice, this will include consideration of whether the Organisation could receive information on the target by means of a provider complying with an interception IPO by providing a copy of stored communications, not just 'recording' or 'live streaming' those messages, voice calls or video calls.

Item 14 After subclause 89(7) of Schedule 1

135. This Item adds subclause 89(7A) 'copying stored communications' after existing subclause 89(7) which deals with interception IPOs related national security.

136. Paragraph 89(7A)(i) provides that if a prescribed communications provider is directed to intercept communications, messages, voice calls or video calls then they can do so by copying stored communications that consist of the communications, messages, voice calls or video calls.

137. Further, paragraph 89(7A)(ii) provides that such copies are taken to be communications, messages, voice calls or video calls (as the case may be) intercepted under the IPO.

138. The purpose of subclause 89(7A) is to capture the widest extent of technical methods by which prescribed communications providers will produce prospective content data in response to an interception IPO. This is important, as, given the variety of prescribed communications providers which could be the subject to an interception IPO, it is virtually impossible to accurately describe how each will produce prospective content data in response to an interception IPO.

139. Specifically, prescribed communications providers may hold communications, messages, voice calls and video calls on equipment that is operated by, and is in the possession of, the prescribed communications provider regardless of whether an interception IPO is in place. By doing so, the communications, messages, voice calls and video calls may fall within the definition of 'stored communication' in clause 2 of Schedule 1 to the TIA Act. At the same time, the communications may not be being 'intercepted' (because the communications are not recorded or livestreamed to the agency).

140. In such instances, therefore, there is uncertainty that providing those communications, messages, voice calls and video calls to the Organisation in response to an interception IPO would fall within the definition of 'intercept'.

141. The amendment addresses that uncertainty by making it clear that prescribed communications providers can comply with an interception IPO by providing copies of stored communications to the Organisation. The intention of these amendments is that the prescribed communications provider is permitted to provide communications within the scope of the order issued by the issuing authority, regardless of whether they do so by:

•

intercepting the communications in real-time and directly streaming these communications to the agency

•

recording the communications onto their servers, and at a later time, making those communications available to the agency

•

providing copies of communications stored on their server intermittently throughout the period of the IPO, for example, once every 24 hours

•

using another technical method to make prospective communications within the scope of the interception IPO available to the agency.

142. The Australian Designated Authority will work with agencies and communications providers to determine the most appropriate method/timing for providing information in particular circumstances – for example, the frequency with which stored communications are made available.

143. By virtue of subparagraphs 89(2)(i)(i) and 89(2)(j)(i), those stored communications must still consist of communications, messages, voice calls and video calls that were made during the period specified in the IPO, and which cannot have been made prior to the IPO being given to the provider (paragraph 30(3)).

144. Further, deeming those communications, messages, voice calls or video calls to be 'communications messages, voice calls or video calls' intercepted under the IPO is necessary to ensure they are treated appropriately under other provisions of Schedule 1. This includes provisions related to:

•

requiring providers to provide intercepted information to agencies and prescribing how this is to be done (paragraphs 89(2)(i) and (j) and clause 90)

•

obligations for agencies to provide an issuing authority with information on the use of intercepted communications from previous related IPOs (paragraphs 86(3)(c) and 86(4)(c))

•

reporting, record keeping and destruction obligations (Part 9)

•

disclosure restrictions (Part 10)

•

evidentiary certificates (Part 11).

SCHEDULE 5 Amendments relating to controlled operations

Crimes Act 1914

Item 1 After subsection 15GI(2)

145. This Item inserts new subsections 15GI(2A) and 15GI(2B) after current subsection 15GI(2).

146. Currently, paragraph 15GI(2)(g) provides that an authorising officer must not grant an authority to conduct a controlled operation unless the authorising officer is satisfied on reasonable grounds that any conduct involved in the controlled operation will not:

•

seriously endanger the health or safety of any person (subparagraph 15GI(2)(g)(i))

•

cause the death of, or serious injury to, any person (subparagraph 15GI(2)(g)(ii))

•

involve the commission of a sexual offence against any person (subparagraph 15GI(2)(g)(iii))

•

result in significant loss of, or serious damage to, property (other than illicit goods) (subparagraph 15GI(2)(g)(iv)).

147. With crimes committed or facilitated online becoming more prevalent, organised and extreme, amendments are required to make it clear how the legislation applies in an online context. The anonymous nature of the internet means there may be a lack of information available to law enforcement officers to assess potential risks, including the identity of a suspect or their location. Anonymisation is becoming more sophisticated online and harder for police to address. Covert online controlled operations can take weeks or months deploying tradecraft that will result in identifying online actors. Current paragraph 15GI(2)(g) does not clearly express to what extent an authorising officer is expected to foresee potential risks and not authorise a controlled operation on the basis of these risks.

148. The amendments ensure clarity as to the application of current paragraph 15GI(2)(g), particularly in the context of emerging online crime types where the persons under investigation are anonymised, including on the dark web and encrypted communications platforms. New subsection 15GI(2A) is inserted to avoid doubt as to the intended operation of existing paragraph 15GI(2)(g). New paragraph 15GI(2A)(a) provides that paragraph 15GI(2)(g) only requires an authorising officer to be satisfied as to the direct and reasonably foreseeable consequences of the unlawful conduct of participants in the controlled operation. Direct consequence captures a consequence caused or produced by the unlawful conduct without intervening conduct or events and excludes merely minor influences on the consequence. A 'participant' is defined in current section 15GC as a person who is authorised to engage in controlled conduct for the purposes of a controlled operation.

149. This clarifies that an authorising officer is not expected to consider potential indirect effects of unlawful conduct by participants at the time of authorisation, including indirect consequences which a reasonable person may consider foreseeable as well, as those that are far-fetched or fanciful. It also makes clear that paragraph 15GI(2)(g) is intended to exclude consideration of effects tenuously related to the unlawful conduct, in that the contribution of the unlawful conduct may have a minor or negligible influence on a particular outcome.

150. It further clarifies that an authorising officer is not expected to consider any actions of persons who are not participants listed in the controlled operation authority (for example, a person or persons targeted by the controlled operation) for the purposes of paragraph 15GI(2)(g). This amendment will also clarify that paragraph 15GI(2)(g) only applies to the unlawful conduct of participants.

151. This provision recognises that the authorising officer is making a point in time assessment at the very start of a controlled operation, when it is not realistic for them to foresee the full breadth of operational scenarios that may eventuate, particularly the actions of those who are not listed in the controlled operation authority, or whose identities are not known to police.

152. The amendments do not alter the safeguards that already exist to prevent participants from directly causing the outcomes listed in paragraph 15GI(2)(g). For example, a controlled operation cannot authorise participants to create child abuse material by directly harming a child, as this would involve the commission of a sexual offence against a person.

153. Safeguards in sections 15HA and 15HB also continue to ensure that immunity from criminal liability and indemnity against civil liability do not apply where undercover operative actions are likely to cause the death or serious injury of a person or involve the commission of a sexual offence against any person. Sections 15HA and 15HB apply at the determination of criminal responsibility or civil liability stage (as opposed to the authorisation stage) noting a person involved in a controlled operation will have greater clarity as to the likely consequences of controlled conduct once the operation has begun, than would be expected of an authorising officer at the authorising stage.

154. New paragraph 15GI(2A)(a) is intended to make clear the consideration of the authorising officer, under paragraph 15GI(2)(g), is only concerned with the unlawful conduct of a participant and not a suspect under investigation, unless the suspect's conduct may be directly caused in some way by the participant's conduct, and those consequences are reasonably foreseeable. The restriction in paragraph 15GI(2)(g) would otherwise have an absurd effect if it were read as meaning that a controlled operation to investigate a dangerous crime could not be authorised if there was risk that a suspect might continue the dangerous criminal behaviour which is under investigation. This would defeat the purpose of the Part IAB power.

155. New paragraph 15GI(2A)(b) clarifies, for the avoidance of doubt, that a participant in a controlled operation dealing with, or facilitating a person to deal with, material depicting, material describing or material otherwise involving a sexual offence is not intended to be captured by subparagraph 15GI(2)(g)(iii) (which prohibits authorisation of a controlled operation involving the commission of a sexual offence against any person).

156. With the proliferation of offences committed utilising technology (for example, possessing, transmitting, making available, or distributing child abuse material), clarity is required to confirm whether subparagraph 15GI(2)(g)(iii) may allow the authorisation of a participant dealing with material of a sexual nature online for the purposes of a controlled operation targeting the arrest and prosecution of sex offenders.

157. This clarifying provision seeks to address this ambiguity and make clear that a participant in a controlled operation targeting the arrest and prosecution of sex offenders is able to deal with, or facilitate a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person for the purposes of a controlled operation without engaging the restriction in subparagraph 15GI(2)(g)(iii). For example, a controlled operation occurring online may involve an undercover law enforcement operative assuming the identity of a child sex offender, including dealing with child abuse material, for the purpose of gathering evidence to arrest and prosecute child sex offenders.

158. The phrase 'dealing with' is intended to have its broad ordinary meaning, and includes, but is not limited to, accessing, possessing, modifying and transmitting material.

159. The use of the word 'material' is intended to capture, but is not limited to, text, audio, or still and moving images.

160. The phrase 'facilitating a person to deal with' at new subparagraph 15GI(2A)(b)(ii) is intended to capture conduct where a participant in a controlled operation is required to enable the actions of others for the purposes of the controlled operation. This may include, for example, a participant in a controlled operation administering or moderating an online forum in order to infiltrate a syndicate and collect evidence.

161. Dealing with material 'otherwise involving' a sexual offence against any person is intended to capture circumstances where the material itself may not depict a sexual offence occurring, however, the possession of the material could amount to a sexual offence.

Item 2 After subsection 15GQ(2)

162. This Item inserts new subsections 15GQ(2A) and 15GQ(2B) after current subsection 15GQ(2).

163. Noting current paragraph 15GQ(2)(g) requires an appropriate authorising officer to consider the same factors in relation to a variation of a controlled operation authority as those outlined in paragraph 15GI(2)(g) in relation to authorisation of a controlled operation, new subsections 15GQ(2A) and 15GQ(2B) replicate clarifying amendments to paragraph 15GI(2)(g).

164. New subsection 15GQ(2A) is inserted to avoid doubt as to the intended operation of existing paragraph 15GQ(2)(g). New paragraph 15GQ(2A)(a) provides that paragraph 15GQ(2)(g) only requires an appropriate authorising officer to be satisfied as to the direct and reasonably foreseeable consequences of the unlawful conduct of participants in the controlled operation. Direct consequence captures a consequence caused or produced by the unlawful conduct without intervening conduct or events, and excludes merely minor influences on the consequence. A 'participant' is defined in current section 15GC as a person who is authorised to engage in controlled conduct for the purposes of a controlled operation.

165. This clarifies that an appropriate authorising officer is not expected to consider potential indirect effects of unlawful conduct by participants at the time of variation of the authority, including indirect consequences which a reasonable person may consider foreseeable as well as those that are far-fetched or fanciful. It also makes clear that paragraph 15GQ(2)(g) is intended to exclude consideration of effects tenuously related to the unlawful conduct, in that the contribution of the unlawful conduct may have a minor influence on a particular outcome.

166. It further clarifies that an appropriate authorising officer is not expected to consider any actions of persons who are not participants listed in the controlled operation authority (for example, a person or persons targeted by the controlled operation) for the purposes of paragraph 15GQ(2)(g). This amendment will also clarify that paragraph 15GQ(2)(g) only applies to the unlawful conduct of participants.

167. This provision recognises that the appropriate authorising officer is making a point in time assessment at the time of variation of a controlled operation, when it is not realistic for them to foresee the full breath of operational scenarios that may eventuate, particularly the actions of those who are not listed in the controlled operation authority, or their identities are not known to police.

168. The amendments do not alter the safeguards that already exist to prevent participants from directly causing the outcomes listed in paragraph 15GQ(2)(g). For example, a controlled operation cannot authorise participants to create child abuse material by directly harming a child as this would involve the commission of a sexual offence against any person.

169. Safeguards in sections 15HA and 15HB also continue to ensure that immunity from criminal liability and indemnity against civil liability do not apply where undercover operative actions are likely to cause the death or serious injury of a person or involve the commission of a sexual offence against any person. Sections 15HA and 15HB apply at the determination of criminal responsibility or civil liability stage (as opposed to the authorisation stage) noting a person involved in a controlled operation will have greater clarity as to the likely consequences of controlled conduct once the operation has begun, than would be expected of an authorising officer at the authorising stage.

170. New paragraph 15GQ(2A)(a) is intended to make clear the consideration of the authorising officer, under paragraph 15GI(2)(g), is only concerned with the unlawful conduct of a participant and not a suspect under investigation, unless the suspect's conduct may be directly caused in some way by the participant's conduct, and those consequences are reasonably foreseeable. The restriction in paragraph 15GQ(2)(g) would otherwise have an absurd effect if it were read as meaning that a controlled operation to investigate a dangerous crime could not be authorised if there was risk that a suspect might continue the dangerous criminal behaviour which is under investigation. This would defeat the purpose of the Part IAB power.

171. New paragraph 15GQ(2A)(b) clarifies, for the avoidance of doubt, that a participant in a controlled operation dealing with, or facilitating a person to deal with, material depicting, material describing or material otherwise involving a sexual offence is not intended to be captured by subparagraph 15GQ(2)(g)(iii) (which prohibits variation of a controlled operation involving the commission of a sexual offence against any person).

172. With the proliferation of offences committed utilising technology (for example, possessing, transmitting, making available, or distributing child abuse material), clarity is required to confirm whether subparagraph 15GQ(2)(g)(iii) may allow the variation of an authorisation that may involve a participant dealing with material of a sexual nature online for the purposes of a controlled operation targeting the arrest and prosecution of sex offenders.

173. This clarifying provision seeks to address this ambiguity and make clear that a participant in a controlled operation targeting the arrest and prosecution of sex offenders is able to deal with, or facilitate a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person for the purposes of a controlled operation without engaging the restriction in subparagraph 15GQ(2)(g)(iii). For example, a controlled operation occurring online may involve an undercover law enforcement operative assuming the identity of a child sex offender, including dealing with child abuse material, for the purpose of gathering evidence to arrest and prosecute child sex offenders.

174. The phrase 'dealing with' is intended to have its broad ordinary meaning, and includes, but is not limited to, accessing, possessing, modifying and transmitting material.

175. The use of the word 'material' is intended to capture, but is not limited to, text, audio, or still and moving images.

176. The phrase 'facilitating a person to deal with' at new subparagraph 15GQ(2A)(b)(ii) is intended to capture conduct where a participant in a controlled operation is required to enable the actions of others for the purposes of the controlled operation. This may include, for example, a participant in a controlled operation administering or moderating an online forum in order to infiltrate a syndicate and collect evidence.

177. Dealing with material 'otherwise involving' a sexual offence against any person is intended to capture circumstances where the material itself may not depict a sexual offence occurring, however, the possession of the material could amount to a sexual offence.

Item 3 After subsection 15GV(2)

178. This Item inserts new subsections 15GV(2A) and 15GV(2B) after current subsection 15GV(2).

179. Noting current paragraph 15GV(2)(g) requires a nominated Tribunal member to consider the same factors in relation to a determination of an application for a variation of a formal authority as those outlined in paragraph 15GI(2)(g) in relation to authorisation of a controlled operation, new subsections 15GV(2A) and 15GV(2B) replicate clarifying amendments to paragraph 15GI(2)(g).

180. New subsection 15GV(2A) is inserted to avoid doubt as to the intended operation of paragraph 15GV(2)(g). New paragraph 15GV(2A)(a) provides that paragraph 15GV(2)(g) only requires a nominated Tribunal member to be satisfied as to the direct and reasonably foreseeable consequences of the unlawful conduct of participants in the controlled operation. Direct consequence captures a consequence caused or produced by the unlawful conduct without intervening conduct or events and excludes merely minor influences on the consequence. A 'participant' is defined in current section 15GC as a person who is authorised to engage in controlled conduct for the purposes of a controlled operation.

181. This clarifies that a nominated Tribunal member is not expected to consider potential indirect effects of unlawful conduct by participants at the time of variation of the authority, including indirect consequences which a reasonable person may consider foreseeable as well as those that are far-fetched or fanciful. It also makes clear that paragraph 15GV(2)(g) is intended to exclude consideration of effects tenuously related to the unlawful conduct, in that the contribution of the unlawful conduct may have a minor influence on a particular outcome.

182. It further clarifies that a nominated Tribunal member is not expected to consider any actions of persons who are not participants listed in the controlled operation authority (for example, a person or persons targeted by the controlled operation) for the purposes of paragraph 15GV(2)(g). This amendment will also clarify that paragraph 15GV(2)(g) only applies to the unlawful conduct of participants.

183. This provision recognises that a nominated Tribunal member is making a point in time assessment at the time of the application for variation of the controlled operation, when it is not realistic for them to foresee the full breath of operational scenarios that may eventuate, particularly the actions of those who are not listed in the controlled operation authority, or their identities are not known to police.

184. The amendments do not alter the safeguards that already exist to prevent participants from directly causing the outcomes listed in paragraph 15GV(2)(g). For example, a controlled operation cannot authorise participants to create child abuse material by directly harming a child as this would involve the commission of a sexual offence against any person.

185. Safeguards in sections 15HA and 15HB also continue to ensure that immunity from criminal liability and indemnity against civil liability do not apply where undercover operative actions are likely to cause the death or serious injury of a person or involve the commission of a sexual offence against any person. Sections 15HA and 15HB apply at the determination of criminal responsibility or civil liability stage (as opposed to the authorisation stage) noting a person involved in a controlled operation will have greater clarity as to the likely consequences of controlled conduct once the operation has begun, than would be expected of an authorising officer at the authorising stage.

186. New paragraph 15GV(2A)(a) is intended to make clear the consideration of the authorising officer, under paragraph 15GI(2)(g), is only concerned with the unlawful conduct of a participant and not a suspect under investigation, unless the suspect's conduct may be directly caused in some way by the participant's conduct, and those consequences are reasonably foreseeable. The restriction in paragraph 15GV(2)(g) would otherwise have an absurd effect if it were read as meaning that a controlled operation to investigate a dangerous crime could not be authorised if there was risk that a suspect might continue the dangerous criminal behaviour which is under investigation. This would defeat the purpose of the Part IAB power.

187. New paragraph 15GV(2A)(b) clarifies, for the avoidance of doubt, that a participant in a controlled operation dealing with, or facilitating a person to deal with, material depicting, material describing or material otherwise involving a sexual offence is not intended to be captured by subparagraph 15GV(2)(g)(iii) (which prohibits variation of a controlled operation involving the commission of a sexual offence against any person).

188. With the proliferation of offences committed utilising technology (for example, possessing, transmitting, making available, or distributing child abuse material), clarity is required to confirm whether subparagraph 15GV(2)(g)(iii) may allow the variation of an authorisation that may involve a participant dealing with material of a sexual nature online for the purposes of a controlled operation targeting the arrest and prosecution of sex offenders.

189. This clarifying provision seeks to address this ambiguity and make clear that a participant in a controlled operation targeting the arrest and prosecution of sex offenders is able to deal with, or facilitating a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person for the purposes of a controlled operation without engaging the restriction in subparagraph 15GV(2)(g)(iii). For example, a controlled operation occurring online may involve an undercover law enforcement operative assuming the identity of a child sex offender, including dealing with child abuse material, for the purpose of gathering evidence to arrest and prosecute child sex offenders.

190. The phrase 'dealing with' is intended to have its broad ordinary meaning, and includes, but is not limited to, accessing, possessing, modifying and transmitting material.

191. The use of the word 'material' is intended to capture, but is not limited to, text, audio, or still and moving images.

192. The phrase 'facilitating a person to deal with' at new subparagraph 15GV(2A)(b)(ii) is intended to capture conduct where a participant in a controlled operation is required to enable the actions of others for the purposes of a controlled operation. This may include, for example, a participant in a controlled operation administering or moderating an online forum in order to infiltrate a syndicate and collect evidence.

193. Dealing with material 'otherwise involving' a sexual offence against any person is intended to capture circumstances where the material itself may not depict a sexual offence occurring, however, the possession of the material could amount to a sexual offence.

Item 4 At the end of section 15HA

194. This Item inserts new subsection 15HA(3) at the end of current section 15HA.

195. Current section 15HA provides that a participant is not criminally responsible for unlawful conduct engaged in during, and for the purposes of a controlled operation, if, amongst other things, the conduct does not involve the participant engaging in any conduct that is likely to involve the commission of a sexual offence against any person.

196. New subsection 15HA(3) clarifies, for the avoidance of doubt, that a participant may be protected from criminal responsibility where the participant deals with, or facilitates a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person.

197. This clarifying provision seeks to make clear that a participant in a controlled operation targeting the arrest and prosecution of sex offenders is able to deal with, or facilitate a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person for the purposes of a controlled operation without engaging the restriction in subparagraph 15HA(2)(d)(ii). For example, a controlled operation occurring online may involve an undercover law enforcement operative assuming the identity of a child sex offender, including dealing with child abuse material, for the purpose of gathering evidence to arrest and prosecute child sex offenders.

198. The phrase 'dealing with' is intended to have its broad ordinary meaning, and includes, but is not limited to, accessing, possessing, modifying and transmitting material.

199. The use of the word 'material' is intended to capture, but is not limited to, text, audio, or still and moving images.

200. The phrase 'facilitating a person to deal with' at new paragraph 15HA(3)(b) is intended to capture conduct where a participant in a controlled operation is required to enable the actions of others for the purposes of the controlled operation. This may include, for example, a participant in a controlled operation administering or moderating an online forum in order to infiltrate a syndicate and collect evidence.

201. Dealing with material 'otherwise involving' a sexual offence against any person is intended to capture circumstances where the material itself may not depict a sexual offence occurring, however, the possession of the material could amount to a sexual offence.

Item 5 Subsection 15HB

202. This Item inserts '(1)' at the beginning of the section, making it subsection 15HB(1). This amendment is necessary due to the addition of new subsection 15HB(2).

203. Current section 15HB provides for the indemnification of participants in controlled operations against civil liability.

Item 6 At the end of section 15HB

204. This Item inserts new subsection 15HB(2) at the end of current section 15HB.

205. Current section 15HB provides for the Commonwealth to indemnify participants in a controlled operation against any civil liability the participant incurs because of conduct the participant engages in if, amongst other things, the conduct does not involve the participant engaging in any conduct that is likely to involve the commission of a sexual offence against any person.

206. New subsection 15HB(2) clarifies, for the avoidance of doubt, that a participant may be indemnified against any civil liability the participant incurs because of conduct the participant engages in if where the participant deals with, or facilitates a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person.

207. This clarifying provision seeks to make clear that a participant in a controlled operation targeting the arrest and prosecution of sex offenders is able to deal with, or facilitate a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person for the purposes of a controlled operation without engaging the restriction in current paragraph 15HB(d)(ii). For example, a controlled operation occurring online may involve an undercover law enforcement operative assuming the identity of a child sex offender, including dealing with child abuse material, for the purpose of gathering evidence to arrest and prosecute child sex offenders.

208. The phrase 'dealing with' is intended to have its broad ordinary meaning, and includes, but is not limited to, accessing, possessing, modifying and transmitting material.

209. The use of the word 'material' is intended to capture, but is not limited to, text, audio, or still and moving images.

210. The phrase 'facilitating a person to deal with' is intended to capture conduct where a participant in a controlled operation is required to enable the actions of others for the purposes of the controlled operation. This may include, for example, a participant in a controlled operation administering or moderating an online forum in order to infiltrate a syndicate and collect evidence.

211. Dealing with material 'otherwise involving' a sexual offence against any person is intended to capture circumstances where the material itself may not depict a sexual offence occurring, however, the possession of the material could amount to a sexual offence.

Attachment A Statement of Compatibility with Human Rights

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

Telecommunications and Other Legislation Amendment Bill 2025

This Bill is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Overview of the Bill

Schedule 1

Schedule 1 of the Bill amends the Surveillance Devices Act 2004 (SD Act) and the Telecommunications (Interception and Access) Act 1979 (TIA Act) to permit protected network activity warrant information and network activity warrant intercept information to be disclosed for the purpose of complying with disclosure obligations. It also permits the information to be admitted in evidence where necessary to ensure defendants are afforded the right to a fair trial or rebut any such information led by the defendant, while retaining the intelligence-only purpose of network activity warrants.

New subsections 45B(9A) and 45B(9B) of the SD Act and 63AE(2A) and 63AE(2B) of the TIA Act confirm that, notwithstanding these limitations, protected network activity warrant information and protected network activity warrant intercept information may be used, recorded or communicated for the purpose of making a decision whether or not to bring, continue or discontinue a prosecution for a relevant offence. This ensures that all information held by the prosecution can be considered in making such decisions, including potentially exculpatory information. This includes using, recording or communicating protected network activity warrant information to ascertain whether the information is required to be disclosed to the defendant.

These amendments also allow disclosure of protected network activity warrant information and protected network activity warrant intercept information for the purposes of complying with any applicable common law or statutory disclosure duty or obligation in a criminal proceeding for a relevant offence. This will apply to any person, including the staff of agencies in possession of such information, prosecutors, external solicitors and barristers, and the Court. These obligations include pre-trial disclosure obligations, as well as any ongoing disclosure obligations.

New subsections 45B(9B) of the SD Act and 63AE(2B) of the TIA Act also allow the legal representative of the defendant to use, record or communicate information which was disclosed to them for the purposes of representing the defendant in the proceeding.

New paragraph 45B(10)(ab) of the SD Act and subsection 63AE(2C) of the TIA Act permit the admission or giving in evidence of protected network activity warrant information and protected network activity warrant interception information. New subsections 45B(10A) of the SD Act and 63AE(2C) of the TIA Act allow the information to be admitted in evidence by the defendant where necessary to ensure the defendant is afforded a fair trial. The prosecution is only permitted to give or adduce evidence where the defendant has chosen to give or adduce protected network activity warrant information, and the information is in response to the protected network activity warrant information adduced by the defendant.

Schedule 2

Schedule 2 of the Bill amends the TIA Act to transfer the statutory functions of the Communications Access Coordinator (CAC) from the Secretary of the Attorney-General's Department to the Secretary of the Department of Home Affairs.

The CAC performs a number of regulatory functions under the TIA Act and the Telecommunications Act 1997. These functions include approving carriers' interception capability plans (section 198 of the TIA Act) and granting exemption or variations from the mandatory data retention scheme (section 192 of the TIA Act).

The Administrative Arrangements Order made on 13 May 2025, transferred responsibility for the TIA Act from the Attorney-General to the Minister for Home Affairs. While subsection 19(1) of the Acts Interpretation Act 1901 would ordinarily operate to provide that references to the Attorney-General should be read as references to the Minister administering the TIA Act, the TIA Act operates to displace that outcome. The responsibility for the CAC under the TIA Act therefore remains with the Secretary of the Attorney-General and the Attorney-General's Department.

These amendments to section 6R of the TIA Act are administrative in nature and ensure all aspects of this responsibility, in particular the functions of the CAC, transfer as intended.

Schedule 3

Schedule 3 of the Bill amends the TIA Act to permit limited access to stored communications that have ceased to pass over a telecommunications system under development and testing authorisations given by the Attorney-General under section 31A of the TIA Act.

Currently, the Attorney-General may only authorise interception of live communications passing over a telecommunications system under a section 31A authorisation. However, there are limited circumstances in which stored communications may pass over the telecommunications system alongside live communications. New subsection 31A(3) and section 31AB ensure that the Attorney-General can authorise access to stored communications under section 31A authorisations, in addition to the interception of live communications.

New paragraph 108(2)(ce) and subsection 108(3A) are consequential, and provide that the existing prohibition against accessing stored communications in subsection 108(1) do not apply to those accessed under a section 31A authorisation.

The Bill also extends all of the safeguards that apply to the use, disclosure and destruction of intercept information obtained under a section 31A authorisation to any stored communications obtained under a section 31A authorisation.

•

The amendments to the definition of 'lawfully accessed information' in section 5 and new subsection 6E(2A), which states that 'lawfully intercepted information' includes any stored communications obtained under a section 31A authorisation, ensure that the more restrictive use and disclosure provisions in Part 2-6 of the TIA Act (use of lawfully intercepted information) apply to any stored communications collected under the new section 31A authorisations.

•

Consistent with existing safeguards for lawfully accessed information, new subsection 31C(2) provides that the head of the security authority must destroy, as soon as practicable, information or records obtained by the authority as a result of accessing stored communications under the authorisation.

New subsection 31A(4B) clarifies that persons authorised under a section 31A authorisation can communicate, use or record lawfully intercepted information obtained under the authorisation for the purposes of development or testing of technologies, or interception capabilities. New subsection 31A(4C) confirms that this also applies to any stored communications collected under the section 31A authorisation.

Schedule 4

Schedule 4 of the Bill amends Schedule 1 to the TIA Act to allow for the technical methods prescribed communications providers will use in practice to produce prospective content data in response to an interception International Production Order (IPO)issued to a prescribed communications providers in countries with which Australia has a designated international agreement under clause 3 of Schedule 1 to the TIA Act^[2].

Schedule 1 to the TIA Act and the Agreement between the Government of Australia and the Government of the United States of America on access to data for the purpose of countering serious crime (Australia-US Data Access Agreement) both contain safeguards on the use of interception IPOs. This includes IPOs being issued by independent judges, magistrates or members of the Administrative Review Tribunal (ART), thresholds consistent with the use of domestic interception warrants and oversight by the Australian Designated Authority of compliance with the Australia-US Data Access Agreement.

New subclauses 30(8), 60(9) and 89(7A) allow prescribed communications providers to comply with an interception IPO by copying stored communications that consist of the relevant communications, messages, voice calls or video calls.

Further amendments are made which replace 'intercept' with the technology-neutral term 'access'. Using a broader term ensures the focus of the provisions, and an issuing person's considerations when granting an IPO, are on the impact of an agency having the information, regardless of the technical method by which that information is provided to an agency.

Additional amendments are made to provisions regarding B-party IPOs, which target services used by a person other than the target. A key requirement for such an IPO is that an agency is unable to receive the information by means of an order aimed at services used by the target.

The amendments mean the relevant issuing person needs to consider the broader concept of whether the target's information could be intercepted through an interception IPO, rather than simply the definition of 'intercept' in clause 2. In practice, this will include consideration of whether the agency could receive information on the target by means of a provider complying with an interception IPO by providing a copy of stored communications, not just 'recording' or 'live streaming' them.

Schedule 5

Schedule 5 of the Bill amends Part IAB of the Crimes Act 1914 (Crimes Act) to clarify the threshold in authorising and varying controlled operations, and the circumstances in which a person is protected from criminal responsibility and indemnified against civil liability.

Controlled operations are defined in current subsection 15GD(1) as an operation involving law enforcement engaging in unlawful conduct for the purposes of gathering evidence that may lead to the prosecution of a serious Commonwealth offence or a serious state offence with a federal aspect. Controlled operations are subject to independent oversight by the Office of the Commonwealth Ombudsman. These amendments will provide law enforcement agencies with greater clarity about controlled operations, allowing them to better collect evidence to prosecute reprehensible crimes such as child sexual abuse offences in the online space.

The amendments in Schedule 5 clarify current paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g)—namely, that an authorising officer, appropriate authorising officer or nominated Tribunal member must only be satisfied as to the direct and reasonably foreseeable consequences of the proposed unlawful conduct by participants in the controlled operation. This recognises that the authorising officer, appropriate authorising officer or nominated Tribunal member is making a point in time assessment, when it is not realistic for them to foresee the full breadth of operational scenarios that may eventuate. The amendments also seek to clarify that dealing with, or facilitating a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person is not to be taken as being involved in the commission of a sexual offence against any person for the purposes of Part IAB of the Crimes Act. These amendments will ensure clarity as to what an authorising officer, appropriate authorising officer or nominated Tribunal member must consider in authorising or varying a controlled operation, ensuring law enforcement authorities can confidently deploy controlled operations in online spaces.

With crimes committed or facilitated online becoming more prevalent, organised and extreme, amendments are required to make it clear how the legislation applies in an online context. The anonymous nature of the internet means there may be a lack of information available to law enforcement officers to assess potential risks, including the identity of a suspect or their location. Anonymisation is becoming more sophisticated online and harder for police to address. Covert online controlled operations can take weeks or months deploying tradecraft that will result in identifying online actors. Current paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g) do not clearly express to what extent an authorising officer, appropriate authorising officer or nominated Tribunal member is expected to foresee potential risks and not authorise a controlled operation on the basis of these risks.

The amendments ensure clarity as to the application of current paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g) particularly in the context of emerging online crime types where the persons under investigation are anonymised, including on the dark web and encrypted communications platforms.

The amendments clarify that an authorising officer is not expected to consider potential indirect effects of unlawful conduct by participants at the time of authorisation, including indirect consequences which a reasonable person may consider foreseeable as well as those that are far-fetched or fanciful. It also makes clear that paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g) are intended to exclude consideration of effects tenuously related to the unlawful conduct, in that the contribution of the unlawful conduct may have a minor influence on a particular outcome. It further clarifies that an authorising officer is not expected to consider any actions of persons who are not participants listed in the controlled operation authority (for example, a person or persons targeted by the controlled operation) for the purposes of paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g). This amendment will also clarify that paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g) only apply to the unlawful conduct of participants.

New subsections 15GI(2A), 15GQ(2A) and 15GV(2A) are inserted to avoid doubt as to the intended operation of paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g). New paragraphs 15GI(2A)(a), 15GQ(2A)(a) and 15GV(2A)(a) respectively provide that paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g) only require an authorising officer, appropriate authorising officer or nominated Tribunal member to be satisfied as to the direct and reasonably foreseeable consequences of the unlawful conduct of participants in the controlled operation. Direct consequence captures a consequence caused or produced by the unlawful conduct without intervening conduct or events and excludes merely minor influences on the consequence. A 'participant' is defined in current section 15GC as a person who is authorised to engage in controlled conduct for the purposes of a controlled operation.

These amendments make clear that:

•

an authorising officer, appropriate authorising officer or nominated Tribunal member is not expected to consider potential indirect effects of unlawful conduct by participants at the time of authorisation, including indirect consequences which a reasonable person may consider foreseeable as well as those that are far-fetched or fanciful

•

paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g) are intended to exclude consideration of the unlawful conduct that may have a minor influence on a particular outcome

•

an authorising officer, appropriate authorising officer or nominated Tribunal member is not expected to consider any actions of persons who are not participants listed in the controlled operation authority (for example, a person or persons targeted by the controlled operation) for the purposes of paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g).

The amendments are intended to make clear the consideration of the authorising officer appropriate authorising officer or nominated Tribunal member—under paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g)—is only concerned with the unlawful conduct of a participant and not a suspect under investigation, unless the suspect's conduct may be directly caused in some way by the participant's conduct, and those consequences are reasonably foreseeable.

These amendments do not alter the safeguards that already exist to prevent participants from directly causing the outcomes listed in paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g).

New paragraphs 15GI(2A)(b), 15GQ(2A)(b) and 15GV(2A)(b) clarify, for the avoidance of doubt, that a participant in a controlled operation dealing with, or facilitating a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person is not intended to be captured by subparagraphs 15GI(2)(g)(iii), 15GQ(2)(g)(iii) and 15GV(2)(g)(iii) respectively (which prohibit authorisation or variation of a controlled operation involving the commission of a sexual offence against any person).

With the proliferation of offences committed utilising technology (for example, possessing, transmitting, making available, or distributing child abuse material), clarity is required to confirm whether subparagraphs 15GI(2)(g)(iii), 15GQ(2)(g)(iii) and 15GV(2)(g)(iii) may allow the authorisation or variation of participants dealing with material of a sexual nature online for the purposes of a controlled operation targeting the arrest and prosecution of sex offenders.

These clarifying provisions seek to address this ambiguity and make clear that a participant in a controlled operation targeting the arrest and prosecution of sex offenders is able to deal with, or facilitate a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person for the purposes of a controlled operation without engaging the restrictions in subparagraphs 15GI(2)(g)(iii), 15GQ(2)(g)(iii) and 15GV(2)(g)(iii). For example, a controlled operation occurring online may involve an undercover law enforcement operative assuming the identity of a child sex offender, including dealing with child abuse material, for the purpose of gathering evidence to arrest and prosecute child sex offenders.

The phrase 'dealing with' is intended to have its broad ordinary meaning, and includes, but is not limited to, accessing, possessing, modifying and transmitting material.

The use of the word 'material' is intended to capture, but is not limited to, text, audio, or still and moving images. The phrase 'facilitating a person to deal with' is intended to capture conduct where a participant in a controlled operation is required to enable the actions of others for the purposes of the controlled operation. This may include, for example, a participant in a controlled operation administering or moderating an online forum in order to infiltrate a syndicate and collect evidence.

Dealing with material 'otherwise involving' a sexual offence against any person is intended to capture circumstances where the material itself may not depict a sexual offence occurring, however, the possession of the material could amount to a sexual offence.

The amendments to existing sections 15HA and 15HB are consequential and clarify that a participant may be protected from criminal responsibility and civil liability when engaging in controlled operations in relation to online child abuse syndicates, or other (including online) sexual abuse syndicates. As part of these operations, participants may be required to deal with, or facilitate a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person. These amendments make clear that a participant in a controlled operation targeting the arrest and prosecution of sex offenders is able to deal with, or facilitate a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person for the purposes of a controlled operation without engaging the restrictions in subparagraph 15HA(2)(d)(ii) and paragraph 15HB(d)(ii) (which exclude conduct that is likely to involve the commission of a sexual offence against any person).

Human rights implications

Schedules 1, 3 and 4 engage the following human rights and freedoms under the International Covenant on Civil and Political Rights (ICCPR):

•

protection against arbitrary or unlawful interference with privacy contained in Article 17

•

the right to a fair hearing contained in Article 14(1)

•

the right to life contained in Article 6.

Schedule 5 engages the right to protection from exploitation, violence and abuse as per article 20(2) of the ICCPR, article 19(1) of the Convention on the Rights of the Child (CRC) and article 16(1) of the Convention on the Rights of Persons with Disabilities (CRPD).

Schedule 2 of this Bill (transferring the CAC's statutory functions) does not engage any human rights.

Protection against arbitrary or unlawful interferences with privacy

The Bill engages the protection against arbitrary or unlawful interference with privacy contained in Article 17 of the ICCPR. Article 17 provides that no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation, and that everyone has the right to the protection of the law against such interference or attacks.

The protection against arbitrary or unlawful interference with privacy under Article 17 can be permissibly limited where the limitations are lawful and not arbitrary. The term 'unlawful' in Article 17 of the ICCPR means that no interference can take place except as authorised under domestic law. The term 'arbitrary' in Article 17(1) of the ICCPR means that any interference with privacy must be in accordance with the provisions, aims and objectives of the ICCPR and should be reasonable in the particular circumstances. The United Nations Human Rights Committee has interpreted reasonableness to mean that any limitation must be proportionate and necessary in the circumstances to achieve a legitimate objective.

While Schedules 1, 3 and 4 of the Bill limit the protection against arbitrary or unlawful interference with privacy, the limitations are reasonable, necessary and proportionate in achieving these legitimate objectives for the reasons set out below.

Schedule 1: Network activity warrants

SD Act and TIA Act

Amendments relating to network activity warrants in Schedule 1 may engage the protection against arbitrary or unlawful interference with privacy by creating a limited exception to the prohibition on the use, recording, communication or publication of protected network activity warrant information and network activity warrant intercept information.

The SD Act currently prohibits investigators from providing protected network activity warrant information to prosecutors, and prosecutors from giving or adducing this information in evidence in criminal proceedings. A similar prohibition exists in the TIA Act for network activity warrant intercept information. Schedule 1 amends this prohibition by permitting:

•

agencies and prosecutors to use, record and communicate this information for the purposes of complying with disclosure obligations, subject to ordinary public interest immunity processes

•

the defence to give or adduce this information in evidence to ensure a fair trial for the defendant

•

where the defence gives or adduces such information in evidence, the prosecution to give or adduce further protected network activity warrant information or network activity warrant intercept information to respond to the information given by the defendant.

The purpose of these amendments is to ensure that persons, including Commonwealth agencies and prosecutors, can meet their disclosure obligations, in line with the proper administration of justice, and to promote another key human right, namely, defendants' right to a fair trial under Article 14(1) of the ICCPR.

The amendments in Schedule 1 achieve these legitimate objectives in a manner that is proportionate, as they preserve the intelligence-only nature of network activity warrants and do not expand the situations where protected network activity warrant information or network activity warrant intercept information may be used or disclosed beyond what is necessary for the proper administration of justice. The amendments will only allow for the limited use and disclosure of protected network activity warrant information and network activity warrant intercept information where needed to ensure a fair trial and protect the proper administration of justice. The prohibition on using such information to secure a conviction against a defendant will remain, unless the defendant has, themselves, elected to lead such information in their defence and the prosecution wishes to lead further protected network activity warrant information or network activity warrant intercept information in response to the information led by the defendant.

As such, where the network activity warrant amendments in Schedule 1 limit the protection against arbitrary or unlawful interference with privacy in Article 17 of the ICCPR, the limitation is reasonable, necessary and proportionate in achieving these legitimate objectives.

Schedule 3: Development and testing authorisations

TIA Act

The amendments in Schedule 3 may engage the protection against arbitrary or unlawful interference with privacy as they would expand agencies' powers under developing and testing authorisations by permitting limited access to stored communications for the purposes of developing and testing technologies or interception capabilities.

Currently, section 31A of the TIA Act permits the Attorney-General to authorise the interception of communications passing over a telecommunications system (but not access to stored communications) for the purpose of developing or testing technologies and interception capabilities. Access to communications is essential for the purpose of developing and testing technologies and interception capabilities, to ensure that technologies and interception capabilities will operate as intended in live, investigative or operational environments, including as communications technology and systems change and evolve over time.

However, section 31A is not achieving its policy intent, namely, allowing agencies to undertake the development and testing of capabilities that are then used in an operational context, because of the technical way in which the definitions in the TIA Act operate. Some communications which are technically caught by the definition of 'stored communications' may become inextricably intermingled with live messages passing over the network, such as where stored communications are backed up to another server.

The amendments in Schedule 3 will resolve this technical issue by permitting the collection of stored communications in the limited circumstances where it is necessary to do so to undertake development and testing. It will therefore achieve the legitimate objective of ensuring agencies are able to undertake development and testing to stay ahead of advances in technology, and preserve their capacity to detect and prevent serious threats to Australia's security.

At present, the TIA Act generally permits agencies to access stored communications under warrant or another legal authority where interception has already been authorised.^[3] The amendments in the Bill will bring the authorisation framework for the testing and development of capabilities in line with these other provisions in the TIA Act that apply in operational contexts.

The amendments are proportionate in attaining this legitimate objective, as they maintain:

•

the strict controls in the TIA Act on information obtained under testing authorisations, including that they cannot be used for investigative or intelligence collection purposes

•

the separation of testing authorisation information from information used for investigative or intelligence purposes

•

the requirement to promptly destroy the material once it is no longer required.

While the amendments in Schedule 3 may limit the protection against arbitrary or unlawful interference with privacy in Article 17 of the ICCPR, this limitation is reasonable, necessary and proportionate in achieving a legitimate objective.

Schedule 4: International Production Orders

TIA Act

The amendments to the IPO framework may engage the protection against arbitrary or unlawful interference with privacy by allowing Australian law enforcement and national security agencies to receive prospective content information about individuals from prescribed communications providers in countries with which Australia has a designated international agreement under clause 3 of Schedule 1 to the TIA Act. As noted, this is currently only the Australia-US Data Access Agreement.

However, the Schedule and the Australia-US Data Access Agreement contain safeguards which ensure these interferences are proportionate and necessary to achieve the legitimate objective of combating serious crime. Interception IPOs can only be obtained for offences which carry a maximum penalty of 7 years or more, reserving the interference in privacy authorised by such orders for only the most serious categories of offending. IPOs must be independently issued by a judge or ART member, and in issuing an interception IPO, the Issuing Authority must consider how much the privacy of any person may be interfered by an interception IPO and the availability of alternative, less intrusive methods (for example, subclause 30(5)).

In addition to the safeguards in the Schedule, an interception IPO issued to a United States prescribed communications provider under the Australia-US Data Access Agreement must also meet specific conditions in the Agreement which safeguard the right to privacy, including:

•

an IPO must target specific accounts, minimising incidental collection of data for individuals unconnected to the offending (Article 4(5))

•

interception data may only be sought for a fixed, limited duration; shall not last longer than is reasonably necessary to accomplish the approved purposes of the Order; and shall be issued only if the same information could not reasonably be obtained by another less intrusive method. (Article 5(3)).

Further, the safeguards in the Schedule and Australia-US Data Agreement are independently overseen by both the issuing authority who issues the order, and the Australian Designated Authority^[4] which reviews the order for compliance with the Australia-US Data Access Agreement before sending it to the US prescribed communications provider.

While the amendments in Schedule 4 may limit the protection against arbitrary or unlawful interference with privacy in Article 17 of the ICCPR, this limitation is reasonable, necessary and proportionate in achieving the legitimate objective of combatting serious crime.

The right to a fair and public hearing

Article 14(1) of the ICCPR sets out the right to a fair and public hearing and requires that all persons are equal before courts and tribunals and that they have the right to a fair and public hearing before a competent, independent and impartial court or tribunal established by law. The right is concerned with procedural fairness and may be engaged by changes to the rules of evidence in courts or tribunals, or special procedures for witnesses to give evidence.

Schedule 1: Network activity warrants

SD Act

The amendments in Schedule 1 promote the right to a fair trial and public hearing in Article 14(1) of the ICCPR as they ensure that the Commonwealth can meet its disclosure obligations and disclose all information that is potentially relevant to the defendant. These disclosure obligations are an essential element of the proper administration of criminal justice and support the defendant's right to a fair trial.

They also permit the defendant to draw on the protected network activity warrant information or network activity warrant intercept information to make out their defence, while continuing to limit the ability to use such information to secure a conviction and preserving the intelligence-only purpose of the warrant. The ability of the prosecution to give NAW information once lead by the defendant also ensures a fair trial by ensuring that the Court is presented with all of the relevant evidence. In this way, the amendments further promote the defendant's right to a fair trial and promote the interests of justice.

The right to life

The right to life in Article 6 of the ICCPR places a positive obligation on states to protect individuals from unwarranted actions by private persons. The obligation to protect life requires the state to take preventative operational measures to protect individuals whose safety may be compromised in particular circumstances, such as by a terrorist act.

Schedule 4: International Production Orders

TIA Act

The amendments to the IPO framework promote the right to life by ensuring that law enforcement agencies can access prospective content data that is necessary for the investigation of serious criminal offences, which may pose a risk to public safety and human life. The ability of interception IPOs to allow the production of data close to real-time may protect life when used in urgent circumstances.

As such, the amendments promote the right to life.

The right to protection from exploitation, violence and abuse

Schedule 5: Controlled Operations

Crimes Act

Article 19(1) of the CRC provides that children should be protected from all forms of abuse, including sexual exploitation and sexual abuse. Article 34 provides that countries should take appropriate measures to prevent children from being exploited in prostitution or other lawful sexual practices; from being exploited in pornographic materials; and from being induced or coerced to engage in any unlawful sexual activity; Similarly, article 16(1) of the CRPD provides that all persons with disabilities should be protected from all forms of exploitation, violence and abuse.

Schedule 5 of the Bill promotes the right to protection from exploitation, violence and abuse. The amendments in Schedule 5 aim to provide greater clarity as to what an authorising officer, appropriate authorising officer or nominated Tribunal member must consider in authorising or varying a controlled operation. Controlled operations are often used to target, gather evidence on and arrest sex offenders involved in online child abuse syndicates. By providing greater clarity as to what an authorising officer, appropriate authorising officer or nominated Tribunal member must consider in authorising or varying a controlled operation, law enforcement authorities will be able to more confidently deploy controlled operations in online spaces. This will better enable law enforcement to identify and rescue victims of abuse, as well as gather evidence for the prosecution of serious offences (including sexual abuse offences). These amendments will ultimately result in the enhanced protection of children and persons—including persons with disabilities—from sexual abuse.

However, the Bill also limits the right to protection from exploitation, violence and abuse by permitting participants in controlled operations to deal with, or facilitate a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person (paragraphs 15GI(2A)(b), 15GQ(2A)(b), 15GV(2A)(b), and subsections 15HA(3) and 15HB(2)). These amending provisions reflect that, when a controlled operation occurs online, it may require an undercover law enforcement operative to assume the identity of a child sex offender for the purpose of infiltrating an online child abuse syndicate operating on a dark web site, where individuals are sharing, and in some instances creating, child sexual abuse material. As part of assuming this role the undercover operative may need to trade in child sexual abuse material to garner credibility as a child sex offender, and to progress their investigation with the aim of gathering evidence to prosecute child sex offenders. The amendments would ensure that an authorisation or variation could not be provided unless the authorising officer, appropriate authorising officer or nominated Tribunal member is satisfied as to the direct and reasonably foreseeable consequences of the unlawful conduct of participants in the controlled operation. For example, a controlled operation cannot authorise participants to create child abuse material by directly harming a child as this would involve the commission of a sexual offence against a person.

The right to protection from exploitation, violence and abuse can be limited when prescribed by law; in pursuit of a legitimate objective; and when the limitation is reasonable, necessary and proportionate. The limitation in this instance has a clear legal basis—this amending legislation—which will be publicly accessible. These amendments do not confer unfettered discretions. The authorising officer, appropriate authorising officer or nominated Tribunal member must be satisfied of a number of criteria before authorising or varying a controlled operation (for example, the conditions in subsection 15GI(2)). Further, the Office of the Commonwealth Ombudsman conducts independent oversight of the use of the controlled operations framework by law enforcement agencies, and reports on findings on compliance with the framework to the Minister for Home Affairs.

This limitation aims to achieve a legitimate objective: to infiltrate serious and organised crime, collect evidence, conduct prosecutions, and ultimately protect people from exploitation, violence and abuse. This is a pressing and substantial concern. The Australian Federal Police have reported that in the 2023-24 financial year, reports of online child exploitation to the Australian Centre to Counter Child Exploitation (ACCCE) increased by 45 per cent from the previous financial year. Since the inception of the ACCCE, reports of online child sexual exploitation to the ACCCE have nearly quadrupled, from 14,285 in the 2018-19 financial year, to more than 58,000 reports of online child sexual exploitation in the 2023-24 financial year. In June and July 2025, media reported that two men separately working in childcare industries in Victoria and New South Wales have been charged with a string of child sexual offences, including in relation to the production of material. The public reporting of the alleged conduct of these two men towards innocent children in their care has caused outrage from the public, as well as calls for urgent change. This type of offending is often uncovered by police through online investigations.

There is a rational connection between the limitation and the objective. The amendments clarify that a participant in a controlled operation targeting the arrest and prosecution of sex offenders is able to deal with, or facilitate a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person for the purposes of the controlled operation. As described above, this is necessary for an undercover law enforcement operative to conduct covert activity and infiltrate serious and organised crime – for example, a controlled operation occurring online may involve an undercover law enforcement operative assuming the identity of a child sex offender, including dealing with child abuse material, for the purpose of gathering evidence to arrest and prosecute child sex offenders. Without these amendments, ambiguity remains as to whether law enforcement can conduct critical controlled operations to collect evidence for prosecutions of serious offences, including child sexual abuse offences, thus reducing the efficacy of investigations and the likelihood of successful prosecutions.

The limitation is sufficiently precise, as the provisions have been drafted to only capture the intended conduct: the amendments only permit participants to deal with, or facilitate a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person for the purposes of a controlled operation. Further, amendments in new paragraphs 15GI(2A)(a), 15GQ(2A)(a) and 15GV(2A)(a) respectively provide that paragraphs 15GI(2)(g), 15GQ(2)(g) and 15GV(2)(g) require an authorising officer, appropriate authorising officer or nominated Tribunal member to be satisfied as to the direct and reasonably foreseeable consequences of the unlawful conduct of participants in the controlled operation. Direct consequence captures a consequence caused or produced by the unlawful conduct without intervening conduct or events and excludes merely minor influences on the consequence.

The limitation is reasonable, necessary and proportionate. For the reasons described above, the limitation is necessary—without the clarity that participants can deal with, or facilitate a person to deal with, material depicting, material describing or material otherwise involving a sexual offence against any person, it is ambiguous as to whether they can conduct any controlled operations in online child sexual abuse syndicates, or other online sexual abuse syndicates. By limiting the right in this way, it will ultimately lead to a reduction of exploitation, violence and abuse. Allowing controlled operations of this nature are essential to infiltrate child abuse syndicates; collect evidence; conduct prosecutions; and ultimately prevent the exploitation, violence and abuse towards children and other victims of sexual abuse. The amendments are reasonable and only go as far as is necessary to achieve the legitimate aim, by allowing only a specific category of conduct. The remainder of the controlled operations framework in Part IAB of the Crimes Act provides a thorough scheme for authorising and regulating controlled operations, and the entire scheme is subject to independent oversight by the Office of the Commonwealth Ombudsman. The amendments do not alter the safeguards that already exist to prevent participants from directly causing the outcomes listed in paragraphs 15GI(2)(g). 15GQ(2)(g) and 15GV(2)(g). For example, a controlled operation cannot authorise participants to create child abuse material by directly harming a child as this would involve the commission of a sexual offence against a person.

Conclusion

This Bill is compatible with human rights and promotes a number of human rights. To the extent that the Bill limits human rights, those limitations are reasonable, necessary and proportionate.