Legal database - View: Extrinsic Materials: Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 - Explanatory Memorandum

View full document Previous section | Next section

House of Representatives

Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018

Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018

Explanatory Memorandum

(Circulated by authority of the Minister for Home Affairs, the Honourable Peter Dutton MP)

General Outline

1. The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Bill) will amend the Telecommunications Act 1997 (Telecommunications Act), the Telecommunications (Interception and Access) Act 1979 (TIA Act), and related legislation, including the Surveillance Devices Act 2004 (SD Act), the Crimes Act 1914 (Crimes Act), the Mutual Assistance in Criminal Matters Act 1987 (MACMA), the Australian Security Intelligence Organisation Act 1979 (ASIO Act) and the Customs Act 1901 (Customs Act), to introduce measures to better deal with the challenges posed by ubiquitous encryption.

2. Encryption underpins modern information and communications technology. By encoding a message or information so that only authorised parties can access it, encryption protects personal, commercial and government information and promotes confidence in a secure cyberspace. Encryption technologies provide economic benefits by enabling Australians to confidently engage in activities such as online banking and shopping.

3. However, the use of encrypted technologies by terrorists and criminals presents an increasing challenge for law enforcement and national security agencies. Secure, encrypted communications are increasingly being used by terrorist groups and organised criminals to avoid detection and disruption. Over 90% of telecommunications information being lawfully intercepted by the Australian Federal Police now uses some form of encryption. Malicious actors increasingly communicate through secure messaging applications, social media and Voice over Internet Protocol (VoIP) services.

4. The increasing use of encryption has significantly degraded law enforcement and intelligence agencies' ability to access communications and collect intelligence, conduct investigations into organised crime, terrorism, smuggling, sexual exploitation of children and other crimes, and detect intrusions into Australian computer networks. Encryption can conceal the content of communications and data held on devices, as well as the identity of users.

5. Encryption is a global issue, with major technology providers headquartered overseas and communications travelling across national boundaries. Adapting to the challenges of encryption requires international cooperation.

6. National security and law enforcement agencies already work cooperatively with industry and other partners in relation to a range of telecommunications interception matters. The Bill will enhance cooperation by introducing a new framework for industry assistance, including new powers to secure assistance from key companies in the communications supply chain both within and outside Australia (Schedule 1). It will also strengthen agencies' ability to adapt to a digital environment characterised by encryption by enhancing agencies' collection capabilities such as computer access (Schedules 2, 3, 4 and 5).

7. The computer access powers in Schedules 2 to 5 will enable domestic law enforcement agencies to better assist international law enforcement partners by undertaking these powers on behalf of those partners where approved through Australia's mutual assistance framework. These powers recognise the fact that computers, communications and encryption are now global and perpetrators of crimes and terrorist acts have a global reach through these mediums. This will be based on the principle of reciprocity - that Australia will work with those who work with Australia - and any other conditions the Attorney-General deems appropriate.

8. Schedule 1 introduces a new, graduated approach to industry assistance. The communications industry is in a unique position to assist law enforcement and security agencies in dealing with the challenges posed by encryption. Communications services, software and devices are commonly supplied or operated by entities outside Australia and people frequently communicate across international boundaries. Many people, services and products facilitate the provision of communications and services. For example, the operators of telecommunications networks and application services and the manufacturers of communications devices are supported by entities that enable connectivity across platforms, including cyber security providers and the developers of underlying operating systems. The Bill will enhance cooperation between those providers involved in the communications supply chain and national security and law enforcement agencies. The measures in Schedule 1 will:

•: provide a legal basis on which a designated communications provider, including foreign and domestic communications providers and device manufacturers, can provide voluntary assistance under a 'technical assistance request' to the Australian Security Intelligence Organisation (ASIO), Australian Secret Intelligence Service (ASIS), Australian Signals Directorate (ASD) and interception agencies in the performance of their functions relating to Australia's national interests, the safeguarding of national security and the enforcement of the law
•: allow the Director-General of Security or the head of an interception agency to issue a 'technical assistance notice' , requiring a designated communications provider to provide assistance that the decision maker is satisfied is reasonable, proportionate, practicable and technically feasible, and
•: allow the Attorney-General to issue a 'technical capability notice' , requiring a designated communications provider to do acts or things to ensure the provider is capable of giving help to ASIO and interception agencies where the Attorney-General is satisfied that it is reasonable, proportionate, practicable and technically feasible. The Attorney-General must consult with the affected provider prior to issuing a notice, and may also determine procedures and arrangements relating to requests for technical capability notices.

9. The measures provide financial compensation for assisting agencies, appropriate enforcement mechanisms and immunities from civil liability and specific criminal offences. The Bill maintains the default position that providers assisting government should not absorb the cost of that assistance nor be subject to civil suit for things done in accordance with requests from government.

10. The framework introduced by the Bill operates alongside the existing obligation on domestic carriers and carriage service providers to provide 'such help as is reasonably necessary' to agencies under section 313 of the Telecommunications Act. It will apply to a broader range of providers than are presently captured by that provision, and will allow national security and law enforcement agencies and the Attorney-General to specify what assistance or capability is required, in consultation with industry.

11. The Bill clearly provides that technical assistance notices and technical capability notices must not require providers to implement or build systemic weaknesses in forms of electronic protection ('backdoors') nor can they prevent providers from fixing an identified weakness or vulnerability. Additionally, the powers in Schedule 1 do not alter a provider's data retention obligations or require a provider to build or retain interception capabilities. These will remain subject to separate, existing legislative arrangements. Access to personal information like telecommunications intercept material, telecommunications content and telecommunications data will continue to require a warrant or authorisation pursuant to existing law.

12. Schedule 2 provides an additional power for Commonwealth, State and Territory law enforcement agencies investigating a federal offence punishable by a maximum of three years imprisonment or more, to obtain covert computer access warrants under the SD Act, similar to those already available to ASIO. The provisions have been aligned with those in the ASIO Act. The schedule also provides for a number of new powers for law enforcement agencies and amendments to the ASIO Act designed to address a range of operational challenges associated with the use of existing computer access powers, including by:

•: enabling the interception of communications for the purpose of executing a computer access warrant, removing the need to obtain a second warrant for that purpose
•: permitting the temporary removal of a computer or thing from a premises (for example, to a vehicle or nearby premises that has more sophisticated equipment to enable access to the computer), for the purpose of executing a warrant, and to return the computer or thing, and
•: enabling agencies to take steps to conceal its access to a computer, following the expiry of the warrant, to address situations where an agency no longer has access to the computer at the time the warrant expires.

13. The offshore storage of information and offshore location of many service providers, makes Australia's mutual assistance framework critical in enabling Australian and foreign authorities access to information to inform investigations and provide admissible evidence for criminal proceedings. Via that framework, foreign authorities will be able to make a request to the Attorney-General to authorise an eligible domestic law enforcement officer to apply for, and execute, a computer access warrant for the purposes of obtaining evidence to assist in a foreign investigation or investigative proceeding. Broadly speaking, this improves the ability of Australian and foreign authorities to work cooperatively, as required, to investigate crimes and acts of terrorism given the international nature of many of these offences.

14. The Bill also updates provisions in the TIA Act which allow security agencies to test their capabilities so that all necessary testing can occur, either independently or with the assistance of a carrier.

15. Schedule 3 will amend the search warrant framework under the Crimes Act to enhance the ability of criminal law enforcement agencies to collect evidence from electronic devices under warrant.

16. The Crimes Act currently allows overt search warrants, which must be made available to the person in relation to a premises, to be issued allowing searches of computers. The amendments in the Bill will allow law enforcement agencies to collect evidence from electronic devices under warrant remotely. That accords with forensic best practice. Law enforcement agencies will be able to execute a warrant in relation to premises or a person without having to be at the premises or in the presence of the person.

17. The Bill also increases the penalties for not complying with orders from a judicial officer requiring assistance in accessing electronic devices where a warrant is in force. The penalty under the Crimes Act will increase from a maximum of two years imprisonment to a maximum five years imprisonment for a 'simple' offence, and up to 10 years imprisonment for contravention of a new 'aggravated' offence (where there is non-compliance with an order related to an investigation into a serious crime). There must be reasonable grounds for suspecting that evidential material is held in, or is accessible from, the computer or data storage device. The current penalty is of insufficient gravity to incentivise compliance with the assistance obligation. The new thresholds represent the maximum penalty that may be imposed and courts retain the discretion to impose a lower penalty in appropriate circumstances.

18. The amendments will also increase the time period during which an electronic device found while executing a warrant can be moved to another place for analysis from 14 days to 30 days to account for the complexity of analysing data in modern electronic communications systems.

19. Schedule 4 will amend the search warrant framework under the Customs Act to enhance the ability of the Australian Border Force (ABF) to collect evidence from electronic devices under warrant in person or remotely. The amendments will provide the ABF with a new power to request a search warrant to be issued in respect of a person for the purposes of seizing a computer or data storage device under the Customs Act.

20. The Bill also increases the penalties for not complying with orders from a judicial officer requiring assistance in accessing electronic devices where a warrant is in force. Penalties for not complying with an order will increase from a maximum six months imprisonment to a maximum five years imprisonment for a 'simple' offence, and up to 10 years imprisonment for an 'aggravated' offence where there is non-compliance with an order related to an investigation into a serious crime. There must be reasonable grounds for suspecting that evidential material is held in, or is accessible from, the computer or data storage device. The current penalty is of insufficient gravity to incentivise compliance with the assistance obligation. The new thresholds represent the maximum penalty that may be imposed and courts retain the discretion to impose a lower penalty in appropriate circumstances.

21. The amendments will also increase the timeframes for the examination of electronic devices moved under a warrant from 72 hours to 30 days to account for the complexity of analysing data in modern electronic communications systems.

22. Schedule 5 provides that, subject to certain limitations, a person or body is not subject to civil liability where they:

•: voluntarily provide assistance to ASIO in accordance with a request made by the Director-General, or
•: give information or produce a document to ASIO unsolicited (i.e. without a request) if the person or body reasonably believes that it is likely to assist ASIO in the performance of its functions.

23. This Schedule will also enable ASIO to require a person with knowledge of a computer or a computer system to provide assistance that is reasonable and necessary to ASIO in order to gain access to data on a device that is subject to an ASIO warrant. This amendment is an extension of the amendments made in Schedule 3 and 4 which increases the penalties for not complying with orders requiring assistance in accessing electronic devices under the Crimes Act.

Abbreviations

The following abbreviations will be incorporated throughout this explanatory memorandum:

•: Administrative Appeals Tribunal (AAT)
•: Administrative Decisions (Judicial Review) Act 1977 (ADJR Act)
•: Australian Border Force (ABF)
•: Australian Federal Police (AFP)
•: Australian Geospatial Organisation (AGO)
•: Australian Signals Directorate (ASD)
•: Australian Security Intelligence Organisation (ASIO)
•: Australian Security Intelligence Organisation Act 1979 (ASIO Act)
•: Australian Secret Intelligence Service (ASIS)
•: Criminal Code Act 1995 (Criminal Code)
•: Crimes Act 1914 (Crimes Act)
•: Customs Act 1901 (Customs Act)
•: Inspector-General of Intelligence and Security Act 1986 (IGIS Act)
•: Intelligence Services Act 2001 (IS Act)
•: Mutual Assistance in Criminal Matters Act 1987 (MACMA)
•: Regulatory Powers (Standard Provisions) Act 2014 (Regulatory Powers Act)
•: Surveillance Devices Act 2004 (SD Act)
•: Telecommunications Act 1997 (Telecommunications Act)
•: Telecommunications (Interception and Access) Act 1979 (TIA Act)
•: Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2017 (Bill)
•: Voice over Internet Protocol (VoIP)

Financial Impact

24. Financial impacts will be met from existing appropriations.

View full documentBack to top

Individuals online services

Business online services

Agents online services

Non-residents online services

Foreign Investor

General Outline

Abbreviations

Financial Impact

Tools

Tax information for

Help and support