Intelligence and Surveillance

Overview

• Intelligence gathering and surveillance powers in Australia are regulated by a complex network of federal legislation, primarily centred around the Telecommunications Act 1997 (Cth), Telecommunications (Interception and Access) Act 1979 (Cth) and the Surveillance Devices Act 2004 (Cth). State and territory laws complement the federal statutory framework.
• The Intelligence Services Act 2001 (Cth) provides the legislative basis for the work of Australian Secret Intelligence Service, Australian Geospatial-Intelligence Organisation and Australian Signals Directorate.
• Controversial laws permitting access to encrypted data by law enforcement and security agencies were introduced in 2018 (commonly referred to as the Access and Assistance Act 2018) and are the subject of ongoing debate and independent review.

Background

Surveillance devices and warrants

• Advances in technology may lead to difficulties in warrant categorisation, creating gaps in the application of the existing legislative framework:
  • Adam Molnar, 'Technology, Law, and the Formation of (il)Liberal Democracy?' (2017) 15(3/4) Surveillance and Society
  • Plenty v Dillon [1991] HCA 5
• Surveillance powers have long raised concerns over the encroachment of civil liberties:
  • Knowles v Australian Information Commissioner [2018] FCA 1212
  • Minister for Immigration and Citizenship v Islam and Another (No 2) [2010] FCA 1418
  • Re Land v Minister for Foreign Affairs [2011] AATA 279
  • George Williams, 'The Legal Assault on Australian Democracy' (2016) 16(2) QUT Law Review 19
• Surveillance powers intersect with other secrecy provisions in Australian law. See, for example:
  • Crimes Act 1914 (Cth)
  • Criminal Code (Cth) - Part 5.6
  • Australian Border Force Act 2015 (Cth)

Assistance and Access Act 2018

• In December 2018, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (known as the Assistance and Access Act 2018) was introduced to amend the Telecommunications Act 1997 (Cth) to improve the capability of national law enforcement and intelligence agencies to access encrypted material of intelligence value.
• The objectives of the amendments were to: (a) improve the technical capabilities of national law enforcement and intelligence agencies to access information relevant to their investigatory responsibilities; and (b) make 'designated communication providers' (DCPs) cooperate with these agencies when the latter request access to information and communications (e.g. by building and implementing the functionality required for the agencies to spy on suspects).
• The Assistance and Access Act 2018 made significant changes to the Telecommunications Act 1997 (Cth), with consequential amendments to the Telecommunications (Interception and Access) Act 1979 (Cth), Surveillance Devices Act 2004 (Cth), Crimes Act 1914 (Cth), Criminal Code Act 1995 (Cth), Mutual Assistance in Criminal Matters Act 1987 (Cth), Customs Act 1901 (Cth), Independent National Security Legislation Monitor Act 2010 (Cth), Australian Security Intelligence Organisation Act 1979 (Cth) and others.
  • Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Cth) - Explanatory Memoranda, Second Reading Speech, Bill Amendments, Committee Reports, etc
  • Department of Home Affairs - Assistance and Access Act 2018
• The amendments generated significant controversy, in part because they go beyond providing access to encrypted communication. Note s 64A, which can be used to compel a specified person to assist in providing access to encrypted communication. Such people include “a person who is or was a system administrator for the system including the computer or device”. See:
  • 'The Assistance and Access Act 2018: The Crypto Wars' Final Act for 2018', Herbert Smith Freehills (11 December 2018)
  • 'Controversial encryption legislation passed', Allens Linklaters (10 December 2018)
  • Luke Dailey and Peter Knight, 'Draft Home Affairs Bill vastly overreaches its stated purposes and is susceptible to abuse: Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Cth)' (2018) 15(8) Privacy Law Bulletin 134
• Labor has introduced proposed amendments to the changes made by the Access and Assistance Act 2018 via the Telecommunications Amendment (Repairing Assistance and Access) Bill 2019 (Cth).
• See Independent National Security Legislation Monitor's Review of Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 and other matters (9 July 2020)

Legal Framework

Intelligence Services Act 2001 (Cth)

• The Intelligence Services Act 2001 (Cth) provides the legislative basis for the work of Australian Secret Intelligence Service, Australian Geospatial-Intelligence Organisation and Australian Signals Directorate.

Surveillance Devices Act 2004 (Cth)

• The objectives of the Surveillance Devices Act 2004 (Cth) are:
  • to enable law enforcement officers to use surveillance devices after obtaining relevant warrants, emergency authorisations and tracking device authorisations for surveillance activity that concerns criminal investigations or the location and retrieval of children;
  • to place limits on the use, communication and publication of information received through surveillance devices; and
  • to ensure that records can be securely used and destroyed, and that reports can be made concerning the surveillance device operations.
• Part 2 of the Act regulates the issue of warrants (both surveillance and retrieval), including who can issue a warrant (a nominated Administrative Appeals Tribunal member or a judge), the grounds to consider before issuing a warrant, scope of authorised conduct under the warrant and extensions/revocations of the warrant.
  • Part 2 Div 4 regulates the application and issue of computer access warrants. Notably, if a foreign nation requests access to data held in a computer, the Attorney-General may authorise a law enforcement officer to apply for a computer warrant relating to an investigation of an offence against a foreign nation's laws.
• Part 3 of the Act regulates emergency authorisations for the use of a surveillance device without a warrant in 3 circumstances:
  • serious risks to a person or property;
  • urgent circumstances relating to a recovery order;
  • where there is a risk of loss of evidence.
• Part 4 of the Act regulates the use of certain surveillance devices without a warrant in limited circumstances, such as optical surveillance devices, listening/recording devices and tracking devices.
• Part 5 of the Act regulates the extraterritorial operation of warrants, including how evidence can be obtained via foreign computer access and later used in court.
• Part 6 of the Act regulates the use of information obtained via a surveillance device by criminalising the use or publication of such protected information. Exemptions exist for the use of such information for 'integrity operations' (i.e. controlled internal testing for unlawful conduct by public officials).
  • Note: The Privacy Act 1988 (Cth) places no restrictions on the collection, retention and sharing of data as long as the overall action being performed is congruent with a 'law enforcement purpose'.
• See Surveillance Devices Bill 2004 (Cth) - Explanatory Memorandum

Surveillance laws: States and territories

• Surveillance Devices Act 2007 (NSW)
• Workplace Surveillance Act 2005 (NSW)
• Invasion of Privacy Act 1971 (Qld)
• Surveillance Devices Act 2016 (SA)
• Listening Devices Act 1991 (Tas)
• Listening Devices Act 1992 (ACT)
• Workplace Privacy Act 2011 (ACT)
• Surveillance Devices Act 2007 (NT)
• Surveillance Devices Act 1999 (Vic)
• Surveillance Devices Act 1998 (WA)

Telecommunications Act 1997 (Cth)

• Part 15 of the Telecommunications Act 1997 (Cth) establishes an industry assistance regime, which equips national law enforcement or intelligence agencies with 3 tools:
  • Technical Assistance Requests (TARs), under which relevant national security and law enforcement agencies may request voluntary assistance from “designated communications providers” (i.e. telecommunications service providers, software and app providers, device manufacturers and others).
  • Technical Assistance Notices (TANs), which are issued by relevant agency heads and compel a designated communications provider to provide assistance if its current capabilities allow it to do so. TANs cannot require a designated communications provider to build a capability or functionality that it does not already possess.
  • Technical Capability Notices (TCNs), which are issued by the Attorney-General to compel assistance from designated communications providers. A recipient of a TCN may be required to build a capability or functionality to provide the assistance.
• Part 15 Div 6 contains offences and penalties for the unauthorised disclosure of information involving or having been obtained via a technical assistance request or notice.
• Part 15 Div 7 sets out limitations to the industry assistance regime which prevent a technical assistance request or notice obligating a provider to implement or construct a 'systemic weakness' or 'systemic vulnerability' into a type of electronic protection, or to stop providers from fixing same.
  • See Parliamentary Joint Committee on Intelligence and Security - Review of the Telecommunications and Other Legislation Amendment (Access and Assistance) Bill 2018 - Transcript (19 October 2018)

Telecommunications (Interception and Access) Act 1979 (Cth)

• The Telecommunications (Interception and Access) Act 1979 (Cth) provides a legislative framework that criminalises the interception and accessing of telecommunications.
• The Act also prescribes exceptions that enable law enforcement, anti-corruption and national security agencies (e.g. ASIO) to apply for warrants to intercept or access stored communications when investigating serious crimes and threats to national security. The warrant regime provides these agencies with lawful access to telecommunications content.
• Law enforcement and security agencies can request reasonable assistance, including decryption and technical assistance, to access data within the cloud, or the metadata associated with access to the cloud. These obligations may be incompatible with service provider efforts to secure the cloud with strong encryption systems that are specifically designed to protect against interception and access. Some cloud service providers may be the subject of warrants for access to information directly, including search warrants of premises owned and operated by cloud providers.
• Chapter 2 regulates the interception of 'live' communications that pass over a telecommunications system, which includes telephone and internet communications.
• Chapter 3 regulates the interception of communications stored within the apparatus of a telecommunications provider (e.g. email, text and voicemail).
• Part 5-1A requires telecommunications and internet service providers to retain and encrypt telecommunications data for a period of two years for the purposes of access by national security authorities, criminal law-enforcement agencies and enforcement agencies.
  • Telecommunications data retained under this Part 5-1A is 'personal information' for the purposes of the Privacy Act 1988 (Cth).
  • Privacy Commissioner v Telstra Corporation Limited [2017] FCAFC 4.
  • 'Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014', Bills Digest No 89, 2014-15

Australian Security Intelligence Organisation Act 1979 (Cth)

• Part 3 Div 2 Subdiv J of the Australian Security Intelligence Organisation Act 1979 (Cth) empowers ASIO to request persons provide assistance to access data. Specifically, ASIO can apply to the Attorney-General in a wide range of circumstances to require a person to unlock a device where that person knows the authentication protocol. The Act provides civil immunity to persons who voluntarily assist ASIO, while imposing penalties for non-compliance.

Mutual Assistance in Criminal Matters Act 1987 (Cth)

• The Mutual Assistance in Criminal Matters Act 1987 (Cth) contains Australia's mutual legal assistance system, which facilitates government-to-government assistance in criminal investigations and prosecutions.
• See Attorney-General's Department - Mutual Assistance
• See Australia's bilateral mutual legal assistance treaties (November 2019)

Regulatory & Policy Framework

Relevant Organisations

• Australian Federal Police
• Australian Criminal Intelligence Commission
• Department of Home Affairs
  • Department of Home Affairs - Access and Assistance Act 2018 plus resources
• Australian Border Force
• Australian Security Intelligence Organisation
• Australian Secret Intelligence Service
• Australian Signals Directorate
• Office of National Intelligence

Inquiries & Consultations

• Independent National Security Legislation Monitor's Review of Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 and other matters (9 July 2020)

Industry Materials

• Niloufer Selvadurai, Nazzal Kisswani and Yaser Khalaileh, 'The proportionality principle in telecommunications interception and access law in an environment of heightened security and technological convergence' (2016) 25(3) Information and Communications Technology Law 229
• Serious Invasions of Privacy in the Digital Era - Final Report' (ALRC Report No 123), Australian Law Reform Commission (June 2014)
• 'Australia’s controversial Assistance & Access Act: Review by Independent Monitor completed', Holding Redlich (28 July 2020)

Related Topics

• Counter-Terrorism
• Espionage, Sabotage and Foreign Interference
• Foreign Influence and Election Security
• Security of Critical Infrastructure
• Telecommunications