Skip to main content
Skip to secondary navigation
Menu
Australian Government - Office of the Australian Information Commissioner - Home

Exposure Draft of the Telecommunications (Interception and Access) Amendment Bill 2007; Submission to the Australian Attorney-General''s Department (February 2007)

Submission to the Australian Attorney-Generals Department February 20071. Office of the Privacy Commissioner The Office of the Privacy Commissioner (the Office) is an independent statutory body whose purpose is to promote and protect privacy in Australia. The Office, established under the Privacy Act 1988 (Cth), has responsibilities for...

pdfExposure Draft of the Telecommunications (Interception and Access) Amendment Bill 2007; Submission to the Australian Attorney-General’s Department (February 2007)

Submission to the Australian Attorney-General's Department

February 2007

1. Office of the Privacy Commissioner

The Office of the Privacy Commissioner (the Office) is an independent statutory body whose purpose is to promote and protect privacy in Australia. The Office, established under the Privacy Act 1988 (Cth), has responsibilities for the protection of individuals' personal information that is handled by Australian and ACT government agencies, and personal information held by all large private sector organisations, health service providers and some small businesses. The Office also has responsibilities under the Privacy Act in relation to credit worthiness information held by credit reporting agencies and credit providers, and personal tax file numbers used by individuals and organisations.

2. Background

The Office welcomes the opportunity to comment on the exposure draft of the Telecommunications (Interception and Access) Amendment Bill 2007 (Cth) (the proposed Amendment Bill). In June 2005 the Office made a submission to the Review of the Regulation of Access to Communications under the Telecommunications (Interception) Act 19792 conducted by Mr Anthony S Blunn AO (the Blunn Review).3 In that submission1 the Office addressed the terms of reference of the Blunn Review and referred to a number of prior submissions it had made in relation to the telecommunications sector. Each of these previous submissions is available on the Office's website.5

The proposed Amendment Bill is the second stage of the Australian Government's legislative program to implement the recommendations from the Blunn Review.

This submission addresses Schedules 1 and 2 of the proposed Amendment Bill.

3. The proposed Amendment Bill

One of the key recommendations of the Blunn Review was that interception activity of law enforcement agencies and civil enforcement bodies should be consolidated under one legislative regime. Currently these provisions are spread between the Telecommunications (Interception and Access) Act 1979 (Cth)(the Interception Act) and Part 13 of the Telecommunication Act 1997 (Cth) (the Telecommunications Act).

The primary objectives of the Interception Act and Part 13 of the Telecommunications Act are to protect the privacy of individuals who use the Australian telecommunications system. In general, people expect their private conversations and call data information to be free from intrusion by government and commercial interests. This expectation is limited where there are prevailing interests of national security and law enforcement relating to serious criminal offences.

The Interception Act makes it an offence to intercept communications passing over the telecommunications system, while also specifying the circumstances and conditions by which it is permissible for law enforcement agencies and the Australian Security Intelligence Organisation (ASIO) to intercept communications.

The Telecommunications Act prohibits the disclosure or use of individual's information by carriers, carriage service providers, number-database operators, emergency call persons, and their respective associates. The Telecommunications Act also specifies a number of exceptions which permit criminal law enforcement agencies, ASIO, civil penalty-enforcement agencies and other bodies to receive information about individuals on the basis of an authorisation by the relevant agency.

3.1 Sections 282(1) and 282(2) of the Telecommunications Act

The Blunn Review recommended that the provisions in subsections 282(1) and 282(2) of the Telecommunications Act be revised and clarified.

The proposed Amendment Bill proposes that these sections be repealed in their current form and replaced with provisions that provide for exceptions to the prohibition on use and disclosure of information to be subject to receiving authorisation from the law enforcement agency or similar body.

The Office is generally supportive of the proposal to repeal sections 282(1) and 282(2) and replace them with provisions that include improved authorisation requirements.

3.2 Voluntary disclosures6 to ASIO, criminal law- enforcement bodies, civil penalty-enforcement bodies and public revenue bodies

The Blunn Review stated that subsections 282(1) and 282(2) of the Telecommunications Act were intended to allow voluntary disclosures when an employee of a carrier in the course of employment came across information which is clearly relevant to the enforcement of the criminal law but the information had not been requested by a law enforcement agency.

With the repealing of those subsections, new provisions have been incorporated in the proposed Amendment Bill specifically dealing with 'Voluntary Disclosure'. Generally, these provisions do not prohibit the voluntary disclosure of information or a document to criminal law enforcement bodies and civil penalty-enforcement bodies if the disclosure is reasonably necessary for the enforcement of the relevant law.

The Office notes that the voluntary disclosure provisions set out in Divisions 3 - 5 (ss 174, 177 and 181) do not make clear what carriers' responsibilities are in relation to information that they discover and suspect should be referred to a law enforcement agency. In their current format, these sections may cause confusion and the possibility that carriers will make unauthorised disclosures to law enforcement agencies. For example, in some cases it may be difficult for carriers to differentiate between the content of the communication and call data. In these cases there is a risk that content will be disclosed.

While the Office supports the distinction in these provisions between content and call data there may be merit in making these aspects of the legislation clearer. This issue is discussed further in 3.3 below.

The Office would also welcome positive obligations being placed on law enforcement agencies to destroy irrelevant material containing personal information collected under these provisions together with information which is no longer needed and to do so in a timely manner.

3.3 Definitions in the proposed Amendment Bill

Call data

The Blunn Review observed that under the Telecommunications Act 'call data' may be accessed for security and law enforcement purposes subject to authorisation noting that 'content or substance' information is not to be disclosed.7

This position will continue to apply under the stated exceptions in the proposed Amendment Bill. They permit the disclosure of information or a document (but not the contents or substance of a communication) to ASIO, criminal law-enforcement bodies, civil penalty-enforcement bodies and public revenue bodies subject to there being an authorisation in force.8

However, the Office is mindful that the distinctions between information or a document and contents or substance may be difficult to discern in some cases. Given that the prohibitions against disclosure in these provisions attract a serious penalty there is merit in further clarifying, or giving examples in the Bill, as to what might be considered "information or a document" as opposed to "contents or substance of a communication".

3.4 Secondary disclosure/ use offence

Clause 184 in Schedule 1 of the proposed Amendment Bill creates an offence if a person who receives a disclosure of information or a document discloses or uses the data subject to the operation of certain categories of exempt disclosures and exempt uses.

The Office supports this provision as it is consistent with good privacy practice for secondary uses or disclosures of personal information to be strictly regulated.

3.5 Authorisations for access to prospective information

The protection of privacy often requires balancing competing interests and assessing the proportionality of the privacy impacts of a proposal in relation to the issue that is being tackled.

The Office supports the requirement in clause 180(4) Schedule 1 of the proposed Amendment Bill that requires certifying officers of criminal law-enforcement bodies to have regard to how much the privacy of any person or persons would be likely to be interfered with by the disclosure.

The Office submits that there is merit in providing practical guidance to certifying officers to enable them to discharge the obligation stated in clause 180(4). Such guidance could take the form of a Note to the Bill or detail in the explanatory memorandum. For example it could be suggested that certifying officers should consider the proportion of 'innocent' third parties whose personal information is to be collected incidentally when only information of a much smaller number of person or persons is required. Additionally, it could be suggested that a check list be prepared which requires the certifying officer to be satisfied that the enforcement agency or body has appropriate procedures or protocols in place to deal with issues such as: the handling of irrelevant information; preventing secondary uses and disclosures; data security; and the timely destruction of records.

3.6 Consultation with the Office of the Privacy Commissioner

Clause 187

Clause 187 Schedule 1 of the proposed Amendment Bill provides that the Communications Access Coordinator must consult the Australian Communications and Media Authority (ACMA) and the Privacy Commissioner before making a determination under the provision. This provision largely replicates subsections 282(7) and 282(8) of the Telecommunications Act.

The Office supports the requirement in the Bill that the Co-coordinator must consult the Office. It is noted that any current determinations made by ACMA (and its predecessor) will not be subject to transitionary provisions and that the Office will be consulted when the new determinations are to be made.

Clause 192 (Interception capability)

Clause 192(4) Schedule 1 of the proposed Amendment Bill provides that the Minister must consult certain bodies prior to making a determination in relation to interception capabilities and (at 192(5)) may consult 'such other persons as the Minister thinks appropriate'. The Office supports the inclusion of the Privacy Commissioner in this consultation process.

3.7 Interception capability - matters to be taken into account

Clause 192(7) Schedule 1 of the proposed Amendment Bill provides that the Minister must take into account the privacy of the users of Telecommunications systems.

The Office supports these requirements and suggests the inclusion of a note to the clause, or in the explanatory memorandum, which provides guidance about how privacy will be taken account of in this circumstance. For example by including a prohibition on secondary uses or disclosures. (The office notes that the prohibition on secondary uses and disclosures in clause 184 Schedule 1 does not apply here).

3.8 Destruction of records

Clause 15 Schedule 2 of the proposed Amendment Bill requires the destruction of records that were obtained in the course of developing or testing technologies or interception. The Office supports the provision.

3.9 Privacy Commissioner's monitoring role

The Office notes that the Commissioner has the function under section 309 of the Telecommunications Act to monitor:

  • Whether a record made under section 306 sets out a statement of the grounds for disclosure
  • Whether that statement is covered by Division 3 (which deals with exceptions).

While there are some amendments proposed to the provision in the proposed Amendment Bill, the Office notes that the Commissioner's monitoring functions under section 306 are not affected in substance.

3.10 Review of Interception Act

The Office's submission to the Blunn Review in 2005 referred to previous recommendations it had made in relation to legislative review and recommended that the operation of the Interception Act should be subject to overall independent review including key stakeholder and public consultation at least every five years. The Office reiterates this view.

Key Recommendations

The Office makes the following key recommendations for improvements to the proposed Amendment Bill:

  • The voluntary disclosure provisions could be made clearer in relation to content and call data to reduce the risk of carriers committing inadvertent breaches
  • There is merit in defining call data, or giving examples in the proposed Amendment Bill as to what might be considered 'information or document' as opposed to 'contents or substance of a communication'
  • Further guidance be provided where the privacy of telecommunications users needs to be taken into account when making decisions
  • That the operation of the Interception Act should be subject to overall independent review including key stakeholder and public consultation at least every five years.