The federal government committed to reforming these laws earlier this year after a review into Australia’s intelligence community found comprehensive legislative changes were required, specifically in repealing existing powers and combining them to avoid duplication, contradictory definitions, and any further ad hoc amendments to existing laws.
“In short, we conclude that the legislative framework governing electronic surveillance in Australia is no longer fit for purpose,” the review said.
The review said that problems with the framework have accumulated after 40 years of continued amendments.
The laws in question enable agencies to use electronic or technical means, that would normally be unlawful, to covertly listen to a person’s conversations, access a person’s electronic data, observe certain aspects of a person’s behaviour, and track a person’s movements for the purposes of preventing serious crimes and security threats.
Read more: Australia’s tangle of electronic surveillance laws needs unravelling
The federal government’s initial work, coming in the form of a discussion paper [PDF], has set out the guiding principles for how it will approach making these electronic surveillance law reforms.
Among these principles is that the reforms will look to develop a new single Act that better protects information and data, and ensures that law enforcement agencies have the appropriate powers to investigate serious crimes and security threats.
Currently, there are three different sets of laws focusing on electronic surveillance, with the Surveillance Devices Act (SD Act) being enacted 15 years ago, the ASIO Act and Telecommunications (Interception and Access) Act being 40 years old, and the foundations of the surveillance framework dating back to decisions made in 1949.
In the discussion paper, Home Affairs said it envisions the new Act will “harmonise the existing warrant framework” to provide more consistent safeguards on the authorisation and use of electronic surveillance powers. Under the current framework, some powers such as accessing stored communications need separate warrants while other powers such as accessing telecommunications data can be authorised internally.
“Despite the overlap between powers and their similar levels of intrusiveness, they are not subject to a consistent approach in terms of thresholds, purposes, safeguards, or accountability,” Home Affairs said.
According to the discussion paper, the reforms will also look to modernise and streamline the laws by updating key concepts and clearly identifying the agencies that can seek access to this information, while balancing that with ensuring the laws are clear, transparent, and usable.
The concepts and definitions that government will reconsider range from the definition of communications, to the distinction between content and non-content information, to the kinds of providers that hold relevant information and data, and the kinds of information that may be obtained through surveillance and tracking devices.
It noted that the current definition of communications, which primarily focuses on conversations and messages, does not appropriately represent modern-day communications.
“There is now a wider range of information and data passing over the telecommunications network, such as machine-to-machine signals between servers, routers, and modems that enable the network to route communications to their intended destination,” Home Affairs wrote in the discussion paper.
“Whether something is a communication therefore has significant consequences for whether that information is protected. As a result, there may be gaps in the limits, controls, and safeguards that apply to this information, even where it is passing over the telecommunications network.”
The discussion paper also confirmed that government would follow the review’s recommendation to not add more judicial oversight to these powers as part of the reforms. Instead, Home Affairs outlined that it would like for only the Inspector-General of Intelligence and Security and the Commonwealth Ombudsman to continue overseeing the use of electronic surveillance by law enforcement agencies.
As part of the discussion paper’s release, Home Affairs will also be seeking consultation about the reforms. It will be accepting submissions to the discussion paper until mid-February next year.
Last week, the Commonwealth Ombudsman published its report [PDF] to Home Affairs on the extent to which law enforcement agencies have complied with the SD Act. In the report, the Ombudsman found that South Australian Police had no process for destroying records as required by the SD Act. The state police agency said it would prioritise implementing a destruction regime.
The Ombudsman also found the Australian Federal Police (AFP) failed to destroy protected information for over a month after they were authorised for destruction four times. There was also one instance where the AFP took five months to destroy a piece of protected information.
The AFP also disclosed two instances where it collected data outside of a warrant provided under the SD Act. One of those instances entailed the AFP collecting 12 files from a device despite the warrant for collecting information from that device having already expired.
The Commonwealth Ombudsman also revealed it found three instances of the Australian Criminal Intelligence Commission (ACIC) not destroying protected information as soon as practicable as required by the Act, eight instances where the agency did not destroy protected information within five years, and several instances where the ACIC certified protected information for retention after it had already been certified for destruction.
Related Coverage
Home Affairs launches new principles for critical technology supply chain securityHome Affairs believes technological capability not there yet for cryptocurrency travel ruleFederal government refreshes digital transformation strategy and expands cyber hub trialTelcos to get expanded scam-blocking powers through telecommunications law amendment