Intelligence and Surveillance

Overview

  • Intelligence gathering and surveillance powers in Australia are regulated by a complex network of federal legislation, primarily centred around the Telecommunications Act 1997 (Cth), Telecommunications (Interception and Access) Act 1979 (Cth) and the Surveillance Devices Act 2004 (Cth). State and territory laws complement the federal statutory framework.
  • The Intelligence Services Act 2001 (Cth) provides the legislative basis for the work of Australian Secret Intelligence Service, Australian Geospatial-Intelligence Organisation and Australian Signals Directorate.
  • Controversial laws permitting access to encrypted data by law enforcement and security agencies were introduced in 2018 (commonly referred to as the Access and Assistance Act 2018) and are the subject of ongoing debate and independent review.

Background

Surveillance devices and warrants

Assistance and Access Act 2018

Intelligence Services Act 2001 (Cth)

  • The Intelligence Services Act 2001 (Cth) provides the legislative basis for the work of Australian Secret Intelligence Service, Australian Geospatial-Intelligence Organisation and Australian Signals Directorate.

Surveillance Devices Act 2004 (Cth)

  • The objectives of the Surveillance Devices Act 2004 (Cth) are:
    • to enable law enforcement officers to use surveillance devices after obtaining relevant warrants, emergency authorisations and tracking device authorisations for surveillance activity that concerns criminal investigations or the location and retrieval of children;
    • to place limits on the use, communication and publication of information received through surveillance devices; and
    • to ensure that records can be securely used and destroyed, and that reports can be made concerning the surveillance device operations.
  • Part 2 of the Act regulates the issue of warrants (both surveillance and retrieval), including who can issue a warrant (a nominated Administrative Appeals Tribunal member or a judge), the grounds to consider before issuing a warrant, scope of authorised conduct under the warrant and extensions/revocations of the warrant.
    • Part 2 Div 4 regulates the application and issue of computer access warrants. Notably, if a foreign nation requests access to data held in a computer, the Attorney-General may authorise a law enforcement officer to apply for a computer warrant relating to an investigation of an offence against a foreign nation's laws.
  • Part 3 of the Act regulates emergency authorisations for the use of a surveillance device without a warrant in 3 circumstances:
    • serious risks to a person or property;
    • urgent circumstances relating to a recovery order;
    • where there is a risk of loss of evidence.
  • Part 4 of the Act regulates the use of certain surveillance devices without a warrant in limited circumstances, such as optical surveillance devices, listening/recording devices and tracking devices.
  • Part 5 of the Act regulates the extraterritorial operation of warrants, including how evidence can be obtained via foreign computer access and later used in court.
  • Part 6 of the Act regulates the use of information obtained via a surveillance device by criminalising the use or publication of such protected information. Exemptions exist for the use of such information for 'integrity operations' (i.e. controlled internal testing for unlawful conduct by public officials).
    • Note: The Privacy Act 1988 (Cth) places no restrictions on the collection, retention and sharing of data as long as the overall action being performed is congruent with a 'law enforcement purpose'.
  • See Surveillance Devices Bill 2004 (Cth) - Explanatory Memorandum

Surveillance laws: States and territories

Telecommunications Act 1997 (Cth)

  • Part 15 of the Telecommunications Act 1997 (Cth) establishes an industry assistance regime, which equips national law enforcement or intelligence agencies with 3 tools:
    • Technical Assistance Requests (TARs), under which relevant national security and law enforcement agencies may request voluntary assistance from “designated communications providers” (i.e. telecommunications service providers, software and app providers, device manufacturers and others).
    • Technical Assistance Notices (TANs), which are issued by relevant agency heads and compel a designated communications provider to provide assistance if its current capabilities allow it to do so. TANs cannot require a designated communications provider to build a capability or functionality that it does not already possess.
    • Technical Capability Notices (TCNs), which are issued by the Attorney-General to compel assistance from designated communications providers. A recipient of a TCN may be required to build a capability or functionality to provide the assistance.
  • Part 15 Div 6 contains offences and penalties for the unauthorised disclosure of information involving or having been obtained via a technical assistance request or notice.
  • Part 15 Div 7 sets out limitations to the industry assistance regime which prevent a technical assistance request or notice obligating a provider to implement or construct a 'systemic weakness' or 'systemic vulnerability' into a type of electronic protection, or to stop providers from fixing same.

Telecommunications (Interception and Access) Act 1979 (Cth)

  • The Telecommunications (Interception and Access) Act 1979 (Cth) provides a legislative framework that criminalises the interception and accessing of telecommunications.
  • The Act also prescribes exceptions that enable law enforcement, anti-corruption and national security agencies (e.g. ASIO) to apply for warrants to intercept or access stored communications when investigating serious crimes and threats to national security. The warrant regime provides these agencies with lawful access to telecommunications content.
  • Law enforcement and security agencies can request reasonable assistance, including decryption and technical assistance, to access data within the cloud, or the metadata associated with access to the cloud. These obligations may be incompatible with service provider efforts to secure the cloud with strong encryption systems that are specifically designed to protect against interception and access. Some cloud service providers may be the subject of warrants for access to information directly, including search warrants of premises owned and operated by cloud providers.
  • Chapter 2 regulates the interception of 'live' communications that pass over a telecommunications system, which includes telephone and internet communications.
  • Chapter 3 regulates the interception of communications stored within the apparatus of a telecommunications provider (e.g. email, text and voicemail).
  • Part 5-1A requires telecommunications and internet service providers to retain and encrypt telecommunications data for a period of two years for the purposes of access by national security authorities, criminal law-enforcement agencies and enforcement agencies.

Australian Security Intelligence Organisation Act 1979 (Cth)

  • Part 3 Div 2 Subdiv J of the Australian Security Intelligence Organisation Act 1979 (Cth) empowers ASIO to request persons provide assistance to access data. Specifically, ASIO can apply to the Attorney-General in a wide range of circumstances to require a person to unlock a device where that person knows the authentication protocol. The Act provides civil immunity to persons who voluntarily assist ASIO, while imposing penalties for non-compliance.

Mutual Assistance in Criminal Matters Act 1987 (Cth)

Regulatory & Policy Framework

Relevant Organisations

Inquiries & Consultations

Industry Materials

This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding AustLII Communities? Send feedback
This website is using cookies. More info. That's Fine