On 14 August 2018, the Department of Home Affairs introduced to Parliament the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (“the Bill”). The Bill has three (3) main mechanisms by which it aims to increase access to telecommunication devices:
- Increasing the obligations on communication providers to assist with law enforcement agencies;
- Introducing covert computer access warrants enabling law enforcement to search computers and electronic devices without an individual’s knowledge; and
- Increasing the powers of law enforcement to use and apply the currently available search and seizure warrants.
Part 1: Obligations to Provide Information
The Bill establishes three forms of requests that ASIO, ASIS, ASD or another Interception Agency can make for assistance:
- A Technical Assistance Request (“TAR”);
- A Technical Assistance Notice (“TAN”); and
- A Technical Capability Notice (“TCN”).
While a TAR is described as a request for ‘voluntary’ information, a TAN and TCN contain compliance requirements.
What information can be requested?
Any information that is in relation to:
- Enforcing the criminal law and laws imposing pecuniary penalties; or
- Assisting the enforcement of the criminal laws in force in a foreign country; or
- Protecting the public revenue; or
- Safeguarding national security.
Who can be issued with these requests?
- A Carrier or Carriage Service Provider (“CSP”); or
- A Designated Communications Provider (“DCP”).
A DCP extends to anyone who provides a service that facilitates or is ancillary or incidental to the provision of an electronic service that has one or more end-users in Australia, irrespective of where they base their corporation, services or manufacturing.
CSP’s and DCP’s are required to comply with the request for assistance, to the extent they are capable of doing so. Anyone who aids, induces or conspires to effect a contravention of compliance is subject to a civil penalty.
The Bill establishes an offence, subject to a penalty of imprisonment of up to 5 years. The offence applies to specified persons including: a DCP; employees, contracted service providers or employees of contracted service providers of a DCP; an entrusted ASIO, ASIS or ASD person; an officer of an inception agency, an officer of the Commonwealth or a State or Territory; or an arbitrator under the Act. It is an offence for these aforementioned persons to disclose, information which:
- Forms part of a TAN, TCN or TAR; or
- Is obtained in accordance with a TAN, TCN or TAR;
if the person came into possession of this in their capacity as a specified person outlined above.
There are exceptions for authorised disclosure.
Limitations and Safeguards
In issuing a request, the decision maker must consider whether it is “reasonable, proportionate, practicable and technically feasible” to do so.
Part 2: Covert Computer Access Warrants
The Bill provides that law enforcement officers may apply for a computer access warrant (“CAW”) if they suspect, on reasonable grounds, that:
- One or more relevant offences have been, are being, are about to be or are likely to be committed; and
- An investigation is being, will be or is likely to be conducted; and
- Access to data held in a target computer is necessary for the purpose of enabling evidence to be obtained of the commission of the offence or the identity or location of offenders.
A CAW may authorise:
- The entering of specified premises for the purposes of doing the things mentioned below in 2 to 8;
- Entering any premise for the purposes of gaining entry to, or exiting the specified premises;
- Using the target computer, or a telecommunications facility operated by a Commonwealth or a carrier, or any other electronic equipment or a data storage device; for the purposes of obtaining the relevant data from the target computer;
- If necessary; adding, copying, deleting or altering data;
- Using any other computer or communication in transit to access the relevant data;
- Remove a computer or other thing from the premises;
- Intercepting communications; or
- Any other thing reasonably incidental to the above.
A CAW may not authorise:
- The deletion or alteration of data likely to materially interfere with or obstruct a communication in transit or the lawful use by other persons of a computer; or
- The causing of material loss or damage to other persons lawfully using a computer.
In certain circumstances, a CAW can operate extraterritorially and allow access to data held in a foreign country or a vessel or aircraft beyond Australian territory.
If a foreign country requests access to data held in a computer, the Commonwealth Attorney-General can authorise an eligible law enforcement officer to apply for a CAW, if the authorisation relates to an investigation relating to a criminal offence against the law of the requesting country.
Limitations and Safeguards
A CAW may only be issued by a judge or AAT member who must consider:
- The nature and gravity of the offence;
- The likely evidentiary or intelligence value of any evidence that might be obtained;
- Any previous warrant sought;
- The extent to which the privacy of any person is likely to be affected; and
- The existence of any alternative means of obtaining the evidence or information.
Part 3: Increased Power to use Currently Available Warrants
The increased powers under the Crimes Act 2014 (Cth)
The Act currently authorises search warrants to search computers. The amendments will allow such warrants to be executed remotely and will increase the time frames for searching from 14 to 30 days.
The Act also enables an Assistance Order to be issued, requiring the owner of a device (such as a smartphone) to provide access. At present, a person who fails to comply is liable imprisonment for a maximum period of 2 years. The amendments will increase the penalty to 5 years or 10 years for a serious crime.
The increased powers under the Customs Act 1901 (Cth):
The Act currently authorises search warrants in relation to premises and the amendment will extend this to persons for the limited purpose of seizing a computer of device. These warrants will be able to be executed remotely and timeframes allowed for searching of electronic devices will increase from 72 hours to 30 days.
The Act also enables an Assistance Order to be issued, requiring the owner of a device (such as a smartphone) to provide access. At present, a person who fails to comply is liable imprisonment for a maximum period of 6 months. The amendments will increase the penalty to 5 years or 10 years for a serious crime.
The increased powers of ASIO
The Bill also increases the power of ASIO. ASIO can now request the Attorney-General make an order requiring a specified person to provide information or assistance to access, copy and convert data in certain circumstances. The Bill establishes an offence for anyone subject to such an order, who is capable of complying, omits to do an act and such omission contravenes the order. The penalty for contravention is imprisonment for 5 years, 300 penalty units or both.
Please note that the above does not constitute legal advice and Irish Bentley Lawyers make no representations or warranties as to the accuracy of any of the information contained herein. If you have an e-commerce issue, then please do not hesitate to contact the team at Irish Bentley Lawyers – there is no substitute for proper legal advice based on your individual and unique circumstances.