Oversight

73.122 A number of bodies have oversight of the interception and access of communications under the Telecommunications (Interception and Access) Act. As noted above, ASIO warrants are issued by the Attorney-General, and agency warrants are issued by a judge or a member of the AAT. The IGIS and the Commonwealth Ombudsman both have oversight roles in relation to interception and access of communications. Further, agencies that intercept and access communications under the Act also are subject to ministerial and parliamentary oversight.[144]

Inspector-General of Intelligence and Security

73.123 The IGIS is an independent statutory officer who is responsible for ensuring that Australian intelligence agencies, such as ASIO, conduct their activities legally, behave with propriety, comply with any directions and guidelines from the responsible minister, and have regard for human rights, including privacy.[145] The IGIS, therefore, has oversight of ASIO in relation to the interception and access of communications under the Telecommunications (Interception and Access) Act.

73.124 The IGIS has stated that because B-Party interception warrants involve a potential for greater privacy intrusion for persons who may not be involved in activities of legitimate concern, particular attention will be given to this type of warrant.[146]

73.125 The IGIS also has suggested that there may be a role for the IGIS in monitoring authorisations by ASIO officers to access prospective telecommunications data.[147] In DP 72, the ALRC noted that stakeholders had raised a range of issues relating to access to prospective telecommunications data, and asked whether the Telecommunications (Interception and Access) Amendment Bill 2007 (as it was then known) should be amended to provide that the IGIS monitor the use of powers by ASIO to obtain prospective telecommunications data.[148]

Submissions and consultations

73.126 A number of stakeholders supported such an amendment.[149] The AGD submitted that the IGIS already performs this function on an administrative basis in accordance with the terms of the Inspector-General of Intelligence and Security Act 1986 (Cth). The AGD also noted that the Telecommunications (Interception and Access) Act does not contain specific provisions relating to the IGIS inspecting ASIO’s telecommunications interception functions.[150]

ALRC’s view

73.127 A legislative amendment to provide that the IGIS monitor the use of powers by ASIO to obtain prospective telecommunications data is unnecessary because the IGIS already has the power to perform this function under the Inspector-General of Intelligence and Security Act. The IGIS, however, should incorporate into his or her regular inspection program oversight of the use of powers to obtain prospective telecommunications data by ASIO. The power to obtain access to prospective telecommunications has significant privacy implications and should be subject to stringent control and oversight.[151]

Commonwealth Ombudsman

73.128 The Commonwealth Ombudsman is an independent statutory office established by the Ombudsman Act 1976 (Cth). The Act provides that the Ombudsman is to investigate the administrative actions of Australian Government departments and prescribed authorities in response to complaints, or on the Ombudsman’s own motion.

73.129 The Commonwealth Ombudsman has oversight of law enforcement bodies, such as the Australian Federal Police, that access and intercept communications under the Telecommunications (Interception and Access) Act.[152] Further, the Commonwealth Ombudsman has specific powers under the Telecommunications (Interception and Access) Act to enter premises occupied by agencies, obtain relevant material, inspect records and prepare reports in relation to the interception of, or access to, communications.[153]

Submissions and consultations

73.130 The Law Council of Australia submitted that no equivalent to s 87 of the Telecommunications (Interception and Access) Act exists in relation to stored communication warrants. Section 87 provides, among other things, that the Ombudsman may require an officer of an agency to give information to the Ombudsman and to attend a specified place in order to answer questions relevant to the inspection of interception records; and where the Ombudsman does not know the officer’s identity, require the chief officer of an agency, or a person nominated by the chief officer, to answer questions relevant to the inspection.

ALRC’s view

73.131 The Ombudsman should have the same powers to inspect records and to compel the presence of officers to answer questions relevant to the inspection of records, regardless of whether the records relate to intercepted or stored communications. It is arguable that the Ombudsman would have the power to obtain this information under the general provisions of the Ombudsman Act 1976 (Cth). In the interest of clarity, however, the ALRC recommends that the same power under s 87 of the Telecommunications (Interception and Access) Act should apply in relation to stored communication warrants.

Recommendation 73-6 The Telecommunications (Interception and Access) Act 1979 (Cth) should be amended to provide expressly that where the Ombudsman has reason to believe that an officer of an agency is able to give information relevant to an inspection of the agency’s records relating to access to a stored communication, the Ombudsman may:

(a) require the officer to give the information to the Ombudsman and to attend a specified place in order to answer questions relevant to the inspection; and

(b) where the Ombudsman does not know the officer’s identity, require the chief officer, or a person nominated by the chief officer, to answer questions relevant to the inspection.

Public Interest Monitor

73.132 One issue for consideration is whether the interception of, and access to, communications under the Telecommunications (Interception and Access) Act requires additional oversight.One option, suggested by the OVPC,[154] was the establishment of a public interest monitor (PIM).

73.133 A PIM was established in Queensland under the Crime and Misconduct Act 2001 (Qld), and the Police Powers and Responsibilities Act 2000 (Qld). Under the Crime and Misconduct Act, the PIM monitors applications for, and the use of, surveillance warrants and covert search warrants.[155] Under the Police Powers and Responsibilities Act, the PIM monitors applications for, and the use of, surveillance device warrants, retrieval warrants and covert search warrants.[156]

73.134 The PIM’s primary role is to represent the public interest where law enforcement agencies seek approval to use search powers and surveillance devices that have the capacity to infringe the rights and civil liberties of citizens. The role is based on the public interest in ensuring that law enforcement agencies meet all legislative requirements, and that their proposed actions do not extend beyond the parameters laid down by the Queensland Parliament.

73.135 PIMs perform a variety of functions. For example, under the Crime and Misconduct Act, the PIM’s functions include: appearing at any hearing of an application to a Supreme Court judge or magistrate for a surveillance warrant or covert search warrant to test the appropriateness and validity of the application; monitoring the Queensland Crime and Misconduct Commission’s compliance with matters concerning applications for surveillance warrants and covert search warrants; gathering statistical information about the use and effectiveness of surveillance warrants and covert search warrants; and issuing an annual report.[157]

73.136 In DP 72, the ALRC expressed the preliminary view that there is adequate oversight of the interception and access of communications under the Telecommunications (Interception and Access) Act, butnoted that it was interested in stakeholder views on the need for a PIM. The ALRC asked whether the Telecommunications (Interception and Access) Act) should be amended to provide for the role of a public interest monitor, and if so, whether its role should include:

  • appearing at any application made by an agency for interception and access warrants under the Act;

  • testing the validity of warrant applications;

  • gathering statistical information about the use and effectiveness of warrants;

  • monitoring the retention or destruction of information obtained under a warrant;

  • providing to the IGIS, or other authority as appropriate, a report on non-compliance with the Act; or

  • reporting to the Australian Parliament on the use of interception and access warrants.[158]

Submissions and consultations

73.137 A number of stakeholders supported an amendment of the Telecommunications (Interception and Access) Act to provide for the role of a PIM.[159] The Law Council of Australia submitted that the current oversight mechanisms are directed at reviewing interception and access powers after they have been exercised. The Law Council argued that a PIM may bring a greater degree of scrutiny to bear on the grounds advanced for seeking a warrant and for claiming that it is a necessary and justified intrusion into the privacy of individuals.[160] One stakeholder submitted that if the Telecommunications (Interception and Access) Act is not amended to establish a PIM, it should be amended to require notification to individuals within 90 days of the cessation of the interception.[161]

73.138 Other stakeholders did not support the establishment of a PIM.[162] The Australian Federal Police submitted that a PIM is not required because the existing oversight requirements in the Act are adequate.[163] The AGD submitted that the introduction of a PIM at the application stage could raise questions about the integrity and independence of the warrant issuing authority, which could affect proceedings instituted at a later time. The AGD also noted that there is no prohibition on a PIM being involved in agencies’ investigations before an application for a warrant is made. This would need to be done on an agency-by-agency basis and before an application is put before an issuing authority.

Processes similar to this are used by a number of law enforcement agencies. For example, a member of a police force may consult the relevant Director of Public Prosecutions before making an application to an issuing authority. This consultation could include whether an application for a warrant is merited.[164]

73.139 The AGD submitted that it is responsible for obtaining and collating statistical information from the agencies that are able to apply for warrants under the Act; and that the relevant oversight body in each state and territory, and the Commonwealth Ombudsman, are responsible for monitoring and reporting on the compliance by agencies with the record keeping, reporting and destruction of information requirements of the Act.[165]

ALRC’s view

73.140 Many of the functions outlined in the question asked in DP 72 are currently exercised by existing bodies. The ALRC acknowledges, however, that these bodies review interception or access after it has taken place. The ALRC sees merit in having the public interest represented before the warrant is issued.

73.141 A PIM would ensure a greater degree of accountability, and would enhance the integrity and independence of the warrant-issuing process. This issue, however, should be the subject of further consultation. In Chapter 71, the ALRC recommends that the Australian Government initiate a review of telecommunications legislation, and that the review should consider whether the Telecommunications (Interception and Access) Act should be amended to provide for the role of a PIM.[166]

Office of the Privacy Commissioner

73.142 Stakeholders have submitted that the OPC should have a more visible and formally recognised role in the formation of policies affecting telecommunications and law enforcement.[167] The Australian Privacy Foundation has noted that the Privacy Commissioner has been excluded from the deliberations of the ACMA Law Enforcement Advisory Committee.[168]

73.143 The Law Enforcement Advisory Committee assists ACMA in performing its telecommunications functions as set out in s 8 of the Australian Communications and Media Authority Act 2005 (Cth), by providing advice and recommendations to ACMA on law enforcement and national security issues relating to telecommunications. The Committee meets on a quarterly basis and is made up of representatives from law enforcement and national security agencies, carriers and carriage service providers, the Department of Broadband, Communications and the Digital Economy (DBCDE), and the AGD. In DP 72, the ALRC proposed that the OPC should be a member of the ACMA Law Enforcement Advisory Committee.[169]

Submissions and consultations

73.144 A number of stakeholders supported the proposal.[170] For example, the OPC submitted that providing a formal role for the OPC on the ACMA Law Enforcement Advisory Committee would help to ensure that the privacy impact of policy proposals were given appropriate weight.[171]

73.145 ACMA submitted that it is currently reviewing the ongoing operation and membership of the Law Enforcement Advisory Committee, and is considering comments received on this issue.[172] The AGD submitted that membership of the Law Enforcement Advisory Committee is a matter for ACMA.[173] One stakeholder opposed the proposal.[174]

ALRC’s view

73.146 The OPC currently has the capacity to be involved in reviews of the Telecommunications (Interception and Access) Act. In the ALRC’s view, however, the OPC should have a more formal role in relation to law enforcement issues relating to telecommunications.

73.147 The OPC should be a member of the ACMA Law Enforcement Advisory Committee. Membership on this Committee would complement the OPC’s legislative scrutiny function.[175] It also would complement the power recommended in Chapter 47 to allow the Privacy Commissioner to direct an agency to carry out a privacy impact assessment in relation to a new project or development that the Privacy Commissioner considers may have a significant impact on the handling of personal information.[176]

Recommendation 73-7 The Australian Communications and Media Authority should add the Office of the Privacy Commissioner as a member of the Law Enforcement Advisory Committee.

State and territory oversight

73.148 One stakeholder submitted that the ALRC should consider the oversight of access to stored communications by state and territory agencies. She noted that stored communication warrants can be issued by state or territory magistrates, and that the provisions concerning disclosure, use and reporting do not appear to be enforceable by the Commonwealth, or subject to any oversight by state or territory ministers or parliaments. She noted that this issue does not arise in relation to interceptedinformation because there is a requirement that the states and territories enact complementary interception legislation.[177]

73.149 This issue was considered by the Senate Legal and Constitutional Affairs Committee Inquiry into the provisions of the Telecommunications (Interception) Amendment Bill 2006. The Committee recommended that, consistent with the existing arrangements for telecommunications interception, immediate action should be taken to ensure the enforceability of the stored communications provisions on state and territory agencies by requiring complementary legislation to be enacted as a precondition to being granted the powers of an enforcement agency under the stored communications regime.[178]

73.150 In its response to the recommendation, the Australian Government stated that the oversight mechanisms in the Act are adequate for the proper operation of the Act, and it did not accept that complementary state or territory legislation should be a pre-condition for access to stored communications. The Government accepted that there should be further consideration of this recommendation following a reasonable operational timeframe of the stored communications regime.[179]

73.151 It is essential that the Australian Government has the ability to enforce the obligations on state and territory agencies prescribed in the Telecommunications (Interception and Access) Act relating to accessing stored communications. In the ALRC’s view, complementary state or territory legislation relating to access to stored communications should be considered as part of the review of telecommunications legislation recommended in Chapter 71.

[144] For further discussion of these accountability mechanisms see Chs 34 and 37.

[145] For a detailed discussion of the Inspector General of Intelligence and Security see Ch 34.

[146]Parliament of Australia—Senate Legal and Constitutional Legislation Committee, Provisions of the Telecommunications (Interception) Amendment Bill 2006 (2006), [4.17].

[147] Parliament of Australia—Senate Legal and Constitutional Affairs Committee, Telecommunications (Interception and Access) Amendment Bill 2007 (2007), [3.66].

[148] Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Question 63–2(d).

[149]Australian Privacy Foundation, Submission PR 553, 2 January 2008; Law Council of Australia, Submission PR 527, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Office of the Victorian Privacy Commissioner, Submission PR 493, 19 December 2007; I Graham, Submission PR 427, 9 December 2007.

[150]Australian Government Attorney-General’s Department, Submission PR 546, 24 December 2007.

[151] The Senate Legal and Constitutional Affairs Committee inquiry into the provisions of the Telecommunications (Interception and Access) Amendment Bill 2007 made a similar recommendation: Parliament of Australia—Senate Legal and Constitutional Affairs Committee, Telecommunications (Interception and Access) Amendment Bill 2007 (2007), rec 3.

[152] See, eg, Ombudsman Act 1976 (Cth) ss 5–7.

[153]Telecommunications (Interception and Access) Act 1979 (Cth) pt 2.7, pt 3.5 div 2.

[154]Office of the Victorian Privacy Commissioner, Submission PR 217, 28 February 2007 referring to Office of the Victorian Privacy Commissioner, Submission to the Australian Government Attorney-General’s Department’s Review of the Regulation of Access to Communications, May 2005.

[155]Crime and Misconduct Act 2001 (Qld) s 324(1).

[156]Police Powers and Responsibility Act 2000 (Qld) s 740(1).

[157]Crime and Misconduct Act 2001 (Qld) ss 11, 122(1)(b), 149(b), 326–328. See also Police Powers and Responsibility Act 2000 (Qld) ss 212, 220, 335, 357, 740–745.

[158]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Question 64–5.

[159]Australian Privacy Foundation, Submission PR 553, 2 January 2008; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Office of the Victorian Privacy Commissioner, Submission PR 493, 19 December 2007; S Hawkins, Submission PR 382, 6 December 2007.

[160]Law Council of Australia, Submission PR 527, 21 December 2007. The Law Council emphasised that if a PIM were to be involved in the application process, this would not relieve the judicial officer or AAT member from having to satisfy himself or herself personally, based on the evidence presented, of each of the matters set out in the legislation.

[161]I Graham, Submission PR 427, 9 December 2007.

[162]Confidential, Submission PR 488, 19 December 2007; AAPT Ltd, Submission PR 338, 7 November 2007.

[163]Australian Federal Police, Submission PR 545, 24 December 2007.

[164]Australian Government Attorney-General’s Department, Submission PR 546, 24 December 2007.

[165]Ibid.

[166] See Rec 71–2.

[167] Australian Mobile Telecommunications Association, Submission PR 154, 30 January 2007.

[168] Australian Privacy Foundation, Submission PR 167, 2 February 2007.

[169]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 64–4.

[170]Australian Bankers’ Association Inc, Submission PR 567, 11 February 2008; Australian Privacy Foundation, Submission PR 553, 2 January 2008; Australian Federal Police, Submission PR 545, 24 December 2007; Suncorp-Metway Ltd, Submission PR 525, 21 December 2007; National Legal Aid, Submission PR 521, 21 December 2007; Office of the Victorian Privacy Commissioner, Submission PR 493, 19 December 2007; Law Society of New South Wales, Submission PR 443, 10 December 2007; I Graham, Submission PR 427, 9 December 2007.

[171]Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[172]Australian Communications and Media Authority, Submission PR 522, 21 December 2007. See also Optus, Submission PR 532, 21 December 2007.

[173]Australian Government Attorney-General’s Department, Submission PR 546, 24 December 2007.

[174]AAPT Ltd, Submission PR 338, 7 November 2007.

[175]Privacy Act 1988 (Cth) s 27.

[176] Rec 47–4.

[177]I Graham, Submission PR 427, 9 December 2007.

[178]Parliament of Australia—Senate Legal and Constitutional Legislation Committee, Provisions of the Telecommunications (Interception) Amendment Bill 2006 (2006), [3.67], rec 6.

[179] Australian Government Response to Australia—Senate Legal and Constitutional Legislation Committee Provisions of the Telecommunications (Interception) Amendment Bill 2006 (2006), 4.