17.08.2010
73.46 The Telecommunications (Interception and Access) Act makes it an offence to record, use or disclose intercepted information, stored communication information, or information about an interception or stored communication warrant, except in certain circumstances.[67] As noted above, the use and disclosure of personal information by an agency pursuant to the Telecommunications (Interception and Access) Act is a use or disclosure that is ‘required or authorised by or under law’ under IPPs 10 and 11. Further, a telecommunications service provider that discloses personal information to ASIO or a law enforcement agency in a way that is authorised under the Telecommunications (Interception and Access) Act will not be in breach of NPP 2.[68]
Performance of person’s duties
73.47 Under ss 63B(1) and 135(3) of the Telecommunications (Interception and Access) Act,an employee of a carrier may communicate or make use of lawfully intercepted or accessed information or information that has been obtained by accessing a stored communication in the performance of his or her duties.[69] In DP 72, the ALRC noted that the scope of the exceptions under ss 63B(1) and 135(3) is unclear. The ALRC asked whether the provisions should be amended to clarify when an employee of a carrier may communicate or make use of lawfully intercepted or accessed information in the performance of his or her duties.[70]
Submissions and consultations
73.48 The Office of the Privacy Commissioner (OPC) submitted that ss 63B(1) and 135(3) should be aligned with the ‘Use and Disclosure’ principle so that the use or disclosure of personal information for a purpose other than the primary purpose of collection (the secondary purpose) would be permitted if:
the secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection; and
the individual would reasonably expect the agency or organisation to use or disclose the information for a secondary purpose.[71]
73.49 One stakeholder submitted that ss 63B(1) and 135(3) should be amended to confine its scope to where disclosure is necessary to permit an intercepted or accessed communication to be transmitted to the intended recipient of the communication.[72]
73.50 Telstra submitted that ss 63B and 135 should not be confined, as they are necessary for the supply of a number of telecommunications services.[73] Telstra also submitted that the provisions should be amended to cover contractors of a carrier as well as employees, because in reality many functions of a carrier are performed by contractors.[74]
ALRC’s view
73.51 The ALRC does not make any recommendation to modify the scope of ss 63B(1) and 135(3) of the Telecommunications (Interception and Access) Act. The ALRC considered confining the scope of the provisions to certain duties of an employee or contractor. In the ALRC’s view, however, this option would be unworkable in a complex and changing telecommunications environment. The ALRC also considered aligning the exception with the ‘Use and Disclosure’ principle under the model UPPs. The ALRC is concerned, however, that confining the scope of the exception in this way may have unforeseen consequences and accepts Telstra’s view that it may prevent the provision of telecommunications services.
73.52 The ALRC sees merit in amending the exceptions under ss 63B and 135 of the Act to cover contractors of a carrier as well as employees. In the ALRC’s view, this issue requires further consultation and should be considered in the review of telecommunications legislation recommended in Chapter 71.[75]
Business needs of other carriers or service providers
73.53 Under ss 63B(2) and 135(4) of the Telecommunications (Interception and Access) Act, intercepted and accessed information may be communicated to another carrier (which may include a carriage service provider)[76] if:
the communication of the information is for the purpose of the carrying on by the other carrier of its business relating to the supply of services by means of a telecommunications network; and
the information relates to the supply of services by the other carrier by means of a telecommunications network.
73.54 Sections 291 and 302 of the Telecommunications Act provide for a similar exception in relation to the use and disclosure of information or documents obtained during the supply of telecommunications services.[77]
73.55 The Australian Communications and Media Authority (ACMA) has noted that s 135(4) of the Telecommunications (Interception and Access) Act is significantly broader than s 291 of the Telecommunications Act.[78] In ACMA’s view, s 135(4) may be used by carriers and carriage service providers to disclose to each other personal information in stored communications that could not have been disclosed under the Telecommunications Act. In DP 72, the ALRC asked how ss 63B(2) and 135(4) of the Telecommunications (Interception and Access) Act) should be clarified.[79]
Submissions and consultations
73.56 One stakeholder submitted that ss 63B(2) and 135(4) should be amended to limit disclosure to when it is necessary to enable an intercepted or accessed communication to be transmitted to the intended recipient of the communication.[80]
73.57 The OPC argued that ss 63B(2) and 135(4) should be aligned with the ‘Use and Disclosure’ principle so that the use or disclosure of personal information for a purpose other than the primary purpose of collection (the secondary purpose) would be permitted if:
the secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection; and
the individual would reasonably expect the agency or organisation to use or disclose the information for a secondary purpose.[81]
73.58 The AGD submitted that ss 63B(2) and 135(4) were introduced to enable information to be used or communicated between telecommunications service providers that are operating on the same network to enable the communication of information from products that travel over different networks. The AGD’s understanding is that these are the only purposes for which these provisions are utilised.[82]
73.59 Telstra submitted that the provisions should not be confined as they are necessary for a number of purposes, including the supply of services such as spam filtering and virus checking to customers, and for fault diagnosis and rectification of reported faults.[83]
ALRC’s view
73.60 The ALRC does not make any recommendation to modify the scope of ss 63B(2) and 135(4) of the Telecommunications (Interception and Access) Act. The ALRC considered aligning these provisions with the ‘Use and Disclosure’ principle under the model UPPs. The ALRC also considered confining these provisions to permit an employee of a carrier to communicate to another carrier intercepted or accessed information in the same circumstances as permitted under s 291 of the Telecommunications Act. The ALRC is concerned, however, about any unforeseen consequences of such amendments, including the prevention of the seamless interconnection between carriers and carriage service providers.
B-Party warrants
73.61 The Senate Legal and Constitutional Affairs Committee Inquiry into the Telecommunications (Interception) Amendment Bill 2006 heard a substantial number of concerns relating to the interception of B-Party communications.[84] The Committee noted that a principal problem with the B-Party warrant is the potential for collecting a great deal of information which may be incidental to, or not associated with, the investigation for which the warrant was issued.
As Senator Ludwig noted, ‘it is not only the B-Party but also the C, D E and F parties who may at some point end up talking to B and, therefore, being captured’. The result is that potentially not just one, but a great many non-suspects to be caught in the B-Party warrant process.[85]
73.62 The Committee recommended that the Bill be amended to:
provide that certain material obtained under a B-Party warrant will be exempted from use under the legislation, including communications between solicitor and client; clergy and devotee; doctor and patient; and communications by the innocent person with any person other than the person of interest to the law enforcement agency; and
introduce defined limits on the use and derivative use of material collected by a B-Party warrant.[86]
73.63 The Australian Government did not accept these recommendations. It considered that it is impractical and inappropriate to require an assessment of whether communications may attract legal professional privilege.[87] The Government also noted that material collected by a B-Party warrant is subject to the same rules as other warrants under Part 2.6 of the Telecommunications (Interception and Access) Act, and that the derivative use of information is restricted to circumstances where the intercepted information appears to relate to the commission of a serious offence which should be investigated by another agency.[88] Further, the communication of intercepted information by intercepting agencies is subject to the oversight of the Commonwealth Ombudsman and state equivalents.[89]
73.64 In DP 72, the ALRC noted with concern the potential to collect large amounts of information about non-suspect persons under B-Party warrants compared with other types of warrants. The ALRC asked whether further restrictions should apply to the use and disclosure of information obtained under a B-Party interception warrant under the Telecommunications (Interception and Access) Act.[90]
Submissions and consultations
73.65 The OPC submitted that there should be tighter restrictions on the use and disclosure of material collected under a B-Party warrant, including prohibitions on the use or disclosure of intercepted material for any purpose other than the purpose stated in the warrant. It submitted also that there should be enforceable, audited requirements that any intercepted material outside the scope of the purpose stated in the warrant should be destroyed immediately.[91]
73.66 The Law Council of Australia submitted that innocent third parties should not be subject to covert surveillance and recommended that the provisions relating to B-Party warrants be repealed. The Law Council submitted, however, that under the current arrangements:
Except in cases of emergency or imminent threat, there should be a clear prohibition on the use or disclosure of any information derived from intercepting a communication between the B-Party and a person other than the suspect. Although such a prohibition may deny agencies the benefits of valuable information unexpectedly obtained using a B-Party warrant, it is a necessary safeguard against the misuse of personal information.[92]
73.67 The Law Council also recommended that the Telecommunications (Interception and Access) Act should impose strict procedures for identifying and protecting otherwise privileged communications which may be obtained—for example, by intercepting communications between doctor and patient and a lawyer and client.[93]
73.68 Other stakeholders submitted that the provisions regulating the use and disclosure of information obtained under a B-Party warrants were sufficient.[94]The AGD submitted that there are currently stringent controls on the use and disclosure of intercepted information under the Telecommunications (Interception and Access) Act, and that these controls apply equally to all interception warrants, including B-Party warrants.[95]
ALRC’s view
73.69 The ALRC is concerned about the potential to collect, use and disclose a large amount of information about non-suspect persons under a B-Party warrant compared with other types of warrants. The ALRC, however, does not make a recommendation to restrict further the use and disclosure of information obtained under a B-Party interception warrant. The ALRC is concerned that any further restriction on the use and disclosure of this information may compromise the investigation of unlawful activities and hinder effective law enforcement. This issue should be the subject of further consultation, and should be considered as part of the review of telecommunications legislation recommended in Chapter 71.[96]
Secondary use and disclosure of telecommunications data
73.70 Section 182(1) of the Telecommunications (Interception and Access) Act provides that it is an offence if telecommunications data are disclosed to an enforcement agency and that agency uses or discloses those data. There is no general prohibition on the secondary use or disclosure of telecommunications data by ASIO. The prohibition under s 182(1) does not apply if:
the disclosure is reasonably necessary for the performance by ASIO of its functions, for the enforcement of the criminal law or a law imposing a pecuniary penalty, or for the protection of the public revenue (s 182(2)); or
the use is reasonably necessary for the enforcement of the criminal law or a law imposing a pecuniary penalty, or for the protection of the public revenue (s 182(3)).
Submissions and consultations
73.71 The Law Council of Australia submitted that the secondary use and disclosure should not allow a law enforcement agency to disclose information obtained under an authorisation:
to an agency which is not itself able to authorise and access prospective telecommunications data; or
for a purpose which is not itself capable of providing grounds for an authorisation to access prospective telecommunications data.[97]
73.72 The Law Council of Australia also submitted that the general prohibition in s 182(1) should also apply to telecommunications data obtained by ASIO.[98]
ALRC’s view
73.73 The ALRC is concerned about the breadth of s 182(2) and (3) of the Telecommunications (Interception and Access) Act. The ALRC also is concerned, however, that a recommendation to confine the scope of these provisions could compromise the investigation of unlawful activities and hinder effective law enforcement. The IGIS and the Commonwealth Ombudsman should monitor the secondary use and disclosure of telecommunications data under s 182(2) and (3). These provisions also should be considered as part of the review recommended in Chapter 71.[99]
73.74 The ALRC notes that the prohibition on secondary use or disclosure of telecommunications data under s 182 of the Telecommunications (Interception and Access) Act does not cover information that has been disclosed to ASIO. It is unnecessary to extend these provisions to ASIO because ASIO officers, employees and contractors are subject to strict secrecy provisions.
73.75 For example, s 18 of the Australian Security Intelligence Organisation Act 1979 (Cth) provides that it is an offence for a person to communicate information that has come to the knowledge or into the possession of the person by reason of his or her being an officer, employee or contractor of ASIO. Section 18(3) sets out the circumstances in which disclosure of this information is permitted—for example, information may be disclosed to a state or territory police officer if the information relates to the intended commission of an indictable offence.
Voluntary disclosure of telecommunications data
73.76 Chapter 4 of the Telecommunications (Interception and Access) Act sets out when an employee of a telecommunications service provider can ‘voluntarily disclose’ telecommunications data (that is, in the absence of formal disclosure authorisation from an enforcement agency). Chapter 4 provides that a telecommunications service provider may voluntarily disclose telecommunications data to:
ASIO, if the disclosure is in connection with the performance by ASIO of its functions (s 174); and
an enforcement agency, if the disclosure is reasonably necessary for the enforcement of the criminal law (s 177(1)); or a law imposing a pecuniary penalty; or for the protection of the public revenue (s 177(2)).
Submissions and consultations
73.77 The Law Council of Australia submitted that the voluntary disclosure provisions, particularly s 174, require amendment. The Law Council submitted that s 174 should set out explicitly the circumstances in which voluntary disclosure of telecommunications data to ASIO is permitted. The Law Council submitted that articulating in more detail the threshold test for voluntary disclosure may reduce the risk that personal information will be disclosed to ASIO for an unauthorised purpose.[100]
ALRC’s view
73.78 Employees of telecommunications service providers require further guidance about when they may disclose voluntarily telecommunications data to ASIO and enforcement agencies. There is a risk that without further guidance, the voluntary disclosure provisions in the Telecommunications (Interception and Access) Act could result in the inappropriate disclosure of telecommunications data. Employees of telecommunications service providers do not have expertise in determining when disclosure of telecommunications data is ‘reasonably necessary’ for the enforcement of a law imposing a pecuniary penalty or for the protection of the public revenue.
73.79 The ALRC recommends below that the AGD should develop and, where appropriate, publish guidance on the interception and access of information under the Telecommunications (Interception and Access) Act. This guidance should address the circumstances in which voluntary disclosure of telecommunications data to ASIO and other enforcement agencies is permitted.[101]
[67]Telecommunications (Interception and Access) Act 1979 (Cth) pt 2.6, pt 3.4 div 2.
[68] See Ch 25.
[69]Telecommunications (Interception and Access) Act 1979 (Cth) ss 63B(1), 135(3). Sections 279 and 296 of the Telecommunications Act provide for a similar exception in relation to the performance of a person’s duties as an employee or contractor of a telecommunications service provider. These provisions are discussed in detail in Ch 72.
[70]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Question 64–1.
[71]Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.
[72]I Graham, Submission PR 427, 9 December 2007.
[73]Telstra Corporation Limited, Submission PR 459, 11 December 2007. See also Optus, Submission PR 532, 21 December 2007.
[74]Telstra Corporation Limited, Submission PR 459, 11 December 2007.
[75] Rec 71–2.
[76]Telecommunications (Interception and Access) Act 1979 (Cth) s 5.
[77] These provisions are discussed in detail in Ch 72.
[78] Section 291 of the Telecommunications Act 1997 (Cth) is discussed in Ch 71.
[79]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Question 64–2.
[80]I Graham, Submission PR 427, 9 December 2007.
[81]Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.
[82]Australian Government Attorney-General’s Department, Submission PR 546, 24 December 2007. See also Law Council of Australia, Submission PR 527, 21 December 2007.
[83]Telstra Corporation Limited, Submission PR 459, 11 December 2007. See also Optus, Submission PR 532, 21 December 2007. In the ALRC’s view, the provisions are not required for fault diagnosis and rectification. Use and disclosure for these purposes is permitted under Telecommunications (Interception and Access) Act 1979 (Cth) ss 7 and 108.
[84]Parliament of Australia—Senate Legal and Constitutional Legislation Committee, Provisions of the Telecommunications (Interception) Amendment Bill 2006 (2006), ch 4.
[85]Ibid, [4.62].
[86]Ibid, rec 23.
[87] Australian Government Attorney-General’s Department, Government Response to the Senate Legal and Constitutional Legislation Committee Report on the Provisions of the Telecommunications (Interception) Amendment Bill 2006 (2006), 10.
[88]Telecommunications (Interception and Access) Act 1979 (Cth) s 68.
[89] Australian Government Attorney-General’s Department, Government Response to the Senate Legal and Constitutional Legislation Committee Report on the Provisions of the Telecommunications (Interception) Amendment Bill 2006 (2006), 11.
[90]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Question 64–3.
[91] The OPC submitted that prohibitions on the use or disclosure of intercepted material should be subject to an exception in relation to the investigation of serious criminal offences: Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.
[92]Law Council of Australia, Submission PR 527, 21 December 2007.
[93]Ibid. See also Australian Privacy Foundation, Submission PR 553, 2 January 2008; I Graham, Submission PR 427, 9 December 2007.
[94]Australian Federal Police, Submission PR 545, 24 December 2007; Confidential, Submission PR 488, 19 December 2007.
[95]Australian Government Attorney-General’s Department, Submission PR 546, 24 December 2007.
[96] See Rec 71–2. The Senate Legal and Constitutional Affairs Committee Inquiry into the Telecommunications (Interception) Amendment Bill 2006 recommended that the legislation introducing the B-Party warrant should be reviewed within five years: Parliament of Australia—Senate Legal and Constitutional Legislation Committee, Provisions of the Telecommunications (Interception) Amendment Bill 2006 (2006), rec 25.
[97]Law Council of Australia, Submission PR 527, 21 December 2007.
[98]Ibid.
[99] Rec 71–2.
[100]Law Council of Australia, Submission PR 527, 21 December 2007.
[101] See Recommendation 73–5.