Home | Databases | WorldLII | Search | Feedback Australian Parliamentary Joint Committee on Human Rights

Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 [2021] AUPJCHR 5 (3 February 2021)

Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020^[50]

Enhanced law enforcement and intelligence gathering powers and warrants

1.41 The bill seeks to introduce new law enforcement and intelligence gathering powers and warrants to enhance the ability of the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) to frustrate crime and gather intelligence and evidence of criminal activity.

1.42 Schedule 1 would introduce a data disruption warrant which would allow the AFP and ACIC to access data held in computers to frustrate the commission of relevant offences (being offences generally subject to imprisonment of three years or more).^[51] The AFP or ACIC may apply to an eligible judge or nominated Administrative Appeals Tribunal (AAT) member for a data disruption warrant if they suspect on reasonable grounds that:

• one or more relevant offences have been, are being, are about to be, or are likely to be committed;^[52]

• the offences involve or are likely to involve data held in a computer; and

• disruption of that data is likely to substantially assist in frustrating the commission of one or more relevant offences.^[53]

1.43 An eligible judge or nominated AAT member may issue a data disruption warrant if satisfied that there are reasonable grounds for the suspicion founding the application for the warrant; and the disruption of data authorised by the warrant is justifiable and proportionate, having regard to the offences.^[54] In considering issuing the warrant, the judge or AAT member must have regard to various considerations, including the:

• nature and gravity of the offences;

• likelihood the disruption of data will frustrate the commission of the offences; and

• existence of any alternative means of frustrating the commission of the offences.^[55]

1.44 A non-exhaustive list of things that may be authorised by a data disruption warrant are set out in proposed subsection 27KE(2), including entering a premises; using computers, telecommunications facilities, electronic equipment or data storage devices to obtain access to and disrupt data, including adding, copying, deleting or altering data; and intercepting a passing communication.^[56] Additionally, the bill would authorise a broad range of things to be done for the purposes of concealing anything done in relation to the data disruption warrant.^[57]

1.45 Schedule 2 would introduce a network activity warrant which would authorise the AFP and ACIC to access data held in computers and collect intelligence on criminal networks operating online. An AFP or ACIC officer may apply to an eligible judge or nominated AAT member for a network activity warrant if they suspect on reasonable grounds that:

• a group of individuals is a criminal network of individuals;^[58] and

• access to data held in a computer that is, from time to time, used or likely to be used by any of the individuals in the group, will substantially assist in the collection of intelligence that relates to the group or individuals in the group, and is relevant to the prevention, detection or frustration of one or more relevant offences.^[59]

1.46 An eligible judge or AAT member may issue a network activity warrant if satisfied that there are reasonable grounds for the suspicion founding the application for the warrant and having regard to prescribed matters, including the:

• nature and gravity of the alleged offences;

• extent to which access to data will assist in the collection of intelligence;

• likely intelligence value of any information sought to be obtained and whether the things authorised by the warrant are proportionate to that intelligence value; and

• existence of any alternative, or less intrusive, means of obtaining the information sought.^[60]

1.47 Similarly to a data disruption warrant, a broad range of things may be authorised by a network activity warrant in relation to the computer that holds the data sought to be obtained, including things to be done for the purposes of concealing anything done in relation to the warrant.^[61]

1.48 Schedule 3 would introduce an account takeover warrant which would authorise the AFP or ACIC to take control of a person’s online account for the purposes of gathering evidence of criminal activity.^[62] A law enforcement officer may apply to a magistrate for an account takeover warrant if they suspect on reasonable grounds that:

• one or more relevant offences have been, are being, are about to be, or are likely to be, committed; and

• an investigation into those offences is being, will be, or is likely to be, conducted; and

• taking control of one or more online accounts is necessary, in the course of the investigation, to enable evidence to be obtained of the offence.^[63]

1.49 A magistrate may issue an account takeover warrant if satisfied that there are reasonable grounds for the suspicion founding the application for the warrant and having regard to prescribed matters, including the:

• nature and gravity of the alleged offence;

• any alternative means of obtaining the evidence;

• extent to which the privacy of any person is likely to be affected; and

• likely evidentiary value of the evidence sought.^[64]

1.50 Similarly to the other warrants, a broad range of things may be authorised by an account takeover warrant in relation to the target account, including taking exclusive control of the account; accessing, adding, copying, deleting or altering account-based data and account credentials; and the doing of anything reasonably necessary to conceal anything done in relation to the warrant.^[65]

Preliminary international human rights legal advice

Multiple rights

1.51 To the extent that the new powers and warrants would facilitate the investigation, disruption and prevention of serious crimes against persons, including protecting children from harm, the measure may promote multiple rights, including the right to life and the rights of the child. The right to life imposes an obligation on the state to protect people from being killed by others or identified risks.^[66] The right imposes a duty on States to take positive measures to protect the right to life, including an obligation to take adequate preventative measures in order to protect persons from reasonably foreseen threats, such as terrorist attacks or organised crime, as well as an obligation to take appropriate measures to address the general conditions in society that may threaten the right to life, such as high levels of crime and gun violence.^[67] Furthermore, States have an obligation to investigate and, where appropriate, prosecute perpetrators of alleged violations of the right to life, even where the threat to life did not materialise.^[68] Regarding the rights of the child, children have special rights under human rights law taking into account their particular vulnerabilities.^[69] States have an obligation to protect children from all forms of physical or mental violence, injury or abuse, neglect or negligent treatment, maltreatment or exploitation, including sexual exploitation and abuse.^[70]

1.52 The statement of compatibility states that the bill promotes the right to life by providing the AFP and ACIC with additional tools to manage the risk posed by

cyber-enabled serious and organised crime and respond to a heightened online threat environment.^[71] It states that the bill is intended to target serious and organised offenders who are using anonymising technologies to engage in online criminal activity, such as terrorism, child exploitation and drugs and firearms trafficking.^[72] The second reading speech noted that the threat of online child sexual abuse has recently increased. It stated that the Australian Centre to Counter Child Exploitation has identified a 163 per cent increase in child abuse material downloaded in the three months of April to June 2020 compared to the same period in 2019.^[73] If the measure was effective in preventing or disrupting serious crime and facilitating the investigation and prosecution of alleged violations of rights, it may promote multiple rights, including the right to life and the rights of the child.

1.53 However, the measure also engages and limits other rights, notably the right to privacy, by authorising the AFP and ACIC to access and interfere with personal data and information.

Right to privacy

1.54 The measure engages and limits the right to privacy by authorising the AFP and ACIC to take various actions that may interfere with a person’s privacy, including taking actions to:

• access, use and modify an individual’s personal data, such as altering a person’s bank account credentials or monitoring and re-directing a person’s funds held in a bank account;

• collect personal information and intelligence about individuals;

• add, copy, delete or alter other data to obtain access to data held in a target computer in order to determine whether the data is covered by a warrant;

• take control of an individual’s online account through accessing and modifying data, such as changing a person’s password in order to take control of a person’s account and assume that person’s identity; and

• enter an individual’s home or workplace to do a thing specified in the warrant.^[74]

1.55 The right to privacy includes respect for informational privacy, including the right to respect for private and confidential information, particularly the storing, use and sharing of such information.^[75] It also includes the right to control the dissemination of information about one's private life. Additionally, the right to privacy prohibits arbitrary and unlawful interferences with an individual's privacy, family, correspondence or home.^[76] The right to privacy may be subject to permissible limitations where the limitation pursues a legitimate objective, is rationally connected to that objective and is a proportionate means of achieving that objective.

1.56 The statement of compatibility acknowledges that the bill limits the right to privacy. It states that the objective of the bill is to protect national security, ensure public safety, address online crime, and protect the rights and freedoms of individuals by providing law enforcement agencies with the tools they need to keep the Australian community safe.^[77] Such objectives would appear to constitute legitimate objectives for the purposes of international human rights law, and the measure appears to be rationally connected to this objective.

1.57 The key question is whether the measure is proportionate to achieving the stated objective. Of particular relevance in assessing proportionality is whether the limitation is only as extensive as is strictly necessary to achieve its legitimate objective; whether the measure is accompanied by sufficient safeguards; whether any less rights restrictive alternatives could achieve the same stated objective; and whether there is the possibility of oversight and the availability of review.

1.58 The statement of compatibility details numerous safeguards that exist in the bill to ensure that any interference with the right to privacy is not unlawful or arbitrary, including:

• mandatory considerations to which the issuing authority must have regard before granting a data disruption, network activity or account takeover warrant;

• limited interference with data and property through statutory prohibitions on certain actions;

• protection of information collected under the warrants; and

• measures governing security requirements and record keeping for protected information gathered under the warrants.^[78]

1.59 These are important safeguards and likely assist with the proportionality of the measure. However, questions arise as to whether these safeguards are adequate in all circumstances. The strength of the above safeguards, as well as additional safeguards identified in the bill, are assessed in turn below.

Issuing authority

1.60 The bill provides that an application for data disruption and network activity warrants may be made to an eligible judge or a nominated AAT member.^[79] An application for an account takeover warrant may be made to a magistrate.^[80] Where the relevant issuing authority is a judicial officer, including an eligible judge or magistrate, the right to privacy is more likely to be safeguarded, noting that judicial authorisation of surveillance methods is considered to be 'best practice'^[81] at international law. However, where the issuing authority is an AAT member, questions arise as to whether it is appropriate to entrust supervisory control to a non-judicial officer. As the European Court of Human Rights has stated in relation to interception:

In a field where abuse is potentially so easy in individual cases and could have such harmful consequences for democratic society as a whole, it is in principle desirable to entrust supervisory control to a judge, judicial control offering the best guarantees of independence, impartiality and a proper procedure.^[82]

1.61 The European Court of Human Rights has further stated that 'control by an independent body, normally a judge with special expertise, should be the rule and substitute solutions the exception, warranting close scrutiny'.^[83] This approach has also been supported by the United Nations Special Rapporteur on the right to privacy, who included, in the 2018 draft general principles of the right to privacy, that where domestic law provides for the use of surveillance systems, that law shall:

provide that the individual concerned is likely to have committed a serious crime or is likely to be about to commit a serious crime and in all such cases such domestic law shall establish that an independent authority, having all the attributes of permanent independent judicial standing, and operating from outside the law enforcement agency or security or intelligence agency concerned, shall have the competence to authorise targeted surveillance using specified means for a period of time limited to what may be appropriate to the case.^[84]

1.62 Noting that AAT members do not have security of tenure, or generally the same level of expertise as judges, it is not clear that they would necessarily have all the attributes of permanent independent judicial authority. As such, there are concerns that the right to privacy may not be adequately safeguarded by enabling

non-judicial officers, with potentially only five years of experience as a legal practitioner, to issue warrants that have the potential to significantly interfere with an individual’s privacy.^[85]

Mandatory considerations prior to issuing warrants

1.63 The bill provides that in considering whether to grant a warrant, the issuing authority must have regard to specific considerations, including the nature and gravity of the alleged offences; the likely value of the intelligence or evidence to be obtained; the likelihood that the doing of the thing specified in the warrant would be effective in preventing, detecting or frustrating the alleged offence; and the existence of any alternative means of realising the intention of the warrant.^[86] With respect to a network activity warrant, the issuing authority must also consider whether the things authorised by the warrant are proportionate to the likely intelligence value of any information obtained, and the extent to which the warrant will result in access to data of persons who are lawfully using the computer. With respect to an account takeover warrant, the issuing authority must also have regard to the extent to which the privacy of any person is likely to be affected.

1.64 The statement of compatibility states that when considering whether the actions authorised by the warrants are justified and proportionate, the issuing authority will consider, for example, the scope of the warrant in terms of who and how many people are affected, the exact nature of the potential intrusion on people’s private information, and whether that intrusion is justified by the serious nature of the criminality that is being targeted.^[87] The statement of compatibility notes that consideration of alternative means of realising the intention of the warrant is particularly important for ensuring that avenues of investigation, information collection and disruption that are less intrusive on individual privacy are considered. It states that where there are narrower activities that involve a more targeted approach, for example, this should be taken into account by the issuing authority.^[88] The explanatory memorandum notes that considering alternative means does not require exhaustion of all other methods of access but rather requires the issuing authority to take into account the circumstances before them and balance the impact on privacy against the benefit to the intelligence operation.^[89]

1.65 These mandatory considerations are important safeguards to mitigate the risk of arbitrary interference with the right to privacy. The consideration of alternative means of frustrating an offence with respect to the data disruption warrant and alternative or less intrusive means of obtaining information with respect to the network activity and account takeover warrants, assists with the proportionality of the measure by ensuring that less rights restrictive ways of achieving the objective are considered and pursued where appropriate. However, noting the particular value of an issuing authority explicitly considering the extent to which the privacy of any person is likely to be affected, it is unclear why this mandatory consideration is limited to account takeover warrants only and cannot also apply to data disruption and network activity warrants. Likewise, it is unclear why issuing authorities are not required to consider, with respect to all warrants rather than only network activity warrants, whether the warrant is proportionate having regard to the nature and gravity of the offence and the likely value of information sought to be obtained, as well as the extent of possible interference with the privacy of third parties.

Statutory limits on interference with data and property

1.66 The measure prohibits certain actions under the warrants, except in certain circumstances, in order to limit interference with data and property. All three warrants would prohibit the addition, deletion or alteration of data or the doing of anything that is likely to materially interfere with, interrupt or obstruct a communication in transit or the lawful use by other persons of a computer, unless the action is necessary to do one or more of the things specified in the warrant.^[90] The warrants would also prohibit actions that cause any material loss or damage to other persons lawfully using a computer, unless in the case of a data disruption warrant, the loss or damage is justified and proportionate having regard to the offences covered by the warrant.^[91] Additional statutory conditions apply to data disruption and account takeover warrants, including that the warrants cannot be executed in a manner that results in loss or damage to data unless justified and proportionate, and cannot cause a person to suffer permanent loss of money, digital currency or property (other than data).^[92] However, the bill provides that these statutory conditions do not, by implication, limit the conditions to which the warrants may be subject.^[93] The statement of compatibility states that the prohibition of certain actions and the additional statutory conditions protect against unlawful and arbitrary interference with privacy and ensure that activities carried out under the warrants are justified and proportionate.^[94]

1.67 The statutory limits on interference with data and property would appear to be an important safeguard against arbitrary interference with privacy. With respect to data disruption and account takeover warrants, the additional statutory conditions requiring that loss or damage to data in the execution of the warrants be justified and proportionate would appear to assist with the proportionality of the measure by ensuring that any interference with privacy is only as extensive as is strictly necessary. However, the strength of this safeguard may be weakened by the qualification that the statutory conditions do not limit the conditions to which a warrant may be subject. As a matter of statutory interpretation, it would appear that in specifying things that may be authorised by a data disruption warrant or an account takeover warrant, the issuing authority is not bound by the statutory conditions and may authorise actions that do, perhaps indirectly, result in loss or damage to data or cause a person to suffer a permanent loss of money, digital currency or property. It is unclear to what extent the statutory qualification would lessen the effectiveness of this safeguard in practice.

Restrictions on the use and disclosure of protected information

1.68 The measure contains restrictions regarding the use and disclosure of protected information. With respect to data disruption and account takeover warrants, information gathered under these warrants is deemed protected information and as such, can only be used, recorded, communicated or published in limited circumstances.^[95] With respect to network activity warrants, the statement of compatibility states that intelligence gathered under this warrant cannot be used in evidence in a criminal proceeding except in limited circumstances, including further investigations into criminal conduct made under other warrants or to promote the right to a fair trial and facilitate adequate oversight mechanisms.^[96] The bill sets out numerous circumstances in which protected information obtained under a network activity warrant can be lawfully used and admitted into evidence, such as disclosure in proceedings in open court, for the purposes of the AFP collecting, correlating, analysing or disseminating criminal intelligence, or the doing of a thing authorised by the warrant.^[97]

1.69 The measure also prohibits the unauthorised use or disclosure of protected information with respect to all warrants. The statement of compatibility notes that it is an offence to use, disclose, record, communicate or publish protected information except in limited circumstances, such as where necessary for the investigation of a relevant offence, a relevant proceeding or the making of a decision as to whether or not to prosecute a person for a relevant offence, or where necessary to help prevent or reduce the risk of serious violence to a person or substantial damage to a property.^[98]

1.70 While restricting the use and disclosure of protected information would appear to be an important safeguard, the broad range of exceptions to the statutory protections raises concerns as to whether this safeguard is adequate. For example, the bill would allow protected network activity warrant information to be shared with ASIO or any agency within the meaning of the Intelligence Services Act 2001 if it relates or appears to relate to any matter within the functions of those organisations or agencies.^[99] As drafted, these exceptions would appear to allow protected information obtained under a warrant for a specified purpose to be shared for other broader purposes and potentially purposes that are unrelated to the objectives of this bill. There are questions as to whether some of the exceptions are drafted in broader terms than is strictly necessary.

Storage and destruction of protected information

1.71 The measure requires that protected information obtained under all warrants is kept in a secure location that is not accessible to unauthorised persons and that records or reports are destroyed as soon as practicable if no civil or criminal proceedings have been or are likely to be commenced and the material is unlikely to be required, or within five years after the making of the report or record (which must be reviewed every five years).^[100] The statement of compatibility states that requiring the security and destruction of records ensures that private data of individuals subject to a warrant is not handled by those without a legitimate need for access, and is not kept in perpetuity where there is not a legitimate reason for doing so.^[101]

1.72 The requirement that protected information be securely stored and destroyed within a specified period of time may operate as a safeguard against arbitrary interference with privacy. In particular, it may ensure that irrelevant data or data that is no longer necessary for a purpose specified under the bill is destroyed and not retained. However, it is unclear whether the specified time period of five years is an appropriate period of time for the purposes of operating as an effective safeguard.^[102] In particular, it is not clear why the chief officer is not required to review the continued need for the retention of such records or reports on a more regular basis.

Discontinuance and revocation provisions

1.73 The measure includes discontinuance and revocation provisions that apply in circumstances where the warrant is no longer necessary. The warrants can be issued for no more than 90 days but an extension can be sought more than once if certain conditions are met.^[103] If a warrant is no longer required, the necessary steps must be taken to revoke the warrant and ensure that the things authorised under the warrant are discontinued.^[104] The measure also places an obligation on law enforcement officers to immediately inform the chief officer of the law enforcement agency when they believe that the warrant is no longer necessary. These provisions would likely serve as an important safeguard against arbitrary interference with privacy and help to ensure that any limitation is only as extensive as is strictly necessary.^[105]

Oversight frameworks and access to review

1.74 The statement of compatibility states that the Commonwealth Ombudsman will have oversight functions regarding the use of account takeover and data disruption warrants by the AFP and ACIC. It notes that the Inspector-General of Intelligence and Security (IGIS) will have oversight functions with respect to network activity warrants, including the power to review the activities of the AFP and ACIC in relation to the legality, propriety and human rights implications of the warrant.^[106] Regarding the availability of review, the statement of compatibility states that the bill does not provide for merits review and excludes judicial review under the Administrative Decisions (Judicial Review) Act 1977 (ADJR Act), although notes that courts will retain jurisdiction for judicial review of decisions by a judge or AAT member to issue a warrant under the Judiciary Act 1903. The statement of compatibility states that this approach is consistent with similar decisions made for national security and law enforcement purposes, noting that such decisions are unsuitable for merits review.^[107]

1.75 While the measure provides the possibility of oversight by the Commonwealth Ombudsman and IGIS, there is limited access to review. Additionally, there are concerns regarding the likely effectiveness of any review mechanisms given the covert nature and purpose of the measure. Persons whose privacy would be interfered with are invariably excluded from participating in any review proceedings or indeed, the proceedings dealing with the initial warrant application. In these circumstances, it is unclear why additional safeguards, such as public interest monitors,^[108] are not available. As the person whose data or information is sought to be obtained is not able to be personally represented at the application for the warrant, having an independent expert to appear at the hearing to test the content and sufficiency of the information relied on, to question any person giving information, and to make submissions as to the appropriateness of granting the application, is an important safeguard to protect the rights of the affected person. As the European Court of Human Rights has held:

the very nature and logic of secret surveillance dictate that not only the surveillance itself but also the accompanying review should be effected without the individual’s knowledge. Consequently, since the individual will necessarily be prevented from seeking an effective remedy of his own accord or from taking a direct part in any review proceedings, it is essential that the procedures established should themselves provide adequate and equivalent guarantees safeguarding his rights.^[109]

1.76 The statement of compatibility does not include information regarding the possibility of public interest monitors or similar safeguards. Noting the inclusion of a role for public interest monitors in similar legislation,^[110] it is not clear why this measure does not include public interest monitors as a safeguard to ensure the interests of the affected person are protected in any warrant application or review proceedings.

Further information sought

1.77 In order to assess the compatibility of this measure with the right to privacy, in particular the adequacy of existing safeguards, further information is required as to:

(a) why the power to issue a data disruption warrant and network activity warrant is conferred on a member of the AAT, of any level and with a minimum of five years' experience as an enrolled legal practitioner, and whether this is consistent with the international human rights law requirement that judicial authorities issue surveillance warrants;

(b) why the bill does not require, in relation to all warrants, that the issuing authority must consider the extent to which the privacy of any person is likely to be affected, noting that as drafted, this consideration only applies to account takeover warrants;

(c) why the bill does not require, in relation to all warrants, that the issuing authority must consider whether the warrant is proportionate having regard to the nature and gravity of the offence and the likely value of the information or evidence sought to be obtained, as well as the extent of possible interference with the privacy of third parties, noting that as drafted, these considerations only apply to network activity warrants;

(d) how the qualification that the statutory conditions do not limit the conditions to which a data disruption warrant or an account takeover warrant may be subject would operate in practice. In particular, would this qualification allow an issuing authority to authorise an action that can only be executed in a manner that results in loss or damage to data or causes the permanent loss of money, digital currency or property;

(e) whether all of the exceptions to the restrictions on the use, recording or disclosure of protected information obtained under the warrants are appropriate and whether any exceptions are drafted in broader terms than is strictly necessary; and

(f) why the bill does not include provision for public interest monitors or a similar safeguard to protect the rights of the affected person in warrant application and review proceedings; and

(g) why the chief officer is not required to review the continued need for the retention of records or reports comprising protected information on a more regular basis than every five years.

Right to an effective remedy

1.78 If warrants were to be issued inappropriately, or unauthorised actions carried out under the warrant, a person’s right to privacy may be violated. The right to an effective remedy requires access to an effective remedy for violations of human rights.^[111] This may take a variety of forms, such as prosecutions of suspected perpetrators or compensation to victims of abuse. While limitations may be placed in particular circumstances on the nature of the remedy provided (judicial or otherwise), states parties must comply with the fundamental obligation to provide a remedy that is effective.^[112]

1.79 The statement of compatibility identifies that the right to an effective remedy is engaged by the measure. It states that the bill does not provide merits review and excludes judicial review under the ADJR Act, although notes that judicial review is still available for decisions by a judge or AAT member to issue a warrant.^[113] This would provide an avenue to challenge unlawful decisions where there has been a jurisdictional error. The statement of compatibility also notes the oversight functions of the Commonwealth Ombudsman and IGIS. It states that, with respect to network activity warrants, the IGIS would be able to review AFP and ACIC activities to ensure they are legal, proper, and consistent with human rights.

1.80 While the oversight functions of the Commonwealth Ombudsman and IGIS may serve as a useful safeguard to help ensure decision-makers are complying with the legislation, this would not appear to provide any remedy to individuals. Further, given that the warrants are designed to be sought covertly and noting the broad concealment powers, it is also unclear how an applicant could practically seek judicial review of a decision of which they are unaware. United Nations bodies and the European Court of Human Rights have provided specific guidance as to what constitutes an effective remedy where personal information is being collected in the context of covert surveillance activities. The United Nations High Commissioner for Human Rights has explained that in the context of violations of privacy through digital surveillance, effective remedies may take a variety of judicial, legislative or administrative forms, but those remedies must be known and accessible to anyone with an arguable claim that their rights have been violated.^[114] The European Court of Human Rights has also stated that if an individual is not subsequently notified of surveillance measures which have been used against them, there is ‘little scope for recourse to the courts by the individual concerned unless the latter is advised of the measures taken without his knowledge and thus able to challenge their legality retrospectively’.^[115] The court acknowledged that, in some instances, notification may not be feasible where it would jeopardise long-term surveillance activities.^[116] However, it explained that:

[a]s soon as notification can be carried out without jeopardising the purpose of the restriction after the termination of the surveillance measure, information should, however, be provided to the persons concerned.^[117]

1.81 It is not clear that a person whose privacy might have been interfered with through, for example, their online account being taken over or their personal data being accessed, used, copied, modified or deleted, would ever be made aware of that fact (if it does not lead to a prosecution). It is therefore unclear how such a person could have access to an effective remedy for any potential violation of their right to privacy.

1.82 In order to assess whether any person whose right to privacy might be violated by the proposed warrants would have access to an effective remedy, further information is required as to:

(a) whether a person who was the subject of a warrant will be made aware of that after the investigation has been completed; and

(b) if not, how such a person would effectively access a remedy for any violation of their right to privacy.

Committee view

1.83 The committee notes that the bill seeks to introduce new law enforcement and intelligence gathering powers and warrants to enhance the ability of the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) to frustrate crime and gather intelligence and evidence of criminal activity. Specifically, the committee notes that the bill would introduce three new warrants, including data disruption warrants, network activity warrants and account takeover warrants.

1.84 The committee considers that to the extent that the new powers and warrants would facilitate the investigation, disruption and prevention of serious crimes against persons, including in particular protecting children from harm and exploitation, the measure may promote multiple rights, including the right to life and the rights of the child.

1.85 However, the committee notes that the measure also engages and limits the right to privacy by authorising the AFP and ACIC to access, use and modify an individual’s personal data and information. The committee notes that the right to privacy may be subject to permissible limitations if they are shown to be reasonable, necessary and proportionate.

1.86 The committee considers that the measure, in seeking to protect national security and ensure public safety, pursues a legitimate objective and these new law enforcement and intelligence gathering powers and warrants would appear to be rationally connected to that objective. The committee considers further information is required to assess the proportionality of the measure and determine whether the measure limits the right to an effective remedy.

1.87 The committee has not yet formed a concluded view in relation to these matters. It considers further information is required to assess the human rights implications of this bill, and accordingly seeks the minister's advice as to the matters set out at paragraphs [1.77] and [1.82].

Assistance orders

1.88 The bill would allow the AFP or ACIC to apply to an eligible judge, nominated AAT member or magistrate for an assistance order requiring a specified person to provide any information or assistance that is reasonable and necessary to allow the law enforcement officer to do a specified thing with respect to data disruption, network activity or account takeover warrants.^[118] A specified person includes a person reasonably suspected of having committed the alleged offence as well as third parties who may have relevant knowledge, such as an employee of the owner of the computer that holds data sought to be obtained.^[119] A person would commit an offence if they are subject to an assistance order, are capable of complying with a requirement in the order and they fail to comply with the requirement of the order.^[120] The maximum penalty for contravention of an assistance order is 10 years imprisonment.

Preliminary international human rights legal advice

Right to privacy

1.89 To the extent that the measure may compel a person to provide personal information to the AFP or ACIC, such as a password to access their computer or other personal device, or information enabling the decryption of personal data, the measure engages and limits the right to privacy. The right to privacy includes respect for informational privacy, including the right to respect for private and confidential information, particularly the storing, use and sharing of such information.^[121] It also includes the right to control the dissemination of information about one's private life. The right to privacy may be subject to permissible limitations which are provided by law and are not arbitrary. In order for limitations not to be arbitrary, the measure must pursue a legitimate objective, and be rationally connected to (that is, effective to achieve) and proportionate to achieving that objective. The statement of compatibility does not identify that the right to privacy is engaged and limited by this measure, and as such does not provide an assessment as to the compatibility of assistance orders with the right to privacy.

1.90 The statement of compatibility states that the overall objective of the bill is to enhance the enforcement powers of the AFP and ACIC in order to combat cyber-enabled serious and organised crime.^[122] Regarding this measure specifically, the explanatory memorandum states that assistance orders would ensure that should a warrant be issued under this bill, the AFP or ACIC would have the power to compel a person to assist in accessing devices, accessing and disrupting data, copying data, converting documents and accessing and taking control of an online account.^[123] It states that the purpose of this measure is to compel assistance from a person with the relevant knowledge, rather than assistance from industry. Assistance orders could be used to compel suspects to provide access to computers or devices to assist law enforcement officers to do a specified thing, such as disrupt data held in their personal computer.^[124] The explanatory memorandum notes, however, that the measure would not abrogate the common law right to freedom from self-incrimination. It states that assistance orders do not engage this right because they do not compel individuals to provide evidence against their legal interest.^[125]

1.91 The objective pursued by this measure would appear to be combatting serious online crime, which would be a legitimate objective for the purposes of international human rights law. By facilitating the investigation and disruption of crime, the measure would appear to be rationally connected to this objective. However, there are questions as to whether the measure is proportionate to this objective, particularly, whether the measure is accompanied by sufficient safeguards.

1.92 In considering whether to grant an assistance order, the issuing authority must be satisfied of specified criteria. The applicable criteria differ in relation to each warrant. In considering whether to grant an assistance order with respect to a data disruption warrant, the issuing authority must be satisfied that disruption of data held in the computer is likely to substantially assist in frustrating the commission of the offence and is justifiable and proportionate, having regard to the offence.^[126] In considering whether to grant an assistance order with respect to a network activity warrant, the issuing authority must be satisfied that access to data held in the computer will substantially assist in the collection of intelligence that relates to the group and is relevant to the prevention, detection or frustration of a relevant offence.^[127] In considering whether to grant an assistance order with respect to an account takeover warrant, the issuing authority must be satisfied that taking control of the account is necessary, in the course of the investigation, for the purpose of enabling evidence to be obtained relating to the alleged offence to which the warrant is issued.^[128]

1.93 The criteria to grant an assistance order would appear to operate as some form of a safeguard against arbitrary interference with privacy. In particular, in relation to a data disruption warrant, the criterion that disruption of data held in the computer is justifiable and proportionate, having regard to the offences, would appear to assist with the proportionality of the measure by ensuring that any interference with privacy is only as extensive as is strictly necessary. However, it is unclear why the issuing authority is not required to be satisfied of this criterion with respect to assistance orders relating to all warrants.

1.94 In order to assess the compatibility of this measure with the right to privacy, in particular the adequacy of the safeguards that apply, further information is required as to:

(a) why the issuing authority is not required to be satisfied that an assistance order is justifiable and proportionate, having regard to the offences to which it would relate, with respect to all warrants, noting that this criterion only applies to an assistance order with respect to data disruption warrants; and

(b) whether the measure is accompanied by any other safeguards that would ensure that any interference with the right to privacy is not arbitrary and only as extensive as is strictly necessary.

Committee view

1.95 The committee notes that the bill would allow the AFP or ACIC to apply to an eligible judge, nominated AAT member or magistrate for an assistance order requiring a specified person to provide any information or assistance that is reasonable and necessary to allow the law enforcement officer to do a specified thing with respect to the warrants.

1.96 The committee notes that this measure would appear to engage and limit the right to privacy insofar as it may compel a person to provide personal information to the AFP or ACIC. The committee notes that the right to privacy may be subject to permissible limitations if they are shown to be reasonable, necessary and proportionate. The committee notes that the statement of compatibility did not identify this right as being limited and therefore did not provide an assessment as to the compatibility of the measure. The committee considers that the measure pursues the legitimate objective of combatting serious online crime, and as the assistance order would facilitate the investigation and disruption of crime, the measure is rationally connected to this objective. The committee considers further information is required to assess the proportionality of the measure.

1.97 The committee has not yet formed a concluded view in relation to this matter. It considers further information is required to assess the human rights implications of this bill, and accordingly seeks the minister's advice as to the matters set out at paragraph [1.94].

Information sharing with foreign governments

1.98 The bill would allow protected information obtained under the warrants to be disclosed to foreign countries in certain circumstances. For example, protected information obtained under an account takeover warrant and a network activity warrant (other than through the use of a surveillance device), may be used or disclosed in connection with the functions of the AFP under section 8 of the Australian Federal Police Act 1979.^[129] The AFP’s functions include providing police services to assist or cooperate with a foreign law enforcement or intelligence or security agency.^[130]

Preliminary international human rights legal advice

Right to privacy, life, and prohibition against torture or cruel, inhuman or degrading treatment or punishment

1.99 By authorising the sharing of protected information to foreign governments the measure engages and limits the right to privacy. The right to privacy includes respect for informational privacy, including the right to respect for private and confidential information, particularly the storing, use and sharing of such information.^[131] It also includes the right to control the dissemination of information about one's private life.

1.100 To the extent that the measure authorises protected information to be shared with foreign police, intelligence or security agencies and results in the investigation and prosecution of an offence that is punishable by the death penalty in that foreign country, the measure may also engage and limit the right to life.^[132] The right to life imposes an obligation on Australia to protect people from being killed by others or from identified risks. While the International Covenant on Civil and Political Rights does not completely prohibit the imposition of the death penalty, international law prohibits states which have abolished the death penalty (such as Australia) from exposing a person to the death penalty in another state.^[133] The provision of information to other countries that may be used to investigate and convict someone of an offence to which the death penalty applies is also prohibited.^[134] In 2009, the UN Human Rights Committee stated its concern that Australia lacks 'a comprehensive prohibition on the providing of international police assistance for the investigation of crimes that may lead to the imposition of the death penalty in another state', and concluded that Australia should take steps to ensure it 'does not provide assistance in the investigation of crimes that may result in the imposition of the death penalty in another State'.^[135]

1.101 The statement of compatibility states that protected information can be shared with a foreign country, the International Criminal Court or a War Crimes Tribunal if relevant to an international assistance authorisation.^[136] It also notes that similar allowances are made for protected information to be shared under the Mutual Assistance in Criminal Matters Act 1987 (Mutual Assistance Act) and the International Criminal Court Act 2002.^[137] The Mutual Assistance Act provides that a request by a foreign country for assistance under the Act must be refused if the offence is one in respect of which the death penalty may be imposed.^[138] However, the Act qualifies this by stating that this prohibition will not apply if ‘the Attorney‐General is of the opinion, having regard to the special circumstances of the case, that the assistance requested should be granted’.^[139] Consequently, it appears that the Mutual Assistance Act creates a risk of facilitating the exposure of individuals to the death penalty.^[140]

1.102 Additionally, the sharing of protected information, including personal information, with foreign countries, may, in some circumstances, expose individuals to a risk of torture or other cruel, inhuman or degrading treatment or punishment. International law absolutely prohibits torture and cruel, inhuman or degrading treatment or punishment.^[141] There are no circumstances in which it will be permissible to subject this right to any limitations.

1.103 The statement of compatibility acknowledges that the measure engages and limits the right to privacy. However, it does not identify that the right to life or the prohibition against torture or cruel, inhuman or degrading treatment or punishment may be engaged. As such, there is no compatibility assessment provided with respect to either of these rights.

1.104 The rights to privacy and life may be subject to permissible limitations where the limitation pursues a legitimate objective, is rationally connected to that objective and is a proportionate means of achieving that objective.

1.105 Regarding the objective pursued, the broader purpose of the bill is to protect national security, ensure public safety, and to address online crime.^[142] While this objective may be capable of constituting a legitimate objective for the purposes of international human rights law, the statement of compatibility provides no information about the importance of this objective in the specific context of the measure. In order to demonstrate that the measure pursues a legitimate objective for the purposes of international human rights law and has a rational connection to that objective, further information is required as to the specific objective being pursued by the measure, including the substantial and pressing concern that is being addressed. Further, as the statement of compatibility does not address the right to life or the prohibition against torture or cruel, inhuman or degrading treatment or punishment, it is not clear what safeguards, if any, exist to ensure that protected information is not shared with a foreign country in circumstances that could expose a person to the death penalty or lead to a person being tortured, or subjected to cruel, inhuman or degrading treatment or punishment.

1.106 In order to fully assess the compatibility of the measure with the rights to privacy and life as well as the prohibition against torture or cruel, inhuman or other degrading treatment or punishment, further information is required as to

(a) what is the objective being pursued by the measure and how is the measure rationally connected to that objective;

(b) what safeguards are in place to ensure that protected information obtained under the warrants is not shared with a foreign country in circumstances that could expose a person to the death penalty or to torture or cruel, inhuman or degrading treatment or punishment. In particular, why is there no legislative requirement that where there are substantial grounds for believing there is a real risk that disclosure of information to a foreign government may expose a person to the death penalty or to torture or cruel, inhuman or degrading treatment or punishment, protected information must not be shared with that government.

Committee view

1.107 The committee notes that the bill would allow protected information obtained under the warrants to be shared with foreign countries in certain circumstances. The committee notes that the disclosure of protected information with foreign police, intelligence or security agencies engages and limits the right to privacy. To the extent that there may be a risk that disclosure of protected information to a foreign country could expose a person to the death penalty or to torture or cruel, inhuman or degrading treatment or punishment, the measure may also engage and limit the right to life and have implications for the prohibition against torture or cruel, inhuman or degrading treatment or punishment.

1.108 The committee notes that the right to privacy may be subject to permissible limitations if they are shown to be reasonable, necessary and proportionate. The committee notes that the statement of compatibility did not provide information regarding the specific objective being pursued by this measure and did not provide an assessment of the compatibility of the measure with the right to life and the prohibition against torture or cruel, inhuman or degrading treatment or punishment.

1.109 The committee has not yet formed a concluded view in relation to this matter. It considers further information is require to assess the human rights implications of this bill, and accordingly seeks the minister's advice as to the matters set out at paragraph [1.106].

[50] This entry can be cited as: Parliamentary Joint Committee on Human Rights, Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, Report 1 of 2021; [2021] AUPJCHR 5.

[51] Schedule 1, item 13, proposed section 27KE. See the definition of 'relevant offences' in section 6 of the Surveillance Devices Act 2004.

[52] A relevant offence is an offence which carries a maximum sentence of imprisonment of 3 years or more: Surveillance Devices Act 2004, section 6.

[53] Schedule 1, item 13, proposed section 27KA. An AFP or ACIC officer may also apply for an emergency authorisation for disruption of data held in a computer if certain conditions are met: Schedule 1, item 15, proposed new subsection 28(1C).

[54] Schedule 1, item 13, proposed subsection 27KC(1).

[55] Schedule 1, item 13, proposed subsection 27KC(2).

[56] Schedule 1, item 13, proposed subsection 27KE(2). Data would be covered by the warrant if the disruption of data would be likely to substantially assist in frustrating the commission of a relevant offence: Schedule 1, item 13, proposed subsection 27KE(5).

[57] Schedule 1, item 13, proposed subsection 27KE(9).

[58] A criminal network of individuals is defined as an electronically linked group of individuals, where one or more of the individuals in the group have engaged, are engaging, or are likely to engage, in conduct that constitutes a relevant offence; or have facilitated, are facilitating, or are likely to facilitate, the engagement, by another person (where or no an individual in the group), in conduct that constitutes a relevant offence. It is immaterial whether the identities of the individuals in the groups or the details of the offences can be ascertained; or there are changes in the composition of the group from time to time: Schedule 2, item 8, proposed section 7A.

[59] Schedule 2, item 9, proposed section 27KK.

[60] Schedule 2, item 9, proposed subsection 27KM(2).

[61] Schedule 2, item 9, proposed subsections 27KP(1), (2) and (8).

[62] Schedule 3, item 4, proposed section 3ZZUJ.

[63] Schedule 3, item 4, proposed subsection 3ZZUN(1).

[64] Schedule 3, item 4, proposed section 3ZZUP.

[65] Schedule 3, item 4, proposed section 3ZZUR.

[66] International Covenant on Civil and Political Rights, article 6(1) and Second Optional Protocol to the International Covenant on Civil and Political Rights, article 1. UN Human Rights Committee, General Comment No. 6: article 36 (right to life) (2019) [3]: the right ‘concerns the entitlement of individuals to be free from acts and omissions that are intended or may be expected to cause their unnatural or premature death, as well as to enjoy a life with dignity’.

[67] UN Human Rights Committee, General Comment No. 6: article 36 (right to life) (2019) [21], [26]. See also UN Human Rights Committee, General Comment No. 6: article 6 (right to life) (1982) [5].

[68] UN Human Rights Committee, General Comment No. 6: article 36 (right to life) (2019) [27]. The UN Human Rights Committee has stated that investigations in alleged violations of the right to life ‘must always be independent, impartial, prompt, thorough, effective, credible and transparent’: [28].

[69] Convention on the Rights of the Child. See also, UN Human Rights Committee, General Comment No. 17: Article 24 (1989) [1].

[70] Convention on the Rights of the Child, articles 19, 34, 35 and 36.

[71] Statement of compatibility, p. 16.

[72] Statement of compatibility, p. 16.

[73] Second reading speech, p. 2.

[74] See eg explanatory memorandum, pp. 32, 33, 38, 39, 152.

[75] International Covenant on Civil and Political Rights, article 17. Every person should be able to ascertain which public authorities or private individuals or bodies control or may control their files and, if such files contain incorrect personal data or have been processed contrary to legal provisions, every person should be able to request rectification or elimination: UN Human Rights Committee, General Comment No. 16: Article 17 (1988) [10]. See also, General Comment No. 34 (Freedom of opinion and expression) (2011) [18].

[76] UN Human Rights Committee, General Comment No. 16: Article 17 (1988) [3]-[4].

[77] Statement of compatibility, p. 13.

[78] Statement of compatibility, pp. 13–15.

[79] Schedule 1, item 13, proposed new subsection 27KA(2); Schedule 2, item 9, proposed new subsection 27KK(3). The explanatory memorandum states that an eligible judge is a person who is a judge of a court and has consented to be declared as an eligible judge by the Attorney-General. A nominated AAT member is a person who is either the Deputy President, senior member or member of the AAT, and has been nominated by the Attorney-General: Explanatory memorandum, pp. 26–27. See Surveillance Devices Act 2004, sections 12–13.

[80] Schedule 3, item 4, proposed new subsection 3ZZUN.

[81] See Case of Big Brother Watch and Others v The United Kingdom, European Court of Human Rights, application nos. 58170/13, 62322/14 and 24960/15, (13 September 2019), [320].

[82] Roman Zakharov v Russia, European Court of Human Rights, Grand Chamber, application no. 47143/06 (4 December 2015) [233]. See also Klass and Others v Germany, European Court of Human Rights, application no. 5029/71), (6 September 1978) [55]: ‘The rule of law implies, inter alia, that an interference by the executive authorities with an individual’s rights should be subject to an effective control which should normally be assured by the judiciary, at least in the last resort, judicial control offering the best guarantees of independence, impartiality and a proper procedure’.

[83] Szabó and Vissy v Hungary, European Court of Human Rights, application no. 37138/14 (6 June 2016) [77].

[84] United Nations Special Rapporteur on the right to privacy, Draft Legal Instrument on Government-led Surveillance and Privacy, Version 0.6 (2018), p. 16.

[85] AAT members must have been enrolled as a legal practitioner for at least 5 years or in the opinion of the Governor-General, have special knowledge and skills relevant to their duties as either a Deputy President, senior member or member: Administrative Appeals Tribunal Act 1975, section 7.

[86] Schedule 1, item 13, proposed subsection 27KC(2); Schedule 2, item 9, proposed subsection 27KM(2); Schedule 3, item 4, proposed subsection 3ZZUP(2).

[87] Statement of compatibility, p. 13.

[88] Statement of compatibility, pp. 13–14.

[89] Explanatory memorandum, p. 76.

[90] Schedule 1, item 13, proposed subsection 27KE(7); Schedule 2, item 9, proposed subsection 27KP(6); Schedule 3, item 4, proposed subsection 3ZZUR(5). See also Statement of compatibility, p. 14.

[91] Schedule 1, item 13, proposed subsection 27KE(7); Schedule 2, item 9, proposed subsection 27KP(6); Schedule 3, item 4, proposed subsection 3ZZUR(5).

[92] Schedule 1, item 13, proposed subsection 27KE(12); Schedule 3, item 4, proposed subsection 3ZZUR(8).

[93] Schedule 1, item 13, proposed subsection 27KE(13); Schedule 3, item 4, proposed subsection 3ZZUR(9).

[94] Statement of compatibility, p. 14.

[95] Schedule 1, item 28; Schedule 3, item 4, proposed section 3ZZVH. See also Surveillance Devices Act 2004, part 6, division 1.

[96] Statement of compatibility, p. 15.

[97] Schedule 2, item 19, proposed subsections 45B(3)–(9); Statement of compatibility, p. 15.

[98] Statement of compatibility, p. 14.

[99] Schedule 2, item 19, proposed subsection 45B(4); Statement of compatibility, p. 14.

[100] Schedule 1, item 38 and Surveillance Devices Act 2004, section 46; Schedule 2, item 20, proposed section 46AA; Schedule 3, item 4, proposed section 3ZZVJ; Statement of compatibility, p. 15.

[101] Statement of compatibility, p. 15.

[102] In Roman Zakharov v Russia, the European Court of Human Rights held that the ‘six-month storage time-limit set out in Russian law for such data reasonable. At the same time, it deplore[d] the lack of a requirement to destroy immediately any data that are not relevant for the purpose for which they have been obtained...the automatic storage for six months of clearly irrelevant data cannot be considered justified under Article 8’: Roman Zakharov v Russia, European Court of Human Rights, Grand Chamber, application no. 47143/06 (4 December 2015) [254].

[103] Schedule 1, item 13, proposed sections 27KD and 27KF; Schedule 2, item 9, proposed sections 27KN and 27KQ; Schedule 3, item 4, proposed section 3ZZUQ.

[104] Schedule 1, item 13, proposed sections 27KG and 27KH; Schedule 2, item 9, proposed sections 27KR and 27KS; Schedule 3, item 4, proposed sections 3ZZUT and 3ZZUU.

[105] International case law provides that legislation authorising surveillance warrants should set out the circumstances in which it must be cancelled when no longer necessary, and that without this, the law will not contain sufficient guarantees against arbitrary interference with the right to privacy: Roman Zakharov v Russia, European Court of Human Rights, Grand Chamber, application no. 47143/06 (4 December 2015) [250]-[252].

[106] Statement of compatibility, p. 17.

[107] Statement of compatibility, p. 17.

[108] Such as the Victorian or Queensland Public Interest Monitor.

[109] Roman Zakharov v Russia, European Court of Human Rights, Grand Chamber, application no. 47143/06 (4 December 2015) [233].

[110] See Telecommunications (Interception and Access) Act 1979 in relation to Public Interest Monitors (for example, see section 44A, 45, 46 and 46A).

[111] International Covenant on Civil and Political Rights, article 2(3).

[112] See, UN Human Rights Committee, General Comment 29: States of Emergency (Article 4), (2001) [14].

[113] Statement of compatibility, p. 17.

[114] Report of the Office of the United Nations High Commissioner for Human Rights on the right to privacy in the digital age (A/HRC/27/37) [40].

[115] Roman Zakharov v Russia, European Court of Human Rights, Grand Chamber, (Application no. 47143/06) 2015, [234]. See also, Klass and Others v Germany, European Court of Human Rights, Plenary Court, (Application no. 5029/71) 1978, [57].

[116] Roman Zakharov v Russia, European Court of Human Rights, Grand Chamber, (Application no. 47143/06) 2015, [287].

[117] Roman Zakharov v Russia, European Court of Human Rights, Grand Chamber, (Application no. 47143/06) 2015 [287]. See also Klass and Others, [58].

[118] Schedule 1, item 47, proposed section 64B; Schedule 2, items 30 and 31; Schedule 3, item 4, proposed section 3ZZVG.

[119] Schedule 1, item 47, proposed section 64B; Schedule 3, item 4, proposed section 3ZZVG.

[120] Schedule 1, item 47, proposed subsection 64B(3); Schedule 2, item 30; Schedule 3, item 4, proposed subsection 3ZZVG(3).

[121] International Covenant on Civil and Political Rights, article 17.

[122] Statement of compatibility, p. 9.

[123] Explanatory memorandum, pp. 54 and 95.

[124] Explanatory memorandum, p. 56.

[125] Explanatory memorandum, pp. 56, 164.

[126] Schedule 1, item 47, proposed subsection 64B(2).

[127] Schedule 2, item 31, proposed subsection 64(6A).

[128] Schedule 3, item 4, proposed subsection 3ZZVG(2).

[129] Schedule 2, item 19, proposed subsection 45B(5)(a); Schedule 3, item 4, proposed subsection 3ZZVH(3)(b).

[130] Australian Federal Police Act 1979, subsection 8(1)(bf).

[131] International Covenant on Civil and Political Rights, article 17.

[132] International Covenant on Civil and Political Rights, article 6(1) and Second Optional Protocol to the International Covenant on Civil and Political Rights, article 1.

[133] Second Optional Protocol to the International Covenant on Civil and Political Rights.

[134] UN Human Rights Committee, Concluding observations on the fifth periodic report of Australia, CCPR/C/AUS/CO/5 (2009) [20].

[135] UN Human Rights Committee, Concluding observations on the fifth periodic report of Australia, CCPR/C/AUS/CO/5 (2009) [20].

[136] Statement of compatibility, p. 14.

[137] Statement of compatibility p. 14.

[138] Mutual Assistance in Criminal Matters Act 1987, subsection 8(1A).

[139] Mutual Assistance in Criminal Matters Act 1987, subsection 8(1A).

[140] This was previously observed by the Parliamentary Joint Committee on Human Rights in 2013. See, Parliamentary Joint Committee on Human Rights, Report 6 of 2013, Mutual Assistance in Criminal Matters (Cybercrime) Regulation 2013, pp. 167-169.

[141] International Covenant on Civil and Political Rights, article 7; Convention Against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment.

[142] Statement of compatibility, p. 13.