|
|
Home
| Databases
| WorldLII
| Search
| Feedback
Australian Senate Standing Committee for the Scrutiny of Bills - Scrutiny Digests |
|
Purpose
|
This bill seeks to amend the Surveillance Devices Act 2004, the
Crimes Act 1914 and associated legislation to introduce new law
enforcement powers to enhance the ability of the Australian Federal Police and
the
Australian Criminal Intelligence Commission to combat online serious
crime
|
|
Portfolio
|
Home Affairs
|
|
Introduced
|
House of Representatives on 3 December 2020
|
1.97 The bill seeks to amend the Surveillance Devices Act 2004 (SD Act), the Crimes Act 1914 (Crimes Act) and associated legislation to introduce three new types of warrants available to the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) for investigating and disrupting online crime. These are:
• data disruption warrants, which enable the AFP and the ACIC to modify, add, copy or delete data for the purposes of frustrating the commission of serious offences online;
• network activity warrants, which permit access to devices and networks used by suspected criminal networks, and
• account takeover warrants, which provide the AFP and the ACIC with the ability to take control of a person’s online account for the purposes of gathering evidence to further a criminal investigation.
1.98 In addition to authorising the doing of specified things in relation to a target computer, a data disruption warrant or network activity warrant may also authorise entering specified premises (or other premises to gain access to the specified premises), removing a computer, adding, copying or deleting certain data and intercepting certain communications. Network activity warrants may authorise the use of a surveillance device. The warrants must also authorise the use of force against persons and things necessary and reasonable to do the things specified in the warrants, and authorise anything reasonably necessary to be done to conceal the fact that any thing has been done under the warrants.
1.99 The committee considers that the authorisation of coercive search powers has the potential to unduly trespass on personal rights and liberties. Indeed, the need to properly scrutinise entry, search and seizure powers was the basis on which the Senate in 1978 moved towards establishing this committee.[60] As such, the committee considers it essential that legislation enabling coercive search powers be tightly controlled, with sufficient safeguards to protect individual rights and liberties.
1.100 As noted above, Schedules 1 and 2 to the bill propose to allow the AFP and ACIC to apply for data disruption and network activity warrants under the SD Act. Proposed subsections 27KA(2) and 27KK(3)[61] provide that an application for such a warrant may be made to an eligible judge or to a nominated member of the Administrative Appeals Tribunal (AAT). Section 13 of the SD Act provides that a nominated AAT member can include any member of the AAT, including full time and part-time senior members and general members. Part-time senior members and general members can only be nominated if they have been enrolled as a legal practitioner for at least five years.
1.101 The committee has had a long-standing preference that the power to issue warrants authorising the use of coercive or intrusive powers should only be conferred on judicial officers. In light of the extensive personal information that could be covertly accessed, copied, modified or deleted from an individual's computer or device, the committee would expect a detailed justification to be given as to the appropriateness of conferring such powers on AAT members, particularly part-time senior members and general members. In this instance, the explanatory memorandum provides no such justification.
1.102 The committee’s scrutiny concerns in this regard are heightened by the significant time period that an initial warrant has effect (90 days),[62] and the ability to continue to extent warrants beyond this period.[63] The explanatory memorandum notes, in relation to data disruption warrants, that a 90-day period:
...is in line with the period of effect for surveillance device warrants and computer access warrants. This length of time is intended to allow long-term operations that could be complex, involve multiple linked targets, and involve a combination of warrants as part of the operation, such as the initial period of surveillance with the authority to disrupt data during that time where necessary. [64]
1.103 In relation to network access warrants, the explanatory memorandum merely states that the time period is consistent with the period in which a computer access warrant may be in effect,[65] and there is no explanation in the explanatory memorandum for specifying the same period for account takeover warrants.
1.104 The bill provides that in considering whether to grant a warrant, the judge, AAT member or magistrate must have regard to specific considerations, including the nature and gravity of the alleged offences; the likely value of the intelligence or evidence to be obtained; the likelihood that the doing of the thing specified in the warrant would be effective in preventing, detecting or frustrating the alleged offence; and the existence of any alternative means of realising the intention of the warrant.[66] With respect to a network activity warrant, the issuing authority must also consider whether the things authorised by the warrant are proportionate to the likely intelligence value of any information obtained, and the extent to which the warrant will result in access to data of persons who are lawfully using the computer.[67] With respect to an account takeover warrant, the issuing authority must also have regard to the extent to which the privacy of any person is likely to be affected.
1.105 The committee notes that these mandatory considerations are important safeguards to mitigate the risk of undue trespass on an individual’s privacy. However, noting the significant impact on the privacy of individuals whose information is collected or accessed under these warrants, it is unclear why privacy is a mandatory consideration in relation to account takeover warrants only and should not also apply to data disruption and network activity warrants. Similarly, it is unclear why issuing authorities must not consider whether the warrant is proportionate having regard to the nature and gravity of the offence and the likely value of information sought to be obtained in relation to all warrants rather than being limited to network activity warrants, as well as the extent of possible interference with the privacy of third parties (discussed further below at 1.120 to 1.136).
1.106 The committee’s scrutiny concerns are heightened by the broad scope of offences that may be considered ‘relevant offences’ for the purposes of these warrants.[68] The statement of compatibility states that the warrant schemes ‘target activity of the most serious nature, including terrorism, child exploitation, drug trafficking and firearms trafficking’.[69] However, the definition of ‘relevant offence’ in section 6 of the SD Act includes a broad list of offences including an offence against the law of the Commonwealth or a law of a State that has a federal aspect that is punishable by a maximum term of imprisonment of 3 years or more or for life, and offences under Financial Transaction Reports Act 1988; Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006; Fisheries Management Act 1991; and Torres Strait Fisheries Act 1984. In addition, the regulations may prescribe additional relevant offences.[70] Similarly, the definition of 'serious Commonwealth offence' in section 15GE of the Crimes Act includes offences punishable by a maximum term of imprisonment of 3 years or more relating to, amongst other matters, tax evasion, currency violations, illegal gambling, bankruptcy and currency violations, forgery, misuse of a computer or electronic communications, or other matters prescribed by the regulations. Noting this broad range of offences, the committee considers that an explicit requirement to consider proportionality in relation to issuing each of the warrants is important to ensure that the significant coercive powers authorised under these warrants are only exercised where necessary and appropriate.
1.107 The committee also notes amendments made by the bill to correct the effect of a defect or irregularity in relation to a warrant or emergency authorisation. These provisions provide that use of a surveillance device or computer access in obtaining information or a record,[71] disruption of data,[72] or information purportedly obtained under an account takeover warrant[73] is taken to be valid if but, for that defect or irregularity, the warrant or authorisation would be sufficient authority for the actions taken.
1.108 While the committee notes that references to defects or irregularities in these provisions broadly refer to irregularities or defects in relation to documents purporting to be warrants, or in connection with the issue or execution of warrants,[74] neither the bill nor the explanatory memorandum provide guidance on the types of defects or irregularities these provisions are intended to relate to, other than noting that they must not be ‘substantial’.[75]
1.109 The committee requests the minister's detailed advice as to:
• why the categories of persons eligible to issue data disruption and network activity warrants should not be limited to persons who hold judicial office;[76]
• why it is considered necessary and appropriate to issue each type of warrant for an initial 90-day period as opposed to a shorter period; [77]
• why the bill does not require, in relation to all warrants, that the issuing authority must consider whether the warrant is proportionate having regard to the nature and gravity of the offence and the likely value of the information or evidence sought to be obtained, as well as the extent of possible interference with the privacy of third parties;[78] and
• the nature of the defects or irregularities that will not lead to the invalidity of actions done under a purported warrant or emergency authorisation.[79]
1.110 Schedules 1, 2 and 3 to the bill set out a range of circumstances in which coercive action can be taken without a warrant, namely in emergency circumstances and in order to conceal things done to execute the warrant.
1.111 Proposed subsection 28(1C) of the SD Act and section 3ZZUX of the Crimes Act seek to allow law enforcement officers to apply to an appropriate authorising officer for an emergency authorisation for disruption of data or taking control of an online account if the officer reasonably suspects that there is an imminent risk of serious violence to a person or substantial damage to property, disruption to data or taking control of the account is immediately necessary to deal with the risk, the circumstances are serious and urgent, and it is not practicable to apply for a data disruption or account takeover warrant.[80] 'Appropriate authorising officer' is defined in section 6A of the SD Act and proposed section 3ZZUM of the Crimes Act and includes the head or deputy head of the agency, but also certain executive level officers.
1.112 Within 48 hours after an emergency authorisation is given, the appropriate authorising officer must apply to a judge or nominated AAT member, or magistrate (in relation to account takeover warrants) for approval of the giving of the emergency authorisation.[81] However, if the judge, AAT member or magistrate refuses to approve the emergency authorisation, in making an order as to how information obtained under an invalid authorisation is to be dealt with, proposed subsections 35B(4) SD Act and 3ZZVC(4) Crimes Act provide that the manner of dealing with the information must not involve the destruction of that information.[82]
1.113 As data disruption and account takeover warrants can involve significant coercive and intrusive powers (for example, the ability to covertly access, modify, copy, delete or disrupt data held on particular computers, enter premises and use force), the committee is particularly concerned that such powers only be authorised under a warrant issued by a judicial officer. Allowing a law enforcement agency to authorise its own actions under an emergency authorisation has the potential to unduly trespass on the right to privacy, and as such the committee would expect the explanatory materials to provide a detailed justification for such provisions. In this instance, the statement of compatibility provides no such justification, and the explanatory memorandum merely states, in relation to account takeover warrants:
This provision establishes a high threshold, characterised by urgency, immediacy and seriousness, for an emergency authorisation to be issued. However, in the emergency situations in which these circumstances exist, emergency authorisations will allow law enforcement officer to respond quickly and effectively to criminal activity. [83]
1.114 Further, no information is provided as to when it may be impractical to apply to a judge or nominated AAT member (noting that proposed sections 27KB of the SD Act and 3ZZUN of the Crimes Act would allow an application for a warrant to be made by telephone, fax, email or any other means of communication).[84]
1.115 In relation to the use of information obtained under an emergency authorisation, the explanatory memorandum states that the judge, AAT member or magistrate 'may not order that such information be destroyed because such information, while improperly obtained, may still be required for a permitted purpose, such as an investigation'.[85]
1.116 The committee notes that retaining evidence obtained improperly for investigative purposes has serious implications for personal rights and liberties. It is possible that authorisations might be improperly made with the knowledge that the information could still be retained for an investigation. It is not clear to the committee that the explanatory memorandum provides sufficient justification for retaining information coercively and covertly obtained by a law enforcement officer in circumstances that have not been approved by a judge, AAT member or magistrate.
1.117 Schedules 1, 2 and 3 of the bill also propose to give law enforcement agencies the power to act to conceal their activities after a warrant has ceased to be in force.[86] These provisions authorise the agencies to do anything reasonably necessary to conceal the fact that anything has been done under a warrant, enter premises, remove anything to conceal things, add, copy, delete or alter data and intercept communications, at any time while the warrant is in force or within 28 days after it ceases to be in force. In addition, the bill provides that if concealment activities have not been done within 28 days after the warrant ceases to be in force, those things can be done at the earliest time after that 28 day period in which it is reasonably practicable.[87] In effect, it appears that these provisions allow coercive or intrusive actions to be taken which have not been authorised under an existing warrant. The explanatory memorandum states:
The period of time provided to perform these concealment activities recognises that, operationally, it is sometimes impossible to complete this process within 28 days of a warrant expiring. The requirement that the concealment activities be performed ‘at the earliest time after the 28-day period at which it is reasonably practicable to do so’ acknowledges that this authority should not extend indefinitely, circumscribing it to operational need.[88]
1.118 However, while the committee acknowledges there may be difficulties in knowing when the process of concealment may be complete, there are scrutiny concerns in allowing agencies to exercise coercive or intrusive powers after a warrant has ceased to be in force. The committee notes that it would be possible to have a separate statutory process for applying for a new warrant to allow the agency to carry out concealment activities, which would remove concerns about not being able to meet the statutory threshold for obtaining a new data disruption, network activity or account takeover warrant, but would ensure coercive powers are undertaken under an existing warrant.‑
1.119 The committee requests the minister's detailed advice as to:
• why it is considered necessary and appropriate to enable law enforcement officers to disrupt or access data or takeover an online account without a warrant in certain emergency situations (noting the coercive and intrusive nature of these powers and the ability to seek a warrant via the telephone, fax or email);[89]
• the appropriateness of retaining information obtained under an emergency authorisation that is subsequently not approved by a judge or AAT member; and[90]
• the appropriateness of enabling law enforcement agencies to act to conceal any thing done under a warrant after the warrant has ceased to be in force, and whether the bill could be amended to provide a process for obtaining a separate concealment of access warrant if the original warrant has ceased to be in force.[91]
1.120 The committee also has scrutiny concerns that the coercive powers in the bill may adversely affect third parties who are not suspected of wrongdoing.
1.121 In particular, proposed paragraphs 27KE(2)(b) and 27KP(2)(b) of the SD Act provide that a data disruption warrant or network access warrant may authorise entering 'any premises' for the purposes of gaining entry to, or exiting, the specified premises. The explanatory memorandum explains that this may allow for entry into third party premises where there is no other way to gain access to the subject premises or where, for operational reasons, adjacent premises may be the best means of entry, or in emergency or unforeseen circumstances.[92] The committee notes there is nothing in the legislation that would require persons entering third party premises under these provisions to first seek the consent of the occupiers, or even announce their entry. In relation to network activity warrants, the explanatory memorandum explains:
In line with the covert nature of surveillance, it would in many circumstances not be appropriate to notify a third party before the execution of a network activity warrant could take place as there may be significant risks to capabilities and methodology, and risks to operations if third parties were required to be notified. [93]
1.122 In addition, proposed paragraphs 27KE(2)(e) and 27KP(2)(e) of the SD Act provide that a data disruption warrant or network access warrant may authorise using any other computer or a communication in transit to access and disrupt relevant data and, if necessary to achieve that purpose, to add, copy, delete or alter data in the other computers or communications in transit. Proposed paragraph 3ZZUR(2)(d) of the Crimes Act similarly provides that an account takeover warrant may use a communication in transit for the purpose of taking control of the target account. These things can be done if, having regard to other methods to effectively obtain access, it is considered reasonable to do so. The explanatory memorandum states that this 'ensures that the AFP and ACIC can effectively use a third party computer or a communication in transit'.[94] In relation to network activity warrants, the explanatory memorandum states:
In recognition of the potential privacy implications for third parties, the eligible Judge or nominated AAT member must have regard to any other method of obtaining access to the relevant data which is likely to be as effective. The eligible Judge or nominated AAT member must consider this before authorising the use of a third party’s computer under a network activity warrant. This consideration... ensures that the issuing authority must take into account the circumstances before him or her and balance the impact on privacy against the benefit to the intelligence operation.[95]
1.123 However, the committee notes that proposed paragraph 27KE(2)(e) and paragraph 27KP(2)(e) do not specifically require the judge or nominated AAT member to consider the privacy implications for third parties of accessing third party computers or communications in transit. As described above at 1.105, it is unclear why privacy is a mandatory consideration only in relation to account takeover warrants only and should not also apply to data disruption and network activity warrants.
1.124 Account takeover warrants may also authorise access to account-based data, and adding, copying deleting or altering account credentials or data in a computer, if this is necessary for the purpose of taking control of the target account.[96]
1.125 The explanatory memorandum explains:
The mobile nature of communications requires law enforcement to access data associated with the use of an account for the purposes of taking control of the account under an account takeover warrant. For example, it is feasible that a broad range of people may be using an account to conduct illegal activity, or a person of interest is using the accounts of others to conduct illegal activity. It will often be necessary to access account-based data when seeking to take control of an account to, for example, determine when an account is being used and by whom. The ability to access account-based data is important in facilitating the effective execution of an account takeover warrant. [97]
1.126 From a scrutiny perspective, the committee is concerned that these coercive search powers authorise the collection of potentially substantial amounts of personal data of persons who are not the subject of the warrant.
1.127 Schedules 1 to 3[98] also introduce or amend existing provisions that make it an offence for a person not to comply with an assistance order. An assistance order can be made by a judge or AAT member (or, in the case of account takeover warrants, a magistrate), and it can provide, dependent on the relevant warrant, that any specified person is required to provide any information or assistance that is reasonable or necessary to allow the relevant officer to disrupt, access, copy or convert data held in any target computer or relevant device or take control of an online account.
1.128 Assistance orders can be made in relation to the person who is suspected of the relevant activity, but can also be made against the following persons, so long as they have relevant knowledge of the target computer or device or related computer network or measures used to protect data in that computer or device:
• the owner or lessee of the computer or device;
• an employee or contractor of the owner or lessee of the computer or device;
• any person who uses or has used the computer or device; or
• a person who is or was a system administrator for the system including the computer or device.
1.129 A person who is capable of complying with the order but fails to do so would be subject to significant penalties of up to ten years imprisonment, or 600 penalty units, or both. These provisions could result in a person not suspected of any wrongdoing being compelled to provide information which could lead to access to their own personal information held on a computer or device, or in relation to an online account. The committee reiterates that it expects explanatory materials to provide a strong justification when introducing or expanding coercive or intrusive powers that could have a substantial impact on innocent third parties. However, in this instance, the explanatory materials provide limited justification for impacting on the privacy of third parties in this way.
1.130 The criteria for granting assistance orders include:
• the disruption of data is likely to substantially assist in frustrating the commission of the offences that are covered by the warrant, and is justifiable and proportionate, having regard to the offences (data disruption warrants);[99]
• there are reasonable grounds for suspecting that access to data will substantially assist in the collection of intelligence that relates to a criminal network of individuals and is relevant to the prevention, detection or frustration of a relevant offence (network activity warrants);[100] or
• there are reasonable grounds for suspecting that taking control of the account is necessary for the purpose of enabling evidence to be obtained of the commission of the alleged relevant offence (account takeover warrants).[101]
1.131 The committee notes that, in relation to a data disruption warrant, the criterion that disruption of data held in the computer is justifiable and proportionate, having regard to the offences, may operate as a form of a safeguard against undue trespass on the privacy of third parties subject to an assistance order. However, it is unclear why the issuing authority is not required to be satisfied of this criterion with respect to assistance orders relating to all warrants.
1.132 The committee’s scrutiny concerns in this regard are heightened by the ability for assistance orders to be made in relation to emergency authorisations for disruption of data or an account takeover, which allow the use of significant coercive or intrusive powers without judicial authorisation.[102] The committee’s scrutiny concerns in relation to emergency authorisations are discussed above at 1.07 to 1.16.
1.133 From a scrutiny perspective, the committee is further concerned about the wide scope of innocent third parties who may be impacted by network activity warrants. These warrants may be sought in relation to a ‘criminal network of individuals’, defined in proposed section 7A[103] of the SD Act as a group of individuals who are linked electronically, and
One or more individuals in the group must have engaged, are engaging, or are likely to engage in conduct that constitutes a relevant offence, or have facilitated, are facilitating, or are likely to facilitate, another person’s engagement in conduct that constitutes a relevant offence. The person whose engagement in criminal activity was facilitated by an individual in the group, may or may not be an individual in the group themselves. [104]
1.134 An ‘electronically linked group of individuals’ is broadly defined as a group of 2 or more individuals, where each individual in the group uses, or is likely to use the same electronic service as at least one other individual in the group; or communicates, or is likely to communicate with at least one other individual in the group by electronic communication.[105] The explanatory memorandum notes:
There is no requirement that every individual who is part of the criminal network is himself or herself committing, or intending to commit, a relevant offence. The word ‘facilitating’ is used to capture those individuals who are, knowingly or unknowingly, facilitating engagement by another person in conduct constituting a relevant offence...[106]
1.135 The committee is concerned that, as a result of these broad definitions, there is a potentially unlimited class of persons who may be subject to, or affected as a third party connected to a person who is the subject of, a network activity warrant.
1.136 The committee requests the minister’s detailed advice as to:
• the effect of Schedules 1-3 on the privacy rights of third parties and a detailed justification for the intrusion on those rights, in particular:
• why proposed sections 27KE and 27KP do not specifically require the judge or nominated AAT member to consider the privacy implications for third parties of authorising access to a third party computer or communication in transit;[107]
• why the requirement that an issuing authority be satisfied that an assistance order is justifiable and proportionate, having regard to the offences to which it would relate, only applies to an assistance order with respect to data disruption warrants, and not to all warrants;[108] and
• whether the breadth of the definitions of ‘electronically linked group of individuals’ and ‘criminal network of individuals’ can be narrowed to reduce the potential for intrusion on the privacy rights of innocent third parties.[109]
1.137 The bill provides that information obtained under data disruption and account takeover warrants will be protected information that may only be used, recorded, communicated or published in limited circumstances.[110] Information (other than network activity warrant intercept information) obtained from access to data under a network activity warrant is deemed to be ‘protected network activity warrant information’ and, subject to limited exceptions, may not be used in evidence in a criminal proceeding.[111]
1.138 In respect of each of the warrant schemes, it will be an offence to use, disclose, record, communicate or publish protected information except in limited circumstances, such as where necessary for the investigation of a relevant offence, a relevant proceeding or the making of a decision as to whether or not to prosecute a person for a relevant offence, or where necessary to help prevent or reduce the risk of serious violence to a person or substantial damage to property.[112] The statement of compatibility identifies the restrictions on the use of information collected under warrants as a safeguard against arbitrary and unlawful interference with privacy.[113]
1.139 However, the committee notes that these prohibitions are subject to a broad range of exceptions, which may undermine their effectiveness as a safeguard against undue trespass on a person’s privacy. For example, Schedule 2 sets out numerous circumstances in which protected information obtained under a network activity warrant can be lawfully used and admitted into evidence, such as disclosure in proceedings in open court, for the purposes of the AFP collecting, correlating, analysing or disseminating criminal intelligence, or the doing of a thing authorised by the warrant.[114]
1.140 The bill would also allow protected network activity warrant information to be shared with ASIO or any agency within the meaning of the Intelligence Services Act 2001 if it relates or appears to relate to any matter within the functions of those organisations or agencies.[115] As drafted, these exceptions would appear to allow protected information obtained under a warrant for a specified purpose to be shared for other broader purposes and potentially purposes that are unrelated to the objectives of the bill. It is not clear to the committee whether some of the exceptions are drafted in broader terms than is strictly necessary.
1.141 The bill provides that information obtained under one of the three warrant schemes proposed by the bill must be kept in a secure place that is not accessible to people who are not entitled to deal with it, and is destroyed as soon as practicable if no civil or criminal proceedings have been or are likely to be commenced and the material is unlikely to be required, or within five years after the making of the report or record (which must be reviewed every five years).[116] The statement of compatibility explains:
Requiring the security and destruction of records ensures that private data of individuals subject to a data disruption warrant is not handled by those without a legitimate need for access, and are not kept in perpetuity where there is not a legitimate reason for doing so. [117]
1.142 The committee notes the importance of provisions for secure storage and destruction of information to protecting against undue trespass on the privacy of individuals whose information is collected through these warrant schemes. However, it is unclear to the committee whether the specified time period of five years is an appropriate period of time for the purposes of operating as an effective safeguard, and the explanatory memorandum does not provide any explanation in this regard. In particular, it is not clear why the bill does not require a review of the continued need for the retention of such records or reports on a more regular basis.
1.143 The committee requests the minister's detailed advice as to:
• whether all of the exceptions to the restrictions on the use, recording or disclosure of protected information obtained under the warrants are appropriate and whether any exceptions are drafted in broader terms than is strictly necessary; and
• why the bill does not require review of the continued need for the retention of records or reports comprising protected information on a more regular basis than a period of five years.
1.144 Currently, subsection 62(1) of the SD Act provides that an appropriate authorising officer for a law enforcement officer may issue a written certificate setting out any facts he or she considers relevant with respect to things done by the law enforcement officer in connection with particular matters. Subsection 62(2) provides that a certificate issued under subsection 62(1) is admissible in evidence in any proceedings as prima facie evidence of the matters it certifies. Item 44 of Schedule 1 and item 29 of Schedule 2 to the bill seek to amend this provision to add new paragraphs 62(1)(d) and (e), the effect of which would be to enable an evidentiary certificate to be issued in connection with information obtained from access to, or disruption of data under a data disruption warrant or emergency access authorisation, or information obtained from access to data under a network access warrant.
1.145 Similarly, in Schedule 3 to the bill, proposed section 3ZZVZ of the Crimes Act provides for evidentiary certificates to be issued in connection with information obtained under account takeover warrants.
1.146 The committee notes that where an evidentiary certificate is issued, this allows evidence to be admitted into court which would need to be rebutted by the other party to the proceeding. While a person still retains a right to rebut or dispute those facts, that person assumes the burden of adducing evidence to do so. The issue of evidentiary certificates therefore effectively reverses the evidential burden of proof, and may, if used in criminal proceedings, interfere with the common law right to be presumed innocent until proven guilty. In this instance, from a scrutiny perspective, the committee is concerned that the provisions outlined above could place a significant and potentially insurmountable burden on persons seeking to challenge the validity of actions taken by law enforcement agencies under warrants, as well as things done to conceal those actions.
1.147 The committee also notes that evidentiary certificates issued under subsection 62(1) of the SD Act and section 3ZZVZ of the Crimes Act would be taken as prima facie evidence in any proceeding. However, the explanatory memorandum provides no information about the nature of the proceedings in which such certificates are intended to be used. The committee has scrutiny concerns that the use of such certificates could trespass on individuals' rights, particularly if it related to circumstances where a certificate is taken as evidence of matters relevant to a person's culpability for an offence.
1.148 Noting the burden that the issue of an evidentiary certificate may place on a person wishing to challenge the validity of actions taken by law enforcement agencies and officials, and the potential to trespass on individuals' rights, the committee would expect a detailed justification for the powers to issue evidentiary certificates identified above (including the expansion of those powers) to be included in the explanatory materials.
1.149 In relation to item 44 of Schedule 1, the explanatory memorandum states:
Evidentiary certificates are intended to streamline the court process by reducing the need to contact numerous officers and experts to give evidence on routine matters. Evidentiary certificates also assist agencies to protect sensitive capabilities. [119]
1.150 However, the committee does not generally consider streamlining court processes to be sufficient justification for conferring powers to issue evidentiary certificates in relation to things done in connection with information obtained under a warrant. Moreover, the explanatory memorandum does not explain how evidentiary certificates protect 'sensitive capabilities' or what these are.
1.151 Additionally, the committee notes that the Guide to Framing Commonwealth Offences states, in relation to criminal proceedings, that evidentiary certificates:
are generally only suitable where they relate to formal or technical matters that are not likely to be in dispute or would be difficult to prove under the normal evidential rules. [120]
1.152 The Guide further provides that evidentiary certificates 'may be appropriate in limited circumstances where they cover technical matters sufficiently removed from the main facts at issue'. [121]
1.153 In this instance, it is not clear that the matters in evidentiary certificates issued under the provisions identified above would be sufficiently removed from the main facts at issue in relevant proceedings.
1.154 As the explanatory materials do not adequately address these issues, the committee requests the minister's detailed advice as to:
• why it is considered necessary and appropriate to provide for evidentiary certificates to be issued in connection a data disruption warrant or emergency authorisation, a network access warrant, or an account takeover warrant;
• the circumstances in which it is intended that evidentiary certificates would be issued, including the nature of any relevant proceedings; and
• the impact that issuing evidentiary certificates may have on individuals' rights and liberties, including on the ability of individuals to challenge the lawfulness of actions taken by law enforcement agencies.
1.155 Proposed subsection 3ZZVH(1) of the Crimes Act creates an offence for use or disclosure of protected information, with a maximum penalty of imprisonment for 2 years. Proposed subsection 3ZZVH(2) creates an aggravated offence where use or disclosure of the information endangers the health or safety of any person or prejudices the effective conduct of an investigation into a relevant offence, with a maximum penalty of imprisonment for 10 years. Proposed subsection 3ZZVH(3) provides several exceptions (offence-specific defences) to this offence, including that the information was used or disclosed in connection with the administration of Part IAAC of the Crimes Act,[123] or in connection with functions of the Australian Federal Police, [124] or ACIC, [125] or with preventing, investigating or prosecuting an offence.[126]
1.156 At common law, it is ordinarily the duty of the prosecution to prove all elements of an offence. This is an important aspect of the right to be presumed innocent until proven guilty. Provisions that reverse the burden of proof and require a defendant to disprove, or raise evidence to disprove, one or more elements of an offence, interferes with this common law right.
1.157 While in this instance the defendant bears an evidential burden (requiring the defendant to raise evidence about the matter), rather than a legal burden (requiring the defendant to positively prove the matter), the committee expects any such reversal of the evidential burden of proof to be justified. The reversals of the evidential burden of proof in proposed section 3ZZVH have not been addressed in the explanatory materials.
1.158 As the explanatory materials do not address this issue, the committee requests the minister's advice as to why it is proposed to use offence-specific defences (which reverse the evidential burden of proof) in this instance. The committee's consideration of the appropriateness of a provision which reverses the burden of proof is assisted if it explicitly addresses relevant principles as set out in the Guide to Framing Commonwealth Offences.
Appropriate authorising officers of the ACIC
1.159 Item 4 of Schedule 3 seeks to insert proposed subsection 3ZZUM(4) into the Crimes Act which provides that the chief officer of the ACIC may authorise a person who is an executive level member of the staff of the ACIC to be an 'appropriate authorising officer'. The committee notes that appropriate authorising officers have significant authorities under proposed Part IAAC of the Crimes Act, including the authority to give an emergency authorisation under proposed section 3ZZUX (discussed above at 1.107 to 1.114).
1.160 The committee has consistently drawn attention to legislation that allows the delegation of administrative powers to a relatively large class of persons, with little or no specificity as to their qualifications or attributes. Generally, the committee prefers to see a limit set either on the scope of powers that might be delegated, or on the categories of people to whom those powers might be delegated. The committee's preference is that delegates be confined to the holders of nominated offices or to members of the Senior Executive Service. Where broad delegations are provided for, the committee considers that an explanation of why these are considered necessary should be included in the explanatory memorandum.
1.161 The explanatory materials provide no information about why the class of persons who may be authorised as an ‘appropriate authorising officer’ is not confined to the holders of nominated offices or to members of the Senior Executive Service of the ACIC.
1.162 The committee requests the minister's advice as to why it is considered necessary to allow for executive level members of staff of the ACIC to be ‘appropriate authorising officers’, in particular with reference to the committee’s scrutiny concerns in relation to the use of coercive powers without judicial authorisation under an emergency authorisation.
Ombudsman functions or powers
1.163 The committee also notes that proposed section 3ZZVV of the Crimes Act provides that the Ombudsman may delegate to an APS employee responsible to the Ombudsman all or any of the Ombudsman’s functions or powers under Division 7 of proposed Part IAAC, other than section 3ZZVX (reports on inspections).
1.164 The explanatory memorandum explains:
This delegation power is purposefully broad. This is consistent with other delegations that relate to the Ombudsman’s inspection functions, for example in section 91 of the TIA Act. The reason for such a broad delegation is that it allows the Ombudsman to determine the most efficient, effective and appropriate means of operationalising the Ombudsman’s functions as between the Ombudsman and staff members, whilst taking into account the powers involved and the expertise required to exercise them.
1.165 Noting this explanation, the committee draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of allowing the Ombudsman to delegate all or any of her or his functions to any APS employee responsible to the Ombudsman.
[59] Schedules 1 to 3. The committee draws senators’ attention to these provisions pursuant to Senate Standing Order 24(1)(a)(i).
[60] Senate Standing Committee on the Scrutiny of Bills, Twelfth Report of 2006: Entry, Search and Seizure Provisions in Commonwealth Legislation, 4 December 2006, p. 317.
[61] Schedule 1, item 13 and Schedule 2, item 9.
[62] Proposed subsections 27KD(2) and 27KN(2) of the Surveillance Devices Act 2004, and section 3ZZUQ of the Crimes Act 1914.
[63] Proposed sections 27KF and 27KQ of the Surveillance Devices Act 2004, and section 3ZZUS of the Crimes Act 1914.
[64] Explanatory memorandum, p. 31.
[65] Explanatory memorandum, p. 76.
[66] Schedule 1, item 13, proposed subsection 27KC(2); Schedule 2, item 9, proposed subsection 27KM(2) of the Surveillance Devices Act 2004; Schedule 3, item 4, proposed subsection 3ZZUP(2) of the Crimes Act 1914.
[67] Schedule 2, item 9, proposed paragraph 27KM(2)(f).
[68] See section 6 of the Surveillance Devices Act 2004, and Schedule 3, item 4, proposed section 3ZZUK of the Crimes Act 1914.
[69] Explanatory memorandum, p. 26.
[70] Surveillance Devices Act 2004, section 6, paragraph (e) of the definition of relevant offence.
[71] See Schedule 1, item 48, and Schedule 2, item 32.
[72] Schedule 1, item 49.
[73] Schedule 3, item 4, proposed section 3ZZVY.
[74] See, for example, schedule 3, item 4, proposed subsection 3ZZVY(2).
[75] Schedule 1, items 48 and 49, Schedule 2, item 32 and section 65, Surveillance Devices Act 2004, schedule 3, item 4, proposed subsection 3ZZVY(2).
[76] Schedule 1, item 13, proposed subsection 27KA(2) and Schedule 2, item 9, proposed subsection 27KK(2) Surveillance Devices Act 2004.
[77] Schedule 1, item 13, proposed subsection 27KD(2) and Schedule 2, item 9, proposed subsection 27KN(2) Surveillance Devices Act 2004, and Schedule 3, item 4, proposed subsection 3ZZUQ(3) Crimes Act 1914.
[78] Schedule 1, item 13, proposed subsection 27KC(2); Schedule 2, item 9, proposed subsection 27KM(2) Surveillance Devices Act 2004; Schedule 3, item 4, proposed subsection 3ZZUP(2) Crimes Act 1914.
[79] Schedule 1, items 48 and 49, Schedule 2, item 3, Schedule 3, item 4, proposed subsection 3ZZVY(2).
[80] Schedule 1, item 15 and Schedule 3, item 4, proposed section 3ZZUX.
[81] See section 33 of the Surveillance Devices Act 2004 and Schedule 3, item 4, proposed section 3ZZVA of the Crimes Act 1914.
[82] Schedule 1, item 23 and Schedule 3, item 4, proposed subsection 3ZZVC(4).
[83] Explanatory memorandum, p. 162.
[84] Schedule 1, item 13, and Schedule 3, item 4.
[85] Explanatory memorandum, p. 46.
[86] See Schedule 1, item 13, proposed paragraph 27KE(9)(j) Surveillance Devices Act 2004; Schedule 2, item 9, proposed paragraph 27KP(8)(k) Surveillance Devices Act 2004; Schedule 3, item 4, proposed paragraph 3ZZUR(6)(f) Crimes Act 1914.
[87] Schedule 1, item 13, proposed paragraph 27KE(9)(k) Surveillance Devices Act 2004; Schedule 2, item 9, proposed paragraph 27KP(8)(l) Surveillance Devices Act 2004; Schedule 3, item 4, proposed paragraph 3ZZUR(6)(g) Crimes Act 1914.
[88] Explanatory memorandum, p. 39.
[89] Schedule 1, item 15 and Schedule 3, item 4, proposed section 3ZZUX.
[90] Schedule 1, item 23 and Schedule 3, item 4, proposed subsection 3ZZVC(4).
[91] See Schedule 1, item 13, proposed paragraph 27KE(9)(j) Surveillance Devices Act 2004; Schedule 2, item 9, proposed paragraph 27KP(8)(k) Surveillance Devices Act 2004; Schedule 3, item 4, proposed paragraph 3ZZUR(6)(f) Crimes Act 1914.
[92] Explanatory memorandum, p. 34.
[93] Explanatory memorandum, p. 77.
[94] Explanatory memorandum, p. 35.
[95] Explanatory memorandum, p. 78.
[96] Schedule 3, item 4, proposed section 3ZZUR, Crimes Act 1914.
[97] Explanatory memorandum, p. 156.
[98] Schedule 1, item 47; Schedule 2 items 30 and 31; Schedule 3, item 4 (proposed section 3ZZVG of the Crimes Act 1914).
[99] Schedule 1, item 47, proposed subsection 64B(2).
[100] Schedule 2, item 31, proposed paragraph 64A(6A)(a) of the Surveillance Devices Act 2004.
[101] Schedule 3, item 4, proposed paragraph 3ZZVG(2)(a) of the Crimes Act 1914.
[102] See Schedule 1, item 47, proposed subparagraph 64B(1)(a)(ii) of the Surveillance Devices Act 2004 and Schedule 3, item 4, proposed subsection 3ZZVG(1) of the Crimes Act 1914.
[103] Schedule 2, item 8.
[104] Explanatory memorandum, p. 67.
[105] Schedule 2, item 3.
[106] Explanatory memorandum, p. 67.
[107] Schedule 1, item 13, proposed paragraph 27KE(5)(e), Schedule 2, item 9, proposed paragraph 27KP(5)(e) of the Surveillance Devices Act 2004.
[108] Schedule 1, item 47, proposed subsection 45B(2); Schedule 2, item 31, proposed subsection 64A(6A), Surveillance Devices Act 2004; Schedule 3, item 4, proposed section 3ZZVG of the Crimes Act 1914.
[109] Schedule 2, items 3 and 8.
[110] Schedule 1, item 28; Schedule 3, item 4, proposed section 3ZZVH. See also Surveillance Devices Act 2004, part 6, division 1.
[111] Schedule 2, items 18 and 19, proposed sections 44A and 45B of the Surveillance Devices Act 2004.
[112] Statement of compatibility, p. 14.
[113] Statement of compatibility, p. 14.
[114] Schedule 2, item 19, proposed subsections 45B(3)–(9) of the Surveillance Devices Act 2004.
[115] Schedule 2, item 19, proposed subsection 45B(4) of the Surveillance Devices Act.
[116] Schedule 1, item 38 and Surveillance Devices Act 2004, section 46; Schedule 2, item 20, proposed section 46AA; Schedule 3, item 4, proposed section 3ZZVJ.
[117] Statement of compatibility, p. 16.
[118] Schedule 1, item 44; Schedule 2, item 29; Schedule 3, item 4 (proposed section 3ZZVZ of the Crimes Act 1914). The committee draws senators’ attention to these provisions pursuant to Senate Standing Order 24(1)(a)(i).
[119] Explanatory memorandum, p. 54. Substantially similar explanations are provided in relation to Schedule 2, item 29, at p. 97, and Schedule 3, item 4 (proposed section 3ZZVZ of the Crimes Act 1914) at p. 180.
[120] Attorney-General's Department, Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers, September 2011, p. 54.
[121] Attorney-General's Department, Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers, September 2011, p. 55.
[122] Schedule 3, item 4, proposed section 3ZZVH of the Crimes Act 1914. The committee draws senators’ attention to this provision pursuant to Senate Standing Order 24(1)(a)(i).
[123] See Schedule 3, item 4, proposed paragraph 3ZZVH(3)(a).
[124] See Schedule 3, item 4, proposed paragraph 3ZZVH(3)(b).
[125] See Schedule 3, item 4, proposed paragraph 3ZZVH(3)(c).
[126] See Schedule 3, item 4, proposed paragraph 3ZZVH(3)(d). Additional exceptions include that the disclosure was: by a person who believes on reasonable grounds that the use or disclosure is necessary to help prevent or reduce the risk of serious violence to a person or substantial damage to property; for the purposes of legal proceedings, or obtaining legal advice; in connection with the performance of functions or duties, or the exercise of powers under Part IAAC, or by a law enforcement officer; or for the purposes of the admission of evidence in a proceeding that is not a criminal proceeding.
[127] Schedule 3, item 4, proposed subsection 3ZZUM(4) of the Crimes Act 1914. The committee draws senators’ attention to this provision pursuant to Senate Standing Order 24(1)(a)(ii).
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/other/AUSStaCSBSD/2021/7.html