|
|
Home
| Databases
| WorldLII
| Search
| Feedback
Australian Senate Standing Committee for the Scrutiny of Bills - Scrutiny Digests |
|
Purpose
|
This bill seeks to amend the Surveillance Devices Act 2004, the
Crimes Act 1914 and associated legislation to introduce new law
enforcement powers to enhance the ability of the Australian Federal Police and
the
Australian Criminal Intelligence Commission to combat online serious
crime
|
|
Portfolio
|
Home Affairs
|
|
Introduced
|
House of Representatives on 3 December 2020
|
|
Bill status
|
Before the House of Representatives
|
2.194 In Scrutiny Digest 1 of 2021 the committee requested the minister's advice as to:
• why the categories of persons eligible to issue data disruption and network activity warrants should not be limited to persons who hold judicial office;[62]
• why it is considered necessary and appropriate to issue each type of warrant for an initial 90-day period as opposed to a shorter period; [63]
• why the bill does not require, in relation to all warrants, that the issuing authority must consider whether the warrant is proportionate having regard to the nature and gravity of the offence and the likely value of the information or evidence sought to be obtained, as well as the extent of possible interference with the privacy of third parties;[64] and
• the nature of the defects or irregularities that will not lead to the invalidity of actions done under a purported warrant or emergency authorisation.[65][66]
Minister's response
2.195 The minister advised:
Why the categories of persons eligible to issue data disruption and network activity warrants should not be limited to persons who hold judicial office
In the Bill, the power to issue data disruption warrants and network activity warrants is conferred on an eligible judge or a nominated Administrative Appeals Tribunal (AAT) member. These issuing authorities may grant the warrant if (amongst other things) they are satisfied that there are reasonable grounds for the suspicion founding the application for the warrant. This independent scrutiny of warrant applications is an important mechanism in ensuring that only warrants that are reasonable and proportionate are issued.
AAT members have the experience and skills necessary to issue data disruption warrants and network activity warrants
Both AAT members and judges play critical roles as independent decision-makers in authorising investigatory powers in the current regimes in the Surveillance Devices Act 2004 (SD Act), as well as in the Telecommunications (Interception and Access) Act 1979 (TIA Act). Nominated AAT members issue surveillance device warrants and computer access warrants under the SD Act, and have played a key role in issuing interception under the TIA Act since 1998. The skills and experience of AAT members make them suitable to assess applications for data disruption warrants and network activity warrants, and whilst doing so, to make independent decisions on the compliance of those applications with the legal requirements in the Bill.
To be nominated as an AAT member for the purposes of issuing warrants under the SD Act, a person must have been enrolled as a legal practitioner for at least five years. In accordance with the existing framework, the Bill recognises that the complex decision-making involved in authorising the new powers in the Bill requires the independence offered by the AAT members and judges who already issue other warrants under those Acts and have the skills and experience to do so.
AAT members are independent decision-makers
The power to issue warrants is conferred on issuing authorities in their personal capacity (persona designata) as a means of ensuring accountability in the course of a sensitive investigation or law enforcement procedure. Persona designata functions are not an exercise of the formal judicial or administrative powers of a court or tribunal. Rather these issuing authorities are acting as independent decision-makers.
The AAT is not independent of government in the same way that the judiciary is the subject of a separation of powers (though some members of the AAT are also judges). Rather, the AAT's independence arises from its role in reviewing the merits of administrative decisions made under Commonwealth laws.
The independence of the AAT is also demonstrated in the process for the termination of a member's appointment. AAT members who are not judges can only have their appointment terminated by the Governor-General, and this termination can only be made on specific grounds, such as proven misbehaviour or the inability to perform duties.
The independence of AAT members exercising persona designata functions is strongly safeguarded. AAT members are afforded the same protection and immunity as a Justice of the High Court of Australia, and they must provide written consent prior to being authorised to perform persona designata functions. Consent also serves to protect an AAT members' independence and autonomy to decide whether or not to exercise persona designata powers.
Review of administrative decisions
In the unlikely event of unlawful decision-making, Australian courts will retain their jurisdiction to review administrative decisions, including any decision to issue a warrant, through the original jurisdiction of the High Court of Australia and in the Federal Court of Australia by operation of subsection 398(1) of the Judiciary Act 1903, or under the Administrative Decisions (Judicial Review) Act 1977 (ADJR Act). There is an error in the human rights compatibility statement in the explanatory memorandum supporting the Bill, which states that the Bill excludes judicial review under the ADJR Act. This is incorrect, and the human rights compatibility statement will be amended accordingly. These judicial review mechanisms ensure that an affected person has an avenue to challenge the decisions to issue warrants made by any issuing authorities, including a nominated AAT member.
As such, the Government maintains that the persons eligible to issue data disruption warrants and network activity warrants should not be limited to only judicial officers, but should include nominated AAT members, in line with the existing legislation.
Why it is considered necessary and appropriate to issue each type of warrant for an initial 90-day period as opposed to a shorter period
Each of the three new warrants proposed in the Bill can be issued for an initial period of up to 90 days. As stated in the explanatory memorandum, this is in line with the period for which surveillance device warrants and computer access warrants can be issued in the SD Act. Maintaining consistency in the length of time warrants can be issued allows warrants to be sought in conjunction with one another, and executed during the course of the same investigation or operation.
Importantly, this does not mean that all warrants will be issued for a period of 90 days. The period for which a warrant is in force will be determined by the issuing authority on a case-by-case basis depending on the circumstances of the application.
Data disruption warrants
As noted by the Committee, the explanatory memorandum states that an initial period of up to 90 days for execution of a data disruption warrant is intended to allow for complex, long-term operations. As with all warrants in the SD Act, as well as the other warrants proposed by this Bill, investigations and operations that utilise data disruption warrants will often involve multiple targets that are moving across computer networks, whose identities and locations may be obfuscated by the use of anonymising technologies. The disruption of data must be carried out in a targeted manner where any damage or loss of data is proportionate and necessary, an assessment of which takes agencies time to consider. In addition, as with the other warrants in the Bill, data disruption warrants are necessarily covert. This means that agencies need to assess the best time and methods to undertake the activities authorised in the warrant in accordance with circumstances that allow the concealment of these activities.
Network activity warrants
As an intelligence collection tool, it is appropriate for network activity warrants to be in force for an initial period of up to 90 days. The purpose of these warrants is to target criminal networks of individuals that may be comprised of a large number of unknown individuals. Criminal networks, particularly organised crime groups, will often use the dark web and anonymising communications platforms to evade law enforcement surveillance. Moreover, the composition of the network is likely to change from time to time as new participants enter the group and use multiple devices to conduct their criminal activities.
In order to infiltrate these complex and evolving networks, law enforcement will be required to deploy computer access techniques which may take a significant period of time to execute successfully. A maximum period of less than 90 days would, in many cases, not provide law enforcement with sufficient time to obtain access to the computers targeted by the warrant, and collect intelligence on the individuals using those devices, and ensure the operation remains covert.
Account takeover warrants
As with data disruption warrants and network activity warrants, investigations in which account takeovers will be used will often be complex and lengthy operations, requiring covert infiltrations. For example, the target accounts may belong to high-level forum members who may have hundreds of contacts within forums, which means that there would be multiple avenues of inquiry to pursue during the course of an account takeover.
Moreover, account takeover warrants are designed to be used in conjunction with controlled operations under Part IAB of the Crimes Act. The account takeover warrant would authorise the taking control of the person's account and locking that person out of the account. Any other activities, that would involve engaging in controlled conduct, would be performed under the accompanying controlled operation. Noting the high likelihood that the two powers will be used in conjunction, it is important that the time period for which agencies are authorised to conduct the authorised activities is aligned. An application for a controlled operation can also seek for the authority to be in place for a period of up to three months.
Why the bill does not require, in relation to all warrants, that the issuing authority must consider whether the warrant is proportionate having regard to the nature and gravity of the offence and the likely value of the information or evidence sought to be obtained, as well as the extent of possible interference with the privacy of third parties
In deciding whether to issue each of the warrants in the Bill, there are certain matters which the issuing authority must take into account. These considerations have been specifically designed with regard to the objective and contemplated operation of each of the warrants.
Proportionality test for data disruption warrants
In order to issue a data disruption warrant, the Judge or AAT member must be satisfied that, amongst other things, the disruption of data authorised by the warrant is justifiable and proportionate with regard to the offences targeted. This is to ensure that in considering whether to issue the warrant, the issuing authority weighs up the benefits of targeting the particular offences that the proposed data disruption seeks to frustrate, with the likely effect that data disruption could have beyond frustrating those offences. Satisfaction that the execution of the warrant is justifiable assists in satisfying the requirement under international human rights law that the limitation on the right to privacy is reasonable and not arbitrary.
A specific requirement that the issuing authority consider the privacy of third parties is not appropriate in the context of data disruption warrants, even though it is appropriate in the context of other electronic surveillance warrants the purpose of which is the gathering of evidence. Data disruption warrants are for the purpose of frustrating criminal activity, including preventing further harm to victims, stopping criminal offences occurring, and re-directing activity so that agencies can take appropriate action. It will not always be possible, at the time of applying for the warrant, for an agency to estimate the full extent to which activity required to undertake data disruption is likely to have an impact on third parties. In light of this, rather than providing for an express privacy consideration the Bill contains a mandatory condition that the issue of a data disruption warrant be justified and proportionate having regard to the offences targeted. To further ensure that these warrants are proportionate to the activity they authorise, the issuing authority must consider the existence of any alternative means of frustrating the criminal activity.
Proportionality test for network activity warrants
In order to issue a network activity warrant, the Judge or AAT member must consider whether the activities authorised by the warrant are proportionate to the likely value of intelligence to be collected, as well as the extent to which the warrant is likely to result in access to data of persons lawfully using a computer. The purpose of network activity warrants is to allow the AFP and the ACIC to target the activities of criminal networks to discover the scope of criminal offending and the identities of the people involved. Due to the complexity of the threats posed by cyber-enabled crime, it is unlikely that agencies will know the identity or location of the offenders involved in the commission of offences to which the network activity warrant is related.
Network activity warrants are an intelligence collection tool and the information collected cannot be used in evidence in criminal proceedings. As such, the considerations for issue of a network activity warrant differ from those in relation to warrants that are issued for the purposes of gathering evidence (for example, computer access warrants in the SD Act). Intelligence collection by its nature is less targeted than evidence-gathering, and will necessarily involve a larger scope for its target. Using a network activity warrant, the AFP or ACIC may need to collect intelligence on a large number of unknown devices, the users and owners of which are not able to be identified or located, before seeking more targeted warrants that authorise gathering evidence (such as computer access warrants under the SD Act). It will be difficult, if not impossible, for an issuing authority to assess the privacy implications for multiple unknown persons to a sufficient degree to meet the threshold of a specific requirement to consider the privacy of third parties. In any event, the issuing authority must still consider the extent to which the execution of a network activity warrant is likely to result in access to data of persons who are lawfully using a computer. The proportionality test requires that the issuing authority weigh up the anticipated value of the intelligence sought with the activities authorised by the warrant. This ensures that the issuing authority must balance the utility of the network activity warrant in obtaining information about the criminal network against the scale, scope and intrusiveness of the activities authorised by that warrant. To further ensure that these warrants are proportionate to the activity they authorise, the issuing authority must consider the existing of any alternative or less intrusive means of obtaining the information sought.
Privacy consideration for account takeover warrants
For account takeover warrants, the magistrate must consider the extent to which the privacy of any person is likely to be affected. An explicit privacy consideration is appropriate for the issue of account takeover warrants, as it is a targeted evidence gathering power. This is consistent with the approach for existing electronic surveillance powers, such as those in the SD Act.
When deciding whether to issue the warrant, the magistrate must also have regard to the nature and gravity of the alleged offence which founded the application for the warrant. This may involve consideration of the seriousness of the offence and the scale at which the offence has been, or will be, committed.
Consideration of this matter ensures that the magistrate will be able to assess the reasonableness and proportionality of executing the warrant in the circumstances. If the offence to which the warrant is sought is not sufficiently serious to justify the conduct of an account takeover warrant and its impact on privacy, the magistrate may decide not to issue to warrant.
The nature of the defects or irregularities that will not lead to the invalidity of actions done under a purported warrant or emergency authorisation
The Bill provides that where information is purportedly obtained under a warrant and there is a defect or irregularity in relation to the warrant, then obtaining the information is taken to be valid if, but for the defect or irregularity, the warrant would be sufficient authority for obtaining the information. These are proposed amendments to existing section 65 of the SD Act, and proposed new section 3ZZVY of the Crimes Act.
A defect or irregularity in relation to a warrant is a minor error in the warrant. Section 65 of the SD Act and proposed new section 3ZZVY of the Crimes Act do not apply to substantial defects that go to the operation, extent or effect of the warrant. A defect or irregularity in this context could not be one that would cause the warrant to operate beyond the scope of what is authorised by the legislation.
The intent of these amendments is not to undermine the oversight and scrutiny of warrant applications, by allowing substantially defective or irregular warrants to remain valid. Rather, these amendments are intended to minimise lawfully obtained information being deemed invalid or unusable solely on the basis of a minor defect or irregularity in an otherwise valid warrant. Some examples of a defect or irregularity in the warrant may include a typographical error, misprint or minor damage to a written form warrant. Such defects or irregularities are minor, and would not affect the warrant's intended operation.
Committee comment
2.196 The committee thanks the minister for this response.
2.197 The committee notes the minister's advice that nominated Administrative Appeals Tribunal (AAT) members issue various existing warrants under the Surveillance Devices Act 2004 and Telecommunications (Interception and Access) Act 1979. The minister advised that the skills and experience of AAT members make them suitable to assess applications for data disruption and network activity warrants, and also advised that the bill recognises that the complex decision-making involved in authorising the new powers requires the independence offered by the AAT members and judges who already issue warrants under the above Acts and have the skills and experience to do so.
2.198 The minister further emphasised the independence of AAT members acting as decision-makers in this context, and the availability of judicial review in the event of unlawful decision making to issue a warrant.
2.199 While noting this advice, the committee notes that it has previously raised concerns with regard to AAT members issuing computer access warrants.[67] In light of the extensive personal information of persons including innocent third parties that may be covertly accessed, copied, modified or deleted under these warrants, and the complexity of the tests for assessing proportionality in relation to each warrant, the committee reiterates its long standing preference that the power to issue warrants authorising the use of coercive or intrusive powers should only be conferred on judicial officers.
2.200 The committee draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of specifying non-judicial office holders as being eligible to issue data disruption and network activity warrants.
2.201 The committee notes the minister's advice that the initial 90-day period for which a warrant can be issued is in line with the period for which surveillance device warrants and computer access warrants can be issued in the Surveillance Devices Act 2004. The minister advised that maintaining consistency in the length of time warrants can be issued allows warrants to be sought in conjunction with one another, and executed during the course of the same investigation or operation.
2.202 The committee also notes the minister's advice that the period for which a warrant is in force will be determined by the issuing authority on a case-by-case basis depending on the circumstances of the application. The minister also provided information about the purposes and activities for each of the three warrants that may justify granting initial warrants for this significant period of time, including the complexity and length of the relevant law enforcement operations, and that data disruption warrants are designed to be used in conjunction with controlled operations under Part IAB of the Crimes Act.
2.203 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.204 In light of the information provided, the committee makes no further comment on this matter.
2.205 The committee notes the minister's advice that the considerations required of the issuing authority been specifically designed with regard to the objective and contemplated operation of each of the warrants.
2.206 The minister advised that a specific requirement that the issuing authority consider the privacy of third parties is not appropriate in the context of data disruption warrants, as the purpose of these warrants is to frustrate criminal activity. The minister further advised that it will not always be possible at the time of applying for these warrants for an agency to estimate the full extent to which activity required to undertake data disruption is likely to have an impact on third parties. The committee notes the minister's advice that the mandatory conditions that the issue of a data disruption warrant be justifiable and proportionate having regard to the offences targeted, and that the issuing authority must consider the existence of any alternative means of frustrating the criminal activity, are safeguards to ensure that these warrants are proportionate to the activity they authorise.
2.207 In relation to network activity warrants, the minister advised that the considerations for issue of a network activity warrant differ from those in relation to warrants that are issued for the purposes of gathering evidence and that it is unlikely that agencies will know the identity or location of the persons involved in the activity to which the warrants are related.
2.208 The minister advised that it will be difficult, if not impossible, for an issuing authority to assess the privacy implications for multiple unknown persons to a sufficient degree to meet the threshold of a specific requirement to consider the privacy of third parties. Instead, the issuing authority will weigh the anticipated value of intelligence sought with the activities authorised by the warrant, including the scale, scope and intrusiveness of activities authorised by the warrant. The minister also emphasised that the issuing authority must also consider the existence of alternative or less intrusive means of obtaining the information sought.
2.209 While noting this advice, in light of the broad scope of offences that may be 'relevant offences' for the purposes of the warrants, and the absence of mandatory considerations in relation to privacy for data disruption and network activity warrants, from a scrutiny perspective, the committee remains concerned that the mandatory considerations as currently drafted are not sufficient to safeguard against undue trespass on an individual's privacy, especially that of third parties, in the execution of these warrants.
2.210 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.211 The committee draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of not requiring, in relation to all warrants, that the issuing authority must consider the extent of possible interference with the privacy of any person.
2.212 The minister advised that a defect or irregularity in this context could not be one that would cause the warrant to operate beyond the scope of what is authorised by the legislation. The committee further notes the examples provided in the minister's response including a typographical error, misprint or minor damage to a written form warrant.
2.213 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.214 In light of the information provided, the committee makes no further comment on this matter.
2.215 The committee further requested the minister's detailed advice as to:
• why it is considered necessary and appropriate to enable law enforcement officers to disrupt or access data or takeover an online account without a warrant in certain emergency situations (noting the coercive and intrusive nature of these powers and the ability to seek a warrant via the telephone, fax or email);
• the appropriateness of retaining information obtained under an emergency authorisation that is subsequently not approved by a judge or AAT member; and
• the appropriateness of enabling law enforcement agencies to act to conceal any thing done under a warrant after the warrant has ceased to be in force, and whether the bill could be amended to provide a process for obtaining a separate concealment of access warrant if the original warrant has ceased to be in force. [69]
Minister's response
2.216 The minister advised:
Why it is considered necessary and appropriate to enable law enforcement officers to disrupt and access data or takeover an online account without a warrant in certain emergency situations (noting the coercive and intrusive nature of these powers and the ability to seek a warrant via the telephone, fax or email)
In emergency circumstances, the activities permitted by a data disruption warrant and an account takeover warrant can be authorised internally. Such authorisations are only available where (amongst other considerations) there is an imminent risk of serious violence to a person or substantial damage to property. The circumstances must be so serious, and the matter of such urgency, that disruption of data or account takeover activity is immediately necessary for dealing with that risk.
The ability to disrupt data under a data disruption warrant, and the ability to take control of an account under an account takeover warrant in emergency situations is important for ensuring that the AFP and the ACIC will be able to respond to rapidly evolving and serious threats in a timely and effective manner. Emergency authorisations are available only in the most extreme circumstances where it is not practicable to apply for a warrant, including applying for a warrant remotely or with an unsworn application. For this same reason, it is essential that applications for emergency authorisations can be made orally, in writing, or by telephone, fax, email or any other means of communication, as they are for situations in which officers need to be able to take immediate action.
Emergency authorisations do not amount to warrants being internally issued. Within 48 hours of an emergency authorisation being given, approval must then be sought by application to a Judge or AAT member (for data disruption) or a magistrate (for account takeovers). At this time, the issuing authority must take into account strict issuing criteria, such .as the nature and risk of serious violence to the person and the existence of alternative methods that could have helped to avoid the risk, as well as an assessment of whether or not it was practicable in the circumstances to apply for a warrant instead of an authorisation This provides independent scrutiny of decisions to authorise data disruption and account takeovers in emergency situations.
The use of emergency authorisations for covert investigatory activity is not new. In the SD Act, emergency authorisations have been available for the use of surveillance devices since 2004 (subsection 28(1) of the SD Act), and for access to data held in a computer since 2018 (subsection 28(1A) of the SD Act). In practice, emergency authorisations are utilised very rarely and only in the most serious of circumstances. For example, in the Surveillance Devices Act 2004 Annual Report for 2019-20, no law enforcement agencies made an emergency authorisation for the use of surveillance devices or to access to data held in a computer.
The availability of account takeover powers under an emergency authorisation is proportionate and necessary to ensure that these powers can be used where there is an imminent risk of serious violence to a person or substantial damage to property, and urgent action must be taken to deal with that risk.
Emergency authorisations are not available for the activities permitted by the network activity warrant noting the purpose of this warrant in gathering intelligence, rather than responding to time-critical situations.
The appropriateness of retaining information obtained under an emergency authorisation that is subsequently not approved by a judge or AAT member
The Bill provides that an eligible Judge or nominated AAT member (for data disruption, new subsection 358(4) of the SD Act), or magistrate (for taking control of an online account, new subsection 3ZZVC(4) in the Crimes Act) may order that any information obtained from or relating to the exercise of powers under an emergency authorisation, or any record of that information be dealt with in a manner specified in the order. However, the Judge, AAT member or magistrate may not order that such information be destroyed. These provisions reflect existing subsections 35(6) and 35A(6) in the SD Act in relation to emergency authorisations for the use of surveillance devices and access to data held in a computer. As noted by the Committee, the Explanatory Memorandum states that this Bill provides that this information cannot be destroyed because it 'may still be required for a permitted purpose [under the Act] such as an investigation'. As referenced in the Explanatory Memorandum to the Surveillance Devices Act 2004 (which introduced existing subsections 35(6)), an example of an investigation for which improperly obtained information should be able to be used, is an investigation into the improper surveillance itself. Further, it is important that information gathered under an emergency authorisation – including one that is not subsequently approved by a judge, AAT member or magistrate – is not destroyed, as destruction of that information may detract from effective oversight of agencies' use of the emergency authorisation powers.
Information gathered as part of an emergency authorisation (including one that is not subsequently approved) is considered 'protected information,' and is subject to strict use and disclosure provisions in both the SD Act (existing section 45) and Crimes Act (proposed new section 3ZZVH). Criminal liability is attached to the unauthorised use or disclosure of 'protected information ' and this is another means by which the privacy of individuals will be protected.
The appropriateness of enabling law enforcement agencies to act to conceal anything done under a warrant after the warrant has ceased to be in force, and whether the bill could be amended to provide a process for obtaining a separate concealment of access warrant if the original warrant has ceased to be in force
The Bill makes provision for the AFP and the ACIC to perform activities lo conceal any thing done under a data disruption warrant, a network activity warrant and an account takeover warrant. Concealment activities may be carried out at any time while the warrant is in force or within 28 days after the warrant ceases to be in force, or at the earliest time after that 28 day period at which it is reasonably practicable to carry out those concealment activities. A period of longer than 28 days would be required, for example, where a computer being accessed under a network activity warrant is moved by the target and the agency must wait for ii to be physically relocated and recovered.
Making provision for concealment activities allows an agency to prevent targets learning that they are under investigation and attempting to impact further efforts to gather evidence or intelligence about their activities. This is because undertaking surveillance activities under these warrants is likely to alter data, or leave traces of activity, on an electronic device or online account. This may allow targets to recognise the lawful intrusion by law enforcement agencies and effectively change the way they communicate for the purposes of evading detection. For example, recognition may lead to reverse engineering police capabilities and methodology leading to individuals avoiding using certain technologies or undertaking counter-surveillance activities.
Accordingly, the concealment of the execution of the warrants in the Bill is vital to the effective exercise of powers and maintaining the covert nature of the investigation or operation. In particular, it is appropriate that concealment activities are able to occur without additional external approval as the concealment activities are incidental to the granting of the original warrant. In the absence of a clear authority to conceal access under warrant, there is significant risk to the exposure of sensitive technologies and methodologies, and to law enforcement outcomes were targets to be notified that a warrant was in force against them.
Importantly, the measures are subject to limitations, safeguards and oversight mechanisms designed to ensure that concealment activities are only undertaken where reasonable, proportionate and necessary. For example, the AFP and the ACIC are required to notify the Inspector-General of Intelligence and Security (IGIS) that a thing was done to conceal access under a network activity warrant after the 28-day period following expiry of the warrant within 7 days after the thing was done (proposed section 49D of the SD Act).
Committee comment
2.217 The committee thanks the minister for this response.
2.218 The committee notes the minister's advice that the circumstances in which an emergency authorisation may be issued, and the matter to which it relates, must be of a level of seriousness and urgency to necessitate immediate disruption of data or account takeover activity to deal with the risk. The minister also advised that a judge, AAT member or magistrate, in determining whether to approve an emergency authorisation, must take into account strict issuing criteria, including the existence of alternative methods that could have helped to avoid the risks and an assessment of whether or not it was practicable in the circumstances to apply for a warrant instead of an authorisation.
2.219 The committee also notes the minister's advice that emergency authorisations are currently available for the use of surveillance devices and access to data under the Surveillance Devices Act 2004 (the Surveillance Devices Act), and that, in practice, emergency authorisations are very rarely utilised.
2.220 While noting this advice the committee does not consider the fact that emergency authorisations are available for other types of warrants under the Surveillance Devices Act is, of itself, sufficient justification for their use in the context of this bill.
2.221 The committee further notes the minister's advice that information gathered as part of an emergency authorisation, including one that is not subsequently approved, is considered 'protected information' and is subject to strict use and disclosure provisions. The minister also noted that an example of a permitted purpose for the use of information obtained under an emergency authorisation that is not subsequently approved would include an investigation into improper surveillance. The committee also notes the minister's advice that destruction of information gathered under an emergency authorisation that is not subsequently approved may detract from effective oversight of agencies' use of emergency authorisation powers.
2.222 While noting this advice, from a scrutiny perspective, the committee reiterates its concerns that data disruption and account takeover activities can involve significant coercive and intrusive powers, and that allowing a law enforcement agency to initially authorise its own actions under an emergency authorisation, even in circumstances where such an authorisation must be subsequently approved, has the potential to unduly trespass on an individual's privacy.
2.223 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.224 From a scrutiny perspective, the committee remains concerned about the proposal to allow a law enforcement agency to initially authorise its own use of significant coercive and intrusive powers under an emergency authorisation, even in circumstances where such an authorisation must be subsequently approved. The committee draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of the use of emergency authorisations to disrupt data or undertake account takeover activities.
2.225 The committee notes the minister's advice that making provision for concealment activities allows an agency to prevent targets learning that they are under investigation and attempting to impact further efforts to gather evidence or intelligence about their activities. The minister advised that it is appropriate that concealment activities are able to occur without additional external approval as the activities are incidental to the granting of the original warrant.
2.226 The committee further notes the minister's advice with regard to oversight mechanisms including that the AFP and ACIC are required to notify the Inspector-General of Intelligence and Security that a thing was done to conceal access under a network activity warrant after the 28-day period following the expiry of the warrant within 7 days after the thing was done. However, it does not appear that such a safeguard applies in relation to activities to conceal things done under data disruption warrants or account takeover warrants.
2.227 From a scrutiny perspective, the committee remains concerned that the provisions authorising concealment activities allow significant coercive or intrusive actions to be undertaken which have not been directly authorised under an existing warrant, and which may be undertaken for an extended period of time following the expiration of a warrant.
2.228 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.229 The committee draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of enabling law enforcement agencies to undertake activities to conceal any thing done under a warrant after the warrant has ceased to be in force.
2.230 The committee further requested the minister's detailed advice as to:
• the effect of Schedules 1–3 on the privacy rights of third parties and a detailed justification for the intrusion on those rights, in particular:
• why proposed sections 27KE and 27KP do not specifically require the judge or nominated AAT member to consider the privacy implications for third parties of authorising access to a third party computer or communication in transit;[71]
• why the requirement that an issuing authority be satisfied that an assistance order is justifiable and proportionate, having regard to the offences to which it would relate, only applies to an assistance order with respect to data disruption warrants, and not to all warrants;[72] and
• whether the breadth of the definitions of ‘electronically linked group of individuals’ and ‘criminal network of individuals’ can be narrowed to reduce the potential for intrusion on the privacy rights of innocent third parties.[73], [74]
Minister's response
2.231 The minister advised:
The committee requests the minister's detailed advice as to the effect of Schedules 1-3 on the privacy rights of third parties and a detailed justification for the intrusion on those rights, in particular:
(a) why proposed sections 27KE and 27KP do not specifically require the judge or nominated AAT member to consider the privacy implications for third parties of authorising access to a third party computer or communication in transit
There are certain activities which can be authorised by an issuing authority under a data disruption warrant or a network activity warrant which could potentially have an impact on the privacy of third parties. These activities include entering premises and accessing computers and communications in transit, as these could potentially be premises, computers and communications of third parties. Such activities, along with the others listed in sections 27KE (data disruption warrants) and 27KP (network activity warrants), are specifically listed in the legislation because they will often be essential tools in the execution of these warrants. No warrant can authorise activity beyond that which is listed unless it is reasonably incidental to carrying out those actions. Further protections have been inserted in subsections 27KE(7), 27KE(12) and 27KP(6) to ensure that data disruption warrants and network activity warrants cannot authorise other activities.
To safeguard any potential impact on the privacy of third parties, the Bill requires that the issuing authority undertake a proportionality test before deciding to issue a data disruption warrant or network activity warrant. These considerations are described in further detail in earlier answer above at 1.109(c), but are also summarised below.
Data disruption warrants
In order to issue a data disruption warrant, the Judge or AAT member must be satisfied that the activities authorised by the warrant are justified and proportionate with regard to the offences targeted. This is to ensure that the use of these warrants is proportionate to the alleged or suspected offending in all circumstances. In making this determination, the issuing authority may wish to take into account, for example, the scope of the warrant in terms of how many people are affected, the exact nature of the potential intrusion on people's private information, and whether that intrusion is justified by the serious nature of the criminality being targeted. Whilst it may be necessary to access information or property belonging to third parties in order to disrupt data. this must be proportionate to the frustration of the offences targeted. There are also strong protections and safeguards in place to ensure that information is protected and only used appropriately.
Network activity warrants
For a network activity warrant, the Judge or AAT member must consider whether the activities authorised by the warrant are proportionate to the likely value of intelligence to be collected, as well as the extent to which the warrant is likely to result in access to data of persons lawfully using a computer. Whilst it may be necessary to access information or property belonging to third parties, this must be proportionate to the value of intelligence that is collected, and there are safeguards associated with network activity warrants to further protect information.
(b) why the requirement that the issuing authority be satisfied that an assistance order is justifiable and proportionate, having regard to the offences to which it would relate, only applies to an assistance order with respect to data disruption warrants, and not to all warrants
As the Committee notes, an eligible Judge or nominated AAT member must be satisfied that disruption of data held in a computer is justifiable and proportionate, having regard to the offences targeted, before granting an assistance order in support of a data disruption warrant. This is because the criterion upon which the granting of an assistance order is assessed reflects that of which the issuing authority must be satisfied when authorising the supporting warrant.
In order to issue a data disruption warrant, an eligible Judge or nominated AAT member must (amongst other things) be satisfied that there are reasonable grounds for the suspicion of the applicant that the disruption of data is likely to substantially assist in frustrating the commission of relevant offences. The eligible Judge or nominated AAT member must also be satisfied that the disruption of data authorised by the warrant is justifiable and proportionate, having regard to the offences targeted (subsection 27KC(1) of the SD Act).
These are similar matters to which an eligible Judge or nominated AAT member must be satisfied of when granting an assistance order in support of a data disruption warrant (subsection 648(2) of the SD Act). Satisfaction of similar matters at the time of issuing the warrant and the granting of the assistance order ensures that any activity required by an assistance order does not extend beyond the scope of the underpinning warrant.
The same principles apply in relation to the granting of assistance orders supporting network activity warrants and account takeover warrants. Similar matters that must be satisfied at the time of issuing these warrants must again be satisfied at the granting of an assistance order.
In recognition of the impact on privacy of third parties, the issuing authority is required to have regard to certain specified matters when deciding whether to issue the warrant. For network activity warrants, this includes consideration of whether the activities authorised by the warrant are proportionate to the likely value of intelligence to be collected, as well as the extent to which the warrant is likely to result in access to data of persons lawfully using a computer. For account takeover warrants, this includes taking into account the extent to which the privacy of any person is likely to be affected.
Consideration of these matters will inform the issuing authority's decisions to issue warrants, including his or her satisfaction of the matters particular to that warrant and, in turn, inform decisions about whether to grant an assistance order. Ensuring that the issuing authority is required to be satisfied of justifiability and proportionality before a warrant can be issued or assistance order granted is intended to safeguard against any undue impact on privacy.
(c) Whether the breadth of the definitions of 'electronically linked group of individuals' and 'criminal network of individuals' can be narrowed to reduce the potential intrusion on the privacy rights of innocent third parties
The purpose of network activity warrants is to enable the AFP and the ACIC to better target criminal groups operating online. Network activity warrants will be an essential tool for collecting information about the constitution and methodologies of criminal organisations, and people participating in criminal groups. A key consideration in applying for a network activity warrant under new section 27KK is suspicion on reasonable grounds that a group of individuals is a criminal network of individuals.
A criminal network of individuals is a group of individuals who are electronically linked. An electronically linked group of individuals may be using a shared internet service in common, or may have established their own secure communications networks in order to communicate and conduct their activities. Whilst the number and identity of the group of individuals may not be known, there must be a link between two or more people who meet or communicate electronically. It is essential that the concept of 'electronically linked group of individuals' is broad enough to encapsulate individuals who do not identify as being in a criminal organisation or group, but who are nevertheless operating in a network. An 'electronic link' also accounts for the fact that people may not have a personal relationship with an individual who they are nonetheless communicating with. They do not have to have knowledge of each other's activities. This definition is deliberately broad to capture groups of individuals who, for example, are accessing an illicit dark web marketplace where they are unlikely to consider themselves as members, but rather customers, such as people who are paying to view tine live streaming of child exploitation material.
In order for an electronically linked group of individuals to constitute a criminal network of individuals, one or more individuals in the group must have engaged, are engaging, or are likely to engage in conduct that constitutes a relevant offence, or have facilitated, are facilitating, or are likely to facilitate, another person's engagement in conduct that constitutes a relevant offence. The person whose engagement in criminal activity was facilitated by an individual in the group, may or may not be an individual in the group themselves. As noted by the Committee, there is no requirement that every individual who is part of the criminal network is himself or herself committing, or intending to commit, a relevant offence. This deliberately captures those individuals who are, knowingly or unknowingly, facilitating engagement by another person in conduct constituting a relevant offence. It is important that the concept of 'criminal network of individuals' is broad enough to cover unwitting participants in criminal activity, so that this crucial intelligence can still be collected. For example, a criminal network of individuals may include an individual who owns an IT platform that is, without the knowledge of that person, being exploited by a criminal organisation for illegal purposes.
Committee comment
2.232 The committee thanks the minister for this response.
2.233 The committee notes the minister's advice that, to safeguard any potential impact on the privacy of third parties, the bill requires that an issuing authority undertake a proportionality test before deciding to issue a data disruption warrant or network activity warrant. In relation to data disruption warrants, the minister advised that, in making a determination of whether activities authorised by a warrant are justified and proportionate with regard to the offences targeted, the issuing authority may wish to take into account matters relevant to the scope of people affected and the nature of intrusion into people's private information.
2.234 In relation to network activity warrants, the minister advised that access to information or property belonging to third parties in order to carry out the warrant must be proportionate to the likely value of intelligence that is intended to be collected.
2.235 While noting this advice, from a scrutiny perspective, the committee remains concerned that the coercive search powers available to law enforcement under data disruption and network activity warrants authorise the collection of potentially substantial amounts of personal information of persons who are not the subject of the warrant, such that the execution of these warrants may unduly trespass on the privacy of third parties.
2.236 The committee draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of not specifically requiring the judge or nominated AAT member to consider the privacy implications for third parties when authorising access to a third party computer or communication in transit under a data disruption warrant or network activity warrant.
2.237 The committee notes the minister's advice that the criteria upon which the granting of an assistance order is assessed reflects that of which the issuing authority must be satisfied when authorising the supporting warrant. The minister advised that satisfaction of similar matters at the time of issuing the warrant and the granting of the assistance order ensures that any activity required by an assistance order does not extend beyond the scope of the underpinning warrant, and that ensuring that the issuing authority is required to be satisfied of justifiability and proportionality before a warrant can be issued or assistance order granted is intended to safeguard against any undue impact on privacy.
2.238 While noting this advice, the committee notes that the issuing of an assistance order has the potential to seriously impact the privacy of innocent third parties in ways that may be substantially more significant than that imposed by the issuing of the initial warrant. Of particular concern to the committee is the imposition of significant penalties, including imprisonment, for non-compliance with an assistance order.
2.239 The committee reiterates its scrutiny concerns that the provisions could result in a person not suspected of any wrongdoing being compelled to provide information which could lead to access to their own personal information. The committee further reiterates that its scrutiny concerns are heightened by the ability for assistance orders to be made in relation to emergency authorisations for disruption of data or account takeover activities.
2.240 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.241 The committee otherwise draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of the grounds for consideration for granting assistance orders in relation to each of the proposed warrants, noting that the granting of an assistance order could result in a person not suspected of any wrongdoing being compelled to provide information which could lead to access to their own personal information.
2.242 The committee notes the minister's advice that it is essential that the concept of 'electronically linked group of individuals' is broad enough to encapsulate individuals who do not identify as being in a criminal organisation or group, but who are nevertheless operating in a network, and that an 'electronic link' accounts for the fact that people may not have a personal relationship with an individual who they are communicating with, and do not have to have knowledge of each other's activities.
2.243 The minister further advised that the concept of criminal network of individuals deliberately captures individuals who are, knowingly or unknowingly, facilitating engagement by another person in conduct constituting a relevant offence.
2.244 While noting this advice, the committee notes that the scope of 'relevant offence' for network activity warrants is also very broad, capturing a broad list of offences including offences under various Acts, and which may be expanded by regulations.[75] From a scrutiny perspective, the committee remains concerned that the combined effect of these broad definitions may create a potentially unlimited class of persons who may be subject to surveillance under a network activity warrant, or be affected as a third party connected to a person whose information is being accessed under a network activity warrant.
2.245 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.246 The committee otherwise draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of the broad definitions of 'electronically linked group of individuals' and 'criminal network of individuals'.
2.247 The committee further requested the minister's detailed advice as to:
• whether all of the exceptions to the restrictions on the use, recording or disclosure of protected information obtained under the warrants are appropriate and whether any exceptions are drafted in broader terms than is strictly necessary; and
• why the bill does not require review of the continued need for the retention of records or reports comprising protected information on a more regular basis than a period of five years. [77]
Minister's response
2.248 The minister advised:
Whether all of the exceptions to the restrictions on the use, recording or disclosure of protected information obtained under the warrants are appropriate and whether any exceptions are drafted in broader terms than is strictly necessary
All information collected under the warrants in this Bill is strictly protected. Information is broadly prohibited from being used or disclosed. Where there are exceptions to that prohibition, those exceptions are necessary either to enable the warrants to be effective, or to enable strong oversight and accountability mechanisms, or to enable proper and appropriate judicial processes to be carried out, or to enable information sharing necessary for agencies to carry out their functions or in emergency circumstances. The ability to use and disclose information has been designed to be limited to only that which is necessary.
Prohibition and offences
The Bill classifies data disruption warrant information as 'protected information' under the existing provisions in the SD Act, which currently govern information collected under other warrants in that Act, for example, computer access warrants.
Information gathered under an account takeover warrant is also classified as 'protected information'. This is a new concept in the Crimes Act introduced by the Bill, borrowing from the SD Act so that account takeover warrant information is governed by the same prohibitions and exceptions as most information under the SD Act, including data disruption warrant information.
There is also a prohibition on using and disclosing 'protected network activity warrant information', a new category of protected information introduced by the Bill into the SD Act. Protected network activity warrant information is information obtained under, or relating to, a network activity warrant including information obtained from the use of a surveillance device under a network activity warrant but not including information obtained through interception. This also includes any information that is likely to enable the identification of the criminal network of individuals, individuals in that network, computers used by that network, or premises at which computers used by that network are located. Information that was obtained in contravention of a requirement for a network activity warrant is also captured by this definition.
A person commits an offence if he or she uses, records, communicates or publishes protected information or protected network activity warrant information except in very limited circumstances. The Bill also provides for an aggravated offence if this disclosure endangers the health or safety or any person or prejudices the effective conduct of an investigation.
Exceptions – data disruption warrants and account takeover warrants
The exceptions to the prohibition on using, recording, communicating or publishing information collected under a data disruption warrant and under an account takeover warrant are the same as exceptions in the SD Act that relate to existing warrants, such as computer access warrants.
It is permitted to use, record, communicate, publish, and admit in evidence, protected information where necessary for the investigation of a relevant offence, a relevant proceeding, or the making of a decision as to whether or not to bring a prosecution for a relevant offence (amongst other limited purposes). It is also permitted to use, record, communicate or publish protected information where that information has already been disclosed in proceedings in open court lawfully, and where the communication of the information is necessary to help prevent or reduce the risk of serious harm.
Information collected under each of these warrants may also be shared with an intelligence agency if the information relates to a matter that is relevant to the agency's functions, and with a foreign country, the International Criminal Court, or a War Crimes Tribunal under international assistance authorisations, and also where authorised by the Mutual Assistance in Criminal Matters Act 1987 or the International Criminal Court Act 2002. It is essential that this information sharing is permitted, in order to facilitate investigations that involve other Australian agencies (for example conducting joint operations) and foreign jurisdictions.
Information may also be shared with the Ombudsman and the IGIS, and between those agencies to allow them to fulfil their oversight responsibilities in relation to the powers in the Bill.
Exceptions - network activity warrants
The exceptions to the general prohibition on using and disclosing protected network activity warrant information are configured differently to those relating to data disruption warrants and account takeover warrants. This is because, as network activity warrants are for intelligence purposes, they cannot be used to gather evidence in investigations, and the information collected generally cannot be adduced in evidence in a criminal proceeding.
Protected network activity warrant information may be used or disclosed if necessary for collecting, correlating, analysing or disseminating, or the making of reports in relation to, criminal intelligence in the performance of the legislative functions of the AFP or the ACIC. The information can also be the subject of derivative use allowing it to be cited in an affidavit on application for another warrant (which will themselves contain protections on information gathered). This will assist in ensuring that network activity warrants can be useful in furthering investigations into criminal conduct made under subsequent warrants.
Protected network activity warrant information cannot be used in evidence in criminal proceedings, other than for a contravention of the secrecy provisions that apply to this intelligence. This is important for ensuring that where a person has unlawfully used or disclosed this information, he or she may be effectively investigated and prosecuted for the offence. The information may also be disclosed for the purposes of the admission of evidence in a proceeding that is not a criminal proceeding. This is intended to allow protected network activity warrant information to be used in other proceedings, such as those that question the validity of the warrant. Therefore, if a case is brought to challenge the decision to issue a warrant, there will be evidence which can be validly drawn upon. These exceptions are intended to protect the rights of persons who are the subject of, or whose information has been collected under, a network activity warrant.
The ability to share information obtained under a network activity warrant with ASIO or an intelligence agency is intended to facilitate joint operations between the AFP and the ACIC and other members of the National Intelligence Community. These agencies currently conduct complex and interrelated intelligence operations, and may need to share information to support activities within their respective functions, in particular those in relation to safeguarding national security. For example, information collected under a network activity warrant about a terrorist organisation may be shared with ASIO if related to ASIO's functions. Information held by ASIO and intelligence agencies, including information obtained under a network activity warrant that is then communicated to those agencies, is protected by strict use and disclosure provisions in the Australian Security Intelligence Organisation Act 1979 and Intelligence Services Act 2001.
To ensure compliance with reporting and record-keeping requirements, the Bill provides that protected network activity warrant information may be used or disclosed for the purpose of keeping records and making reports by the AFP and the ACIC in accordance with the obligations imposed by the Bill. Information may also be shared with the Ombudsman and the IGIS, and between those agencies to allow them to fulfil their oversight responsibilities in relation to the powers in the Bill. These exceptions are important to facilitate effective oversight of the AFP and the ACIC and protect the rights of persons who are the subject of, or whose information has been collected under, a network activity warrant. Information held by the Ombudsman and IGIS, including information obtained under a network activity warrant that is then communicated to those bodies, is protected by strict use and disclosure provisions in the Ombudsman Act 1976 and Inspector-General of Intelligence and Security Act 1986.
Why the bill does not require review of the continued need for the retention of records or reports comprising protected information on a more regular basis than a period of five years
Records comprising protected information in the Bill must be destroyed as soon as practicable if the material is no longer required, and at most within five years of the material no longer being required (unless a relevant officer certifies certain matters that go to the need to keep the material for ongoing activity). As noted by the Committee, the chief officer of the AFP or the ACIC must ensure that information obtained under each of these warrants is kept in a secure place that is not accessible to people who are not entitled to deal with the record or report. This is consistent with existing record-keeping and destruction obligations in relation to surveillance device warrants and computer access warrants in the SD Act.
As with information collected under existing warrants in the SD Act, the ability to retain information for five years reflects the fact that some investigations and operations are complex and run over a long period of time. Requiring the security and destruction of records ensures that the private data of individuals accessed under a warrant is only handled by those with a legitimate need for access, and is not kept in perpetuity where there is not a legitimate reason for doing so. The Ombudsman and IGIS are empowered to assess agencies' compliance with record-keeping and destruction requirements as part of their oversight of powers in the Bill.
Committee comment
2.249 The committee thanks the minister for this response.
2.250 The committee notes the minister's advice that where there are exceptions to the broad prohibitions on use or disclosure of information collected under warrants in the bill, these exceptions are necessary to enable to warrants to be effective, to enable strong oversight and accountability mechanisms, to enable proper and appropriate judicial processes to be carried out, or to enable information sharing necessary for agencies to carry out their functions or in emergency circumstances. The minister advised that the ability to use and disclose this information has been designed to be limited to only that which is necessary.
2.251 The committee also notes the minister's advice in relation to the various exceptions for use of information obtained under data disruption and account takeover warrants, including that these are the same as exceptions in the Surveillance Devices Act 2004 that relate to existing warrants.
2.252 The committee also notes that information collected under these warrants may be shared with a foreign country, specified international bodies, and also where authorised by the Mutual Assistance in Criminal Matters Act 1987. The minister advised that it is essential that this information sharing is permitted in order to facilitate investigations that involve other Australian agencies and foreign jurisdictions. While noting this advice, the sharing of sensitive personal information with foreign countries may raise scrutiny concerns where there are no requirements that the foreign countries receiving this information have the same rule of law protections in place as those which are afforded to individuals in Australia, and where such countries may criminalise behaviour which is not an offence in Australia.
2.253 With respect to network activity warrants, the committee notes the minister's advice that the exceptions to the general prohibition on using and disclosing protected network activity warrant information are configured differently to those relating to data disruption warrants and account takeover warrants, as network activity warrants cannot be used to gather evidence in investigations and the information collected generally cannot be adduced in evidence in criminal proceedings.
2.254 The minister provided examples of permitted uses or disclosures of protected network activity warrant information, including allowing for it to be cited in relation to an application for another warrant, and in relation to activities connected to criminal intelligence in the performance of functions of the AFP or ACIC. The committee also notes that where exceptions provide for information to be disclosed in criminal or non-criminal proceedings (such as in relation to a contravention of secrecy provisions or to question the validity of a warrant) these exceptions are intended to protect the rights of persons who are the subject of, or whose information has been collected under, a network activity warrant.
2.255 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.256 The committee otherwise draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of the exceptions to the prohibitions on use and disclosure of information obtained under the warrants proposed in the bill.
2.257 The committee notes the minister's advice that the requirements in the bill around storage and destruction of records comprising protected information are consistent with existing record-keeping and destruction obligations in the Surveillance Devices Act 2004. The minister advised that the ability to retain information for five years reflects the fact that some investigations and operations are complex and run over a long period of time.
2.258 The committee also notes the minister's advice that the ombudsman and Inspector-General of Intelligence and Security are empowered to assess agencies' compliance with record-keeping and destruction requirements as part of their oversight of powers in the bill.
2.259 While noting this advice, it remains unclear to the committee why the bill does not require a review of the continued need for the retention of such records on a more regular basis, particularly noting that it does not appear that all investigations relevant to the warrants will be so lengthy or complex as to make more regular review inappropriate.
2.260 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.261 The committee otherwise draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of specifying a period of five years for the review of the continued need for the retention of records or reports comprising protected information.
2.262 In Scrutiny Digest 1 of 2021 the committee requested the minister's detailed advice as to:
• why it is considered necessary and appropriate to provide for evidentiary certificates to be issued in connection a data disruption warrant or emergency authorisation, a network access warrant, or an account takeover warrant;
• the circumstances in which it is intended that evidentiary certificates would be issued, including the nature of any relevant proceedings; and
• the impact that issuing evidentiary certificates may have on individuals' rights and liberties, including on the ability of individuals to challenge the lawfulness of actions taken by law enforcement agencies.[79]
Minister's response
2.263 The minister advised:
Why it is considered necessary and appropriate to provide for evidentiary certificates to be issued in connection with a data disruption warrant or emergency authorisation, a network activity warrant, or an account takeover warrant
The Guide to Framing Commonwealth offences, Infringement Notices and Enforcement Powers notes that evidentiary certificates should generally only be used to settle formal or technical matters of fact that would be difficult to prove by adducing admissible evidence. It is generally unacceptable for evidentiary certificates to cover questions of law, which are for courts to determine.
Evidentiary certificates are able to be issued in relation to acts done by the AFP or the ACIC in connection with the execution of the warrant, or the information obtained under the warrant. The evidentiary certificate regimes in relation to each of the warrants are designed to protect capabilities and methodology being disclosed in court.
Evidentiary certificates will only cover the manner in which evidence was obtained and by whom but not the actual evidence itself. The certificates would only deal with factual matters, being the factual basis on which an officer did any thing in connection with the execution of the warrant, or in relation to the information obtained under the warrant. They would not deal with questions of law that would be properly the role of the courts to determine.
Evidentiary certificates are prima facie (that is, certificates issued under the regimes will be persuasive before a court, as distinct from a conclusive certificate that cannot be challenged by a court or defendant). The prima facie nature of evidentiary certificates will protect sensitive AFP and ACIC capabilities by preventing prosecutors from being required in the first instance to disclose the operation and methods of law enforcement unless a defendant seeks to dispute the veracity of the methods used to gather information against their interest. The courts will retain the ability to test the veracity of the evidence put before it should there be founded grounds to challenge the evidence.
The circumstances in which it is intended that evidentiary certificates would be issued, including the nature of any relevant proceedings
Evidentiary certificates are intended to streamline the court process by reducing the need to contact numerous officers and experts to give evidence during proceedings on routine matters. Evidentiary certificates can be issued by an appropriate authorising officer for a law enforcement officer and assist agencies in protecting sensitive capabilities.
The certificates will cover circumstances where it would be difficult to prove the methods of data collection before a court without exposing sensitive law enforcement capabilities. Methods used to conceal that a warrant has been executed or the methods used to covertly access or disrupt data, or take control of an online account, may be covered by an evidentiary certificate. In a criminal trial, where it may be necessary to establish the provenance of evidence called against a defendant, it may be necessary to rely on an evidentiary certificate lo prove that evidence was collected as a result of a warrant.
Evidentiary certificates will be used in respect of the warrant-related activities and handling of information obtained under warrants as they are able to be used with existing surveillance device warrants and computer access warrants in the SD Act. A certificate may be issued, for example, in respect of anything done by a law enforcement officer in connection with the warrant's execution. The certificate may also set out relevant facts with respect to anything done by the law enforcement officer relating to the communication of information obtained under a warrant by a person to another person. A certificate can also set out anything done by a law enforcement officer concerning the making use of, or the making of, a record or the custody of a record of information obtained under the warrant.
These certificates relate to technical questions and not substantial matters of fact or questions of law. For example, it may be that a certain vulnerability within a device was used to execute a warrant. Enquiries into these actions may put at risk existing operations also utilising that vulnerability. Evidentiary certificates to protect capabilities and methodology is critical to maintaining law enforcement's ability to effectively utilise Commonwealth surveillance laws.
The impact that issuing evidentiary certificates may have on individuals' rights and liberties, including on the ability of individuals to challenge the lawfulness of actions taken by law enforcement agencies
The Bill engages certain rights, such as Article 14(2) of the International Covenant on Civil and Political Rights, which provides that everyone charged with a criminal offence should have the right to be presumed innocent until proven guilty according to law. Limitations on this right are permissible when they are reasonable in the circumstances, and maintain the rights of the accused.
The evidentiary certificate provisions in the Bill create a presumption as to the existence of the factual basis on which the certificate is issued which requires the defendant to disprove the matters in the certificate if they seek to challenge them. However, these matters will only be details of sensitive information such as how the evidence was obtained and by whom. This is necessary to protect law enforcement agencies' sensitive capabilities and methodology. Evidentiary certificates will not, however, establish the weight or veracity of the evidence itself which is a matter for the court.
The defendant will not be prevented from leading evidence to challenge a certificate. The nature of a prima facie evidence certificate regime provides an ability for the accused to establish illegality – that is, to seek to establish that acts taken in order to give effect to a warrant contravened the legislation should they choose to do so within the boundaries of the judicial framework, and put the party bringing the proceedings to further proof. However, regardless of the evidentiary certificate regime, the prosecution will still have to make out all elements of any offence.
Committee comment
2.264 The committee thanks the minister for this response. The committee notes the minister's advice that that the evidentiary certificates would only deal with factual matters and would not deal with questions of law (which would be determined by the court). The minister also advised that the evidentiary certificate regimes in relation to each of the warrants are designed to protect capabilities and methodology from being disclosed in court, and that the certificates will only cover the manner in which evidence was obtained and by whom but not the actual evidence itself.
2.265 The committee also notes the minister's advice that the prima facie nature of evidentiary certificates will protect sensitive AFP and ACIC capabilities by preventing prosecutors from being required in the first instance to disclose the operation and methods of law enforcement unless a defendant seeks to dispute the veracity of methods used, and that the courts will retain the ability to test the veracity of the evidence should there be founded grounds to challenge the evidence.
2.266 The committee further notes the minister's advice that the circumstances in which certificates would be issued are intended to cover circumstances where it would be difficult to prove the methods of data collection before a court without exposing sensitive law enforcement capabilities, such as methods used to conceal that a warrant has been executed or methods used to covertly access or disrupt data or take control of an online account. The minister advised that the certificates may be issued in respect of anything done by a law enforcement officer in connection with a warrant's execution, and may set out anything done by a law enforcement officer concerning the making use of, or the making of, a record or the custody of a record of information obtained under the warrant.
2.267 The minister advised that the certificates relate to technical questions and not substantial matters of fact or questions of law. The minister also provided examples of where evidentiary certificates may be used including:
• in a criminal trial, where it may be necessary to rely on an evidentiary certificate to prove that evidence was collected as a result of a warrant; and
• in circumstances where a certain vulnerability within a device was used to execute a warrant, in order to protect existing operations also utilising that vulnerability.
2.268 Finally, the committee notes the minister's advice in relation to the impact that issuing evidentiary certificates may have on individuals' rights and liberties, including that the defendant will not be prevented from leading evidence to challenge a certificate. The minister advised that the provisions create a presumption as to the existence of the factual basis on which the certificate is issued but that evidentiary certificates will not establish the weight or veracity of the evidence itself. The committee notes the minister's advice that the regime provides an ability for an accused to seek to establish that acts taken in order to give effect to a warrant contravened the legislation, and put the party bringing proceedings to further proof.
2.269 While noting the minister's advice, the committee remains concerned that the use of evidentiary certificates may impose a significant burden on persons seeking to challenge the validity of certain actions, in particular things done in the execution of warrants and steps taken to conceal them. For example, where matters in an evidentiary certificate relate to covert access and concealment, raising evidence to challenge these matters may be extremely difficult.
2.270 The committee also notes that the minister's response indicates that evidentiary certificates may cover how evidence that goes directly to the culpability of an offence was obtained, even if the certificates may not cover the evidence itself. In some cases, the question of whether evidence was unlawfully obtained may be central whether a person is ultimately convicted of an offence. Consequently, it is not apparent that the evidentiary certificates contemplated by the bill would in all cases be sufficiently removed from the main facts at issue in proceedings—such as would make their use appropriate.[80]
2.271 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.272 The committee otherwise draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of the use of evidentiary certificates in relation to things done in connection with warrants established by the bill.
2.273 In Scrutiny Digest 1 of 2021 the committee requested the minister's advice as to why it is proposed to use offence-specific defences (which reverse the evidential burden of proof) in this instance.[82]
Minister's response
2.274 The minister advised:
The Bill introduces the concept of 'protected information' into the Crimes Act in relation to account takeover warrants, replicating the meaning of 'protected information' in the SD Act. This means that it will be an offence to disclose protected information under the Crimes Act except in limited circumstances. That offence, as well as the associated aggravated offence, are substantively similar to section 45 of the SD Act. The exceptions to the commission of the offences also replicate section 45.
In accordance with subsection 13.3(3) of the Criminal Code Act 1995, it is the defendant who must adduce evidence that suggests a reasonable possibility that he or she has not unlawfully used or disclosed protected information. If the defendant discharges an evidential burden, the prosecution must disprove those matters beyond reasonable doubt (subsection 13.3(4) of the Criminal Code).
The Guide to Framing Commonwealth Offences provides that a matter should only be included in an offence-specific defence (as opposed to being specified as an element of the offence), where:
• it is peculiarly within the knowledge of the defendant, and
• it would be significantly more difficult and costly for the prosecution to disprove that for the defendant to establish the matter.
In accordance with the principles set out in the Guide to Framing Commonwealth Offences, the Bill places an evidential burden on the defendant because the matter is peculiarly within the defendant's knowledge. The defendant would be best placed to explain his or her motivations when using or disclosing protected information, as to how and why they should be considered to be acting in accordance with one of the exceptions set out in subsections 3ZZVH(3)-(5).
In order for the prosecution to disprove the matter, the prosecution would need to understand the information held by the defendant, including the defendant's state of mind and motivations. This would be significantly more difficult and costly, if not impossible, for the prosecution to disprove.
Committee comment
2.275 The committee thanks the minister for this response. The committee notes the minister's advice that the matter of whether the defendant has not unlawfully used or disclosed the protected information is peculiarly within the defendant's knowledge, as the defendant would be best placed to explain his or her motivations when using or disclosing protected information including how they were acting in accordance with one of the exceptions set out in subsections 3ZZVH(3) to (5).
2.276 The minister also advised that it would be significantly more difficult and costly for the prosecution to disprove this matter, as this would require the prosecution to understand information held by the defendant and the defendant's state of mind and motivations.
2.277 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.278 In light of the information provided, the committee makes no further comment on this matter.
2.279 In Scrutiny Digest 1 of 2021 the committee requested the minister's advice as to why it is considered necessary to allow for executive level members of staff of the ACIC to be ‘appropriate authorising officers’, in particular with reference to the committee’s scrutiny concerns in relation to the use of coercive powers without judicial authorisation under an emergency authorisation.[84]
Minister's response
2.280 The minister advised:
Proposed section 3ZZUX of the Crimes Act allows law enforcement officers of the AFP and the ACIC to apply to an 'appropriate authorising officer' instead of seeking a warrant from a magistrate for the taking control of an online account in certain emergency situations.
In relation to the ACIC, an 'appropriate authorising officer' is the CEO of the ACIC or an executive level member of staff of the ACIC who is authorised by the CEO to be an appropriate authorising officer. This means that an executive level staff member of the ACIC is only able to give an emergency authorisation if they have been authorised to do so by the CEO.
The level of officer in the ACIC able to give an emergency authorisation differs to that in the AFP to reflect differences in the organisational structures and staffing arrangements of those agencies. There may be circumstances where it is necessary and appropriate for the CEO of the ACIC to authorise executive level staff members to give emergency authorisations. For example, where particular resourcing or operational requirements permit. However, such decisions will be made at the discretion of the CEO of the ACIC.
Committee comment
2.281 The committee thanks the minister for this response. The committee notes the minister's advice that the level of officer in the ACIC able to give an emergency authorisation differs to that in the AFP to reflect differences in the organisational structure and staffing arrangements of those agencies. The minister also advised that an executive level staff member of the ACIC is only able to give an emergency authorisation if they have been authorised to do so by the CEO of the ACIC, and that circumstances in which it may be necessary and appropriate for this to occur may be in response to resourcing or operational requirements.
2.282 While noting this advice, from a scrutiny perspective, the committee reiterates its significant concerns with respect to emergency authorisations for account takeover activities, which may authorise the use of significant coercive and intrusive powers before an independent decision maker has the opportunity to review and assess the arguments for and against their use. The committee remains concerned that the bill allows the CEO of ACIC to delegate the authority to issue emergency authorisations to any executive level staff of the ACIC, rather than the most senior executive level staff of that organisation.
2.283 The committee requests that an addendum to the explanatory memorandum containing the key information provided by the minister be tabled in the Parliament as soon as practicable, noting the importance of these explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation (see section 15AB of the Acts Interpretation Act 1901).
2.284 The committee draws its scrutiny concerns to the attention of senators and leaves to the Senate as a whole the appropriateness of allowing for any executive level members of staff of the ACIC to be an ‘appropriate authorising officer’ for the purposes of issuing emergency authorisations for account takeover activity.
[61] Schedules 1 to 3. The committee draws senators’ attention to these provisions pursuant to Senate Standing Order 24(1)(a)(i).
[62] Schedule 1, item 13, proposed subsection 27KA(2) and Schedule 2, item 9, proposed subsection 27KK(2) Surveillance Devices Act 2004.
[63] Schedule 1, item 13, proposed subsection 27KD(2) and Schedule 2, item 9, proposed subsection 27KN(2) Surveillance Devices Act 2004, and Schedule 3, item 4, proposed subsection 3ZZUQ(3) Crimes Act 1914.
[64] Schedule 1, item 13, proposed subsection 27KC(2); Schedule 2, item 9, proposed subsection 27KM(2) Surveillance Devices Act 2004; Schedule 3, item 4, proposed subsection 3ZZUP(2) Crimes Act 1914.
[65] Schedule 1, items 48 and 49, Schedule 2, item 3, Schedule 3, item 4, proposed subsection 3ZZVY(2).
[66] Senate Scrutiny of Bills Committee, Scrutiny Digest 1 of 2021, pp. 29-33.
[67] See Scrutiny Digest 14 of 2018, p. 55, in relation to the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018.
[68] Schedules 1 to 3. The committee draws senators’ attention to these provisions pursuant to Senate Standing Order 24(1)(a)(i).
[69] Senate Scrutiny of Bills Committee, Scrutiny Digest 1 of 2021, pp. 33-36.
[70] Schedules 1 to 3. The committee draws senators’ attention to these provisions pursuant to Senate Standing Order 24(1)(a)(i).
[71] Schedule 1, item 13, proposed paragraph 27KE(5)(e), Schedule 2, item 9, proposed paragraph 27KP(5)(e) of the Surveillance Devices Act 2004.
[72] Schedule 1, item 47, proposed subsection 45B(2); Schedule 2, item 31, proposed subsection 64A(6A), Surveillance Devices Act 2004; Schedule 3, item 4, proposed section 3ZZVG of the Crimes Act 1914.
[73] Schedule 2, items 3 and 8.
[74] Senate Scrutiny of Bills Committee, Scrutiny Digest 1 of 2021, pp. 36-41.
[75] See Surveillance Devices Act 2004, section 6, paragraph (e) of the definition of relevant offence and Senate Scrutiny of Bills Committee, Scrutiny Digest 1 of 2021, p. 32.
[76] Schedules 1 to 3. The committee draws senators’ attention to these provisions pursuant to Senate Standing Order 24(1)(a)(i).
[77] Senate Scrutiny of Bills Committee, Scrutiny Digest 1 of 2021, pp. 41-43.
[78] Schedule 1, item 44; Schedule 2, item 29; Schedule 3, item 4 (proposed section 3ZZVZ of the Crimes Act 1914). The committee draws senators’ attention to these provisions pursuant to Senate Standing Order 24(1)(a)(i).
[79] Senate Scrutiny of Bills Committee, Scrutiny Digest 1 of 2021, pp. 43-45.
[80] See Attorney General's Department, A Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers, September 2011, p. 55.
[81] Schedule 3, item 4, proposed section 3ZZVH of the Crimes Act 1914. The committee draws senators’ attention to this provision pursuant to Senate Standing Order 24(1)(a)(i).
[82] Senate Scrutiny of Bills Committee, Scrutiny Digest 1 of 2021, pp. 45-46.
[83] Schedule 3, item 4, proposed subsection 3ZZUM(4) of the Crimes Act 1914. The committee draws senators’ attention to this provision pursuant to Senate Standing Order 24(1)(a)(ii).
[84] Senate Scrutiny of Bills Committee, Scrutiny Digest 1 of 2021, pp. 46-47.
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/other/AUSStaCSBSD/2021/71.html