Submission

28 June 2004

Telecommunications (Interception) Amendment (Stored Communications) Bill 2004

Below is a copy of EFA's submission dated 28 June 2004 to the Senate Legal & Constitutional Legislation Committee's Inquiry into the provisions of the Telecommunications (Interception) Amendment (Stored Communications) Bill 2004.

Contents:

1. Executive Summary
2. Introduction
3. Analysis & Issues
  3.1 Less privacy protection than in rejected 2002 Bill
    3.1.1 Accessing another person's undelivered messages would cease to be an illegal interception
    3.1.2 Re-enables telco employee spying like in Casualties of Telecom cases
    3.1.3 Perhaps enables LEA covert access to remotely stored undelivered communications without interception warrant
  3.2 Same issues and problems as in rejected 2002 Bill
    3.2.1 Less privacy protection than for Australia Post mail
    3.2.2 No warrant of any type would be required to access communications delayed in transit
    3.2.3 Comparison of Search Warrants and Interception Warrants
  3.3 Inconsistency with s85ZD of Crimes Act and proposed s474.5 of Criminal Code Act
  3.4 How Email Works - sending and receiving email without passage through any ISPs' mail servers
4. Conclusion
About EFA
Appendix 1: Interception Laws in Other Countries
References

1. Executive Summary

  • The effect of Telecommunications (Interception) Amendment (Stored Communications) Bill 2004 ("the Bill") is substantially the same as the rejected 2002 proposal. However, it is even more objectionable than the 2002 proposal because it completely removes email, SMS and voice mail messages (stored communications) from the scope of the Telecommunications Interception Act 1979 ("the TI Act").
  • The above results in serious issues additional to the highly controversial aspects of the rejected 2002 Bill:
    • It would no longer be an illegal interception if any person (not only an LEA officer) intercepted/accessed another person's undelivered email, SMS or voice mail messages without their knowledge. (Such interception would have remained illegal under the 2002 Bill and the First 2004 Bill.)
    • It would no longer be an illegal interception if employees of telephone companies and ISPs intercepted and spied on their customers' undelivered email, SMS and voice mail messages. The existing restrictions and protections in that regard were enacted in 1995 in direct response to the Casualties of Telecom cases ("CoT cases") following the AUSTEL inquiry finding that Telecom had intercepted and taped customer telephone calls. (Such interception would have remained illegal under the 2002 Bill and the First 2004 Bill.)
    • The Australian Federal Police would, perhaps, gain the power to snoop through undelivered email and voice mail stored on ISP's servers from remote locations using an Internet or telephone line connection. According to the Attorney-General's Department, relying on the advice of the Solicitor General, the AFP does not currently have such power. (Such interception would have required an interception warrant under the 2002 Bill and the First 2004 Bill.)

      EFA questions whether the AFP would in fact have the right to remotely access undelivered electronic communications. It has recently come to EFA's attention that it appears such conduct by the AFP would be a criminal offence under Section 85ZD of the Crimes Act 1914 and would remain an offence under currently proposed Section 474.5 of the Criminal Code.
  • Undelivered electronic communications would have less legislated privacy protection than a letter seized from a person's Australia Post P.O. Box.
  • All Commonwealth, State and Territory law enforcement agencies would gain vastly increased powers to snoop on undelivered electronic communications. This is because the TI Act limits the issue of interception warrants to specified serious crimes. This limitation on power to snoop would no longer apply.
  • Numerous government agencies would acquire brand new power to snoop on undelivered email, SMS and voice mail messages not only with a search warrant, but also without a warrant of any type (as detailed later herein).
  • Agencies that would be newly empowered to snoop on undelivered electronic communications include:
    • Police forces in:
      • Queensland
      • Tasmania
      • Northern Territory
    • State/Territory crime and anti-corruption Commissions etc (other than several in NSW and WA that are already authorised to obtain interception warrants)
    • All civil law enforcement agencies, including but certainly not limited to:
      • Australian Taxation Office
      • Australian Securities & Investment Commission (ASIC)
      • Australian Transaction Reports and Analysis Centre (AUSTRAC)
      • Australian Customs Service
      • Department of Immigration
    • It should be noted that:
      • Police forces and crime/corruption Commissions, listed above, are not currently authorised to obtain interception warrants under the TI Act (according to the 'Telecommunications (Interception) Act 1979 Report for the year ending 30 June 2003'). They are not authorised because the relevant State/Territory Government and/or Parliament has not implemented the necessary complementary legislation to the TI Act imposing parallel supervisory and accountability provisions, including those relating to inspection and reporting requirements. Such legislation is necessary before the C'th Attorney General may declare, under the TI Act, a State/Territory agency as authorised to obtain interception warrants.
      • Civil enforcement agencies are not currently empowered to snoop on telephone calls, nor on undelivered email, SMS and voice mail messages, because since at least 1979, either the government and/or the Parliament has considered it inappropriate to authorise them to obtain interception warrants.
  • Private businesses/organisations would gain a right to snoop through undelivered electronic communications, for example:
    • Lawyers and other persons representing copyright holders would gain a right to snoop through communications that have been delayed and temporarily stored during transit when executing a secretly issued civil search order, known as an Anton Pillar order, at the premises of ISPs and universities etc. A number of such privatised searches have been conducted in Australia during the past twelve months but access to communications in transit would have been prohibited by the TI Act. The Bill would remove the prohibition.
    • The management and staff of telephone service and Internet service providers would no longer be legislatively prohibited from intercepting and spying on undelivered electronic communications (the limited circumstances in which they are currently permitted to do so would no longer apply).
  • Even if the Bill or the Telecommunications Act 1997 was amended to require a search warrant to access delayed communications stored on telecommunications service providers' equipment, the longstanding, rigorous safeguards and controls set out in the Telecommunications Interception Act 1979 to prevent misuse of the power to intercept do not apply to search/seizure warrants issued under various Commonwealth, State and Territory laws.
  • A search warrant affords considerably less privacy protection than does the current requirement of an interception warrant:
    • Less strict requirements govern issue of search warrants than interception warrants. The conditions of issue of interception warrant set out in the TI Act that aim to ensure privacy of non-suspect third parties is not unduly infringed do not apply to ordinary search warrants.
    • Interception warrants can only be issued by eligible judges and nominated members of the Administrative Appeals Tribunal. Search warrants can be issued by less appropriately qualified persons, including some likely to be biased against giving adequate consideration to privacy issues, such as police officers, officers of government departments, justices of the peace, etc.
    • Limitations set out in the TI Act on the secondary (subsequent) disclosure and use of information obtained from execution of an interception warrant do not apply to information obtained under a search warrant, or without a warrant of any type.
    • Agencies would be able to obtain access, without an interception warrant, to the content of stored communications on service providers' equipment when investigating a significantly broader and far less serious range of suspected offences than the specified serious criminal offences permitted under the TI Act.
  • Enabling government agencies and private organisations to access undelivered communications stored on service providers' equipment in effect results in secret surveillance that is vastly more open to abuse than are search warrants executed on a suspect's premises. When an individual's home or office is raided by police, the individual is in a position to report such an event to the relevant ombudsman if they believe the search should not have been conducted. This minimises the prospect of police and agencies misusing search powers. It is very unlikely that service providers would inform their customer that a search of his/her communications had been undertaken by police or another agency. While this situation also applies to interception warrants, the TI Act contains rigorous safeguards and controls designed to prevent misuse.
  • The Bill is unlikely to achieve its purported objective of making life easier for police endeavouring to catch terrorists and other criminals. It is trivially easy for terrorist and other crime gangs, and any other persons, to send and receive email without it passing through any ISP's mail server or being stored anywhere during transit. They can also encrypt their email messages, or alternatively use telephone calls and facsimile messages that require an interception warrant to intercept.
  • EFA believes the outcome of the Bill would be to encourage terrorists and other criminals to bypass conventional email routing. As well, more individuals desiring privacy would start using means of sending and receiving email that does not result in unencrypted copies, or any copy, being available from an ISP. Sadly, law abiding citizens (third parties in relation to agency investigations) who do not have their own computer to access the Internet, and those who do not have sufficient technical knowledge to run their own mail servers or encrypt their email, would be the persons least safe and secure from unreasonable invasion of their privacy.
  • Since early 2002, patches to the existing legislation have been tried twice by the government. The currently proposed third patch is even more problematic than the first version. The existing TI Act should remain in place unamended for the forthcoming 12 months, while the Attorney-General's Department conducts the announced full review of the interception legislation.
  • The provisions of the Bill are the opposite of the laws concerning LEA interception of undelivered stored communications in the United Kingdom, New Zealand and the U.S.A. In these countries an interception warrant is required. The laws in the UK and NZ were enacted in 2000 and 2003 respectively. Information on interception laws applicable to stored communications in those countries is provided in Appendix 1.
  • The Telecommunications (Interception) Amendment (Stored Communications) Bill 2004 should be abandoned. The Bill is an utter disgrace. It is the type of legislation one might expect to see in a police state, not in a democracy.

Up ArrowGo to Contents List


2. Introduction

The Telecommunications (Interception) Amendment (Stored Communications) Bill 2004, introduced into the House of Representatives on 27 May 2004, is the Commonwealth Government's third attempt since early 2002 to amend the Telecommunications (Interception) Act 1979 ("TI Act") in relation to email, SMS and voice mail messages.

Under current law, an interception warrant is required to access the contents of email, SMS and voice mail messages that are temporarily delayed and stored during passage over the telecommunications system, (e.g. stored on an ISP's or telephone service provider's equipment pending delivery to the intended recipient), the same as is required to intercept a telephone call and a facsimile message.

The 2002 Bill

The first Bill, introduced on 12 March 2002 ("the 2002 Bill"), sought to remove the protection from interception for delayed access messages. Enactment of the Bill:

  • would have removed the need for an interception warrant to obtain access to undelivered messages stored on a telecommunications service provider's equipment;
  • would not have permitted LEAs (including the AFP) to access (except with an interception warrant) messages stored remotely where accessing such messages required the use of a telecommunications line (unless the use of the line was merely for the purpose of, or an incidental result of turning on equipment; or obtaining power required to operate equipment; or other action prescribed by regulations for the purpose of the provision).

The Committee recommended "that the Attorney-General review the current law on access to stored communications of delayed messages services with a view to amending the Telecommunications Interception Legislation Amendment Bill 2002 so that the accessing of such data requires a telecommunication interception warrant".

The provisions concerning stored communications were deleted from the Bill by the government when it became clear they did not have sufficient support in the Senate.

The First 2004 Bill

The second Bill, introduced on 19 February 2004 ("the First 2004 Bill"), sought to increase the protection for delayed access messages. Enactment of the Bill:

  • would have extended the definition of "interception" to include reading or viewing a communication;
  • would have required that LEAs obtain an interception warrant to access messages temporarily stored during passage. An interception warrant would have been required until after messages have been read/accessed by the intended recipient (or a person authorised by the intended recipient), or have been delivered to equipment that the intended recipient could use to read/access same without using a telecommunications system to do so;
  • would not have permitted the AFP to intercept (except with an interception warrant) messages stored remotely where accessing such messages required the use of a telecommunications line or any other form of remote access (unless the use of the line was merely for the purpose of, or an incidental result of turning on equipment; or obtaining power required to operate equipment; or other action prescribed by regulations for the purpose of the provision).

Those provisions were deleted due to disagreement between the Attorney-General's Department (relying on the opinion of the Solicitor-General) and the Australian Federal Police (relying on the opinion of the C'th Director of Public Prosecutions) concerning the correct interpretation of the law.

The Current 2004 Bill

The third Bill, introduced on 27 May 2004 ("the Current 2004 Bill"), reverts to substantially the same proposal as was rejected in 2002.

As the Attorney-General's media release of 27 May 2004 states:

"...the amendments will enable access to stored communications, such as email and voice mail, without a telecommunications interception warrant.
The amendments will allow access to stored communications under other forms of lawful authority, such as a search warrant".

The same was said about the 2002 Bill. For example, on 19 April 2002, the Attorney-General's Department informed the Senate Committee hearing that agencies would be permitted to access stored communications "under some other lawful authority like a search warrant".

However, the Current 2004 Bill would remove even more of the existing protections from interception than the rejected 2002 Bill would have because, unlike the 2002 Bill, it completely removes stored communications from the scope of the TI Act. This results in serious issues additional to the highly controversial aspects of the rejected 2002 Bill.

The Current 2004 Bill would remove the need for an interception warrant to access the content of communications temporarily delayed and stored on a telecommunication service provider's equipment during transit (i.e. that have not been delivered to the intended recipient). Access to undelivered email, SMS and voice mail messages would become available to government agencies (not only police), private investigation agencies, telephone companies and ISPs and other people.

Furthermore, the Bill has the effect of allowing interception/access to undelivered communications, not only with a search warrant, but also without a warrant of any type.

The Bill would inappropriately change the long-established balance in telecommunications interception law between individuals' right to privacy and the needs of law enforcement agencies.

Although the Commonwealth Government frequently cites enthusiasm for "technology neutral" laws, this Bill is certainly not. It treats email, SMS and voice mail telecommunications quite differently from facsimile messages (faxes) and telephone call telecommunications.

Up ArrowGo to Contents List


3. Analysis & Issues

3.1 Less privacy protection than in rejected 2002 Bill

Although the Current 2004 Bill is substantially the same as the 2002 proposal, it is even more objectionable than the 2002 proposal because, unlike the 2002 Bill, it completely removes email, SMS and voice mail messages (stored communications) from the scope of the Telecommunications Interception Act ("the TI Act"). This results in serious issues additional to the highly controversial aspects of the 2002 Bill as discussed below.

3.1.1 Accessing another person's undelivered messages would cease to be an illegal interception

The existing TI Act makes it an offence for a person to "(a) intercept; (b) authorize, suffer or permit another person to intercept; or (c) do any act or thing that will enable him or her or another person to intercept; a communication passing over a telecommunications system" (s7(1)) "without the knowledge of the person making the communication" (s6(1)).

The 2002 Bill deemed a stored communication to no longer be passing over the telecommunications system when it can be accessed on the equipment on which it is stored, but without using a telecommunications line. The Bill contained the following examples:

"Example 1: An e-mail is a stored communication if it has been down-loaded from a service provider onto a computer and can be accessed using that computer without any further use of a line.

Example 2: A voicemail message is not a stored communication if it can only be accessed by dialling a number."

Somewhat similarly, the First 2004 Bill deemed a stored communication to no longer be passing over the telecommunications system when it has previously been accessed by or with the authority of the intended recipient and can be accessed on the equipment on which it is stored, but without using a telecommunications line or any other form of remote access, unless the use of same is an incidental result of turning on the equipment.

The Current 2004 Bill does not define a stored communication in either of the above ways. It makes no mention of the use of a telecommunications line. It merely states that "a stored communication is a communication that is stored on equipment or any other thing" and removes such communications from the scope of the TI Act. In that regard, the Bill specifically provides that the existing s7(1) prohibition on interception of communications in transit "does not apply to or in relation to ... (ad) the interception of a stored communication".

As a result, if the Current 2004 Bill is enacted, it would no longer be an illegal interception if any person (not only an LEA officer) intercepted/accessed another person's undelivered email or voice mail messages without their knowledge.

It appears the above situation results from the government having apparently decided to seek to grant the Australian Federal Police's wish that they be permitted to remotely access/intercept stored communications under Section 3L of the Crimes Act instead of needing to obtain an interception warrant. Irrespective of whether the Parliament considers there is any merit in granting the AFP's wish, the Parliament must not allow the government to use that as an excuse or justification for completely removing, as proposed, protections from interception for undelivered stored communications.

3.1.2 Re-enables telco employee spying like in Casualties of Telecom cases

The Current 2004 Bill also removes the existing protection in the TI Act which prohibits employees of telecommunications service providers from spying on customers' electronic communications during their passage.

The existing protection in that regard was enacted in 1995 in direct response to the Casualties of Telecom cases ("CoT cases") following the AUSTEL inquiry finding that Telecom had intercepted and taped customer telephone calls. Section 7(2) of the TI Act was amended to tighten up the exceptions to the prohibitions on interception by a telecommunications service provider employee, so that such interception is only permitted "where it is reasonably necessary for the employee [to do so] in order to perform [his/her] duties effectively". More information about those 1995 amendments is contained in Senate Legal and Constitutional Legislation Committee's Report on the Telecommunications (Interception) Amendment Bill 1995.

Removing those restrictions would obviously be contrary to the Parliament's intention in 1995. However, it is plainly the government's intention in relation to temporarily delayed and stored communications as stated in the Explanatory Memorandum:

"The practical effect of the new provisions inserted by items 3 and 4 is that it will no longer be necessary to obtain a telecommunications interception warrant, or to rely on another exception to the prohibition against interception, in order to intercept a stored communication. The amendments allow for a stored communication to be intercepted by a person having lawful access to the communication or the equipment on which it is stored. A person may have lawful access to a communication, for example, ... in the person's capacity as a network owner or administrator."

It appears the above situation results from the Australian Federal Police having argued that if the stored communications provisions of the First 2004 Bill had been enacted, the AFP's IT staff would be prohibited from reading suspect email arriving on the AFP's mail server to see if it was spam or contained a virus etc before allowing it to be sent on to the intended recipient. However, that issue arose because the First 2004 Bill would have extended the definition of interception to include viewing and reading.

While the AFP and other employers may have a legitimate need to be able to control/prevent spam etc being received by all their staff, the Parliament must not allow that to be used as an excuse or justification for removing all existing protections from interception. There is a vast difference between allowing employers to manage their own internal communications systems and allowing telecommunications servicer providers' employees to have unfettered access to trawl through their customers' temporarily delayed and stored communications without the customer's knowledge and permission.

We note that the AFP remarked in its submission (No. 7a) to the Committee in March this year that an appropriate balance in relation to employers' legitimate business needs and privacy may be achieved through amendments along the lines of the U.K. Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000. While we have not studied those U.K. Regulations in depth, following a brief review of same, we consider amendments along similar lines would be a vastly more appropriate means of dealing with the problem than is the Current 2004 Bill.

3.1.3 Perhaps enables LEA covert access to remotely stored undelivered communications without interception warrant

Unlike the 2002 Bill, the Current 2004 Bill appears intended (given matters raised during the Committee's inquiry into the First 2004 Bill) to grant the Australian Federal Police the power to snoop through undelivered email and voice mail stored on ISP's servers from remote locations using an Internet or telephone line connection, without an interception warrant. (According to the Attorney-General's Department, relying on the advice of the Solicitor General, the AFP does not currently have such power.)

EFA questions whether the AFP would in fact gain the right to remotely access undelivered email and voice mail messages. It has recently come to EFA's attention that it appears such conduct by the AFP would be a criminal offence under Section 85ZD of the Crimes Act 1914 and would remain an offence under currently proposed Section 474.5 of the Criminal Code. This issue is discussed in detail in Section 3.3 later herein.

Furthermore, while EFA is strongly opposed to the AFP or any LEA being permitted to access undelivered communications stored on remote servers without an interception warrant, we consider that if the AFP is to be allowed to do so, Section 3LB of the Crimes Act should be amended. Currently when the AFP accesses data held on other premises, they are required to notify the 'occupier' of those premises as soon as is practicable of that access. Section 3LB should be amended to require the AFP, when they access communications stored at the premises of a telecommunications service provider, to also notify the person whose private communications were accessed. If in any instance the AFP does not wish to do so, they should be required to obtain an interception warrant.

Up ArrowGo to Contents List


3.2 Same issues and problems as in rejected 2002 Bill

3.2.1 Less privacy protection than for Australia Post mail

In the AFP's submission (no. 7) of March this year, the AFP suggested that allowing LEAs to access stored communications without an interception warrant is analogous to LEA's powers to execute search warrants at post office boxes to collect mail when it has reached a person's P.O. Box, prior to it being accessed by the intended recipient.

EFA does not agree that it is analogous. The vast majority of individuals in Australia (except perhaps those in some remote/outback areas) have a choice about whether they have their postal mail delivered to a P.O. Box or not and whether they send mail to a P.O. Box or not. Furthermore, when a letter is retrieved from a P.O. Box, unlike an electronic communication, a copy of the letter does not/can not automatically remain in the possession of Australia Post and so LEAs can no longer obtain the letter from the service provider. In addition, if an envelope or article has been intercepted and opened (whether by the AFP or State/Territory police), the interference is likely to be apparent to the recipient (with regard to articles accidentally damaged during transit, Australia Post is required to notify the recipient of that). No such protection against misuse of search powers exists in relation to opening/reading of email - it can easily be read covertly.

Even if it could be regarded as analogous, the Current 2004 Bill will result in electronic communications having less privacy protection than postal mail.

While authorised employees of Australia Post are permitted to disclose information or a document that "has been carried by post or is in the course of post" in specified circumstances such as when required by or under a warrant issued under a law of the Commonwealth or of a State or Territory, the Australian Postal Corporation Act 1989 contains offences for secondary use or disclosure. Recipients of lawfully disclosed information or documents, including LEAs (other than ASIO), are only permitted to use or disclose the information or documents for the same purpose as the purpose for which the original disclosure was made. Other secondary use or disclosure is an offence punishable by imprisonment for a period not exceeding 2 years (s90LE and s90LF).

No such secondary use/disclosure restrictions are specified in the warrant provisions of the Crimes Act 1914. It appears that LEAs would be permitted to put any information they access remotely under s3L into documentary form and do anything they wish with such documents. Similarly search warrants issued under State/Territory laws are unlikely to restrict secondary use or disclosure of information contained in electronic communications because search warrants have generally been designed for seizing property, without regard for protecting privacy or confidentiality of information.

EFA notes that in the United Kingdom, interception of both postal mail and electronic communications during transit requires an interception warrant. Furthermore, the provisions of the Current 2004 Bill are the opposite of the laws concerning interception of undelivered stored communications in the United Kingdom, New Zealand and the U.S.A. In these countries an interception warrant is required. The laws in the UK and NZ were enacted in 2000 and 2003 respectively. Information on interception laws applicable to stored communications in those countries is provided in Appendix 1.

3.2.2 No warrant of any type would be required to access communications delayed in transit

The Attorney General's media release of 27 May 2004 and second reading speech (like statements made regarding the 2002 Bill) suggest a search warrant, instead of an interception warrant, would be necessary to access the content of communications temporarily delayed and stored during transit.

However, access to such communications would become available without a warrant of any type under existing provisions of the Telecommunications Act 1997 such as Section 280(1)(b) and quite possibly Sections 282(1) and (2).

While currently the above provisions may apply to stored messages that have completed their passage over a telecommunications system, they do not apply to messages that are temporarily delayed and stored during their passage. This is because the requirement for an interception warrant under the Telecommunications Interception Act to access messages during their passage over a telecommunications system over-rides the provisions of the Telecommunications Act. However, if the Current 2004 Bill is enacted, the prohibition on disclosing content of messages delayed during passage (unless an interception warrant has been obtained) will cease.

Section 280

The content of temporarily delayed and stored communications would become available under s280 of the Telecommunications Act 1997. For example, s280(1)(b) permits disclosure or use of information or a document if that is required or authorised by or under law. This broad term includes statutory, judicial and quasi-judicial powers, such as court orders made during the discovery process, summons for witnesses to attend and produce records and subpoenas for documents. In addition, as stated in the ACA's Telecommunications and Law Enforcement Manual:

"Section 280 covers the situation of disclosures being authorised or required under another law... Some agencies ... operate under special legislation which gives them a right to access information. The operation of this legislation might allow for the issue of ... instruments such as 'notices to produce'."

Section 282

In addition, Sections 282(1) and (2) of the Telecommunications Act permit carriers and carriage service providers (including ISPs) to disclose documents and information to agencies on request (without a warrant or even written certified request) if the service provider considers the disclosure or use is "reasonably necessary" for the enforcement of the criminal law (s282(1)), or the enforcement of a law imposing a pecuniary penalty, or the protection of the public revenue (s282(2)).

The Attorney-General's Department acknowledged the possibility of access to the content of communications under Section 282(1) and (2) of the Telecommunications Act (i.e. without a warrant of any type) in their 1999 Report titled Telecommunications Interception Policy Review and this aspect of the Telecommunications Act has not been amended since 1999. The Report states:

"Section 4.3 - Access to stored data
...
4.3.11 Access by enforcement agencies to information held by C/CSPs [under the Telecommunications Act] is by means of two primary mechanism, certified and uncertified requests.

4.3.12 Subsection 282(6) of the Telecommunications Act provides that the certificate provisions [also known as certified requests] in subsections 282(3), (4) and (5) do not apply to the contents of a communication whether or not the communication has been received by the intended recipient. [emphasis added]

4.3.13 However, this still leaves the possibility that subsections 282(1) and (2) [non-certified requests] can apply in respect of the content of stored communications. That is, an enforcement agency (including civil penalty-enforcement and public revenue protection agencies) could get access to the contents of a stored communication if the disclosure of the stored communication is reasonably necessary for one of the purposes listed in subsections 282(1) and (2). [i.e. enforcement of a criminal law or a civil law]

4.3.14 The draft ACIF Assistance to Enforcement Agencies Code has had to address this issue. ... Currently Clause 2.7.2 says-
'S282(1) and (2) may authorise disclosure of content and substance. In view of the sensitive nature of the disclosure where content and substance are involved it would be prudent for Organisations (that is carriers and carriage service providers) to obtain legal advice. ...' "

[Note: The same Clause 2.7.2 was contained in final industry code issued in 2001 - ACIF C537:2001.]

The uncertainty concerning s282(1) and (2) is also apparent in documents issued by the Australian Communications Authority ("ACA"). The ACA's Fact Sheet Internet Service Providers and Law Enforcement and National Security states:

"What about stored communications?
Access to the content of communications (for example, electronic mail) stored on an ISP's server is unlikely to fall within reasonably necessary assistance [i.e. s282(1) and (2)]. An agency may use a general search or interception warrant or some other statutory provision to access stored communications."

That the ACA is only able to say "unlikely" demonstrates that they, like the Attorney-General's Department, recognise the possibility that subsections 282(1) and (2) might apply in respect of the content of stored communications. Obviously the Telecommunications Act is insufficiently clear to ensure protection of the contents of communications from access without a warrant.

Section 282 is very frequently used to obtain call charge records etc. It enables disclosure of information such as customer identification details and the source, path and destination of communications (for example, telephone numbers dialled, and the "To" and "From" fields of an email message, etc). In the 2002-2003 year, 400,766 disclosures of information or documents were made to government agencies under s282(1) and (2) of the Telecommunications Act (i.e. without a warrant or certificate) by telecommunications carriers, carriage service providers (includes ISPs) or number database operators. This is 60% of the total disclosures (666,521) under Part 13 of that Act. (Source: ACA Annual Report)

No doubt the agencies who made the requests for nearly half a million disclosures would like to be able to obtain the content of communications temporarily delayed in transit under the same provisions. It is highly disturbing that this might be possible if the Current 2004 Bill is enacted.

3.2.3 Comparison of Search Warrants and Interception Warrants

Search warrants are subject to markedly less safeguards and are less protective of citizens' privacy than interception warrants

Even if a Bill to amend the Telecommunications Act 1997 (e.g. Sections 280 and 282) was enacted to require a search warrant to access content of communications stored during transit, a search warrant affords considerably less privacy protection than does the current requirement of an interception warrant.

Moreover, the longstanding, rigorous safeguards and controls set out in the Telecommunications Interception Act to prevent misuse of the power to intercept do not apply to search/seizure warrants issued to various Commonwealth, State and Territory agencies. For example:

  1. Less strict requirements govern issue of search warrants than interception warrants.
    The eligible judges and nominated members of the Administrative Appeals Tribunal who are authorised to issue interception warrants must comply with conditions of issue set out in the TI Act that are intended to ensure privacy is not unduly infringed. Applicants for interception warrants are required to demonstrate that the information likely to be obtained from the interception will materially assist the investigation, that there are no alternative methods available (or that they have been tried without significant success), and in the case of 'Class 2' offences that the matter is sufficiently serious to justify intrusion into individuals' privacy (including those who are not suspects).

    Issue of search warrants is not subject to such conditions and can be issued by less appropriately qualified persons, including some likely to be biased against giving adequate consideration to privacy issues, such as police officers, officers of government departments, justices of the peace, etc.

    Furthermore some government agencies have power to issue search warrants to their own staff. For example, the Secretary to the Department of Immigration is authorised to issue search warrants to Departmental staff members that are valid for a period of three months that permit the staff member to enter (using "reasonable force") and search any place, at any time in the day or night, in which the staff member has "reasonable cause to believe" things including documents may be found, etc. (Migration Act s251, s223). EFA recalls the evidence presented to the Committee by Mr Julian Burnside QC on 17 April 2002 concerning a raid by eight officers of the Immigration Department of the home of one of his friends because an anonymous neighbour had reported the presence of Middle Eastern people near the house. The person was accommodating people who held temporary protection visas and as such his home should not have been raided. This demonstrates the very low standard of "reasonable cause to believe" that enables some search warrants to be issued and executed.

  2. Removal of existing restrictions on secondary disclosure and use of content of intercepted communications. Limitations set out in the TI Act on the secondary (subsequent) disclosure and use of information obtained from execution of an interception warrant do not apply to information obtained under a search warrant, or without a warrant of any type.

  3. Access no longer restricted to the investigation of serious criminal offences.
    Agencies would be able to obtain access, without an interception warrant, to the content of temporarily delayed and stored communications on service providers' equipment when investigating a significantly broader range of suspected offences than is permitted under the TI Act.

    Interception warrants can only be issued in relation to the investigation of a "serious offence" i.e. Class 1 and Class 2 offences specified in the TI Act. In most instances it is a requirement that the offence be punishable by imprisonment for life or for a period of at least 7 years. Class 1 offences include conduct involving an act or acts of terrorism, murder, kidnapping, narcotics offences and being a party to those offences. Class 2 offences include those which are punishable by a maximum of at least seven years imprisonment and involve for example, loss or serious risk of loss of a person's life; serious personal injury or serious risk of same; serious damage to property in circumstances endangering the safety of a person; serious arson; serious fraud, drug trafficking, bribery and corruption of or by government officers, dealing in child pornography; procuring a child in connection with child pornography; money laundering; people smuggling with exploitation, slavery, sexual servitude and deceptive recruiting; specified cybercrime offences; and also offences involving two or more offenders and substantial planning and organisation of a kind involving the use of sophisticated methods and techniques in relation to specified crimes such as theft, fraud, extortion; harbouring criminals; dealings in firearms or armaments; a sexual offence against a person who is under 16; an immigration offence.

    While the above list is quite extensive, search warrants can be issued for many more reasons and purposes than can interception warrants.

  4. Some State/Territory police forces would gain a new right to snoop.
    The police forces of some States/Territories are not authorised to obtain interception warrants because the relevant Government and/or Parliament has not implemented the necessary complementary legislation. Interception warrants can only be issued to agencies that are specifically authorised under the TI Act (e.g. the Australian Federal Police and the Australian Crime Commission) and 'declared agencies' under s34 of the TI Act. According to the 'Telecommunications (Interception) Act 1979 Report for the year ending 30 June 2003', only the police forces of Victoria, NSW, South Australia and Western Australia (and some crime/anti-corruption Commissions in NSW and WA) had been declared.

    Before the C'th Attorney-General can declare a State agency, there must be State legislation complementing the Commonwealth Telecommunications (Interception) Act 1979. State legislation must impose parallel supervisory and accountability provisions, including those relating to inspection and reporting requirements, on the State authority. Hence, State police forces and other agencies that are not bound by such complementary legislation are not and can not be authorised to obtain interception warrants.

    Generally, issue of search warrants is not subject to equivalent supervisory and accountability provisions and, as outlined earlier herein, a search warrant would not necessarily be required in any case.

    Enactment of the Current 2004 Bill would no doubt be a wish come true for police forces and agencies in States where the Government and/or Parliament has not enacted complementary legislation. They would become allowed to access, under an unaccountable regime, communications delayed during transit that they are not currently permitted to access.

  5. Secret surveillance facilitates police and other agency misuse of power.
    Enabling agencies to access undelivered communications stored on service providers' equipment in effect results in secret surveillance that is vastly more open to abuse than are search warrants executed on a suspect's premises. When an individual's home or office is raided by police, the individual is in a position to report such an event to the relevant ombudsman if they believe the search should not have been conducted. This minimises the prospect of police and agencies misusing search powers. It is very unlikely that service providers would inform their customer that a search of his/her communications had been undertaken by police or another agency. While this situation also applies to interception warrants, as outlined above, the TI Act contains rigorous safeguards and controls designed to prevent misuse.

    EFA notes that in the USA, even when LEAs wish to obtain stored communications that have been delivered from electronic communications providers, the agency must either obtain the same type of warrant as is necessary to access undelivered communications, or alternatively they may use a court order provided they give the customer/subscriber notice of access. Further information is contained in Appendix 1.

  6. Broader range of agencies would be permitted to snoop.
    Agencies other than criminal law enforcement agencies, including agencies that are not authorised to use interception warrants, would be able to access the content of undelivered stored communications on service providers' equipment, i.e. access information that they presently have no power to access. This includes agencies such as the Australian Taxation Office, Australian Securities & Investment Commission (ASIC), Australian Transaction Reports and Analysis Centre (AUSTRAC), Australian Customs Service, Immigration Department, etc.

  7. Private investigation agencies would gain new right to snoop.
    People such as lawyers and private investigators representing copyright holders would gain a right to snoop through communications that have been delayed and temporarily stored during transit when executing a secretly issued civil search order, known as an Anton Pillar order, at the premises of ISPs and universities etc. A number of such privatised searches have been conducted in Australia during the past twelve months.

    Typically Anton Pillar orders authorise the applicant's lawyers/private investigators to make a verbatim copy of the entire contents of servers. In at least one instance in Australia recently, copied and seized material included the server log of emails sent and received, which includes sender and recipient information (but not content of messages). EFA does not know whether a verbatim copy of the email server was made and seized - which would include the content of all stored emails of everyone on the server. We trust not because such a copy would have included undelivered messages and therefore constitute interception in breach of the TI Act.

    The Current 2004 Bill would remove the prohibition on copying emails stored during transit. Hence, there would cease to be any legislative prohibition on seizure under an AP order of the entire contents of email severs. Furthermore, once a copy had been seized there would be no legislated impediment to the applicants and their lawyers and private investigators reading everyone's email.

Up ArrowGo to Contents List


3.3 Inconsistency with s85ZD of Crimes Act and proposed s474.5 of Criminal Code Act

As mentioned above, given disagreement on interpretation of the law between the A-G's Department/Solicitor-General and AFP/CDPP, the Current Bill appears designed with intent to permit the AFP to remotely access/intercept undelivered stored communications under Section 3L of the Crimes Act 1914 which states that when executing a search warrant the officer "may operate electronic equipment at the warrant premises to access data (including data not held at the premises)".

It has recently come to EFA's attention that, irrespective of whether Section 3L permits interception as defined in the TI Act, the AFP remotely accessing stored communications delayed during transit appears to be illegal under Section 85ZD of the Crimes Act and under currently proposed Section 474.5 of the Criminal Code Act. Section 3L of the Crimes Act does not appear to permit the AFP to commit these offences. Such a situation would continue to apply even if the Current Bill is passed.

In the AFP's submission (no. 7) to the Committee earlier this year, the AFP said it "does not believe that retrieving a [remotely] stored communication under the authority of a search warrant amounts to an interception because:

  • police are lawfully on premises and are utilising equipment and accessing data with lawful authority (section 3L of the Crimes Act 1914); and
  • the retrieval process is merely causing the communication to complete its passage over the telecommunications system. Any subsequent recording, viewing or reading by the investigator is done after the communication has completed its passage over the telecommunications system."

Whether or not such retrieval "amounts to an interception" under the TI Act, EFA draws to attention that in retrieving the remotely stored undelivered communication, e.g. downloading an email, an AFP officer would be causing a communication that has been received by a carriage service provider for carriage, but has not yet been delivered by the carriage service provider, to be received by a person other than the person to whom it is directed.

The above conduct is a criminal offence under Section 85ZD of the Crimes Act 1914:

85ZD Wrongful delivery of communications
A person shall not intentionally cause a communication in the course of telecommunications carriage to be received by a person or carriage service other than the person or service to whom it is directed.
Penalty: Imprisonment for 1 year.

"communication in the course of telecommunications carriage" means a communication that is being carried by a carrier, and includes a communication that has been collected or received by a carrier for carriage by the carrier, but has not been delivered by the carrier.

The conduct will remain a criminal offence under the Crimes Legislation Amendment (Telecommunications Offences and Other Measures) Bill 2004, which was introduced into the Senate on 24 June 2004. Proposed Section 474.5 in that Bill states:

474.5 Wrongful delivery of communications
(1) A person is guilty of an offence if:
   (a) a communication is in the course of telecommunications carriage; and
   (b) the person causes the communication to be received by a person or carriage service other than the person or service to whom it is directed.
Penalty: Imprisonment for 1 year.
(2) A person is not criminally responsible for an offence against subsection (1) if the person engages in the conduct referred to in paragraph (1)(b) with the consent or authorisation of the person to whom, or the person operating the carriage service to which, the communication is directed.

communication in the course of telecommunications carriage means a communication that is being carried by a carrier or carriage service provider, and includes a communication that has been collected or received by a carrier or carriage service provider for carriage, but has not yet been delivered by the carrier or carriage service provider.

The defence of consent in 474.5(2) was not contained in the Exposure Draft issued for public comment. It seems to be a response to a concern raised in EFA's submission on the Draft that s(1) would prohibit an ISP or employer from redirecting email addressed to one person to another person even if that was done for a legitimate reason (e.g. redirecting email addressed to an ex-employee to another employee's address) because:

"Unlike a telephone call which is addressed/delivered to a carriage service (telephone service/number) not a person, an email message is addressed to a person not a carriage service. The addressee may use a variety of different carriage services to collect their email from time to time (e.g. a carriage service supplied to their home, or their office, or to a hotel, etc). Hence it appears that an email can not be regarded as having been delivered by a carrier/CSP until it is received by the person - as the terminating carriage service varies."

Section 3L of the Crimes Act only permits an officer executing a search warrant to "operate electronic equipment at the warrant premises to access data (including data not held at the premises)". It does not state that they are permitted to cause a communication in the course of telecommunications carriage to be received by a person other than the person to whom it is directed.

In summary, it appears to EFA that enactment of the Current Bill will still not permit the AFP to retrieve remotely stored undelivered communications. If the Crimes Legislation Amendment (Telecommunications Offences and Other Measures) Bill 2004 is passed, they would be able to do so but apparently only with the consent of the person to whom the communication is directed.

In conclusion, in order to ascertain whether the Current Bill would even achieve its apparent intent of permitting remote access to undelivered communications by the AFP, it is necessary in our view to know whether all of the AFP, CDPP, A-G's Department and Solicitor-General believe that Section 3L, or any other provision, permits the AFP to commit the criminal offence specified in existing s85ZD and proposed s474.5.

Up ArrowGo to Contents List


3.4 How Email Works - sending and receiving email without passage through any ISPs' mail servers

According to the AFP in its submission (no.7), the First 2004 Bill "could effectively place some email communications (eg, web-based emails) out of reach from investigators".

EFA does not agree that the First 2004 Bill would have had that effect. The way in which web-based emails are stored is no different from any other email - they are stored on an ISP's server and are available from the relevant ISP. We consider the Current 2004 Bill is more likely to have the effect of placing some email communications out of reach of investigators, that is, some that are not out of reach under the current legislation.

As the AFP stated "It is imperative that the proposed TI amendments balance privacy and operational factors, and that they take into consideration the practicalities of communications and the telecommunications system."

According to the AFP's subsequent detailed discussion of how email works:

"17. The delivery system of email communications is universally accepted to be a store-and-forward network of 'message transport systems' (or MTS) through which emails travel.
18. X may send an email intended for Y. The email may reside for a time in the 'outbox' on X's computer waiting to be routed to its intended recipient. The email is directed to Y's email address and it may travel through numerous servers on its way to Y. Each server will store the email before forwarding it on."

While it may be "universally accepted" that email is delivered via a store-and-forward network, that it is not necessarily how email works.

In fact, it is not necessary for terrorist or crime gangs, or any person, to use any ISP's mail server to send or receive email. Email can easily be sent by methods that completely avoid transit through any ISP's mail server and are, broadly speaking, akin to the way in which a traditional voice call passes over the telecommunications system. Such methods are used by many legitimate businesses and are also readily available to any individual Australian. All that is necessary is a home computer connected to the Internet via telephone line, mobile, cable, wireless or satellite, and several pieces of software installed on that computer - in particular SMTP server software for sending email, POP server software for receiving email and, in some instances, DNS software. Whether one needs both SMTP and POP server software depends on whether one wishes to both send and receive email without using an ISP's mail server. The software programs, some free of charge, are readily available for download from the Internet.

When a sender and the recipient are both using computers set up as above, an email is sent from the sender's computer directly across the Internet to the recipient's computer. It does not pass through any ISP's mail server and it is not stored at any point during transit. If only one of the sender or recipient are using such a computer set up then the only ISP mail server the message passes through is that of the ISP of the person who is not using such a set up.

The reason most individuals do not currently use such a computer set up to send and receive email is because either they do not have sufficient technical knowledge (not that much is necessary) or for one reason or another they prefer, or find it more convenient, to use an ISP's mail server. For example, to reliably receive unanticipated incoming email without using an ISP's mail server, one's personal computer needs to be connected to the Internet 24 hours a day. Alternatively however, even if the computer is not connected 24 hours a day, one can arrange for a backup MX (Mail eXchanger) service to receive and temporarily hold incoming email during that time. The held mail is automatically on-forwarded when the personal computer is re-connected to the Internet. Such services are readily available (for under US$30 per year). Many of the providers of those services, and also other service providers, also provide related DNS etc. services for people who wish to run their own incoming mail server but have not purchased their own domain name address and/or who connect to the Internet via a dynamic IP address (as distinct from a static IP address), and/or whose Internet connection provider (ISP) blocks normally used mail ports. A few examples of service providers are:
http://www.dyndns.org
http://www.no-ip.com
http://www.dynu.com
http://www.planetdns.net

In short, it is trivially easy for criminals to communicate between themselves via email without their email ever passing through an ISP's mail server. Of course, they can also encrypt any email they choose to send through an ISP's mail server.

EFA considers the above situation should be taken into very serious consideration in determining whether the Current 2004 Bill will achieve its purported objectives or will in fact make it even more difficult for LEAs to investigate suspected crime.

EFA believes that most Australians are probably not overly concerned about the potential for invasion of their privacy arising from LEAs' powers to intercept email in the limited circumstances permitted by, and under the strict and rigorous controls of, the TI Act. The same cannot be said however for the vastly increased potential for invasion of privacy arising from the Current 2004 Bill.

EFA believes the most probable outcome of enactment of the Current 2004 Bill would be increasing use of means of sending email that enable transmission to take place almost completely out of reach of LEAs. The increasing availability of, and reduced price of, permanent connections to the Internet via ADSL and cable make it increasingly practical for individuals to run email servers on their own computers. To intercept an email travelling directly from one person's computer to another's, police would need to tap an Internet connection. They would not obtain intact messages, they would need to collect data packets and attempt to join them all together. Obviously if the original email was encrypted, accessing the content of the communication would be even more difficult and may be impossible.

Unfortunately however, while law abiding citizens who do not like Big Brother looking over their shoulder, can easily send email without it passing through an ISP's mail server, they cannot always know or control where it will be received or stored at the recipient end. Terrorist and other crime gangs can of course ensure none of them use an ISP's mail server to send or receive email.

EFA believes the outcome of the Bill would be to encourage terrorists and other criminals to bypass conventional email routing. As well, more individuals desiring privacy would start using means of sending and receiving email that does not result in unencrypted copies, or any copy, being available from an ISP. Sadly, law abiding citizens (third parties in relation to agency investigations) who do not have their own computer to access the Internet, and those who do not have sufficient technical knowledge to run their own mail servers or encrypt their email, would be the persons least safe and secure from unreasonable invasion of their privacy.

Up ArrowGo to Contents List


4. Conclusion

The Telecommunications (Interception) Amendment (Stored Communications) Bill 2004 should be abandoned. The Bill is an utter disgrace. It is the type of legislation one might expect to see in a police state, not in a democracy.

In addition to the matters raised earlier herein, the Bill fails to recognise that interception of communications invades the privacy of third parties who have nothing to do with the police investigation.

Allowing access to the telecommunications of people who are not even suspected of engaging in crime, without a warrant, or even with an ordinary search warrant designed for searching for property, fails to give due regard to Australia's obligations as a party to the International Covenant on Civil and Political Rights (ICCPR). Article 17 of the ICCPR provides:

(1) No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.
(2) Everyone has the right to the protection of the law against such interference or attacks.

Although the government claims the proposed amendments are "urgent", it should be noted that this claim was also made when the 2002 Bill was introduced in the package of anti-terrorism Bills. Nevertheless, after the 2002 stored communications provisions were rejected, the government did not introduce its next proposal until two years later. Clearly the amendments were not urgent in 2002 and no evidence has been put forward to demonstrate that the amendments are urgent now.

The existing Act should remain in place unamended for the forthcoming 12 months, while the Attorney-General's Department conducts the announced full review of the interception regime.

Up ArrowGo to Contents List


Appendix 1: Interception Laws in Other Countries

United Kingdom

The Regulation of Investigatory Powers Act 2000 makes it a criminal offence for a person intentionally and without lawful authority to intercept any communication in the course of its transmission by means of a public postal service or a public telecommunication system. The term "communication" includes stored communications whether delivered or not. In this regard, the Act states that the times while a communication is being transmitted by means of a telecommunication system "include any time when the system by means of which the communication is being, or has been, transmitted is used for storing it in a manner that enables the intended recipient to collect it or otherwise to have access to it".

Interception of a communication in the course of its transmission by means of a telecommunication system occurs, for the purposes of the Act, if a person -

"(a) so modifies or interferes with the system, or its operation,
(b) so monitors transmissions made by means of the system, or
(c) so monitors transmissions made by wireless telegraphy to or from apparatus comprised in the system,
as to make some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication".

The above includes "any case in which any of the contents of the communication, while being transmitted, are diverted or recorded so as to be available to a person subsequently".

In relation to LEA access, Section 1(5) states that interception is lawful if-

"(b) it takes place in accordance with a warrant under section 5 ('an interception warrant'); or
(c) it is in exercise, in relation to any stored communication, of any statutory power that is exercised (apart from this section) for the purpose of obtaining information or of taking possession of any document or other property".

Section 1(5)(c) above, according to the Explanatory Notes to the Act, "covers circumstances where, for example, a person has been arrested in possession of a pager, and the police have reason to believe that the messages sent previously to that pager may be of assistance in the case. In this case they would be able to seek from a circuit judge an order under Schedule 1 to the Police and Criminal Evidence Act 1984 for the stored data to be produced". If this provision had not been included in the Act, LEAs would not be able to access previously delivered messages when copies remain stored on a service providers' equipment unless they obtained an interception warrant.

In summary, the UK Act protects not only undelivered stored messages but also stored messages that have previously been delivered. LEAs are able to access both types of messages with an interception warrant. They are also able to obtain access to previously delivered stored messages with an order from a circuit judge.

New Zealand

The Crimes Act 1961 (Part 9A - Crimes Against Personal Privacy) was amended by the Crimes Amendment Act 2003 to extend the protection from interception to written communications. Previously it applied only to oral communications.

The Act makes it a criminal offence "to intentionally intercept any private communication by means of an interception device". "Private communication" means a "communication (whether in oral or written form or otherwise) made under circumstances that may reasonably be taken to indicate that any party to the communication desires it to be confined to the parties to the communication...". The term "intercept" is defined as "includes hear, listen to, record, monitor, acquire, or receive the communication either (a) while it is taking place; or (b) while it is in transit".

In order to intercept private communications, police are required to obtain an interception warrant from a Judge of the High Court, as detailed in Part 11A of the Act.

The Act does not distinguish between delivered and undelivered stored communications, nor does it appear to deal with the matter of when a delayed and stored message ceases to be in transit. It seems plain however that undelivered stored communications cannot be intercepted by LEAs without an interception warrant.

U.S.A.

The Electronic Communications Privacy Act governs how government agencies can obtain stored communications and other material from telecommunications service providers. The legislation is complex as it covers a wide range of types of material and circumstances. Detailed explanatory information is available in the document titled Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations issued by the Computer Crime and Intellectual Property Section, Criminal Division, United States Department of Justice (July 2002).

In relation to the content of stored communications, the following situation applies when a government entity requires a provider of an "electronic communication service" to disclose communications (including e-mail and voice mail) that are being or have been transmitted via the provider's service:

  • Unretrieved communications that have been in electronic storage for 180 days or less
    These communications can be obtained only pursuant to a warrant issued under Rule 41 of the Federal Rules of Criminal Procedure or equivalent State warrant. These warrants are issued by a neutral magistrate judge only upon an applicant presenting facts sufficient for the magistrate to make a determination that "probable cause" exists for the search, so as not to violate the U.S. Fourth Amendment protection against unreasonable search and seizures: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized".
  • Accessed communications (opened email and voice mail) left with provider
    and
    Unretrieved communications that have been in electronic storage for more than 180 days
    These communications can be obtained with a Section 2703(d) court order or a subpoena, provided in either instance prior notice of the disclosure is given to the customer or subscriber (unless the delayed notice provisions of Section 2705 are applicable and are complied with). Alternatively such communications can be obtained, without giving notice to the customer or subscriber, with a probable cause warrant (as above). For issue of a Section 2703(d) court order, also known as an "articulable facts" order, the government entity must offer specific and articulable facts to the court showing that there are reasonable grounds to believe that the contents of the communication are relevant and material to an ongoing criminal investigation. This standard does not permit LEAs to merely to certify that they have specific and articulable facts that would satisfy such a showing.

Canada

The Department of Justice in Canada issued a Lawful Access - Consultation Paper for public comment in August 2002 and the deadline for submissions was 16 December 2002. The paper indicates that the situation in Canada in relation to interception of undelivered stored email is substantially similar to existing Australian legislation. The consultation paper stated, among many other things, that:

'The main problem [with existing legislation concerning lawful access to email] in Canada is that the capture of the contents of an e-mail in transit with a third party or waiting to be delivered could constitute an "interception" of a "private communication" under the Criminal Code, regardless of when it took place. Some claim, however, that the acquisition of an e-mail under such circumstances constitutes a "search and seizure." Questions have been raised as to whether the Criminal Code and other acts such as the Competition Act should be amended to clarify the type of order that should be obtained before e-mail is acquired.'

A report on and summary of submissions was issued in August 2003. As web searching has failed to locate more recent information, it seems likely that the Canadian Government has not yet announced or issued proposed amendments to existing law. Given the wide range of matters canvassed and the responses (including public and industry opposition to LEA access to email without an interception warrant), the government may still be determining its policy and/or developing proposed legislative amendments in relation to some or all of the matters on which public comment was sought.

Up ArrowGo to Contents List


References

Telecommunications (Interception) Amendment (Stored Communications) Bill 2004
  • Text of Bill (PDF 13 Kb)
    [http://parlinfoweb.aph.gov.au/piweb/Repository/Legis/Bills/ Linked/27050402.pdf]
  • Explanatory Memorandum (PDF 16 Kb)
    [http://parlinfoweb.aph.gov.au/piweb/view_document.aspx?ID= 892229&TABLE=HANSARDR]
  • Minister's Second Reading Speech
    [http://parlinfoweb.aph.gov.au/piweb/Repository/Legis/ems/ Linked/27050402.pdf]

Telecommunications (Interception) Amendment Bill 2004

Telecommunications Interception Legislation Amendment Bill 2002

Telecommunications (Interception) Act 1979
[http://www.austlii.edu.au/au/legis/cth/consol_act/ta1979350/]

Telecommunications Act 1997
[http://www.austlii.edu.au/au/legis/cth/consol_act/ta1997214/]

Telecommunications Interception Policy Review Report, Attorney-General's Department, 1999
[http://www.law.gov.au/agd/Department/Publications/publications/ teleintreview/teleintreview.html]

Telecommunications (Interception) Act 1979 Report for the year ending 30 June 2003
[http://www.law.gov.au/www/agdHome.nsf/0/6EDC9CC0fc214ED6CA25 6E45000023F7?OpenDocument]

Crimes Act 1914 Section 3L
[http://www.austlii.edu.au/au/legis/cth/consol_act/ca191482/s3l.html]

Crimes Act 1914 Section 85ZD
[http://www.austlii.edu.au/au/legis/cth/consol_act/ca191482/s85zd.html]

Crimes Legislation Amendment (Telecommunications Offences and Other Measures) Bill 2004
[http://parlinfoweb.aph.gov.au/piweb/view_document.aspx?ID= 1681&TABLE=BILLS]
Explanatory Memorandum
[http://parlinfoweb.aph.gov.au/piweb/view_document.aspx?ID= 1784&TABLE=EMS]

Senate Committee Report on the Telecommunications (Interception) Amendment Bill 1995
[http://www.aph.gov.au/Senate/committee/history/legcon_ctte/telintercept/]

Australian Postal Corporation Act 1989
[http://www.austlii.edu.au/au/legis/cth/consol_act/apca1989337/]

ACA Telecommunications and Law Enforcement Manual
[http://www.aca.gov.au/aca_home/licensing/radcomm/ about_radcomms_licensing/leac.pdf]

ACA Fact Sheet: Internet Service Providers and Law Enforcement and National Security
[http://www.aca.gov.au/consumer_info/fact_sheets/industry_fact_sheets/ fsi13.pdf]

ACA Annual Report 2003
[http://www.aca.gov.au/aca_home/publications/reports/annual/0203/ ar_corrigendum.htm]

Canadian Department of Justice, Lawful Access - Consultation Paper and Report on Submissions
[http://www.canada.justice.gc.ca/en/cons/la_al/]

International Covenant on Civil and Political Rights (ICCPR)
[http://www.austlii.edu.au/au/legis/cth/consol_act/hraeoca1986512/sch2.html]

N.Z. Crimes Act 1961
[http://www.legislation.govt.nz/libraries/contents/ om_isapi.dll?clientID= 919094779&infobase= pal_statutes.nfo&record= {A899A64A}&hitsperheading= on&softpage=DOC]

U.K. Regulation of Investigatory Powers Act 2000
[http://www.legislation.hmso.gov.uk/acts/acts2000/20000023.htm]
Explanatory Notes
[http://www.hmso.gov.uk/acts/en2000/2000en23.htm]

U.K. Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
[http://www.hmso.gov.uk/si/si2000/20002699.htm]

U.K. Department of Trade and Industry, Lawful Business Practice Regulations - Response To Consultation
[http://www.dti.gov.uk/industries/ecommunications/ lawful_business_practice_regulations__response_to_consultation.html]

U.S.A. Electronic Communications Privacy Act
[http://www.usiia.org/legis/ecpa.html]

U.S.A. Department of Justice, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, July 2002
[http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm]

Up ArrowGo to Contents List


About EFA

Electronic Frontiers Australia Inc. ("EFA") is a non-profit national organisation representing Internet users concerned with on-line rights and freedoms. EFA was established in January 1994 and incorporated under the Associations Incorporation Act (S.A.) in May 1994.

EFA is independent of government and commerce, and is funded by membership subscriptions and donations from individuals and organisations with an altruistic interest in promoting online civil liberties. EFA members and supporters come from all parts of Australia and from diverse backgrounds.

Our major objectives are to protect and promote the civil liberties of users of computer based communications systems (such as the Internet) and of those affected by their use and to educate the community at large about the social, political and civil liberties issues involved in the use of computer based communications systems.

EFA policy formulation, decision making and oversight of organisational activities are the responsibility of the EFA Board of Management. The ten elected Board Members act in a voluntary capacity; they are not remunerated for time spent on EFA activities. The role of Executive Director was established in 1999 and reports to the Board.

Up ArrowGo to Contents List