Telecommunications (Interception and Access) Act 1979 (TIA)

“An Act to prohibit the interception of, and other access to, telecommunications except where authorised in special circumstances or for the purpose of tracing the location of callers in emergencies, and for related purposes.” (subsection 1 of the TIA)

This page provides information about the Telecommunications (Interception and Access) Act 1979 including its most recent amendment, the Telecommunications (Interception and Access) Amendment (Data Retention) Act of 2015.

This edition, which was drafted Lachlan Brown, is an update to a previous version published in October 2006 that was primarily drafted by Irene Graham. [ADD LINK] Any corrections, or suggestions for improvement are welcome – please send these to policy[AT]efa.org.au

5. Data Retention

Definition of Metadata
Telecommunication service providers subject to mandatory data retention
Telecommunication service providers NOT subject to mandatory data retention

6. Other Resources

1. Overview

The Telecommunications (Interception and Access) Act 1979 (“TIA Act”) regulates ‘communications’, ‘stored communications’ and ‘telecommunications data’.

The TIA Act has three key purposes, the objective of which is to protect the privacy of individuals who use the Australian telecommunications system.

1. The TIA Act makes it an offence to intercept communications passing over a telecommunications system without the knowledge of the maker of the communication, or to access a stored communication without the knowledge of the sender or intended recipient of the communication, other than in accordance with the provisions of the Act.

2. The second purpose of the TIA Act is to specify the circumstances in which it is lawful for the interception of, and access to, communications to take place.

3. The third purpose is to prescribe exceptions to the general prohibition on the disclosure of telecommunication data by telecommunication service providers pursuant to the Telecommunications Act 1997, and to mandate the retention of certain telecommunications data (commonly referred to as “metadata”) by Australian telecommunication service providers and Internet service providers.

A telecommunications service may be intercepted under the authority of a telecommunications interception warrant by an interception agency for the investigation of a serious offence, or by the Australian Security Intelligence Organisation (ASIO) for national security purposes. A stored communication may be accessed under the authority of a stored communications warrant by a criminal law enforcement agency for the investigation of a serious contravention or by ASIO for national security purposes.

While the primary exception to the general prohibition on interception and access enacted by the TIA Act is to enable law enforcement agencies to lawfully intercept or access telecommunications, a small number of other exceptions are specified for particular purposes including tracing the location of callers in emergencies, and the operation and maintenance of a telecommunications system.

Access to, and disclosure of, telecommunications data is regulated by Chapter 4 of the TIA Act, which permits authorities or bodies that are an ‘enforcement agency’ under the TIA Act to authorise telecommunications carriers to disclose telecommunications data where that information is reasonably necessary for the enforcement of the criminal law, a law imposing a pecuniary penalty, or the protection of the public revenue.

Foundations of the Act

The foundation of the TIA Act is contained in subsections 7(1) and 108(1), which prohibit the interception of communications passing over the telecommunications system and accessing stored communications respectively.

Subsection 6(1) defines interception as listening to or recording, by any means, a communication in its passage over the telecommunications system without the knowledge of the person making the communication.

The effect of subsection 6AA and subparagraph 108(1)(b) is that accessing a stored communication comprises listening to, reading or recording a stored communication where that action is done with the assistance of a carrier. Further, the access must be without the knowledge of either the sender or the intended recipient of the communication for it to fall within the parameters of the TIA Act.

Chapter 4 which sets out when the offence provisions under subsections 276, 277 and 278 of the Telecommunications Act do not prohibit the disclosing of telecommunications data to ASIO and enforcement agencies by certain participants in the telecommunications industry (referred to in this report as ‘telecommunications service providers’).

The TIA Act also regulates the issue and revocation of warrants, the scope of the authority conferred by warrants, the execution of warrants and the use of information obtained under warrants.
Back to Top

Core Concepts/Definitions

The interception related provisions of the TIA Act apply to communications that are “passing over a telecommunications system”, that is, “live” or “real-time” communications such as telephone call conversations and communications in transit over the Internet including while passing through ISPs’ equipment such as routers, etc.

The stored communications provisions of the TIA Act apply to communications such as email, SMS and voice mail messages that either have not commenced, or have completed, passing over a telecommunications system and that are stored on a telecommunications carrier’s equipment (including on an Internet Service Provider’s equipment).

The terms “communication”, “telecommunications system” and “stored communication” are defined in subsection 5(1) of the TIA Act as follows:

Communication includes conversation and a message, and any part of a conversation or message, whether:
(a) in the form of:
(i) speech, music or other sounds;
(ii) data;
(iii) text;
(iv) visual images, whether or not animated; or
(v) signals; or
(b) in any other form or in any combination of forms.

Telecommunications system means:
(a) a telecommunications network that is within Australia; or
(b) a telecommunications network that is partly within Australia,
but only to the extent that the network is within Australia;
and includes equipment, a line or other facility that is connected to
such a network and is within Australia.

Stored communication means a communication that:
(a) is not passing over a telecommunications system; and
(b) is held on equipment that is operated by, and is in the
possession of, a carrier; and
(c) cannot be accessed on that equipment, by a person who is not
a party to the communication, without the assistance of an
employee of the carrier.

Telecommunications data is not defined by the TIA Act. Chapter 4 of the TIA Act regulates access to ‘telecommunications data’, but does not set out a definition of ‘telecommunications data’. Chapter 4, like the exceptions under Part 13 of the Telecommunications Act 1997, authorises access to ‘information or a document’. ‘Telecommunications data’, therefore, would be either information or a document.

The Explanatory Memorandum to the Telecommunications (Interception and Access) Amendment Bill 2007 that introduced Chapter 4 provides that:

Telecommunications data is information about a telecommunication, but does not include the content or substance of the communication. Telecommunications data is available in relation to all forms of communications, including both fixed and mobile telephony services and for internet based applications including internet browsing and voice over internet telephony.

For telephone-based communications, telecommunications data includes subscriber information, the telephone numbers of the parties involved, the time of the call and its duration. In relation to internet based applications, telecommunications data includes the Internet Protocol (IP) address used for the session and the start and finish time of each session.

Telecommunications data (metadata) to be retained
Section 187AA of the TIA Act lists the kinds of information that a service provider must keep, or cause to be kept, under subsection 187A(1):

Item	Topic (Column 1)	Description of information (Column 2)
1	The subscriber of, and accounts, services, telecommunications devices and other relevant services relating to, the relevant service	The following: (a) any information that is one or both of the following: (i) any name or address information; (ii) any other information for identification purposes; relating to the relevant service, being information used by the service provider for the purposes of identifying the subscriber of the relevant service; (b) any information relating to any contract, agreement or arrangement relating to the relevant service, or to any related account, service or device; (c) any information that is one or both of the following: (i) billing or payment information; (ii) contact information; relating to the relevant service, being information used by the service provider in relation to the relevant service; (d) any identifiers relating to the relevant service or any related account, service or device, being information used by the service provider in relation to the relevant service or any related account, service or device; (e) the status of the relevant service, or any related account, service or device.
2	The source of a communication	Identifiers of a related account, service or device from which the communication has been sent by means of the relevant service.
3	The destination of a communication	Identifiers of the account, telecommunications device or relevant service to which the communication: (a) has been sent; or (b) has been forwarded, routed or transferred, or attempted to be forwarded, routed or transferred.
4	The date, time and duration of a communication, or of its connection to a relevant service	The date and time (including the time zone) of the following relating to the communication (with sufficient accuracy to identify the communication): (a) the start of the communication; (b) the end of the communication; (c) the connection to the relevant service; (d) the disconnection from the relevant service.
5	The type of a communication or of a relevant service used in connection with a communication	The following: (a) the type of communication; Examples: Voice, SMS, email, chat, forum, social media. (b) the type of the relevant service; Examples: ADSL, Wi Fi, VoIP, cable, GPRS, VoLTE, LTE. (c) the features of the relevant service that were, or would have been, used by or enabled for the communication. Examples: Call waiting, call forwarding, data volume usage. Note: This item will only apply to the service provider operating the relevant service: see paragraph 187A(4)(c).
6	The location of equipment, or a line, used in connection with a communication	The following in relation to the equipment or line used to send or receive the communication: (a) the location of the equipment or line at the start of the communication; (b) the location of the equipment or line at the end of the communication. Examples: Cell towers, Wi Fi hotspots.

Back to Top

Safeguards

The TIA Act contains a number of safeguards, controls and reporting requirements in relation to the interception of, and access to, stored communications and disclosure of telecommunications data including:

the heads of interception agencies provide the Secretary of the Attorney-General’s Department (AGD) with a copy of each telecommunications interception warrant.
interception agencies report to the Attorney-General, within three months of a warrant ceasing to be in force, detailing the use made of information obtained by the interception.
the Secretary of the AGD maintains a General Register detailing the particulars of all telecommunications interception warrants. The Secretary of the AGD must provide the General Register to the Attorney-General for inspection every three months.
the Secretary of the AGD maintains a Special Register recording the details of telecommunications interception warrants that do not lead to a prosecution within three months of the warrant expiring. The Special Register is also given to the Attorney-General to inspect.
Law enforcement agencies’ use of interception powers under the TIA Act is independently overseen by the Commonwealth Ombudsman and equivalent state bodies.
At least twice a year the Commonwealth Ombudsman must inspect the records kept by the ACC, ACLEI and the AFP relating to interceptions and the use, dissemination and destruction of intercepted information.
The Commonwealth Ombudsman is required under the TIA Act to report to the Attorney-General about these inspections, including information about any deficiencies identified and remedial action. State and Territory legislation imposes similar requirements on State and Territory interception agencies regarding their use of interception powers.

While the Commonwealth Ombudsman is responsible for inspecting the records of the ACC, ACLEI and the AFP in relation to interception, the relevant state or territory Ombudsman generally undertakes this function for State and Territory agencies. The reports of the inspections of the declared state and territory agencies are given to the responsible state or territory Minister who provides a copy to the Commonwealth Attorney-General.

The Commonwealth Ombudsman also conducts regular inspections of records in relation to access by enforcement agencies (including both Commonwealth and state agencies) to stored communications and reports to the Attorney-General on the results of those inspections.

2. Interception

Definitions

The interception related provisions of the TIA Act apply to “live” or “real-time” communications, that is, communications that are “passing over a telecommunications system”.
Interception “consists of listening to or recording, by any means, such a communication in its passage over that telecommunications system without the knowledge of the person making the communication (s6(1)).

The meaning of the term “passing over a telecommunications system” according to s5(F) is:

For the purposes of this Act, a communication:
(a) is taken to start passing over a telecommunications system
when it is sent or transmitted by the person sending the
communication; and
(b) is taken to continue to pass over the system until it becomes
accessible to the intended recipient of the communication.

Definitions of “accessible to” and “intended recipient” are detailed in the subsection concerning stored communications later herein.

Prohibition on Interception Of Telecommunications

Subsection 7 of the TIA Act states:

(1) A person shall not:
(a) intercept;
(b) authorize, suffer or permit another person to intercept; or
(c) do any act or thing that will enable him or her or another
person to intercept;
a communication passing over a telecommunications system.

A person who contravenes subsection 7(1) is guilty of an offence punishable on conviction by imprisonment for a period not exceeding 2 years (s105). Note, however, that limited exceptions to the s7(1) prohibition are specified in other subsections of s7. These include interception under an interception warrant.

Interception Warrants

Interception warrants may be issued for two purposes: national security and law enforcement.

National Security
Interception warrants for national security purposes may be issued to the Australian Security Intelligence Organisation (“ASIO”). ASIO is able to intercept telecommunications under the warrant regime in Chapter 2 Part 2-2 of the TIA Act which provides that the Attorney-General may issue warrants to ASIO if the Attorney-General is satisfied that:

(a) the telecommunications service is being or is likely to be:
(i) used by a person engaged in, or reasonably suspected by
the Director-General of Security of being engaged in, or
of being likely to engage in, activities prejudicial to
security; or
(ia) the means by which a person receives or sends a
communication from or to another person who is
engaged in, or reasonably suspected by the
Director-General of Security of being engaged in, or of
being likely to engage in, such activities; or
(ii) used for purposes prejudicial to security; and
(b) the interception by the Organisation of communications
made to or from the telecommunications service will, or is
likely to, assist the Organisation in carrying out its function
of obtaining intelligence relating to security;

Interception warrants issued to ASIO may also permit access to stored communications (s9A(1)(a)).

Interception warrants issued to ASIO must specify the duration for which the warrant is to remain in force. The specified period must not exceed:

(a) if subparagraph 9(1)(a)(ia) applies—3 months; or
(b) otherwise—6 months.

Subsection 9B(3) does not prevent the issue of a further warrant in respect of a telecommunications service or a person (as the case may be) in relation to which or whom a warrant has, or warrants have, previously been issued.

According to subsection 10(1) an interception warrant may also be issued to ASIO by the Director-General of Security in an emergency without the need for the Attorney-General’s approval where:

(a) the Director-General of Security has forwarded or made a
request to the Attorney-General for the issue of a warrant
under subsection 9 in respect of a telecommunications service or
under subsection 9A in respect of a person;
(b) the Attorney-General has not, to the knowledge of the
Director-General of Security, made a decision with respect to
the request and has not, within the preceding period of 3
months, refused to issue a warrant under subsection 9 in respect
of the telecommunications service or under subsection 9A in
respect of a person (as the case requires);
(c) the Director-General of Security has not, within the
preceding period of 3 months, issued a warrant under this
subsection in respect of the telecommunications service or
person (as the case requires); and
(d) the Director-General of Security is satisfied:
(i) that the facts of the case would justify the issue of a
warrant by the Attorney-General; and
(ii) that, if the interception to which the request relates does
not commence before a warrant can be issued and made
available by the Attorney-General, security will be, or is
likely to be, seriously prejudiced;

Interception warrants issued to ASIO pursuant to subsection 10 DO NOT permit access to stored communications (s10(1)(a)). Furthermore a warrant under this subsection shall specify the period for which it is to remain in force, being a period that does not exceed 48 hours (s10(3)).
Back to Top
Law Enforcement
Interception warrants for law enforcement purposes may be issued to “interception agencies”, that is eligible commonwealth agencies and State Law Enforcement Authorities under the warrant regime in Chapter 2 Part 2-5 of the TIA Act, for the purpose of investigating “serious offences” (Please see Threshold for Issue of Interception Warrants for a definition of “serious offences”).

Types of Interception Warrants
The Act provides for the issue of two types of interception warrants:

A “telecommunications service” warrant (s46) authorises the interception of only one service at a time (e.g. one telephone number). Under S46(1d) this type of warrant applies to both:
(i) the particular person is involved; or
(ii) another person is involved with whom the particular person is likely to communicate using the service;

A “named person” warrant (s46A) authorises the interception of more than one telecommunications service or telecommunications device used or likely to be used by the person the subject of the warrant (i.e. it may authorise interception of one or more telephone services and/or also interception of one or more email services, etc). Under (s46A(1)(d) this type of warrant applies to:

(i) communications made to or from any
telecommunications service that the person is using, or
is likely to use; or
(ii) communications made by means of a particular
telecommunications device or particular
telecommunications devices that the person is using, or
is likely to use;
would be likely to assist in connection with the investigation by the agency of a serious offence, or serious offences, in which the person is involved;

Both s46(1)(d)(ii) and s46A(1)(d)(ii) as referred to above are known as “B-Party” warrants in that they authorise the interception of a service that is likely to be used by another person (a non-suspect) to communicate with the suspect. An issuing authority may not issue a B-Party warrant unless he or she is satisfied that there are no other practicable methods available to the agency to identify the service used by the person under investigation or there are no other possible methods of intercepting that service.

The TIA Act provides that in exceptional circumstances, an issuing authority can issue an interception warrant that authorises entry on to premises to carry out telecommunications interception. An issuing authority can only issue such a warrant if satisfied that it would be impracticable or inappropriate to intercept communications otherwise than by use of equipment installed on those premises. Please see subsection 48 of the TIA Act for further details.

Duration of Interception Warrants
Interception warrants are required to specify the period for which the warrant is to be in force, which is up to a maximum 90 days, unless it is a ‘B-Party’ warrant, in which case the maximum is up to 45 days.

Authorised Interception Agencies
Applications for telecommunication interception warrants may only be made by an “interception agency”. An interception agency is the Australian Crime Commission (ACC), the Australian Commission for Law Enforcement Integrity (ACLEI), the Australian Federal Police (AFP) or an ‘eligible authority’ of a State or the Northern Territory which is the subject of a declaration under subsection 34 of the TIA Act.

In effect, a subsection 34 declaration, which is made by the Attorney General at the request of the Premier of a State or the Chief Minister of a Territory, grants an eligible authority the status of an interception agency. This means that the agency can then apply for a telecommunications interception warrant to assist in the investigation of a “serious offence”. An eligible authority which is not the subject of a declaration is not able to apply for such a warrant but is able to receive intercepted information for permitted purposes from an interception agency.

As of 30 June 2015, the following agencies were entitled to apply for interception warrants for law enforcement purposes (according to the Appendix B of the Telecommunications (Interception) Act 1979 Report for the year ending 30 June 2015):

[CHECK THIS]

Australian Crime Commission,
Australian Federal Police,
Australian Commission for Law Enforcement Integrity
Corruption and Crime Commission (Western Australia),
Crime and Corruption Commission (Queensland),
Independent Broad-based Anti-corruption Commission (Victoria),
Independent Commission Against Corruption (New South Wales),
New South Wales Crime Commission,
New South Wales Police Force,
Northern Territory Police,
Police Integrity Commission (New South Wales),
Queensland Police Service,
Independent Commissioner Against Corruption (South Australia),
South Australia Police,
Tasmania Police,
Victoria Police,
Western Australia Police

Threshold for Issue of Interception Warrants
Interception warrants may only be issued in relation to the investigation of “serious offences” as exhaustively defined in s5D of the TIA Act. Serious offences include the following:

murder, kidnapping and equivalent offences
an offence against Division 307 of the Criminal Code, being serious drug import and export offences
an offence constituted by conduct involving an act or acts of terrorism
an offence against Subdivision A of Division 72 or against Division 101, 102 or 103 of the Criminal Code, being specific offences relating to terrorism
offences in relation to which the Australian Crime Commission (ACC) is conducting a special investigation within the meaning of the Australian Crime Commission Act 2002
offences relating to child pornography
specified offences involving particular conduct such as loss of a persons life, personal injury or trafficking in prescribed substances where the offence is punishable by at least 7 years imprisonment
specified offences involving planning and organisation which involve conduct such as theft, handling of stolen goods, bribery or corruption and the offence is punishable by at least 7 years imprisonment
money laundering offences
offences relating to people smuggling with exploitation, slavery, sexual servitude and deceptive recruiting
serious drug offences
computer related offences, and
ancillary offences, such as aiding, abetting and conspiring to commit other serious offences

It is a general requirement that the offence be punishable by imprisonment for life or for a minimum period of seven years. However, there are exceptions to this rule. These exceptions generally apply to offences that by their nature require interception as an investigative tool and where the conduct is serious enough to warrant the use of interception regardless of the offence threshold. Examples of these types of offences include child pornography and cyber-crime offences.
Back to Top
Issuers of Interception Warrants
Interception warrants can only be issued by an ‘eligible Judge’ or nominated member of the Administrative Appeals Tribunal (AAT). An ‘eligible Judge’ means a person who is a Judge of a court created by the Parliament who has consented in writing to being nominated by the Attorney-General, and who has been declared by the Attorney-General to be an eligible Judge (s6D).

As of June 2015 eligible Judges were members of the Federal Court of Australia, the Family Court of Australia and the Federal Circuit Court. A ‘nominated AAT member’ refers to a Deputy President, senior member or member of the AAT who has been nominated by the Attorney-General to issue warrants. In the case of part-time senior members and members of the AAT, the member must have been enrolled as a legal practitioner of the High Court, the Federal Court or the Supreme Court of a State or Territory for no less than five years to be eligible for nomination to issue warrants.

Conditions of Issue of Interception Warrants
Subsection 46 (telecommunications service warrant) and subsection 46A (named person warrant) of the TIA Act set out a range of matters about which an issuing authority must be satisfied prior to issuing a warrant and also matters to which the issuing authority must have regard. The latter include, for example, how much the privacy of any person or persons would be likely to be interfered with by intercepting communications, the gravity of the conduct constituting the offence or offences being investigated, etc. For the full list, refer to subsections 46 and 46A of the TIA Act.

Exceptions to the Prohibition on Interception – non-warrant based
Subsection 7 of the Act sets out a small number of exceptions to the general prohibition on interception, one of which is interception under a warrant as outlined above. Other exceptions are outlined below:

Exceptions to enable police to intercept communications in specified urgent situations, and carrier employees on emergency request of police to intercept a communication for the purposes of tracing the location of the caller, where there is risk loss of life or the infliction of serious personal injury or threats to kill or seriously injure another person or to cause serious damage to property, etc. (Refer to subsection 7 of the TIA Act for detailed information about the specific circumstances under which these narrowly tailored exceptions apply.)
An exception to enable an officer of ASIO, in the lawful performance of his or her duties, to discover whether a listening device is being used at, or in relation to, a particular place; or determine the location of a listening device.
Exceptions applicable to carriers and carrier employees in relation to duties involving the installation of lines and equipment or the operation or maintenance of a telecommunications system. For more detail, see the subsection later herein regarding exceptions for carrier employees in relation to access to stored communications. The limited circumstances in which carrier employees are not prohibited from intercepting communications are the same as the circumstances in which they are not prohibited from accessing stored communications.

3. Stored Communications

Chapter 3 of the TIA Act deals with preserving and accessing stored communications. The stored communications provisions of the TIA Act apply to communications such as email, SMS and voice mail messages that are stored on a carrier’s equipment, that is, communications that either have not commenced, or have completed, passing over a telecommunications system (as defined).

Definition of Stored Communications

The TIA Act states:

stored communication means a communication that:
(a) is not passing over a telecommunications system; and
(b) is held on equipment that is operated by, and is in the possession of, a carrier; and
(c) cannot be accessed on that equipment, by a person who is not a party to the communication, without the assistance of an employee of the carrier.

The term “carrier” means a carrier and a carriage service provider within the meaning of the Telecommunications Act 1997 which includes Internet Service Providers (“ISPs”).

With regard to (a) above, the Act defines “passing over” as follows:

5F For the purposes of this Act, a communication:
(a) is taken to start passing over a telecommunications system when it is sent or transmitted by the person sending the communication; and
(b) is taken to continue to pass over the system until it becomes accessible to the intended recipient of the communication.

Definitions of “intended recipient” and “accessible to” are as follows:

5G For the purposes of this Act, the intended recipient of a communication is:
(a) if the communication is addressed to an individual (either in the individual’s own capacity or in the capacity of an employee or agent of another person)-the individual; or
(b) if the communication is addressed to a person who is not an individual-the person; or
(c) if the communication is not addressed to a person-the person who has, or whose employee or agent has, control over the telecommunications service to which the communication is sent.

5H (1) For the purposes of this Act, a communication is accessible to its intended recipient if it:
(a) has been received by the telecommunications service provided to the intended recipient; or
(b) is under the control of the intended recipient; or
(c) has been delivered to the telecommunications service provided to the intended recipient.
(2) Subsection (1) does not limit the circumstances in which a communication may be taken to be accessible to its intended recipient for the purposes of this Act.

Preserving Stored Communications

Chapter 3, Part 3-1A of the Act refers to preserving stored communications. This Part establishes a system of preserving certain stored communications that are held by a carrier. Under the system, issuing agencies can give a preservation notice to a carrier requiring the carrier to preserve all stored communications that the carrier holds that relate to the person or telecommunications service specified in the notice. The purpose of the preservation notice is to prevent the communications from being destroyed before they can be accessed under certain warrants issued under this Act. The carrier will breach its obligations under subsection 313 of the Telecommunications Act 1997 if it does not comply with the notice.

Types of Preservation Notices

There are 2 types of preservation notices:
(a) domestic preservation notices (which cover stored communications that might relate either to a contravention of certain Australian laws or to national security) and;
(b) foreign preservation notices (which cover stored communications that might relate to a contravention of certain foreign laws).
Back to Top
Types of Domestic Preservation Notices
There are 2 types of domestic preservation notices detailed in Ch3-Part 3-Division 2:

(a) historic domestic preservation notices, which cover stored communications held by the carrier on a particular day for the period that starts at the time the carrier receives the notice and ends at the end of the day the carrier receives the notice (s107H(1)(i)); and
(b) ongoing domestic preservation notices, which cover stored communications held by the carrier in a particular 30-day period. The period starts at the time the carrier receives the notice and ends at the end of the 29th day after the day the carrier receives the notice (s107H(1)(ii)).

Duration of Domestic Preservation Notices

Historic domestic preservation notices start at the time the carrier receives the notice and ends at the end of the day the carrier receives the notice.
Ongoing domestic preservation notices last for a period of up to 30 days.

Threshold for issue of a domestic preservation notice
Criminal law-enforcement agencies must be investigating a “serious contravention” to issue a domestic preservation notice.

According to subsection 5E of the TIA Act:

(1) For the purposes of this Act, a serious contravention is a contravention of a law of the Commonwealth, a State or a Territory that:
(a) is a serious offence; or

(b) is an offence punishable:
(i) by imprisonment for a period, or a maximum period, of at least 3 years; or
(ii) if the offence is committed by an individual—by a fine, or a maximum fine, of at least 180 penalty units; or
(iii) if the offence cannot be committed by an individual—by a fine, or a maximum fine, of at least 900 penalty units; or

(c) could, if established, render the person committing the contravention liable:
(i) if the contravention were committed by an individual—to pay a pecuniary penalty of 180 penalty units or more, or to pay an amount that is the monetary equivalent of 180 penalty units or more; or
(ii) if the contravention cannot be committed by an individual—to pay a pecuniary penalty of 900 penalty units or more, or to pay an amount that is the monetary equivalent of 900 penalty units or more.

(2) Except so far as the contrary intention appears, a contravention, or a contravention of a particular kind, is taken, for the purposes of this Act, to be a contravention, or to be a contravention of that kind, as the case may be, that:
(a) has been committed or is being committed; or
(b) is suspected on reasonable grounds of having been committed, of being committed or of being likely to be committed.

(3) To avoid doubt, a reference in this subsection to a number of penalty units in relation to a contravention of a law of a State or a Territory includes a reference to an amount of a fine or pecuniary penalty that is equivalent, under subsection 4AA of the Crimes Act 1914, to that number of penalty units.

ASIO can issue a domestic preservation notice if doing so might assist the Organisation in carrying out its function of obtaining intelligence relating to security (s107J(2)(i)).

An historic domestic preservation notice may be issued by a criminal law-enforcement agency or ASIO. According to subsection 110A each of the following is a criminal law-enforcement agency:

the Australian Federal Police (AFP);
Victoria Police;
New South Wales Police Force;
Queensland Police;
Western Australia Police;
South Australia Police;
Tasmania Police;
Northern Territory Police;
the Australian Commission for Law Enforcement Integrity (ACLEI);
the Australian Crime Commission (ACC);
the Australian Customs and Border Protection Service Immigration and Border Protection Department;
the Australian Securities and Investments Commission;
the Australian Competition and Consumer Commission;
the Crime Commission (NSW);
the Independent Commission Against Corruption (NSW);
the Police Integrity Commission (NSW);
the Independent Broad-based Anti-corruption Commission (Vic);
the Crime and Corruption Commission of Queensland;
the Corruption and Crime Commission (WA);
the Independent Commissioner Against Corruption (SA);

Additionally,
(3) The Minister may, by legislative instrument, declare:
(a) an authority or body to be a criminal law-enforcement agency;
(3B) The Minister must not make the declaration unless the Minister is satisfied on reasonable grounds that the functions of the authority or body include investigating serious contraventions.

An ongoing preservation notice may be issued by a criminal law-enforcement agency that is also an interception agency, which for the purposes of the TIA Act are the following:

the Australian Federal Police (AFP);
Victoria Police;
New South Wales Police Force;
Queensland Police;
Western Australia Police;
South Australia Police;
Tasmania Police;
Northern Territory Police;
the Australian Commission for Law Enforcement Integrity (ACLEI);
the Australian Crime Commission (ACC);
the Crime Commission (NSW);
the Independent Commission Against Corruption (NSW);
the Police Integrity Commission (NSW);
the Independent Broad-based Anti-corruption Commission (Vic);
the Crime and Corruption Commission of Queensland;
the Corruption and Crime Commission (WA);
the Independent Commissioner Against Corruption (SA);

Conditions of Issue of Domestic Preservation Notices
The full condition for giving a domestic preservation notice to a carrier are specified in subsection 107J.
The most relevant condition states that both criminal law enforcement agencies and ASIO must intend that if, at a later time, they consider that the stored communications resulting from the preservation notice would likely assist in carrying out the relevant investigation or function, that the relevant authority will request a Part 2-5 (for a criminal law-enforcement agency) or a Part 2-2 (for ASIO) warrant to access those communications (s107J(1)(d) and s107J(2)(c)).

Pursuant to subsection 107H(3) of the Act, in a domestic preservation notice, the issuing agency can only specify:

(a) one person; or
(b) one or more telecommunications services; or
(c) one person and one or more telecommunications services.

Revoking a Domestic Preservation Notice
While an issuing agency can revoke a domestic preservation notice voluntarily at any time, it is mandatory to do so if:

a) For a law enforcement agency, the conditions in subparagraph 107J(1)(b) or (c) or if the agency decides not to apply for a Part 2 5 warrant or stored communications warrant to access the stored communications covered by the notice (s107L(2)(a)(i) and (ii)) or;
b) For ASIO, if the condition in subparagraph 107J(2)(b) is no longer satisfied or ASIO is satisfied that the Director General of Security will not request a Part 2 2 warrant to access the stored communications covered by the notice (s107L(2)(b)(i) and (ii)).

When a Foreign Preservation Notice can be given
A foreign preservation notice can be given to a carrier if a foreign country has made a request for the preservation in accordance with subsection 107P.
The notice can only specify:

(a) one person; or
(b) one or more telecommunications services; or
(c) one person and one or more telecommunications services (s107N(2)).

Duration of a Foreign Preservation Notices
Foreign preservation notices, like historic domestic preservation notices, cover stored communications held by the carrier on a particular day.
Back to Top
Threshold for issue of a Foreign Preservation Notice
A foreign preservation notice may be issued only be issued if it relates to a criminal matter involving a serious foreign contravention (s107P(1)(c)).
For the purposes of the TIA Act, a serious foreign contravention is a contravention of a law of a foreign country that is punishable by a maximum penalty of:

(a) imprisonment for 3 years or more, imprisonment for life or the death penalty; or
(b) a fine of an amount that is at least equivalent to 900 penalty units (s5EA).

Issuers of Foreign Preservation Notices
Only the Australian Federal Police can issue a foreign preservation notice.

Conditions of Issue of Foreign Preservation Notices
A request to the Australian Federal Police for a foreign preservation notice must be in writing and;

specify the name of the authority concerned with the criminal matter; and
specify the serious foreign contravention that is the subject of the investigation or investigative proceeding; and
specify information identifying the stored communications to be preserved and the relationship between those communications and the serious foreign contravention; and
specify any information the foreign country has that identifies the carrier that holds the stored communications; and
if the stored communications relate to a specified person—specify any information the foreign country has that identifies the telecommunications service to which the stored communications relate; and
specify the reasons why the stored communications need to be preserved; and
specify that the foreign country intends to make a request under subparagraph 15B(d) of the Mutual Assistance in Criminal Matters Act 1987 to access the stored communications (s107P(2)).

Revoking a Foreign Preservation Notice
A foreign preservation notice must be revoked in the following circumstance:

a) If during the period of 180 days starting on the day the carrier was given the notice, the foreign country did not make a request to the Attorney General under subparagraph 15B(d) of the Mutual Assistance in Criminal Matters Act 1987 to arrange for access to those communications (s107R(1)(c); and
b) if the Attorney-General refuses a request by a foreign country in relation to stored communications under a preservation notice (s107R(2)(d).
c) if the foreign country withdraws the request (s107R(3)(c).

Access to Stored Communications

Subsection 6AA defines accessing a stored communication to include reading it, as well as recording and/or listening to it.

6AA Accessing a stored communication
For the purposes of this Act, accessing a stored communication consists of listening to, reading or recording such a communication, by means of equipment operated by a carrier, without the knowledge of the intended recipient of the communication.

Prohibition on Access to Stored Communications

Subsection 108 states:

(1) A person commits an offence if:
(a) the person:
(i) accesses a stored communication; or
(ii) authorises, suffers or permits another person to access a stored communication; or
(iii) does any act or thing that will enable the person or another person to access
a stored communication; and
(b) the person does so with the knowledge of neither of the following:
(i) the intended recipient of the stored communication;
(ii) the person who sent the stored communication.

Penalty: Imprisonment for 2 years or 120 penalty units, or both.

Note: This subsection does not prohibit accessing of communications, that are no longer passing over a telecommunications system, from the intended recipient or from a telecommunications device in the possession of the intended recipient.

(1A) Without limiting subparagraph (1)(b), a person is taken for the purposes of that subparagraph to have knowledge of an act referred to in subparagraph (1)(a) if written notice of an intention to do the act is given to the person.

Note: For giving notice, see subsection 28A of the Acts Interpretation Act 1901.

The TIA Act includes limited exceptions to the s108(1) prohibition on access which are set out in other subsubsections of s108. These include access under a stored communication warrant.

Stored Communications Warrants
Stored communications warrants for Law Enforcement purposes may be issued, under the warrant regime in Chapter 3 of the TIA Act, to criminal law-enforcement agencies for the purpose of investigating “serious contraventions”.

National Security
Access to stored communications for national security purposes can be granted to ASIO without the need to apply for a stored communication warrant. ASIO is able to access stored communications under Part 2-2 interception warrants regime. Part 3-2, subsection 109 of the TIA Act states that:

In addition to authorising interception of communications, a Part 2 2 warrant also authorises a person to access a stored communication if:
(a) the warrant would have authorised interception of the communication if it were still passing over a telecommunications system; and
(b) the person is approved under subsection 12 in respect of the warrant.

Law enforcement
Criminal law enforcement agencies may apply for stored communications warrants under the Part 3-3 warrant regime for the purposes of investigating “serious contraventions”.

Types of Stored Communications Warrants

A stored communications warrant authorises access to stored communications made by the person in respect of whom the warrant is issued, or that another person has made and for which the intended recipient is the person in respect of whom the warrant is issued, and that becomes, or became, a stored communication before the warrant is first executed in relation to the carrier that holds the communications (s117):

A stored communications warrant authorises persons approved under subsection 127(2) in respect of the warrant to access, subject to any conditions or restrictions that are specified in the warrant, a stored communication:

(a) that was made by the person in respect of whom the warrant was issued; or
(b) that another person has made and for which the intended recipient is the person in respect of whom the warrant was issued;
and that becomes, or became, a stored communication before the warrant is first executed in relation to the carrier that holds the communication.

Stored communications warrants are of a type similar to “named person” interception warrants in that they are issued in respect of a person, not a telecommunications service, and are therefore able to authorise access to stored communications sent or received via one or more telecommunications services. A stored communication warrant also includes the “B-Party” provisions of a “named person” interception warrant, in that s117(b) authorises access to stored communications that another person (a non-suspect) has made, the intended recipient of which is the suspect.
Back to Top
Duration of Stored Communications Warrant
A stored communications warrant remains in force until it is first executed, or until the end of the period of 5 days after the day on which it was issued, whichever occurs sooner. However, if the warrant relates to more than one telecommunications service and those services are not all operated by the same carrier, the warrant remains in force, to the extent that it relates to a telecommunications service operated by a particular carrier, until it is first executed in relation to a telecommunications service operated by that particular carrier, or until the end of the period of 5 days after the day on which it was issued, whichever occurs sooner (s119).
An issuing authority is not allowed to vary a stored communications warrant by extending the period for which it is to be in force (s119(3)). However, a further warrant in respect of the same person may be issued, but if the further warrant relates to the same telecommunications service as the previous warrant, it must not be issued within 3 days after the day on which the previous warrant was executed or was last executed (s119(4)) and (5).

The Explanatory Memorandum to the Telecommunications (Interception) Amendment Bill 2006 makes clear the intent of the above time limits [emphasis added]:

New subsection 119(3) provides that the issuing authority may not extend this [5 day execution] period. As the warrant will only permit access to communications stored at the carrier at the time the warrant is executed, and there is no requirement for carriers to hold stored communications for any length of time, it is in the agencies’ interest to execute the warrant as soon as possible.
and
This [3 day] time limit [on issue of a further warrant] is to ensure that agencies are not able to get a new stored communications warrant daily, which would undermine the separate interception warrant regime.

Authorised Agencies
Stored communications warrants can be issued to ASIO and criminal law-enforcement agencies as defined by s110A of the TIA Act:

Threshold for issue of Stored Communication Warrants
Stored communications warrants can be issued in relation to the investigation of a much larger range of offences than can interception warrants. The threshold for issue of interception warrants is generally offences with a penalty of a maximum term of imprisonment of at least 7 years (“serious offences”). In contrast, stored communications warrants can be issued for investigation of not only “serious offences” but also “serious contraventions”.

Issuers of Stored Communications Warrants
Stored communications warrants are able to be issued by the same issuing authorities as interception warrants (i.e. eligible judges and nominated AAT members) and are also able to be issued by any other Commonwealth, State or Territory judge or magistrate.

Conditions of Issue of Stored Communications Warrants
Subsection 116(1) of the Act sets out a range of matters about which an issuing authority must be satisfied prior to issuing a warrant and subsection 116(2) sets out a range of matters to which the issuing authority must have regard. The latter include, for example, how much the privacy of any person or persons would be likely to be interfered with by accessing the stored communications, the gravity of the conduct constituting the serious contravention, etc. For the full list, refer to subsection 116 of the TIA Act.

Exceptions to the Prohibition on Access to Stored Communications

Subsection 108(2) of the Act sets out a small number of exceptions to the general prohibition on access to stored communications and a defendant bears an evidential burden in relation to the matter in subsection (2). Two of the exceptions are access under a stored communications warrant for criminal law-enforcement agencies (s108(2)(a)) or an interception warrant for ASIO (s108(2)(b)) as outlined above. Other exceptions are outlined below.

Exceptions Applicable to ASIO
Subsection 108(2)

(c) accessing a stored communication under a computer access warrant issued under subsection 25A of the Australian Security Intelligence Organisation Act 1979;
(ca) accessing a stored communication under an authorisation given under a warrant in accordance with subsection 27E of the Australian Security Intelligence Organisation Act 1979;
(e) accessing a stored communication by another person lawfully engaged in duties relating to the installation, connection or maintenance of equipment or a line, if it is reasonably necessary for the person to access the communication in order to perform those duties effectively; or
(f) accessing a stored communication by a person lawfully engaged in duties relating to the installation, connection or maintenance of equipment used, or to be used, for accessing stored communications under:
(iii) computer access warrants issued under subsection 25A of the Australian Security Intelligence Organisation Act 1979; or
(iv) authorisations given under warrants in accordance with subsection 27E of the Australian Security Intelligence Organisation Act 1979; or
(g) accessing a stored communication if the access results from, or is incidental to, action taken by an ASIO employee, in the lawful performance of his or her duties, for the purpose of:
(i) discovering whether a listening device is being used at, or in relation to, a particular place; or
(ii) determining the location of a listening device; or
(h) accessing a stored communication if the access results from, or is incidental to, action taken by an ASIO affiliate, in accordance with the contract, agreement or other arrangement under which the ASIO affiliate is performing functions or services for the Organisation, for the purpose of:
(i) discovering whether a listening device is being used at, or in relation to, a particular place; or
(ii) determining the location of a listening device;

Exceptions applicable to Carriers and Carriers’ employees

Subsection 108(2)(d) an act or thing done by an employee of a carrier in the course of his or her duties for or in connection with:
(i) the installation of any line, or the installation of any equipment, used or intended for use in connection with a telecommunications service; or
(ii) the operation or maintenance of a telecommunications system; or
(iii) the identifying or tracing of any person who has contravened, or is suspected of having contravened or being likely to contravene, a provision of Part 10.6 of the Criminal Code;
if it is reasonably necessary for the employee to do that act or thing in order to perform those duties effectively

(e) accessing a stored communication by another person lawfully engaged in duties relating to the installation, connection or maintenance of equipment or a line, if it is reasonably necessary for the person to access the communication in order to perform those duties effectively; or
(f) accessing a stored communication by a person lawfully engaged in duties relating to the installation, connection or maintenance of equipment used, or to be used, for accessing stored communications under:
(ia) preservation notices; or
(i) stored communications warrants; or
(ii) interception warrants;
(iii) computer access warrants issued under subsection 25A of the Australian Security Intelligence Organisation Act 1979; or
(iv) authorisations given under warrants in accordance with subsection 27E of the Australian Security Intelligence Organisation Act 1979;

Exceptions applicable to the Australian Communications and Media Authority
Subsection 108(2)(h) accessing a stored communication by an officer or staff member of the Australian Communications and Media Authority engaged in duties relating to enforcement of the Spam Act 2003.

Back to Top

4. Access to telecommunications data (metadata)

Chapter 4 of the TIA Act sets out when the offence provisions under ss 276, 277 and 278 of the Telecommunications Act 1997 do not prohibit the disclosing of information or documents (‘telecommunications data’) to ASIO and enforcement agencies by certain participants in the telecommunications industry (referred to in this chapter as ‘telecommunications service providers’). Chapter 4 also creates offences for certain disclosures and uses of information and documents.

Chapter 4, Divisions 3, 4 and 4A do not permit the disclosure of information that is the contents or substance of a communication, or a document to the extent that the document contains the contents or substance of a communication (s172(a) and (b)).

There are no warrant provisions in Chapter 4 for access to, and disclosure of, telecommunications data, except for that relating to journalists and their sources which is provided under a journalist information warrant.

Definition of telecommunications data

“Telecommunications data” is not defined under the Act. Chapter 4, like the exceptions under Part 13 of the Telecommunications Act 1997, authorise access to ‘information or a document’. ‘Telecommunications data’, therefore, would be either information or a document.

[CHECK THIS]

The Explanatory Memorandum to the Telecommunications (Interception and Access) Amendment Bill 2007 that introduced Chapter 4 provides that:

Telecommunications data is information about a telecommunication, but does not include the content or substance of the communication. Telecommunications data is available in relation to all forms of communications, including both fixed and mobile telephony services and for internet based applications including internet browsing and voice over internet telephony.

For telephone-based communications, telecommunications data includes subscriber information, the telephone numbers of the parties involved, the time of the call and its duration. In relation to internet based applications, telecommunications data includes the Internet Protocol (IP) address used for the session and the start and finish time of each session.

The Telecommunications (Interception and Access )Act 1979 Annual Report 2014-15 states that:

‘Telecommunications data’ is information about a communication—such as the phone numbers of the people who called each other, how long they talked to each other, the email address from which a message was sent and the time the message was sent.

Permitted access to telecommunications data

Access to telecommunications data is currently limited to the following enforcement agencies, and is available without a warrant:

the Australian Federal Police;
Victoria Police;
New South Wales Police Force;
Queensland Police;
Western Australia Police;
South Australia Police;
Tasmania Police;
Northern Territory Police;
Australian Commission for Law Enforcement Integrity;
Australian Crime Commission;
Department of Immigration and Border Protection;
Australian Securities and Investments Commission;
Australian Competition and Consumer Commission;
Crime Commission (NSW);
Independent Commission Against Corruption (NSW);
Police Integrity Commission (NSW);
Independent Broad-based Anti-corruption Commission (Vic);
Crime and Corruption Commission of Queensland;
Corruption and Crime Commission (WA);
Independent Commissioner Against Corruption (SA);

Additional enforcement agencies can be added to this list by the Attorney-General pursuant to subsection 176A(3) which states that:
The Minister may, by legislative instrument, declare:

(a) an authority or body to be an enforcement agency; and
(b) persons specified, or of a kind specified, in the declaration to be officers of the enforcement agency for the purposes of this Act.

According to documents released by the Attorney-General’s Department under the Freedom of Information Act 1982 , the following 61 agencies have sought authorisation to access telecommunications data held under the TIA Act’s mandatory data retention laws:

Australian Financial Security Authority, Commonwealth
Australian Health Practitioner Regulation Agency (AHPRA), Commonwealth
Australian Postal Corporation, Commonwealth
Australian Taxation Office, Commonwealth
Australian Transaction Reports and Analysis Centre, Commonwealth
Civil Aviation, Safety Authority (CASA), Commonwealth
Clean Energy Regulator, Commonwealth
Department of Agriculture, Commonwealth
Department of Defence (ADFIS and IGD), Commonwealth
Department of the Environment, Commonwealth
Department of Foreign Affairs and Trade, Commonwealth
Department of Health, Commonwealth
Department of Human Services, Commonwealth
Department of Social Services, Commonwealth
Fair Work Building and Construction, Commonwealth
National Measurement Institute, Commonwealth
ACT Revenue Office, ACT
Access Canberra (Department of Treasury and Economic Development), ACT
Bankstown City Council, NSW
Consumer Affairs, VIC
Consumer, Building and Occupational Services (Consumer Affairs and Fair Trading – Department of Justice), TAS
Consumer and Business Services, SA
Department of Agriculture, Fisheries and Forestry, QLD
Department of Commerce, WA
Department of Corrective Services, WA
Department of Environment and Heritage Protection, QLD
Department of Economic Development, Jobs, Transport & Resources (Fisheries), VIC
Department of Environment, Land, Water and Planning, VIC
Department of Environment Regulation, WA
Department of Fisheries, WA
Department of Justice and Regulation (Consumer Affairs), VIC
Department of Justice and Regulation (Sheriff of Victoria), VIC
Department of Mines and Petroleum, WA
Department of Primary Industries (Fisheries), NSW
Environment Protection Authority, SA
Greyhound Racing Victoria, VIC
Harness Racing New South Wales, NSW
Health Care Complaints Commission, NSW
Legal Services Board, VIC
NSW Environment Protection Authority, NSW
NSW Fair Trading, NSW
Office of Environment & Heritage, NSW
Office of Fair Trading (Department of Justice And Attorney-General Office of the Director General), QLD
Office of State Revenue, NSW
Office of State Revenue, QLD
Office of the Racing Integrity Commissioner, VIC
Primary Industries and Regions South Australia (PIRSA), SA
Queensland Building and Construction Commission, QLD
Racing and Wagering Western Australia, WA
Racing NSW, NSW
Racing Queensland, QLD
Roads and Maritime Serices, NSW
Royal Society for the Prevention of Cruelty to Animals (RSPCA), VIC
State Revenue Office, VIC
Taxi Services Commission, VIC
RevenueSA, SA
Victorian WorkSafe Authority, VIC

Four agencies have also been redacted from the document under subsection 47b — as their disclosure would be “contrary to the public interest” — for a total of 61 government entities that have applied for ongoing access to the telecommunications data of Australian citizens and residents.

Permitted access to telecommunications data for ASIO

Under s 176(2) of the Act, certain ASIO staff can authorise telecommunications service providers to disclose information or documents that come into existence during the period for which the authorisation is in force (prospective telecommunications data). These persons also may authorise the disclosure of information or documents that existed before the time the authorisation came into force (historical telecommunications data)

The level of authorisation required for access to prospective telecommunications data is higher than that required for historical telecommunications data. Under s 175(2) and (4), the Director-General of ASIO could allow any officer or employee of ASIO to authorise access to historical telecommunications data, whereas in the case of prospective telecommunications data, authorisation is limited to Senior Executive Service (SES) Band 2 or above. The authorisation commences at the time the person from whom the disclosure is sought receives notification of the authorisation, and must end within 90 days, unless revoked earlier

Permitted access to telecommunications data for an “enforcement agency”

Chapter 4 sets out a two-tier access regime for ‘historical telecommunications data’ and ‘prospective telecommunications data’.

Subsections 178 and 179 allow an authorised officer of an ‘enforcement agency’ to authorise a telecommunications service provider to disclose historical data if he or she is satisfied that the disclosure is reasonably necessary for the enforcement of the criminal law, or a law imposing a pecuniary penalty or protection of the public revenue.

Subsection 180 allows an authorised officer of a ‘criminal law-enforcement agency’ to authorise the disclosure of prospective telecommunications data in addition to historical data. In making the authorisation, the officer must be satisfied that the disclosure is reasonably necessary for the investigation of a Commonwealth, state or territory offence that is a “serious offence” or an offence punishable by imprisonment for at least three years. The authorisation period is half that allowed for ASIO investigations—45 days.

Permitted access to telecommunications data for foreign law enforcement

Chapter 4 Division 4A of the TIA Act also permits the Australian Federal Police to authorise the disclosure of information or documents on behalf of foreign law enforcement agencies where that disclosure is reasonably necessary for the enforcement of a criminal law of a foreign country. The AFP may authorise disclosures for either existing (s180A) or prospective information (s180B) and further authorise the disclosure of the obtained information (s180C) to the requesting foreign law enforcement agency.

Privacy to be considered when making authorisations

Subsection 180F states that:

Before making an authorisation under Division 4 or 4A in relation to the disclosure or use of information or documents, the authorised officer considering making the authorisation must be satisfied on reasonable grounds that any interference with the privacy of any person or persons that may result from the disclosure or use is justifiable and proportionate, having regard to the following matters:
(aa) the gravity of any conduct in relation to which the authorisation is sought, including:
(i) the seriousness of any offence in relation to which the authorisation is sought; and
(ii) the seriousness of any pecuniary penalty in relation to which the authorisation is sought; and
(iii) the seriousness of any protection of the public revenue in relation to which the authorisation is sought; and
(iv) whether the authorisation is sought for the purposes of finding a missing person;
(a) the likely relevance and usefulness of the information or documents;
(b) the reason why the disclosure or use concerned is proposed to be authorised.

Data authorisations for foreign law enforcement

The TIA Act also requires the AFP to report on data authorisations made in relation to
foreign law enforcement. In 2014–15, the AFP made 36 data authorisations for access to
telecommunications data for the enforcement of the criminal law of a foreign country.
Following these requests, the AFP made 11 disclosures to foreign law enforcement
agencies. Information was disclosed to the following countries: the Former Yugoslav
Republic of Macedonia, France, New Zealand, the United Kingdom, Czech Republic,
Switzerland, Vietnam, the United States of America, Thailand and Mexico.

Journalist Information Warrants

Chapter 4, Division 4C, prohibits ASIO (s180G) and enforcement agencies (s180H) from authorising access to telecommunications data relating to a journalist or their employer where a purpose of making the authorisation is to identify a journalist’s source, unless a warrant has been obtained (a Journalist Information Warrant).

180G The Organisation (ASIO):

[THIS NEEDS COMPLETING]

(1) An eligible person (within the meaning of subsection 175(2) or 176(2), as the case requires) must not make an authorisation under Division 3 that would authorise the disclosure of information or documents relating to a particular person if:
(a) the eligible person knows or reasonably believes that particular person to be:
(i) a person who is working in a professional capacity as a journalist; or
(ii) an employer of such a person; and
(b) a purpose of making the authorisation would be to identify another person whom the eligible person knows or reasonably believes to be a source;
unless a journalist information warrant is in force in relation to that particular person.
(2) Nothing in this subsection affects by implication the kind of person in relation to whom a warrant (other than a journalist information warrant) may be issued under this Act.
180H Enforcement agencies:
(1) An authorised officer of an enforcement agency must not make an authorisation under subsection 178, 178A, 179 or 180 that would authorise the disclosure of information or documents relating to a particular person if:
(a) the authorised officer knows or reasonably believes that particular person to be:
(i) a person who is working in a professional capacity as a journalist; or
(ii) an employer of such a person; and
(b) a purpose of making the authorisation would be to identify another person whom the authorised officer knows or reasonably believes to be a source;
unless a journalist information warrant is in force, in relation to that particular person, under which authorised officers of the agency may make authorisations under that subsection.
(2) An authorised officer of the Australian Federal Police must not make an authorisation under Division 4A that would authorise the disclosure of information or documents relating to a particular person if:
(a) the authorised officer knows or reasonably believes that particular person to be:
(i) a person who is working in a professional capacity as a journalist; or
(ii) an employer of such a person; and
(b) a purpose of making the authorisation would be to identify another person whom the authorised officer knows or reasonably believes to be a source.
(3) Nothing in this subsection affects by implication the kind of person in relation to whom a warrant (other than a journalist information warrant) may be issued under this Act.

Duration of a Journalist Information Warrant

Under subsection 180N, a journalist information warrant issued to ASIO must specify the period (not exceeding 6 months) for which it is to remain in force.

Under subsection 180U, a journalist information warrant issued to an enforcement agency must specify the period (not exceeding 90 days) for which it is to remain in force.

Under subsection 180M, a journalist information warrant issued in an emergency must specify the period (not exceeding 48 hours) for which it is to remain in force.

Back to Top

Authorised Agencies

ASIO and enforcement agencies may apply for a journalist information warrant. For the purposes of the TIA ACT an enforcement agency is defined in subsection 176A.

Threshold/Conditions for issue of Journalist Information Warrant

The threshold requirements for issuing a journalist information warrant are less onerous than those for the issuing of warrants in other parts of the TIA Act, for example those relating to interception or storage, which require the investigation of a “serious offence” or a “serious contravention”.
When issuing a journalist information warrant to ASIO, the Attorney-General must be satisfied that:
2(a) the Organisation’s functions would extend to the making of authorisations under Division 3 in relation to the particular person; and
(b) the public interest in issuing the warrant outweighs the public interest in protecting the confidentiality of the identity of the source in connection with whom authorisations would be made under the authority of the warrant, having regard to:
(i) the extent to which the privacy of any person or persons would be likely to be interfered with by the disclosure of information or documents under authorisations that are likely to be made under the authority of the warrant; and
(ii) the gravity of the matter in relation to which the warrant is sought; and
(iii) the extent to which that information or those documents would be likely to assist in the performance of the Organisation’s functions; and
(iv) whether reasonable attempts have been made to obtain the information or documents by other means; and
(v) any submissions made by a Public Interest Advocate under subsection 180X; and
(vi) any other matters the Minister considers relevant (s180L)

The above guidelines also apply to the issuing of a journalist warrant in an emergency.

When a Part 4-1 issuing authority issues a journalist information warrant it must be satisfied that:
2(a) the warrant is reasonably necessary for whichever of the following purposes are applicable:
(i) if the warrant would authorise the making of authorisations under subsection 178—for the enforcement of the criminal law;
(ii) if the warrant would authorise the making of authorisations under subsection 178A—finding a person who the Australian Federal Police, or a Police Force of a State, has been notified is missing;
(iii) if the warrant would authorise the making of authorisations under subsection 179—the enforcement of a law imposing a pecuniary penalty or for the protection of the public revenue;
(iv) if the warrant would authorise the making of authorisations under subsection 180—the investigation of an offence of a kind referred to in subsection 180(4); and
(b) the public interest in issuing the warrant outweighs the public interest in protecting the confidentiality of the identity of the source in connection with whom authorisations would be made under the authority of the warrant, having regard to:
(i) the extent to which the privacy of any person or persons would be likely to be interfered with by the disclosure of information or documents under authorisations that are likely to be made under the authority of the warrant; and
(ii) the gravity of the matter in relation to which the warrant is sought; and
(iii) the extent to which that information or those documents would be likely to assist in relation to that matter; and
(iv) whether reasonable attempts have been made to obtain the information or documents by other means; and
(v) any submissions made by a Public Interest Advocate under subsection 180X; and
(vi) any other matters the Part 4 1 issuing authority considers relevant.

Issuers of Journalist Information Warrants

The Attorney-General may issue a journalist information warrant to ASIO at the request of the Director-General of Security (s180L).
In the case of an emergency the Director-General of Security may issue a journalist information warrant, subject to the conditions set out in s180M.
A Part 4-1 issuing authority, i.e. a judge of a court created by the Parliament, a magistrate or a nominated member of the Administrative Appeals Tribunal (s6DC), may issue a journalist information warrant to an enforcement agency.

Disclosure/Use Offences of information relating to access of telecommunications data

Chapter 4, Division 6 of the TIA Act makes it an offence for a person to disclose or use information or a document (wholly or partly) if the the information or the document is about any of the following:
a) whether an authorisation under Division 3, Division 4 (other than
under subsection 178A) has been, or is being, sought;
b) the making of such an authorisation;
c) the existence or non-existence of such an authorisation;
c) the revocation of such an authorisation;
d) the notification of such a revocation

The penalty for such an offence is imprisonment for 2 years.

These offence provisions do not apply if the disclosure/use if for the purposes of the authorisation, revocation or notification concerned or if the disclosure/use is reasonably necessary to:
a) to enable the ASIO to perform its functions;
b) to enable a person to comply with his or her obligations under subsection 185D or 185E;
c) to enforce the criminal law;
d) to enforce a law imposing a pecuniary penalty;
e) to protect the public revenue; or if
f) the disclosure is to/by an IGIS official for the purpose of the
Inspector-General of Intelligence and Security
exercising powers, or performing functions or duties,
under the Inspector-General of Intelligence and Security
Act 1986;
f) the use is by an IGIS official in connection with the IGIS official
exercising powers, or performing functions or duties,
under that Act (s181A(6)) and (s181B(6)).

Subsection 182A makes it an offence for a person to use or disclose information or a document (wholly or in part) about: whether a journalist information warrant has been, or is being, requested or applied for; the making of a such a warrant, the existence or non-existence of such a warrant; the revocation of such a warrant.

The penalty for such an offence is imprisonment for 2 years.

These offence provisions do not apply in relation to a journalist information warrant in circumstances as listed above plus if the disclosure or use is reasonably necessary to enable the making of submissions under subsection 180X (s182B).

Back to Top

5. Data Retention

Chapter 5 of the TIA Act sets out provisions requiring certain Australian telecommunication “service providers” to retain specified telecommunications data for a period of two years. Subsection 187(A)(1) states that:

A person (a service provider) who operates a service to which this Part applies (a relevant service) must keep, or cause to be kept, in accordance with subsection 187BA and for the period specified in subsection
(a) information of a kind specified in or under subsection 187AA; or
(b) documents containing information of that kind;
relating to any communication carried by means of the service.

Note 1: Subsection (3) sets out the services to which this Part applies.
Note 2: subsection 187B removes some service providers from the scope of this obligation, either completely or in relation to some services they operate.
Note 3: Division 3 provides for exemptions from a service provider’s obligations under this Part.

Type of telecommunications data prescribed for mandatory retention

The type of telecommunications data which Chapter 5 prescribes must be retained for the purposes of the Act is set out in the data set defined by subsection 187AA. Column A and B of the table below contain the information as specified in the Act, while the explanations offered in column C are offered by the Attorney-General’s department, published on the Attorney-General’s website but are NOT contained in the Act.

[TABLE]

Additional specific telecommunications data may be added to the above data set by way of subsection 187AA(2):

The Minister may, by legislative instrument, make a declaration modifying (including by adding, omitting or substituting) the table in subsection (1), or that table as previously modified under this subsection.

Telecommunications service providers subject to mandatory data retention

Service providers that own or operate communications infrastructure in Australia that enables of a relevant service may be subject to data retention obligations (s187A(3)(c).

“Service providers” providing a “relevant service” may be carriers, carriage service provider and internet service providers (C/CSP/ISPs).

A “relevant service” is a service for carrying communications, or enabling communications to be carried, by means of guided or unguided electromagnetic energy or both. A “relevant service” is broader than a “carriage service” because it includes services that enable carriage. For example, a voicemail service or an authentication system enables communications to be carried. Not all telecommunications services are relevant services. For example, a domain name system (DNS) service is not a relevant service. DNS is required for the operation but it does not enable them within the legislative scheme.

“Infrastructure” for the purpose of data retention refers to a broader range of infrastructure than traditional carriage infrastructure as referred to in the Telecommunications Act 1997. The Explanatory Memorandum of the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 specifically refers to servers used to operate an ‘over the top’ service such as VoIP, and consequently these would fall within the definition of infrastructure.
Infrastructure includes traditional network infrastructure as well as servers located within Australia that are used to provide a relevant service. For example, billing systems and/or subscriber databases for an over-the-top service provider that are held on servers located within Australia are infrastructure. Operating infrastructure includes leasing or renting third party infrastructure to provide a relevant service. Operating infrastructure also includes situations where one piece of infrastructure, for example ‘lit’ fibre, carries many distinct services.

Telecommunications service providers NOT subject to mandatory data retention

The data retention obligations only apply where the service meets all three of the following criteria:

the service is for carrying or enabling communications to be carried by electromagnetic energy,
the service is operated by a C/CSP or an Internet Service Provider (ISP), and
the provider owns or operates infrastructure in Australia that enables provision of any relevant service.

Criterion one captures a broad range of services including OTT services like VoIP and chat or other online/application messaging services.

Criterion two acts as a limitation on the first criterion. That is, a person might host a website or an FTP server that facilitates communications via electromagnetic energy. But if that person does not have a carrier licence and does not meet the CSP or ISP definition, that person does not attract data retention obligations.

Criterion three provides a further limitation by excluding providers that do not have any communications infrastructure in Australia. Infrastructure means any line or equipment used to facilitate communications across a telecommunications network. This includes servers that host websites or services furnished by OTT providers, as well as line links and network units.

The legislative framework sets out that the prescribed data set does not need to be retained for some specified communications services. These include:

broadcast services (as defined by the Broadcasting Services Act 1992);
services supplied within an “immediate circle” (as defined by subsection 23 of the Telecommunications Act 1997), and
services provided to places in the “same area” (as defined by subsection 36 of the Telecommunications Act 1997).

Subsection 187B states that the obligation to retain data does not apply to a service provider if the service is provided only to a person’s “immediate circle”, within the meaning given by subsection 23 of the Telecommunications Act 1997 . The immediate circle exclusion will typically exclude corporate networks that are not available to the public. For service providers comprised of an individual or a partnership, the immediate circle consists of all employees and management. For body corporate service providers, the immediate circle consists of management, the officers, other body corporates related to the company and the officers of other related bodies corporate.

Ensuring the confidentiality of information

Subsection 187BA stipulates that a service provider must protect the confidentiality or the data retained via encryption and protecting the data from unauthorised interference or access.

Service providers may apply for partial or full exemptions from, or variations to this obligation regarding encryption. The Explanatory Memorandum to the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 states that an example of a situation in which such an exemption or variation might be appropriate would be where the cost of encrypting a legacy system that was not designed to be encrypted would be unduly onerous and the provider has identified alternative measures that could be implemented. However, an exemption would not normally be appropriate where fulfilling the data protection obligations would be merely inconvenient.

[MORE]
Back to Top

6. Other Resources

ACMA Reports
AGD Reports

[MORE]

Contents

1. Overview

2. Interception

3. Stored Communications

4. Access to telecommunications data (metadata)

5. Data Retention

6. Other Resources

1. Overview

Foundations of the Act

Core Concepts/Definitions

Safeguards

2. Interception

Definitions

Prohibition on Interception Of Telecommunications

Interception Warrants

3. Stored Communications

Definition of Stored Communications

Preserving Stored Communications

Types of Preservation Notices

Access to Stored Communications

Types of Stored Communications Warrants

Exceptions to the Prohibition on Access to Stored Communications

4. Access to telecommunications data (metadata)

Definition of telecommunications data

Permitted access to telecommunications data

Permitted access to telecommunications data for ASIO

Permitted access to telecommunications data for an “enforcement agency”

Permitted access to telecommunications data for foreign law enforcement

Privacy to be considered when making authorisations

Data authorisations for foreign law enforcement

Journalist Information Warrants

Duration of a Journalist Information Warrant

Authorised Agencies

Threshold/Conditions for issue of Journalist Information Warrant

Issuers of Journalist Information Warrants

Disclosure/Use Offences of information relating to access of telecommunications data

5. Data Retention

Type of telecommunications data prescribed for mandatory retention

Telecommunications service providers subject to mandatory data retention

Telecommunications service providers NOT subject to mandatory data retention

Ensuring the confidentiality of information

6. Other Resources