Major Reform Of Australia’s Electronic Surveillance Framework.
Legal News & Analysis - Asia Pacific - Australia - Cybersecurity
6 January 2022
The Australian Government recently signalled its intention to replace the existing patchwork of surveillance laws with a unified piece of legislation, in what it has described as the “most significant reform to Australia’s national security laws in more than four decades”.
The proposal is set out in a discussion paper entitled ‘Reform of Australia’s electronic surveillance framework’ published by the Department of Home Affairs on 6 December 2021.
The discussion paper outlines the Government’s plan to repeal the Surveillance Devices Act 2004, Telecommunications (Interception and Access) Act 1979 and parts of the Australian Security Intelligence Organisation Act 1979 in favour of a “single, streamlined and technology-neutral Act”. The new Act would govern telecommunications interception, covert access to stored communications, and the use of listening and tracking devices under a single law.
It follows a comprehensive review in 2019 by the National Intelligence Community (comprised of Australia’s intelligence and federal law enforcement agencies), which found that the legal framework is no longer fit for purpose and requires wholesale reform. The existing laws were as being unnecessarily complex, confusing and based on outdated assumptions that cannot be easily applied to modern communication technologies. These findings are unsurprising given that the legislation was developed when circuit-switched carrier networks were the norm and Voice over IP and Over-the-Top ("OTT") communication were unheard of.
In line with the recommendations, the government’s proposal seeks to reform the types of communications to which the legislation applies in order to ensure that Australia’s surveillance laws are technology-neutral and relevant to both current and future technologies. To that end, the discussion paper flags that the new laws could clearly apply to a much broader range of information beyond that which falls within the current scope of the Telecommunications (Interception and Access) Act 1979.
This could result in OTT and Unified Communications providers subject to similar requirements for interception and data retention as traditional carriers.
The discussion paper also flags that the new laws could apply to a much broader range of information beyond the conventional “communications” that fall within the current scope of the Telecommunications (Interception and Access) Act 1979. This includes cloud-hosted data (for example, electronic documents stored using Google Drive or Dropbox), data generated by IoT devices (including smart vehicles or home appliances), draft or unsent emails and instant messages and information from the use of non-messaging smart phone applications.
The proposal also considers the extension of additional surveillance powers to agencies including the Australian Transaction Reports and Analysis Centre, the Australian Taxation Office, Australian Border Force and Australian Criminal Intelligence Commission. State and territory corrective service agencies could also be given access to telecommunications data if their respective governments request it.
The government is seeking submissions on the discussion paper by 11 February 2022. It intends to release an exposure draft of the proposed legislation for public comment in late 2022. The feedback received from stakeholders through consultations on this draft bill will then inform the finalisation of the bill in 2023.