Home Affairs rejects calls for additional safeguards in ‘spyware’ law
- 12 October, 2018 10:35
The Department of Home Affairs has rejected calls to include independent judicial oversight of the decision to issue Technical Assistance Notices and Technical Capability Notices as part of proposed legislation intended to tackle police agencies’ inability to access encrypted communications services.
The creation of the system of Technical Assistance Notices and Technical Capability Notices, along with Technical Assistance Requests, is a key measure in the Telecommunication and Other Legislation Amendment (Assistance and Access) Bill 2018.
Technical Assistance Notices are requests from police that a service provider subject to the new regime provide assistance to a law enforcement or national security agency using its already existing capabilities.
A TAN can be issued by the chief officer of an agency or the director-general of ASIO, or their delegates as set out in Section 317ZR of the bill (in the case of the Australian Federal Police, for example, a deputy commissioner or senior executive could be authorised to issue a notice, while in the case of a state or territory police force it could be an assistant commissioner or superintendent, or the equivalent).
A Technical Capability Notice instructs a company to build an entirely new capability to facilitate investigations or surveillance. Under the bill, a TCN can only be issued by the Attorney-General
The bill has caused disquiet among technology companies as well as civil liberties and privacy activists.
Criticisms levied at the bill have included that it will open ordinary users of online services to new security risks and that it contains inadequate provisions for oversight.
In a submission to a Parliamentary Joint Committee on Intelligence and Security inquiry into the bill, Home Affairs noted that during consultation on an exposure draft of the legislation “several industry and civil society groups raised concerns that the Bill lacks oversight of the technical assistance powers it grants to law enforcement.”
“Of the kinds of oversight mentioned, most frequently submissions were concerned with the lack of a requirement to seek judicial authorisation before a notice could be issued,” the department said.
Home Affairs said that under the legislation accessing the content of a device or service remains subject to any existing warrant requirements; e.g. although a TCN could compel a provider to build a new avenue for police to access a suspect’s communications, accessing the communications themselves would involve judicial oversight.
“It is appropriate that the ability to access content in a device or service remain subject to judicial oversight which is well-placed to make determinations as to privacy and proportionality,” Home Affairs said.
However “technical assistance and core considerations regarding national security and law enforcement needs are appropriately determined by senior administrative decision-makers. Judicial officers do not have a dedicated role to assess and decide technical administrative decisions, many of which are anticipated to be of a complex, mechanical nature,” the department argued.
The submission adds that “ministerial authorisations for national security decisions are an established feature of the Australian legislative landscape and, for example, govern decision [sic.] to issue intelligence collection warrants or make determinations regarding the security of telecommunications systems”.
The bill will allow a communications provider to seek judicial review of a decision to issue a notice on certain grounds, such as a TCN creating a systemic weakness in a service, the department said.
The department noted, however, that the bill “does not provide for merits review of decision making and excludes judicial review under the Administrative Decisions (Judicial Review) Act 1977”, which it said was an approach “consistent with similar decisions made for national security and law enforcement purposes”.
Earlier this month human rights groups and industry bodies whose members include the likes of Google, Facebook, Apple and Telstra formed an alliance to oppose the bill.