New Electronic Surveillance Framework To Govern How Data Can Be Accessed in Australia

New Electronic Surveillance Framework To Govern How Data Can Be Accessed in Australia
Image: FOX

Australia has a number of electronic surveillance legislation that gives law enforcement the power to access our information and data, to “protect the community from serious crimes and threats to Australia’s national security”.

Currently, there are three different pieces of legislation and two further sections of law that gives such power, but work has begun to condense them all into one, under a new electronic surveillance framework.

A new ‘modernised and streamlined electronic surveillance legislative framework’ is looking like it will be in place by 2023. It was actually recommended last December in a report that closed a review into all the security-related legislation peppered throughout Australian law.

The review made an absolute tonne of recommendations, but the big one was a comprehensive reform of electronic surveillance laws, one that would repeal existing powers and combine them to avoid duplication, contradictory definitions and any further ad hoc amendments to the existing three Acts.

To kick off work, the Department of Home Affairs has this week released a discussion paper, which, over the course of 121 pages, asks a bunch of questions on what the new legislation needs to include.

So why is the government doing this?

Well, a lot of the electronic surveillance legislation is out-dated, and there’s only so many amendments and duplicated paragraphs one can handle.

“Australia’s legislation has struggled to keep pace with the rapid evolution of communications technology. Parts of the existing legislative framework reflect technological assumptions and definitions dating back to the 1960s,” the discussion paper says.

“When the framework was designed, the government owned telecommunications in Australia. Since then, the technological environment has evolved to the global telecommunications market we see today.

“The legislation was originally designed to protect the privacy of fixed line phone calls and telegrams.”

Obviously the days of telegrams (not to be confused with the app of the same name) are over for us, and over time, a patchwork of amendments have been made to uphold the same principles and address technological advances – including the use of computers, emails, texts, ‘over-the-top’ messaging applications and social media.

To “keep pace with technology and the criminals who seek to exploit it”, the government said it has amended the Telecommunications (Interception and Access) Act 1979 more than 100 times, with most amendments occurring in the past 15 years. As a result, the powers currently in that Act, the Surveillance Devices Act 2004 and parts of the ASIO Act and Telecommunications Act 1997 span more than 1,000 pages of legislation and contain more than 35 different warrants and authorisations.

There’s also the issue that equivalent powers with similar levels of privacy intrusion have inconsistent thresholds for their use across different legislation. Yikes.

What will the new electronic surveillance framework contain?

Well, that’s what the discussion paper is seeking to determine.

The objective is to develop a new single Act that: better protects individuals’ information and data, including by reflecting what it means to communicate in the 21st century; ensures that law enforcement agencies and ASIO have the powers they need to investigate serious crimes and threats to security; is clear, transparent and usable for operational agencies and oversight bodies, as well as industry who need to comply with the obligations of the framework; is modernised, streamlined and as technology-neutral as possible; and contains appropriate thresholds and robust, effective and consistent controls, limits, safeguards and oversight of the use of these intrusive powers.

The government has broken this up into a few parts that seek to determine:

Who can access information under the new framework? That is, law enforcement, state and federal, and intelligence agencies such as ASIO.

What information can be accessed? It will need to provide clarity to agencies, oversight bodies and the public about what kinds of data and personal information can be accessed.

How can information be accessed? The new framework is hoping to streamline the existing warrant framework to reduce the complexity of the process, but there’s also a need to improve transparency over the warrant process itself.

When will information be accessed? The powers afforded to law enforcement and security agencies should only be authorised if necessary and proportionate, so here’s hoping the new framework outlines just that.

Safeguards and oversight. Someone needs to hold the agencies and cops accountable, so the discussion paper is asking what strict safeguards and robust oversight mechanisms (such as reporting and record-keeping) should be included in the new electronic surveillance framework.

Working together: industry and government. The communications industry plays an integral role in assisting with law enforcement and national security investigations (they’re the ones that hold our data, after all). So there needs to be a way they can keep our privacy but hand over only what is absolutely necessary.

Interaction with existing and recent legislation and reviews. Electronic surveillance reform is a significant project, but as reform is still over a year away, the government is looking to plug some gaps immediately, too.

That was chunky and there’s a hell of a lot more to this to unpack. Submissions to the discussion paper close on February 11, 2022, and we’ll be closely following along.