The federal government is considering giving Border Force, the tax office and other agencies either access to telecommunications data or other electronic surveillance powers under reforms planned to be brought before parliament in 2023.
Home Affairs minister Karen Andrews on Monday released a discussion paper [pdf] on the proposed reforms, which were first flagged this time last year.
The government’s intention is to repeal a “patchwork” of surveillance laws including the Telecommunications (Interception and Access) Act 1979 - which has been changed more than 100 times in 15 years - along with the Surveillance Devices Act “and relevant parts of the ASIO Act”, and replace them “with a single, streamlined and technology neutral Act.”
The government is calling it the “most significant reform to Australia’s national security laws in more than four decades.”
It has promised two years of consultation, with an aim of finalising a bill to put before the parliament in 2023.
One of the changes flagged in the discussion paper is a formal expansion of the number of agencies that can make use of Telecommunications Act sections 280(1)(b) and 313(3).
Section 280(1)(b) will be well-known to telco observers as the “loophole” that enables a range of agencies from councils to the RSPCA and environmental authorities to access telecommunications metadata.
Section 313, meanwhile, is a website blocking power infamously used by the Australian Securities and Investments Commission (ASIC) to overblock thousands of legitimate websites.
The government proposed today that agencies “only be able to use electronic surveillance powers where those powers are needed to perform their functions.”
However, it’s not clear if existing loopholes will be closed, with the discussion paper noting that “the reform does not propose to remove any existing powers under the TIA Act, SD Act and ASIO Act from any agencies.”
In addition, the paper canvasses providing extra surveillance powers to a range of different agencies.
It says the government will consider providing “the Australian Transaction Reports and Analysis Centre (AUSTRAC) with the power to access telecommunications data for the purposes of fulfilling its dual financial intelligence and regulatory roles to prevent money laundering and terrorism financing”.
It will also consider giving “the Australian Taxation Office (ATO) … the power to access telecommunications data for the purpose of protecting public revenue from serious financial crimes”.
“With respect to the ATO, access to telecommunications data would support or, in some cases, potentially replace expensive, resource-intensive and intrusive physical surveillance operations,” the government said.
“[The] ATO experience demonstrates that telecommunications data would also be a critical tool in excluding non-involved individuals from lines of inquiry, or in establishing a relationship between an original person of interest being investigated (for example, for tax fraud) and a larger group of individuals committing serious criminal offences (such as large-scale fraud against the Commonwealth).”
The government is also considering handing “state and territory corrective services the power to access telecommunications data, for the purposes of monitoring criminal offenders; the Australian Border Force with the power to use tracking devices to investigate border-related measures; and the Australian Criminal Intelligence Commission (ACIC) with the power to use its electronic surveillance powers for a slightly wider range of investigations.”
The government said that each proposal had been recommended by an earlier review or parliamentary committee.
New definition of 'communication'
The changes also canvas redefining “communication” in surveillance legislation to cover a wider range of technology platforms and services.
The government said it wants “communication” to encompass “phone calls, emails, instant messages, video conversations and conversations via over-the-top messaging applications”, including “draft emails” and “unsent” IM messages.
It also believes “communications” should stretch to “a person’s activities on the internet; electronic files stored locally or in the cloud; “interactions between a person and a machine” such as via chatbots; and machine-to-machine communications.
The government said that “modernising the definition of communication will likely result in more information being protected and better controls on access to that information.”
“Under the new framework, government agencies will only be able to access this broader range of information under a warrant or authorisation, and this access will be subject to robust oversight and safeguards,” it said.
The government is accepting submissions through to February 11, 2022.
