Who's responsible:

Report of review of named person warrants and other matters - June 2003

Telecommunications (Interception) Act 1979

Tom Sherman AO

June 2003

© Commonwealth of Australia 2003

ISBN 0 642 21146 9

This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without prior written permission from the Commonwealth available from the Department of Communications, Information Technology and the Arts. Requests and inquiries concerning reproduction and rights should be addressed to the Commonwealth Copyright Administration, Intellectual Property Branch, Department of Communications, Information Technology and the Arts, GPO Box 2154, Canberra ACT 2601 or posted at http://www.dcita.gov.au/cca

Produced by the Public Affairs Unit,
Australian Government Attorney-General's Department

Publication number 28/03

PO Box 101
Red Hill
Canberra ACT 2603
23 June 2003

The Hon Daryl Williams AM QC MP
Attorney-General
Parliament House
CANBERRA  ACT  2600

Dear Attorney

I furnish my report on the review of matters relating to named person warrants and other matters arising under the Telecomminications (Interception) Act 1979.

Yours sincerely

Table of Contents

Executive Summary *

Glossary of Terms *

CHAPTER ONE - INTRODUCTION *

CHAPTER TWO - THE REGULATION AND CONDUCT OF TELECOMMUNICATIONS INTERCEPTION *

CHAPTER THREE -THE NEED FOR NAMED PERSON WARRANTS *

CHAPTER FOUR - ISSUES RELATING TO SAFEGUARDS *

CHAPTER FIVE - ISSUES RELATING TO REPORTING *

CHAPTER SIX - SECONDARY USE OF INFORMATION *

CHAPTER SEVEN - INTERCEPTION ON BEHALF OF OTHER AGENCIES *

CHAPTER EIGHT - PROCEEDS OF CRIME *

CHAPTER NINE - RESTRICTED RECORDS *

CHAPTER TEN - OTHER ISSUES RAISED IN THE COURSE OF THE REVIEW *

Attachment A *

Attachment B *

Attachment C *

Executive Summary

This review originated in a recommendation of the Senate Legal and Constitutional Legislation Committee in its report on the provisions of the Telecommunications (Interception) Legislation Amendment Bill 2000. The Bill proposed a number of changes to the Telecommunications (Interception) Act 1979 (the Interception Act).

The major amendment was the introduction of named person warrants which permitted, under one warrant, the interception of more than one telecommunications service used or likely to be used by the person the subject of the warrant. At the time, telecommunications service warrants authorised the interception of only one service at a time.

The Senate Committee recommended passage of the legislation but further recommended that a review of the amendments be conducted within three years of the amendments coming into force. The Government agreed to conduct the review by 23 June 2003, being the third anniversary of the granting of Royal Assent to the Bill.

The terms of reference involved reviewing:

• the need for named person warrants;

• the adequacy of safeguards governing the issue of named person warrants;

• the adequacy of reporting mechanisms for monitoring the issue and use of named person warrants; and

• other matters such as the use of secondary information, the need for further regulation where agencies conduct interceptions on behalf of other agencies, whether the definition of "restricted record" should be changed, and the use of information from intercepts in State jurisdictions for the proceeds of crime.

It is the general conclusion of the review that the regulatory regime generally contains adequate safeguards and reporting mechanisms. The regime has a strong compliance culture which is well audited by the inspecting authorities.

The review does however recommend some relatively small changes to the regulatory regime. The recommendations are as follows:

• That the TI systems operating in each of the intercepting agencies and the major carriers be the subject of an independent vulnerability/risk assessment once every five years. The ICC should develop a program of assessments and monitor the implementation of the program. (page 23 of report)

• That intercepting agencies develop consistent procedures for the authorisation of additional services to be intercepted under named person warrants and that inspecting authorities pay particular attention to this area. The procedures should include the keeping of records of the applications to extend services (including the grounds of the application), the decision on the application, and the notification to the carrier (referring to the original authorising warrant). (page 29 of report)

• Wherever practicable persons making applications for law enforcement warrants should include a lawyer and the deponent to the supporting affidavit. (page 31 of report)

• The Interception Act be amended to require each law enforcement intercepting agency to provide to the Minister statistics for each financial year on
  • the number of named person warrants applied for, refused and issued;
  • the number of named person warrants which involved the interception of services in the following ranges - one service, 2-5 services, 6-10 services and more than 10 services; and
  • the total number of services intercepted under named person warrants.

  and that those statistics be set out in the Annual Report on the Interception Act tabled in the Parliament. (page 35 of report)

• ASIO should publish in the public version of its Annual Report the total number of TI warrants and named person warrants applied for, refused and issued in the relevant reporting year. (page 38 of report)

• All inspecting authorities should include in their annual reports to Parliament a summary of the TI inspections conducted in the relevant year together with a summary of any deficiencies identified as well as any remedial action taken. (page 39 of report)

• That the Interception Act be amended so that civil forfeiture proceedings are included in the definition of exempt proceeding in section 5B of that Act. (page 46 of report)

• The definition of restricted record which existed prior to the 2000 amendments to the Interception Act should be reinstated. (page 48 of report)

Glossary of Terms

AAT - Administrative Appeals Tribunal

ACA - Australian Communications Authority

ACC - Australian Crime Commission

AGD - Commonwealth Attorney-General's Department

ASIO - Australian Security Intelligence Organisation

ASIO Act - Australian Security Intelligence Organisation Act 1979

DPP - Director of Public Prosecutions

IATG - Inter-Agency Technical Group

ICC - Interception Consultative Committee

IGIS - Inspector-General of Intelligence and Security

Interception Act - Telecommunications (Interception) Act 1979

LEAC - Law Enforcement Advisory Committee

PCA - Police Complaints Authority of South Australia

SNC - Special Networks Committee

TI - Telecommunications interception

CHAPTER ONE - INTRODUCTION

Terms of Reference

1. On 15 April 2003 I was engaged to conduct a review of certain provisions of the Telecommunications (Interception) Act 1979 (the Interception Act). The terms of reference were as follows.

"To conduct an inquiry and report to the Attorney-General and the Commonweal th Parliament in relation to:

1. The operation of amendments to the Telecommunications (Interception) Act 1979 effected by the Telecommunications (Interception) Legislation Amendment Act 2000 with particular reference to:

(a) The need for named person warrants, which enable law enforcement and national security agencies to intercept any telecommunications service that the person named on the warrant uses or is likely to use;

(b) The adequacy of safeguards governing the issue of named person warrants;

(c) The adequacy of reporting mechanisms for monitoring the issue and use of named person warrants;

(d) Whether the secondary use of information obtained by interception should be further regulated;

(e) Whether there is any need to regulate the conduct by agencies of telecommunications interception under warrant on behalf of other agencies and the effectiveness of applicable safeguards and reporting mechanisms; and

(f) Whether the definition of "restricted record" should be limited to the original recording of an intercepted communication;

2. The need for further safeguards governing the use and disclosure of information obtained by interception; and

3. Issues arising from the use of information obtained by interception in civil proceedings in State jurisdictions for the proceeds of crime."

2. The focus of the review has been on named person warrants. The review also encompassed a number of additional matters such as the secondary use of information and restricted records. However it was not a general review of the Interception Act.

3. A number of matters arose which affected not only named person warrants but warrants in general. Where appropriate I have dealt with a number of matters with wider ramifications but I was conscious of the need to remain as far as practical within the terms of reference. A number of matters were raised in the course of the review which went well beyond the scope of the review. For example, whether the categorisation of Class1 and Class 2 offences should be changed. I briefly touch on these matters in the final Chapter so there is some record of the issue but I make no recommendations on those matters.

Background

4. This review originated in a recommendation of the Senate Legal and Constitutional Legislation Committee's report on its inquiry into the provisions of the Telecommunications (Interception) Legislation Amendment Bill 2000. That Bill proposed a number of amendments to the Interception Act. The proposed amendments were summarised in the relevant Explanatory Memorandum as follows:

• to enable the Inspector of the Police Integrity Commission of New South Wales to have access to intercepted material for the purposes of the Inspector's statutory functions;

• to provide for interception warrants against a named person;

• to provide for warrants covering foreign communications;

• to remove a requirement for the Australian Federal Police to execute certain warrants;

• to provide for the use of intercepted material in other proceedings subsequent to the proceedings in which the material was first disclosed and in proceedings reviewing a decision to grant bail; and

• to make a number of technical, definitional and consequential amendments.

5. The major amendment for the purposes of this review was the creation of "named person warrants" to authorise the interception of any telecommunications service used or likely to be used by the person named in the warrant.

6. Prior to this amendment, interception warrants could only authorise the interception of an individual telecommunications service. These warrants are described in this report as "single service warrants" and are still in regular use. Single service warrants have continued to be the more common form of warrant issued but named person warrants are growing in importance.

7. It is important to note at an early stage in this report that the named person warrant authorises the interception of services which are not identified in the original named person warrant either because the use of the service by the target was not known to the intercepting agency or the target did not acquire or gain access to the service until after the warrant was issued. Indeed, the named person warrant does not have to specify any individual telecommunications service. It simply authorises the interception of services which are used or likely to be used by the person named in the warrant.

8. The named person warrant proposal came about following changes in patterns of use by users of telecommunication services resulting from advances in technology and deregulation in the telecommunications industry. In the past, use tended to be of one phone at home and perhaps another at work, both being land lines. With the growth of telecommunications services (particularly in the use of mobile phones and the internet) a pattern of usage was quickly developed where an individual might use a number of land lines (phone, fax and internet access) as well as mobile phones.

9. The problems of multiple services were aggravated by an increasing practice of TI targets using (and frequently changing) large numbers of mobile phones as well as using multiple SIM cards. This practice made it increasingly difficult for intercepting agencies to intercept the communications of targets who rapidly changed communications services to avoid interception.

10. The Senate Committee recommended that the Bill proceed without amendment but further recommended that there be a review of the Bill's operation within three years of the Bill coming into effect.

11. In the course of the debate on the Bill in the Senate on 7 June 2000 Senator Vanstone, on behalf of the Government, agreed to a review of the operation of the Bill as recommended by the Senate Committee. The legislation came into effect on 23 June 2000, therefore this review was required to be completed by 23 June 2003.

Previous Reports

12. In order to place this review in context, it is appropriate to mention briefly some previous reports on TI.

The Barrett Review

13. In 1994 Mr Pat Barrett (then a Deputy Secretary in the Department of Finance and later Commonwealth Auditor General) conducted a review into the long term cost-effectiveness of telecommunications interception.[1] The Barrett Review formed the basis of new telecommunications funding arrangements which were introduced in 1995 and replaced by new arrangements in 1997. Mr Barrett also recommended a further review of telecommunications interception after deregulation of the telecommunications market in 1997.

The Boucher Review

14. This was the further review foreshadowed in the Barrett Review and was conducted in 1999 by Mr Dale Boucher, an Associate Member of the Australian Communications Authority (ACA) and a former Australian Government Solicitor. The review was carried out by the ACA pursuant to section 332R of the Telecommunications Act 1997.

15. The Boucher Review made a number of recommendations relating to the longer term cost-effectiveness of TI arrangements.[2] The Review stressed the importance of ensuring that TI must be available for all telecommunications services on the basis that the telecommunications carriers and the carriage service providers provide and fund the capability and that intercepting agencies must reimburse those costs on a user pays basis.

The Ford Review

16. The most relevant review for present purposes was the Telecommunications Interception Policy Review carried out in 1999 by Mr Peter Ford, First Assistant Secretary, Information and Security Law Division, Commonwealth Attorney-General's Department (AGD).[3]

17. It was this review's recommendations which formed the basis of the 2000 amendments to the Interception Act and in particular the amendments relating to:

• the creation of named person warrants;

• the extension of the purposes for which information from intercepted communications can be used, including use in enforcing proceeds of crime legislation.

Review Process

18. The process of review which I adopted was influenced by a number of factors.

19. First, the nature of TI is necessarily secretive because the exposure of many aspects of its operation to public scrutiny would be contrary to the public interest if only for the reason that the targets of this activity (for example, organised crime and terrorists) may use information derived from such exposure to take countermeasures. Nevertheless I was also conscious that the end result of the review would be a report which is intended to be tabled in the Parliament.

20. Second, the information I needed to carry out the review was in the possession of a relatively small group of persons and organisations - intercepting agencies, issuing authorities[4], inspecting authorities and carriers.

21. Third, I gave consideration to advertising the review and calling for submissions but decided on balance not to adopt that approach. There were several reasons for this, namely:

• the short time frame for the review (eight weeks) meant that I could only give a very short time for response;

• any advertisement would be likely to produce a number of letters from persons who suspected that their communications were being intercepted. The experience to date suggests the great bulk of these concerns are without foundation;

• based on the experience of the Senate Committee (and the experience of a recent review I participated in relating to Part 1D of the Crimes Act 1914 - DNA Forensic Procedures), I had reason to believe that I would be unlikely to receive written submissions from civil liberties organisations. In both those matters no submissions were received from civil liberties organisations.

22. I discovered in the course of this review that civil liberties organisations may be inundated with requests for submissions and comment from a wide variety of inquiries and reviews and, being small voluntary organisations, they have to be very selective about where they concentrate their efforts. Representatives of the NSW Council for Civil Liberties told me, in the course of this review, that in the last 12 months they received requests for submissions or comments from 175 inquiries and reviews. Nevertheless, I believed it was important to seek the input of representative views from civil liberties organisations as well as the views of the Federal Privacy Commissioner.

23. In the light of the foregoing the review consisted of:

• discussions with the Attorney-General, the Commonwealth Ombudsman, the Director-General of Security, the Federal Privacy Commissioner, and the Inspector-General of Intelligence and Security;

• discussions with officers in the AGD responsible for TI matters, with officials having similar responsibilities in intercepting agencies, inspecting authorities, issuing authorities, and TI managers in selected telecommunications carriers;

• analysing a selection of each category of report required under the Interception Act and a selection of named person warrants and documents relating thereto;

• obtaining further information, usually by way of email request;

• in some cases, inspecting TI facilities;

• discussions with representatives of the NSW Council of Civil Liberties who I believe provided me with views which were representative of civil liberties organisations. (I should mention that I attempted to have discussions with other civil liberties organisations without success. This was probably due to the inundation problem described above.)

24. A list of the organisations with which I held discussions is set out in Attachment A. A number of organisations also provided me with supplementary written submissions and these organisations are identified in Attachment A.

25. I decided on balance that it would be inappropriate to name the persons I spoke to in the organisations listed. In relation to ASIO there are legal impediments to disclosing the names of ASIO staff.[5] In relation to the intercepting agencies and the carriers, their work is sensitive and I believe it would be inappropriate to name the persons who work in the interception areas and manage the processes. Whilst there is less sensitivity about the names of AAT members and the staff of the inspecting agencies I considered it was better to maintain consistency.

26. The identity of some persons will be obvious by reference to the office they hold, but they are prominent office-holders (eg the Director-General of Security and the Commonwealth Ombudsman).

Structure of Report

27. This report is structured as follows.

28. Chapter 1 deals with introductory matters. Chapter 2 describes the regulatory structure for TI including the statutory framework, the TI process through which agencies conduct TI and for what purposes. This description is intended to provide an understanding of the later chapters for a reader who may not be very familiar with TI. Chapter 3 deals with named person warrants, covering their use and effectiveness. Chapter 4 deals with the subject of safeguards and assesses whether additional safeguards are desirable. Chapter 5 deals with the subject of reporting mechanisms and assesses whether additional reporting mechanisms are desirable. Chapter 6 deals with the issue of secondary use of TI information. Chapter 7 deals with interception on behalf of other agencies. Chapter 8 deals with proceeds of crime. Chapter 9 deals with restricted records. Chapter 10 describes some issues raised in the course of the review but which fall outside the terms of reference.

Acknowledgements

29. I would like to acknowledge the considerable assistance I received from Mr Stuart Woodley, Senior Legal Officer, and Ms Raewyn Miners, Professional Assistant, in the Information and Security Law Division of AGD in Canberra. Both persons provided this assistance in addition to their normal duties.

30. Also, I express my appreciation to all those who gave of their time to discuss issues with me and otherwise provide information.

CHAPTER TWO - THE REGULATION AND CONDUCT OF TELECOMMUNICATIONS INTERCEPTION

Introduction

31. The purpose of this chapter is to describe the regulation of TI and the process by which it is conducted to provide a foundation for the discussion of the issues in later chapters. It is not intended to be an exhaustive description, but concentrates on those matters more relevant to the later discussion on safeguards and accountability.

32. The legal foundation for TI legislation is contained in section 51 of the Constitution which, so far as is relevant, provides in placitum (v) that the Commonwealth Parliament has the power to make laws for the peace, order and good government of the Commonwealth with respect to:

"postal, telegraphic, telephonic, and other like services."

33. This is an important point because the States and Territories only acquire the power to intercept telecommunications through Commonwealth law, and they exercise that power subject to conditions imposed by the Interception Act. It is necessary however for some aspects of the process to be regulated by State and Territory laws, for example conferring powers on State inspecting authorities to inspect their respective State inspecting agencies.[6]

34. The regulation by statute of TI in Australia began with the enactment of the Telephonic Communications (Interception) Act 1960. Like the current legislation this Act made it an offence to intercept telephonic communications. The exceptions then were narrower because of the more limited scope of the legislation. The exceptions were:

• where interception was conducted by officers of the then Postmaster-General's Department, either for technical reasons connected with the operation of the telecommunications system, or to trace a call relating to a contravention of the Post and Telegraph legislation (eg nuisance calls); or

• under warrant issued by the Attorney-General to the Australian Security Intelligence Organisation (ASIO) for national security purposes. There was also provision for the Director-General of Security to issue a warrant in emergencies and for a short term.

35. The enactment of the Interception Act in 1979 extended TI to narcotics offences under the Customs Act 1901. The Interception Act also extended interception beyond voice communications to other telecommunications services such as data transfer systems.

36. The Telecommunications (Interception) Amendment Act 1987 extended interceptions under warrant to serious crimes similar to what exists today. Importantly the 1987 amendments extended interception to authorised State law enforcement agencies. Originally all law enforcement warrants were issued by the Australian Federal Police (AFP). Amendments to the Interception Act in 1993 authorised the National Crime Authority (NCA) and authorised State agencies to execute their own warrants.[7]

37. The impetus for the NCA and the States came from the Report of the Stewart Royal Commission of Inquiry into Alleged Telephone Interceptions in 1986 which examined the provenance of "the Age Tapes". The first recommendation of the Stewart Royal Commission was that amendments to legislation be introduced as soon as possible to extend power to conduct telephone interceptions to police forces of the States and Territories and to the then National Crime Authority.

38. Part of the reason for this recommendation can be discerned from the following observations of the Royal Commissioner.

"From 1967 or 1968, over a period of some fifteen or sixteen years, a sophisticated system for the illegal interception of telephone conversations was developed within the NSW Police at the direction of the Commissioner of that police force. The existence of the system was known to and either expressly or tacitly approved by each succeeding Commissioner who held office prior to the present Commissioner. It was known to many senior officers and to many detectives. Officers of the Victoria Police knew of the system and were prepared to use it. Even members of the AFP were prepared to use the system when the APF's limited powers did not permit a particular interception to be made."[8]

39. These observations are important not only to understand the historical context of the current interception powers, but also they serve as a salutary reminder of the importance of TI laws containing effective safeguards against abuse.

40. Finally, it is often not appreciated that one of the most important provisions in the Interception Act is to make it an offence to conduct unlawful interceptions. Indeed, the Federal Privacy Commissioner puts the matter even higher.

"The primary objective of the Interception Act is to protect the privacy of individuals who use Australia's telecommunications system by making it an offence to intercept communications passing over that system."[9]

The regulatory regime

41. The Interception Act (and supplementary State laws) authorise lawful TI and the conditions for its use. Commonwealth agencies - the AFP, the Australian Crime Commission (ACC) and ASIO - are authorised directly by the Interception Act. State agencies are similarly authorised by the Interception Act but in their case the record keeping, reporting and inspecting functions are regulated by State law.

42. Part VI, Division 2 of the Interception Act provides for the declaration of State law enforcement agencies as agencies for the purposes of the Interception Act. State agencies can only be declared when the relevant State complies with a number of preconditions for declaration which are set out in section 35 of the Interception Act. These conditions relate to the keeping of records, providing copies of warrants, as well as making effectiveness and other reports on TI operations.[10] The record keeping and reporting functions for both Commonwealth and State agencies are discussed in more detail in Chapter 5.

43. Section 35 also requires regular inspection of eligible authority records by an inspecting authority (usually the State Ombudsman[11]) in a manner similar to the Commonwealth Ombudsman's role under the Interception Act in relation to Commonwealth agencies other than ASIO. In relation to ASIO, the inspection role is carried out by the Inspector General of Intelligence and Security (IGIS). These various inspection functions are discussed in more detail in Chapter 4.

44. TI is regulated under the Interception Act, and is carried out for two broad purposes, namely, law enforcement and national security.

45. The process of interception is quite different as between these two areas, and for good reason. TI in the law enforcement area can only be used to obtain evidence to support criminal prosecutions for Class 1 and Class 2 offences as defined in the Interception Act.[12] Law enforcement TI product which constitutes evidence of an offence is scrutinised in public in criminal proceedings before the courts.

46. TI product in the national security area is used for intelligence purposes, including advice to government on such matters as terrorist threats. This product is classified material and is not subject to public scrutiny.

47. Law enforcement TI is carried out in Australia by a number of agencies, namely:

• the AFP, the ACC;

• the NSW Police, the NSW Crime Commission (NSWCC), the NSW Independent Commission against Corruption (ICAC), the NSW Police Integrity Commission (PIC);

• the Victorian Police;

• the South Australian Police; and

• the WA Police, and the WA Anti-Corruption Commission.

48. It is expected that arrangements will be completed in the near future for the Tasmanian and Northern Territory Police to conduct TI under the Interception Act. Queensland will then be the only jurisdiction in Australia which does not possess a TI capacity to aid law enforcement.

49. On the other hand, ASIO is the only agency authorised under the Interception Act to carry out TI for national security purposes. ASIO is also authorised under the Interception Act to carry out TI for the collection of foreign intelligence on behalf of other national security agencies in accordance with the provisions of the Australian Security Intelligence Organisation Act 1979 (ASIO Act) and the Intelligence Services Act 2001.

The Interception Act

50. The key component of the regulatory framework is the Interception Act. The Interception Act authorises the conduct of TI for law enforcement and national security purposes. As mentioned above, State legislation provides supplementary requirements for State law enforcement agencies which are declared as agencies. Importantly, the Interception Act prohibits (with criminal and civil sanctions) any TI which is not authorised under the Interception Act.

51. The Interception Act sets out:

• the process of approval for conducting TI;

• the manner in which TI is to be carried out;

• reporting requirements on the conduct of TI;

• the manner of disclosing TI information to other persons and agencies;

• the conditions and circumstances for the secondary use of TI product.

52. The responsibilities on telecommunications carriers and other carriage service providers are regulated both by the Interception Act and the Telecommunications Act 1997.

Process of Interception

Law enforcement

53. The process commences with an application to an issuing authority to issue a warrant for telecommunications interception. The application is supported by an affidavit setting out the grounds on which the application is made.

54. The grounds for the issue of a warrant differ between the more serious offences (Class1 offences) and the less serious offences (Class 2 offences). For example, in the case of Class 2 offences, the issuing authority is required to take account of privacy considerations and the extent to which alternative methods of investigation are available to the agency.

55. The maximum period for a warrant is 90 days but it can be extended in the same manner as an original warrant, that is, on application to an issuing authority.

56. The process for the issue of a named person warrant is essentially the same, except that the issuing authority has to be satisfied that the target uses, or is likely to use, more than one telecommunications service. Named person warrants can be issued for both Class I and Class 2 offences.

57. Once a warrant is issued it is forwarded to the relevant telecommunications carrier or other carrier service provider to authorise the interception process. The applicant agency must also provide a copy of the warrant to the AFP.[13]

58. In some cases the issue of warrants may be subject to conditions. For example, limitations may be placed on the circumstances in which telephone conversations can be monitored.

59. The great bulk of TI warrants are now issued by AAT members. In 2001-2002 AAT members issued 2355 warrants out of a total of 2512 warrants (94%). The remaining warrants were issued by Federal Court Judges (6), Family Court Judges (142) and Federal Magistrates (9).[14]

60. The great bulk of the warrants issued by the judicial officers were in South Australia and Western Australia where the number of nominated AAT members is limited. There was also a period of limited availability of AAT members in Brisbane and Federal Magistrates issued the nine warrants referred to above.

61. The involvement of the AAT in issuing warrants seems to be working well. Earlier this year the AAT in Sydney held a meeting with representatives of intercepting agencies in Sydney to discuss generic issues. The meeting was appreciated by the intercepting agencies as it provided an opportunity for AAT members to provide general feedback on the process. This was a commendable initiative and the AAT plans to continue the practice and extend it to other jurisdictions.

62. The number of warrant applications refused is quite small - 4 out of 2518 warrants in 2001-2002. But the proportion of rejections is not markedly different (at least statistically) from the days when federal judges issued the bulk of the warrants.

63. The process of TI is necessarily secretive and the fact that a communication has been monitored and recorded will only become apparent when evidence of a communication is produced in court in a prosecution for a Class 1 or Class 2 offence and evidence is adduced of the interception. Evidence of such a communication may also be given in what the Interception Act defines as an "exempt proceeding".[15] Such proceedings include proceedings relating to offences punishable by imprisonment for life or for a period of at least 3 years, extradition proceedings, coroner's inquests, and police disciplinary proceedings.

64. There is also provision in the Interception Act to make emergency requests for warrants by telephone. Emergency requests relate to those circumstances where imminent death or serious injury is involved.[16] In these cases the appropriate documentation is required to be given to the issuing authority within one day after the warrant is issued.[17] The circumstances in which a telephone application can be made are not described in the Interception Act because it is not possible to predict all circumstances. I understand from discussions in the course of the review that those circumstances are confined to emergency situations, operational necessity and the fact that it may not be possible to attend physically on an issuing authority.

65. Practicalities and common sense essentially define the circumstances because an agency that made unnecessary telephone applications will quickly lose credibility with the issuing authority.

66. It is important for the analysis in succeeding chapters to draw attention to a number of features of the TI process.

67. The application for the warrant and the supporting affidavit are usually prepared in the operational areas of the intercepting agency when it is considered appropriate, in the course of an investigation, to seek a TI warrant.

68. In the larger agencies there is usually a committee consisting of senior officers separate from the investigation who approve the application being made. In the smaller agencies (eg the NSWCC) the Chairman provides the relevant approval and personally signs the application. The documents are then scrutinised by the TI area for accuracy and compliance with the Interception Act. The documents are then scrutinised by either an "in house" lawyer or a lawyer in the office of the relevant Director of Public Prosecutions (DPP) or Crown Solicitor. Sometimes both categories of lawyer are involved.

69. Contact is then made with the local registry of the AAT or court requesting an appointment with an issuing authority. It is important to note at this stage that no direct appointments are made with an issuing authority and the applicant agency does not have a choice of issuing authority. The applicant usually attends before the issuing authority with a lawyer. In some cases the deponent of the affidavit may attend instead of the applicant. In urgent cases or where the issuing authority is elsewhere, the documents are faxed to the issuing authority after consultation with the registry.

70. When the warrant is issued it is faxed to the relevant carrier and also to the AFP.

71. Once a carrier has commenced interception the communications are monitored by specialist personnel of the intercepting agency in a secure area separate from the operational staff and under the control of TI managers. Monitors then pass on relevant information to the investigation team as it emerges and when required. All original records are retained in the separate TI area and all documents necessary for the production of TI evidence in court are prepared by specialist personnel. Original recordings of intercepted communications are retained in secure cabinets in the TI area and are not released except when required for court purposes.

National security

72. The legislative requirements and the process of TI in the national security area are broadly similar to law enforcement but there are significant differences because national security TI serves a different public purpose.

73. The similarities are in the areas of technical capacity, secure compartmentalisation of functions and scrutiny of documentation by lawyers both internal and external to ASIO. The external legal scrutiny is done by a senior lawyer in the Commonwealth Attorney-General's Department.

74. Nevertheless there are a number of important differences between the two areas.

75. As already noted, in law enforcement, the purpose of TI is to obtain admissible evidence of criminal offences. In the case of ASIO the purpose of TI is to assist ASIO "in carrying out its function of obtaining intelligence relating to security".[18] The Interception Act also authorises ASIO to carry out TI for the purpose of collecting foreign intelligence. Foreign intelligence is defined in section 4 of the ASIO Act as meaning "intelligence relating to the capabilities, intentions or activities of a foreign power" and "foreign power" is defined in the same section as meaning:

(a) foreign government;

(b) an entity directed or controlled by a foreign government or governments; or

(c) a foreign political organisation.

76. The issuing authority for ASIO is the Commonwealth Attorney-General who is also the Minister responsible for ASIO under the Administrative Orders. Having regard to the classified nature of these warrants and the application documents, it is appropriate that these warrants are issued by the Attorney- General rather than a judge or AAT member.

77. Another important difference in the process is that the ASIO applications tend to be in the nature of a written submission to the Attorney setting out the reasons for which the warrant is sought and what is expected to be achieved by the issue of the warrant. On the other hand, the law enforcement applications are supported by affidavit and the affidavit addressed the preconditions set out in the Interception Act for the issue of the warrant. All applications for a warrant on behalf of ASIO are examined and signed by the Director-General of Security.

78. ASIO also has the capacity to seek named person warrants under the Interception Act both for security[19] and for foreign intelligence purposes[20].

Consultative Forums

79. Some of the recommendations in this report suggest that implementation action be carried out by forums which exist within the TI community. It is useful to describe these forums as they are an important part of the general framework quite apart from the suggestions on implementation. It is also useful to describe the role of the Attorney-General's Department (AGD) which assists the Attorney-General in administering the Interception Act.

80. The operation of the Interception Act is monitored by the AGD. An important aspect of this monitoring process, carried out by the Information and Security Law Division of the Department, is an extensive program of consultation with the Division's stakeholders. Through formal and informal consultative processes, the Department is able to review the operation of the Interception Act on a continuing basis, develop and refine telecommunications interception policy and identify any deficiencies in the legislation which may require amendment.

81. The Interception Consultative Committee (ICC), attended by senior policy or managerial representatives of each intercepting agency, is regarded by the AGD as the primary forum for dealing with telecommunications interception issues of a technical, legal and policy nature. The ICC is chaired by the Agency Co-ordinator, a statutory officer established under the Telecommunications Act 1997 for the purpose of providing a central point of contact between intercepting agencies and telecommunications carriers. The current Agency Co-ordinator is Mr Peter Ford, First Assistant Secretary of the Information and Security Law Division.

82. The ICC meets quarterly and members are invited to raise issues of concern in relation to the Interception Act. The AGD briefs the ICC, and actively seeks the views of members, in relation to proposed legislative amendments. Other specific functions of the ICC include:

• consideration of interception capability plans and applications for exemption from the obligation to provide interception capability (lodged by telecommunications carriers under Part 15 of the Telecommunications Act 1997);

• facilitation of direct discussions between agency representatives and telecommunications carriers; and

• consideration and formulation of common views in relation to emerging policy issues.

83. Inter-agency consultation on issues related to telecommunications interception also occurs through meetings of the Special Networks Committee (SNC) and the Inter-Agency Technical Group (IATG). The role of the SNC is to consider priorities for the development of interception capability as well as interception requirements and standards, and to report on the management and costs of interception projects. Meetings of the SNC are attended by representatives of each intercepting agency with appropriate decision-making authority in relation to the strategic development and acquisition of interception capabilities. The SNC is chaired by ASIO as part of its role as "lead-house" agency for interception matters.

84. The role of the IATG is to examine technological developments and other technical issues having an impact on telecommunications interception. Meetings of the IATG are attended by engineering and technical representatives of intercepting agencies, with the chair taken on an annual rotating basis.

85. Intercepting agencies also participate in quarterly meetings of the Law Enforcement Advisory Committee (LEAC), chaired by the ACA. The role of LEAC is to provide advice and recommendations to the ACA on law enforcement and national security issues relating to telecommunications. LEAC comprises representatives from criminal law enforcement and national security agencies, carriers and carriage service providers, the Department of Communications, Information Technology and the Arts, and the AGD.

86. In November 2000, Federal Cabinet formally endorsed the recommendation of the Boucher Review that the Attorney-General assign a "lead-house" role to one agency, with the aim of providing a centre of knowledge and advice to assist all intercepting agencies to keep abreast of changes in technology in the telecommunications industry. Federal Cabinet further agreed that the role be assigned to ASIO, and the Attorney-General did so in September 2001.

CHAPTER THREE - THE NEED FOR NAMED PERSON WARRANTS

87. The first term of reference of this review is to examine and report on the need for named person warrants.

88. The need for named person warrants was originally set out in the Explanatory Memorandum on the Telecommunications (Interception) Legislation Amendment Bill 2000 as follows.

"The Interception Act is currently structured around the premise that a warrant relates to one, identified telecommunications service. The premise no longer accurately reflects the modern communications market. Rapid advances in technology - coupled with competition in the telecommunications market - mean that customers may now choose from a variety of services and means of communication. For example, a person may subscribe to multiple services by acquiring several pre-paid mobile telephones services which may be used in one telephone handset, and swapped around and discarded at will. The Interception Act in its present form would require an agency wishing to intercept all of the telecommunications services used by a particular suspect to obtain a separate warrant for each service.

Schedule 2 of the Bill will amend the Interception Act to enable connections, disconnections and reconnection in rapid success of multiple services used by a particular suspect in connection with the same offence without the need to obtain a fresh warrant each time and to provide for the interception of foreign communications."[21]

89. All law enforcement agencies interviewed in the course of the review emphasised the importance of named person warrants as a law enforcement tool. Without named person warrants law enforcement would have fallen rapidly behind targets of criminal investigation. ASIO had similar views in relation to its areas of responsibility. The importance intercepting agencies attach to named person warrants has a number of aspects.

90. First, individual targets of criminal investigations are increasingly using multiple mobile phones (as well as other communications services) and up to 80 SIM cards in order to avoid interception. Indeed it is difficult to attribute any other motive to a person having this number of SIM cards. Their habit is to change the service frequently and often many times per day.

91. Second, named person warrants enable agencies to quickly change the interception of services and keep up with the target's change of use. This rapidity of response was simply not possible under single service warrants as a new application was required to intercept each additional service.

92. The growing importance of named person warrants can be demonstrated by the statistics for law enforcement agencies set out in Attachment B[22] which have been extracted from the Interception Act Annual Reports to Parliament in recent years and from information provided by law enforcement agencies in the course of the review. As would be expected the number of named person warrants was relatively small at their inception in 1999-2000 but the number is now increasing as a proportion every year. One agency expressed the view that it expected, over time, the number of single service warrants would decline to the point where they constitute a very small proportion of the total.

93. The use of named person warrants varies considerably between agencies. Some agencies have not used them at all because of the nature of the communication activities of their current targets. On the other hand some agencies have a high usage of named person warrants because this reflects the activities of their targets. I also detected that some agencies are more selective in their use of named person warrants and apply them as measure of last resort perhaps more strictly than others.

94. The AGD Guidelines for named person warrants support the conservative approach. Paragraph 3 of the Guidelines state:

"3.1 Named person warrants are highly privacy intrusive, especially in the case of innocent third parties who may happen to use the same telephone service(s) used by the subject of the warrant. Whilst it has always been the case that innocent conversations could be recorded in the interception of a single service, the nature of named person warrants means that this possibility is significantly extended with a corresponding increase in privacy intrusiveness.

3.2 Accordingly, the use of named person warrants is to be confined to circumstances where they are essential because other less intrusive investigative techniques, including telecommunications (single) service warrants, have been tried and have failed or have been considered and are either not available or are not suitable in the circumstances of a particular case."

95. The number of services intercepted under individual named person warrants varies considerably. In the course of the review I obtained particulars of the number of services intercepted by named person warrants for law enforcement agencies. Particulars of the number of services intercepted under named person warrants are set out in Attachment C. I have not included similar particulars for ASIO and this matter is discussed further in Chapter Five.

96. The figures in Attachment C give a better indication (than those in Attachment B) of the number of services which are intercepted under named person warrants. It is clear from the figures in both Attachments B and C that the number of services being intercepted is increasing considerably. An important point made by a number of intercepting agencies is that there is no correlation between the number of interceptions and the number of targets. The general consensus seems to be that the increase is substantially due to the proliferation of services which individual targets are using rather than any significant increase in the number of targets per se. There is one exception to this proposition, but it would not be appropriate to identify the agency concerned.

97. In a number of discussions in the course of the review the point was made that in many cases a named person warrant is preceded by a single service warrant and the case for the named person warrant is built from information received from interceptions under the single service warrant.

98. In discussing the need for TI (and for named person warrants in particular) it is important to appreciate that TI is a very potent weapon in counteracting crime. The effectiveness of TI can be shown from the statistics set out in the Annual Report on the Interception Act for 2001-2002 recently tabled in Parliament. Table 1 of that report shows that a total of 2514 TI warrants were issued to all law enforcement agencies in Australia in 2001/2 and in the same year there were 1479 arrests made on the basis of lawfully obtained TI information. These figures speak for themselves.

99. It is also worth noting that TI is particularly useful in the investigation of current criminal activity and greatly improves the chances of targets "being caught in the act". And TI evidence, when adduced at a criminal trial, can be very compelling.

100. TI has a number of other important features as an investigative tool. First, it is safe. Law enforcement investigators using other methods of investigation can often be exposed to considerable danger from hardened criminals, for example, in under-cover operations. And it is sometimes forgotten that a not insignificant number of investigators (particularly the police) have been murdered by criminals over the years.[23]

101. Second, TI also makes a significant contribution to the more effective utilisation of other investigative resources and enables complex investigations to be conducted more efficiently and more cheaply than would otherwise be the case. TI also helps to avoid reliance on less satisfactory forms of evidence from sources such as informants and witnesses who may be exposed to threats or intimidation.

102. Third, I was told by some agencies that TI (and particularly named person warrants) is very important in homicide investigations where time can be critical. This is confirmed by the statistics at Table 16 in the Interception Act Annual Report for 2001-2002 which showed that murder was specified as an offence in 514 of the 2514 warrants issued in that year.

103. The NSW Council for Civil Liberties stated that it is cheaper to tap phones than to employ traditional methods of policing and suggested that TI may be used more often than necessary. The Council pointed to significant increases in TI warrant statistics over recent years. Certainly there has been a significant increase in the number of warrants issued in recent years. For example, 627 law enforcement warrants were issued in 1996-1997 and this has grown to 2514 in 2001-2002. There was a significant increase between 1997-1998 and 1998-1999 - from 675 to 1284. The numbers then increased by about 400 per year up to the present.

104. It is difficult to assess whether there is any basis to the Council's claim of overuse. I certainly saw no evidence of overuse in the course of my review but that is not to deny that it might occur in some cases. On balance I consider that the requirements and processes of the Interception Act provide the best protection against overuse. Moreover, TI is not a limitless resource. Technology has improved the overall efficiency of the process but the basic limitation is the availability of trained monitors particularly those skilled in the languages and dialects often used by targets.

105. The Federal Privacy Commissioner makes the point that "(T)he interception of larger numbers of services raises greater risks of adverse privacy impacts on more individuals".[24] This has to be so, but it is part of the price to be paid for counteracting serious crime and terrorism. All forms of criminal investigation are necessarily invasive of privacy (both of the criminal targets and sometimes innocent persons) but it is difficult to see how criminal investigation can be otherwise. That being said, TI is more invasive of privacy because the target is generally unaware of it happening and usually only becomes aware when the prosecution brief is received.

106. Although law enforcement faces continuing challenges with an ever changing telecommunications landscape, named person warrants have proved effective and the need originally stated for their introduction still continues. Indeed I believe that, without named person warrants, TI in recent years would have lost much of its effectiveness in both law enforcement and national security operations.

CHAPTER FOUR - ISSUES RELATING TO SAFEGUARDS

Introduction

107. At the time of the enactment of the Interception Act in 1979 it was recognised by the Parliament that TI was highly intrusive and that there needed to be significant safeguards built into the legislation to protect it from abuse.

108. Accordingly, a number of important safeguards were built into the original legislation and these have been refined by legislative amendment in the intervening years.

109. The principal safeguards for law enforcement TI are:

(a) the requirement to satisfy the grounds specified in the Interception Act both as to need for TI and the type of offence in applications for TI warrants;

(b) conferring the authority to issue warrants on independent office holders;

(c) reporting and record keeping requirements; and

(d) conferring on Commonwealth and State Ombudsman[25] a function to inspect TI records and report on same to relevant ministers.

110. The named person warrant provisions in the Interception Act enable the issuing authority to authorise "interceptions of communications made to or from any telecommunications service that the person is using or is likely to use". The applications for named person warrants commonly contain references to more than one service but the warrant authorises the interception of any service satisfying the above description. Therefore the named person warrant authorises the interception of services that were not identified, or even in existence, at the time of issue of the warrant.

111. The safeguard issues which arose in the course of the review related to vulnerabilities, inspection regimes, and the extension of the intercepted services beyond those specified in the original named person warrant. I now turn to these issues.

Vulnerabilities

112. In the course of the review I raised with intercepting agencies and carriers whether their TI systems were vulnerable to unlawful interceptions. I had in mind the experience of the "Age Tapes" in the mid 1980s referred to in Chapter Two.

113. The discussions on vulnerabilities centered on an example I used of someone within an intercepting agency or a carrier who had access to the system, was familiar with its operation, and who wanted to check on the fidelity of a partner by intercepting without lawful authority. The interception in these circumstances could be carried out either without a warrant, or using a false warrant.

114. The general consensus among the agencies and carriers was that there were a number of significant obstacles to this occurring.

115. First, the process of interception necessarily involves a number of people from a number of parts of the organisation, as well as from other organisations including telecommunications carriers and the AFP. Accordingly, such an unlawful intercept would involve a conspiracy between significant numbers of persons.

116. The request for the intercept is raised in the operational area; the request is then considered and approved by a committee consisting of representatives of operational and TI areas.[26] The application documents are then prepared with the involvement of representatives of both areas. The application documents are then examined by "in house" lawyers and in most cases external lawyers. The application is made to an external issuing authority and both the AFP and the relevant carrier have to receive notification of the interception warrant before the interception can be carried out. It is important to note at this stage that the initiation of the interception is not carried out by the intercepting agency. Only the carrier has that capability.

117. Second, another important protection is that the monitoring (that is listening to the communication) of the TI is carried out by persons who are separate from the investigation team and located in the secure TI area. If it were hypothetically possible to initiate a rogue interception, the "rogue" could not actually listen without involving a monitor in the conspiracy. In any event, it would quickly become apparent to the monitors that the intercept had nothing to do with current operations and they would raise queries.

118. Third, all TI systems are highly computerised with many audit trails. These systems would quickly pick up anything unusual.

119. Fourth, the inspecting authorities (including the IGIS) were in agreement that the systems provide sufficient protection against this form of abuse.

120. Fifth, I was impressed by the professionalism of the persons involved in all areas of interception (both in the intercepting agencies and the carriers). All personnel including the intercepting agencies and the major carriers[27] are security cleared and the physical security of the many premises (including carriers) I inspected seemed very good. In other words there was a strong compliance culture in all the organisations I visited.

121. Finally, the comments made to me on a number of occasions made it clear that the personnel involved in the process (particularly the management) are very conscious that any abuse or misuse of the system would risk the loss of the TI facility.

122. In spite of the above protections, no system devised by humans is perfect. Although the systems all seem very secure I believe it would be desirable for each TI system to be the subject of an independent vulnerability/risk assessment once every five years to ensure that the systems remain secure. Such an assessment should take place in each intercepting agency as well as the major carriers. I was made aware in the course of the review that such assessments have been carried out in the past. For example, I was advised the then NCA carried out a risk assessment of its TI systems in 1999.

123. ASIO would have the expertise to carry out these assessments on the law enforcement and carrier systems and they might be preferable to experts from the private sector because of the sensitive nature of the work. In the case of the vulnerability/risk assessments on ASIO, they could be carried out by the Department of Defence or perhaps a partner security agency from overseas.

124. Another suggestion made by the WA Police Service was that these assessments could be carried out on a peer review basis. That is, by another intercepting agency or by a team from more than one such agency.

125. I would leave the manner in which the assessments should be carried out to the judgement of the agencies concerned. Or the matter could be resolved in the relevant agency/carrier consultative forums described in Chapter Two.

126. Once in five years may seem long period to some and I did give consideration to a three year period. However I took into account the apparently sound security systems and the strong compliance culture of process management, as well as the fact that these assessments cost money. On the question of cost I believe that the assessments should be carried out on a user pays basis.

127. The assessment should cover such matters as physical security, personnel security, and the security of the interception system from misuse. But the assessment need not cover the documents process as these are monitored by the existing inspecting authorities.

128. When the report of the assessment is complete and any deficiencies are identified, a further report should be made to the relevant Minister on the deficiencies (and any rectification action) within three months of the date of the original assessment report. In the case of the carriers, the rectification report should be made to the carrier's CEO.

129. Whether these assessments should extend beyond the major carriers is a matter of judgement and the issue can be reconsidered from time to time in the light of patterns of use.

130. I do not believe that this recommendation necessarily involves legislative change and can be implemented by consensus in the relevant TI forums once government decides to implement the recommendation. For example, the forums could agree a program of assessments and monitor their progress. It will be important that a program be developed and its implementation monitored. The ICC seems to be the consultative forum best placed to achieve this.

Inspection regimes

131. Perhaps the most important safeguard under the Interception Act is the inspection role carried out by the Commonwealth Ombudsman on the ACC and the AFP; by the State Ombudsman and the South Australian PCA on their respective State intercepting agencies; and by the IGIS on ASIO.

132. Before describing and discussing these roles it is necessary to explain briefly the reporting and record-keeping responsibilities of intercepting agencies under the Interception Act and supplementary State legislation.

133. The Interception Act imposes a number of record-keeping requirements on ASIO in relation to warrants issued to it under Part III of the Interception Act, and on law enforcement agencies in relation to warrants issued under Part VI of the Interception Act.

ASIO

134. Under section 15(6) of the Interception Act, ASIO is required to keep copies of warrant documentation including warrant request.

135. The Director-General is required, under section 14 of the Interception Act, to destroy records held by ASIO where the Director-General is satisfied that the records are not required, or not likely to be required, by ASIO in connection with the performance of its functions or the exercise of its powers.

Law-enforcement agencies

136. Section 80 of the Interception Act requires intercepting agencies to retain certain documentation associated with Part VI warrants, including warrants, instruments of revocation and other documentation. Section 81 of the Interception Act requires agencies to record particulars of:

• warrant applications made by telephone;

• warrant applications that were refused or withdrawn;

• the commencement and duration of each interception, and the name of the person carrying out the interception;

• services intercepted under the authority of a named person warrant;

• the handling of restricted records;

• the use and communication of lawfully obtained information; and

• occasions on which lawfully obtained information was given in evidence.

137. The Interception Act imposes additional reporting requirements on agencies that have been issued with a Part VI warrant following a telephone application. In such cases, an authorised officer of the agency is required to swear an affidavit in support of the application and provide a copy to the grantor of the warrant, together with a copy of the chief officer's instrument authorising the officer to make the application.

138. The Interception Act is structured so as to require the AFP to play a role in the execution of every Part VI warrant, regardless of whether that warrant has been issued to the AFP or another intercepting agency. Section 47 of the Act provides that a Part VI warrant is only effective where the relevant telecommunications carrier has been notified of the issue of a warrant under section 60(1) and where the interception takes place as the result of action taken by an employee of the carrier and an officer of the AFP. In practice, the "action taken" by the AFP consists of faxing a document to the carrier advising that interception may be effected.[28] Under section 53, agencies are required to forward a copy of each Part VI warrant to the AFP. Section 57 of the Interception Act provides that a revocation notice will be effective only when a copy of the notice has been received by the Commissioner of the AFP.

139. The Interception Act provides, in section 60, that an agency issued with a warrant under Part VI of the Act must inform the Managing Director of the relevant telecommunications carrier:

• that the warrant has been issued;

• if the warrant is revoked;

• that the agency proposes to intercept a particular service under a named person warrant where that service is not identified on the face of the warrant; and

• when the interception of a particular service under a named person warrant is no longer required.

140. Under Part VII of the Interception Act the ACC and the AFP are required to keep certain records relating to TI. These records include:

• a copy of each warrant issued to the agency, of each notification given to the AFP, and of each evidentiary certificate; [29]

• each telephone application;

• in relation to each application, a statement as to whether the application was issued withdrawn or refused;

• in relation to each warrant, particulars of the time of commencement of each interception, the duration of the interception, the name of the person who carried out the interception and duration; and

• in relation to named person warrants, each service to or from which communications have been intercepted under the warrant.[30]

141. These agencies are also required to record particulars of restricted records, each use of lawfully obtained information and each communication of lawfully obtained information, and of each occasion when lawfully obtained information is given in a relevant proceeding.

142. In addition, the AFP Commissioner is required to maintain a General Register of Warrants which contains (in relation to each law enforcement warrant whether issued to the AFP or otherwise) particulars of the date of the warrant, the issuing authority, the agency to which the warrant was issued, each telecommunications service which was intercepted under the warrant, and each serious offence to which the warrant related.[31] The AFP Commissioner is also required to maintain a Special Register of Warrants which contains similar particulars of warrants (and renewals) which have expired.[32]

143. Similar record keeping responsibilities are cast on the State intercepting agencies by supplementary State legislation.[33]

The inspection process

144. In essence the role of the inspecting authorities is to ensure that intercepting agencies comply with their record keeping responsibilities under the Interception Act.

145. The powers of the Commonwealth Ombudsman in carrying out its inspection role under the Interception Act are set out in section 86 of the Interception Act. The Ombudsman is empowered to enter premises occupied by the agency and to request information from an officer of the agency. The Interception Act provides that the Ombudsman is entitled to full and free access to the records of the agency and to make copies of and take extracts from those records.

146. The legislation governing telecommunications interception in each State also provides for records to be maintained by declared State eligible authorities and for those records to be inspected regularly by an independent authority.

147. Part 3 of the Telecommunications (Interception) (State Provisions) Act 1988 (Vic) provides that the records of the Victoria Police are to be inspected by the Victorian Ombudsman at least twice in every financial year. Part 3 of the Telecommunications (Interception) (New South Wales) Act 1988 (NSW) provides that the records of the New South Wales Police, NSWCC, ICAC and the PIC are to be inspected by the New South Wales Ombudsman at least twice in every financial year.

148. Section 8 of the Telecommunications (Interception) Act 1988 (SA) provides that the records of the South Australia Police are to be inspected by the Police Complaints Authority at least once every six months. Part 3 of the Telecommunications (Interception) Western Australia Act 1996 (WA) provides that the records of the Western Australia Police and the Anti-Corruption Commission are to be inspected by the Western Australian Ombudsman at least twice in every financial year.

149. The functions and powers of the inspecting authorities in each State are broadly similar to those of the Commonwealth Ombudsman under the Interception Act. Although, as discussed below, there has been a lag in some States in following the 2000 Commonwealth amendments in limiting the definition of restricted records and other matters.

150. Finally there is the inspection role of the IGIS in relation to ASIO. The role of the IGIS is wider than that of the other inspecting authorities. Section 8 of the Inspector-General of Intelligence and Security Act 1986 sets out the inquiry functions of the IGIS. Those functions cover a range of intelligence and security agencies in addition to ASIO. The IGIS can of his own motion inquire into any matter, inter alia, that relates to the compliance by ASIO with the laws of the Commonwealth.

151. In practice the ASIO inspections relating to TI follow a similar procedure to those adopted by the other inspecting authorities. The inspections pay close regard to ASIO's record keeping and reporting responsibilities

152. In the course of the review I discussed the inspection process with all inspecting authorities except for the South Australian PCA. I was impressed with the standard of the inspection process. All the inspecting authorities to whom I spoke take the role very seriously and the inspections are carried out in a rigorous and professional manner.

153. Some particulars of the inspection process are worthy of note. Inspections take place on a regular basis, usually twice per year but sometimes more often. For example, inspectors from the IGIS visit ASIO every 6-8 weeks to examine TI documents to ensure lawful compliance with the Interception Act. The Commonwealth Ombudsman conducts two inspection rounds each year of both the ACC and the AFP. Inspections are conducted in Canberra, Sydney and one AFP region.

154. The State inspecting authorities also carry out regular inspections in a manner similar to the Commonwealth Ombudsman. For example the NSW Ombudsman carries out inspections of each of the NSW Police, NSWCC, PIC and ICAC twice in each financial year. The NSW Ombudsman also visits country police stations on a selective basis to check that the requirements of the Interception Act are being observed. The Victorian Ombudsman conducts inspections at Victoria Police 4-5 times each week.

155. The IGIS reports publicly on the outcome of his inspections of ASIO in the IGIS Annual Report.[34] The reports on TI inspections by the other inspecting authorities are not made public but are furnished to responsible Ministers.

156. All the inspecting authorities said that the TI process is conducted and managed by intercepting agencies is a very professional manner. Errors which are picked up tend to be minor human slips such as wrongly transposing numbers from one record to another and they are quickly rectified. It is also not unusual for such errors to be discovered by the intercepting agencies and brought to the attention of the inspecting authority.

157. My conclusion is that the inspection regime is working well in both the law enforcement and national security areas and provides an important safeguard and accountability mechanism.

158. In the case of the Commonwealth Ombudsman, I noticed that his TI inspection reports are analysed by the AGD and submissions are put to the Attorney-General. Where deficiencies are identified in the Ombudsman's report the Attorney writes to the agency concerned and remedial action is followed up.

159. I was unable to ascertain whether a similar practice is followed by State Ministers in relation to State Ombudsman reports but it is a practice which should be carried out in all jurisdictions because it ensures that identified deficiencies are followed up.

160. One issue which was raised by one Ombudsman's office is whether inspecting authorities should be able to examine the material (such as affidavits) in support of applications for warrants. On balance I consider that it would be unwise to second guess the decision of independent issuing authorities unless some obvious error appeared on the face of the relevant record. In which event such an error should be brought to attention of the staff of the intercepting authority and, if appropriate, mentioned in the Ombudsman's report.

Adding services to named person warrants

161. A particular issue concerning the record keeping of named person warrants arose in the course of the review. The Interception Act does not regulate the manner in which extensions of the services to be intercepted under named person warrants are to be authorised. The named person warrant, when originally issued, will specify a person's name but may or may not specify particular communications services in the warrant. The warrant authorises "interceptions of communications made to or from any telecommunications service that the person is using or is likely to use" (emphasis added).[35]

162. When additional services are identified as being used by the target the interception of these additional services is authorised by an internal process of approval in the agency. It is important to point out that the original warrant authorises the interception of all services used or likely to be used by the target, even those services which come to attention only after the warrant is signed.

163. Further, the Interception Act makes no provision for the keeping of records of the internal authorisation of these additional services other than to provide that a record must be kept of "each service to or from which communications have been intercepted under the warrant."[36]

164. I understand that at the time of developing the named person warrant regime it was intended to keep the regulation of named person warrants reasonably flexible because of the rapidity with which targets change services to avoid detection. This approach is understandable but I believe that there is scope for the development of consistent practices of authorisation of the interception of these extended services.

165. I should point out that in my inspection of recent warrant documentation of the intercepting agencies they seemed to have sound practices of authorisation, which is generally done by the head of the TI section in each agency. A case is made in the application to add an additional service or services, referring to the facts and circumstances upon which the conclusion is based that the subject of the warrant is using or is likely to use the particular service or services for which authorisation is sought. It is not uncommon for extension requests to be rejected on the basis of insufficient particulars.

166. I am conscious of the need to maintain flexibility in a fast moving operational environment and accordingly would not suggest that procedures for these particular authorisations be the subject of legislative regulation. Nevertheless I believe it is important that the relevant TI forums develop an agreed set of standards for authorisation of additional services under named person warrants and that the inspecting authorities pay close attention to this area. An important area is the recording of sufficient facts and circumstances to justify adding a service for interception under a named person warrant.

167. The general position in this regard is well described by the WA Ombudsman in her submission to the review.

"In our view, it seems reasonable to suggest that the scope of a named person warrant has more potential for an illegal intercept to be carried out. In some warrants we have inspected there have been interceptions of some seven or eight telephone numbers. Since the numbers do not have to be explicitly stated in the warrant application or the warrant itself, there is an increased possibility that an interception might be implemented without the justification required in other warrants. However we have not encountered any such incidents. We are not aware of any additional safeguards governing the issue of named person warrants."[37]

168. It is also important that records be kept of the applications to extend (including the grounds of the application), the decision on the application, and the notification to the carrier (referring to the original authorising warrant). From my observation most of the agencies do this as a matter of good administration but should be a general requirement across intercepting agencies.

169. Nevertheless there is a need for clear and consistent procedures in this area and the ICC again should be the appropriate forum to develop and monitor implementation of the procedures.

170. I do not recommend that these matters be the subject of legislative requirement, although it may be necessary in relation to record keeping in order to give the inspecting authorities a clear role in this area. Another course might be to consider the need for legislation in the light of experience, particularly if obstacles emerge to Ombudsmen carrying out this role.

171. The Federal Privacy Commissioner argued in his submission that the Interception Act should include the following procedures for the interception of new services under named person warrants, namely:

• each new service intercepted should be reported to the issuing authority as soon as practicable;

• the report should set out the grounds for believing that the named person is likely to use the service; and

• the issuing authority may require the issuing service to cease if there are insufficient grounds for it to continue.[38]

172. The adoption of these proposals would make the process more accountable but they effectively involve going back to the issuing authority for approval for each additional service and returning the regime to a single service warrant system. The issuing authority would have to examine the material and form a view as to whether the extension is appropriate and intercepting agencies would be reluctant to commence interception until the approval had been given. This would virtually eliminate the speed and flexibility of the named person warrants system.

173. I believe that the better course is to ensure that the named person warrant documentation is audited by inspecting authorities and I believe that is occurring now and will expand under the additional requirements recommended in this report.

Complaints

174. The making of, and the proper dealing with, complaints can be a valuable safety mechanism in most areas of public administration. However there are limitations in this area because, where a person complains about being intercepted, there is often no basis for the claim; and where there is a basis for it, the agency receiving the complaint can neither confirm nor deny that interception is taking place. This is perhaps part of the reason why the Interception Act has so many other requirements by way of checks and balances.

175. Nevertheless it is relevant to mention the experience of complaints. First, relatively few complaints are received by the intercepting agencies themselves. For example, the AFP which is one of the largest users of TI, advised me that they have received no recent complaints about TI. ASIO also receives relatively few complaints. More complaints, however, are received by the inspecting authorities which is an indication at least of a level of public awareness of their role in relation to TI. Complaints are also received by AGD.

176. The Commonwealth Ombudsman advised that their records disclosed the existence of 17 current complaints and they fell into three categories:

• telephone faults resulting in noise which the complainant equated with TI;

• complaints which make assertions but provide no basis for the assertion; and

• a complainant receives information about TI in the course of a prosecution against them.

Issuing authorities

177. Another important safeguard is the fact that warrants are issued by authorities independent of the intercepting agencies. I spoke to a significant number of persons (mainly AAT members) who issued warrants on a regular basis. The consensus of those issuing authorities was that warrant applications and supporting material were generally well prepared and comprehensive. The statistics show that very few are rejected.

178. One issue which arose in the course of considering safeguards was the desirability of a lawyer attending on the issuing authority together with the deponent of the supporting affidavit. Having two persons attend at the application reduces the opportunity for rogue applications and some of the issuing authorities I interviewed suggested that having a lawyer present improves the process. The importance of the deponent is that he or she is best placed to answer any questions on the affidavit.

179. It must be recognised that there will be situations where either a lawyer or a deponent will not be available and sometimes (for example in faxed applications) neither will be available. Nevertheless it is a good practice to adopt in as many cases as possible and, in any event, is the general practice adopted by most agencies.

180. These observations do not apply to ASIO because its process is quite different and, as already noted, the Director-General of Security and both "in house" and external lawyers are involved in ASIO warrant applications to the Attorney-General.

CHAPTER FIVE - ISSUES RELATING TO REPORTING

The reporting regime

181. The Interception Act (and supplementary legislation) imposes quite significant reporting requirements on intercepting agencies.

182. The Interception Act imposes a wide range of record-keeping requirements on ASIO in relation to warrants issued to it under Part III of the Interception Act, and on law enforcement agencies in relation to warrants issued under Part VI of the Interception Act.

ASIO

183. Reporting requirements apply in situations where the Director-General is satisfied that, prior to the expiry or revocation of a warrant, the grounds on which the warrant was issued no longer exist. In such cases, the Director-General is required under section 13 to advise the Attorney-General accordingly and to take steps to ensure that the interception is discontinued.

184. Special reporting and record-keeping requirements apply to emergency interceptions authorised by the Director-General under section 10 of the Interception Act. In such cases, the Director-General is required to send the Attorney-General a copy of the warrant together with a statement explaining why the Attorney-General would have been justified in issuing a warrant under normal circumstances and that security was, or was likely to be, seriously prejudiced. The Director-General is also obliged under subsection 15(4) to inform the relevant telecommunications carrier that an emergency warrant has been issued under section 10.

185. ASIO is required, under section 17 of the Interception Act, to supply the Attorney-General with a report in relation to each Part III warrant within three months of expiry or revocation of the warrant, whichever occurs first. The report is to contain details of the extent to which the interception of communications under the warrant has assisted ASIO in carrying out its functions. If the warrant was a named person warrant issued under sections 9A or 11A of the Interception Act, the report is to contain details of the services intercepted under the warrant.

186. The number of warrants obtained by ASIO under Part III of the Interception Act is published in the classified annual report provided by ASIO to the Attorney-General under subsection 94(1) of the ASIO Act. This information is deleted from the unclassified version of the report tabled in Parliament under subsection 94(3) of the ASIO Act.

Law-enforcement agencies

187. Section 80 of the Interception Act requires intercepting agencies to retain certain documentation associated with Part VI warrants, including warrants, instruments of revocation and other documentation.

188. In Part IX of the Interception there are requirements for reports to be made of interceptions under the Act. For example:

• section 93 requires carriers to report to the Minister each year on requests for interception;

• section 94 requires each agency chief officer to provide a report on the use and effectiveness of each single service warrant; and

• section 94B imposes a similar requirement for named person warrants.

189. The information contained in various reports by law enforcement intercepting agencies under the Interception Act are brought together in the Annual Report prepared in accordance with the provisions of Division 2 of Part IX of the Interception Act. This report is a valuable document and provides an extensive range of statistics on the use and effectiveness of TI across law enforcement agencies. With the possible exception of the United States,[39] no other jurisdiction provides such an extensive amount of information on the conduct of TI in law enforcement in the law enforcement area.

190. One valuable component of the reporting regime is effectiveness reporting. These reports form the basis of the various tables in the Interception Act's Annual Report on prosecutions and other actions which flows from TI. For example, the following compilation taken from Tables 1 and 20 of the latest Annual Report on the Interception Act gives a clear indication of the overall effectiveness of TI in law enforcement.

191. Under section 17 of the Interception Act ASIO is required to provide an effectiveness report to the Minister on the results of each of its warrants. As already noted, the purpose of ASIO warrants is different from law enforcement. Therefore, it does not report by reference to arrests. ASIO reports by reference to the intelligence objectives set out in the original warrant application. Although I examined a small number of effectiveness reports in both areas, I believe it is fair to say that the ASIO reports are more analytical than the law enforcement reports.

Issues arising from reporting requirements

192. In general I was impressed in the course of the review with the standard of reporting under the Interception Act. All interception agencies appeared to be very diligent in their recording and reporting responsibilities. This is supported by the comments from the reports of the inspecting authorities. In the course of the review one police officer with many years experience in TI stated:

"The heavy reporting requirements are accepted as part of working with TI."

193. In contrast, the NSW Council for Civil Liberties argued that there has been an explosion in capability, with no increase in accountability.

194. Three issues arose which might improve the information available from the reporting regimes. These are whether:

• there should be separate reporting by law enforcement agencies on named person warrants;

• ASIO should report on the number of warrants issued including named person warrants; and

• inspecting authorities should make some form of public report on their inspection activities.

Law enforcement reporting on named person warrants

195. As already observed, there is extensive statistical reporting on TI by law enforcement agencies. But there is no information presently available to the parliament or the public on the number of named person warrants issued each year and the number of services intercepted under such warrants.

196. There is reporting of the total number of warrants but the figures are not broken up into single service warrants and named person warrants. When reporting related only to single service warrants there was a direct correlation between the number of warrants issued and the number of services intercepted. This is no longer the case. One named person warrant may result in the interception of a significant number of services. This means that the current statistical reporting provides no indication of the number of services being intercepted in the Australian community. Indeed the current statistics may be misleading in this regard.

197. I believe it is important for accountability reasons that the parliament and the public have at least a general indication of the extent to which telecommunications services are being intercepted for law enforcement purposes.

198. Provision of statistics on the number of named person warrants issued by the various agencies would provide a guide to their use and relative importance over time. It will also provide a guide on whether such warrants are more important to some agencies than others. Attachment B to this report sets out the number of law enforcement named person warrants issued since their inception. It discloses that they are increasing in importance as a proportion of the total number of warrants.

199. It would also be appropriate to provide an indication at least of the range of the number of services intercepted under named person warrants. Because of the wide variety of numbers of services intercepted it is only possible to do this by ranges. Attachment C does this in the ranges of one service, 2-5 services, 6-10 services and more than 10 services.

200. It is also important that the total number of services intercepted should be made available as this is becoming the only reasonably reliable general guide as to the extent of law enforcement TI which occurs in Australia.

201. Again, the availability of figures assists public debate on this sensitive area of intrusion into personal privacy. For example, at the time of the tabling of the Interception Act Annual Report in 2002 there was media comment suggesting that Australia carried out more interceptions than the United States. The criticism may not have been comparing like with like, but the very fact of the comment shows that such reports serve a useful purpose.

202. Law enforcement agencies can provide these figures with little additional difficulty as the information is already in their computer systems and can be readily extracted. It is also important to note that no law enforcement agency expressed concern about making such information public. The NSW Council for Civil Liberties supported more reporting on named person warrants.

203. If, over time, the bulk of warrants is starting to fall into the "more than 10 services" category, consideration may have to be given to extending the ranges. I do not believe it is necessary at the moment.

Statistical reporting by ASIO on warrants, including named person warrants

204. The current position is that no information is presently available to the Parliament generally or the public on the extent to which ASIO engages in TI. This matter raises quite separate issues and I propose to deal with it separately from law enforcement.

205. As already noted, ASIO provides detailed statistics on its TI operations in its classified Annual Report, including statistics on the number of named person warrants. In this respect its classified reporting is in advance of the law enforcement reporting. However these TI statistics are not made available to the Parliament generally or to the public. The classified Annual Report is only made available to the Attorney- General and the Leader of the Opposition.[40]

206. On 17 July 2000 the Parliamentary Joint Committee on ASIO held a hearing in relation to ASIO's public reporting activities. In the course of the hearing the Director-General of Security was asked why ASIO does not report on operational matters including warrant operations. In response the Director-General said:

"In respect of targets and warrant operations ...we are a small service. An important ingredient for us is uncertainty in the minds of individuals, groups and foreign intelligence services in which we take an interest. Revealing our targets and warrant operations, would I think make it very difficult for us to do our job effectively. It would enable targets to make their own risk assessments about where we are focussing and where we are not. It would enable them to make judgements about our methodology and the things that we can do under the Telecommunications (Interception) Act. It would give them an idea of what we can rely on and what we do not rely on and personally I do not think it would be a wise thing to do."[41]

207. (I should make it clear that I am only considering the issue of public reporting of the number of warrants. I agree with the Director-General of Security that the reporting of the n umber of targets would not be appropriate and no one in the course of the review suggested that the number of targets should be made public, whether it be in the national security or law enforcement areas.)

208. In the course of our meeting on 22 May 2003 the Director-General of Security repeated the arguments he put to the Parliamentary Committee. He also said that ASIO discharges its accountability responsibilities by furnishing its classified annual report (which includes detailed TI statistics) not only to the Government but also to the Opposition.

209. It should also be noted that the view of the Director-General was also supported at the above hearing by the Attorney-General's Department. Mr Ford, First Assistant Secretary, Information and Security Law Division stated in response to a question as to whether he agreed with the ASIO view on publication:

"Yes, I do agree with that. It is quite different from the law enforcement area where the number of warrants is published in relation to particular law enforcement agencies and also in relation to particular kinds of offences, and that is part of the accountability process. The big difference between law enforcement and ASIO warrants is that the first ones are intended to end up in court if they lead to a successful investigation and prosecution whereas ASIO warrants have to remain covert to enable ASIO to do its job of building up intelligence."[42]

210. In the course of the Committee's hearing the Australian Privacy Charter Council argued that ASIO should report on the number and type of warrants issued each year.

211. In its report the Committee did not reach a conclusion on this issue but it seems implicit by its omission to do so that it accepted ASIO's position on the matter.[43]

212. It is helpful to examine briefly the comparative experience, at least amongst other leading common law countries. New Zealand and Canada both publish statistics on the total number of national security warrants issued each year.[44] On the other hand, I understand neither the UK nor the US make public statistics on national security warrants.

213. I should also mention that in the course of our discussion on 1 May 2003 the IGIS expressed the view that he supported the proposition that ASIO should publish statistics on the total numbers of national security warrants.

214. In the final analysis, this issue depends upon a balancing of two important public interests, namely the interest to disclose and the interest not to disclose. As Mason CJ said in the Commonwealth of Australia v John Fairfax & Sons Ltd:

"The court will not prevent the publication of information which merely throws light on the past workings of government, even if it be not public property, so long as it does not prejudice the community in other respects. Then disclosure itself will serve the public interest by keeping the community informed and in promoting discussion of public affairs. If, however, it appears that disclosure will be inimical to the public interest because national security, relations with foreign countries or the ordinary business of government will be prejudiced, disclosure will be restrained. There will be cases in which the conflicting considerations will be balanced, where it is difficult to decide whether the public's interest in knowing and in expressing its opinion, outweighs the need to protect confidentiality."[45]

215. It is clear that there are differing views and experience on this question. On balance, I believe that there should be a limited form of disclosure of the total number of warrants and named person warrants executed by ASIO, because I have difficulty accepting that the mere publication of total numbers of warrants will provide any meaningful information to ASIO targets to enable them to take counter measures. The information is simply too general to achieve such a purpose.

216. Further, the fact that ASIO conducts TI is publicly known and can, in any event, be ascertained by a perusal of the Interception Act which is a public document. Finally in this regard, I am influenced by the fact that it has never been suggested (nor am I aware of any evidence) that the publication of such statistics has enabled law enforcement targets to take countermeasures. The law enforcement community includes agencies at least as small as ASIO.

217. On the other hand, I do not believe that particulars of foreign intelligence warrants should be published. Such publication may affect relations with friendly foreign intelligence services on whom ASIO is very dependent on the sharing of intelligence information. Further, foreign intelligence TI does not have the same impact on the privacy of Australian citizens as national security warrants.

218. Also I do not believe it would be appropriate at this stage to publish particulars of the number of services intercepted under ASIO named person warrants (as recommended above for law enforcement). But such particulars should be contained in ASIO's classified annual report. It is appropriate to take, at this stage, a modest step towards greater disclosure and accountability, and review additional disclosure in the light of more experience.

219. It is also important for the purposes of accountability that particulars of the number of ASIO warrants refused be publicly known.

220. I have taken the step of including in this report statistics on named person warrants in the law enforcement area because there was no objection expressed to that course. I have not included any statistics on ASIO warrants generally or named person warrants because those statistics are presently classified information.

Public reporting by inspecting authorities

221. As noted above, the inspecting authorities report to their respective Ministers on their inspection activities. The reports include details of the inspections carried out and the results of inspections including any deficiencies identified. I read the last two reports from each inspecting authority and they are all of a high standard.

222. As noted in Chapter Four, the Commonwealth Ombudsman's reports are examined in the AGD and a briefing sent to the Attorney-General. If any deficiencies are identified the AGD follows up these matters with the agency concerned and the agency reports back on remedial action.

223. Because of time limitations I was not able to ascertain whether this process is followed in all the State jurisdictions. If it is not, it should be. It makes little sense to have inspection regimes which identify deficiencies and nothing is done by government to ensure remedial action is carried out.

224. It also might be conducive to greater accountability and more public information if Commonwealth and State Ombudsman[46] included some particulars of the outcome of their TI inspections in their respective annual reports. What I have in mind is the sort of information which the IGIS makes publicly available in his annual report on his inspection activities in relation to TI operations in ASIO. The IGIS describes the inspection process and summarises the major deficiencies identified and any follow up action.[47]

225. I was not able to peruse recent annual reports of all inspecting authorities but those I did see only contained a brief reference to the inspecting function. It is possible that some inspecting authorities are reporting in the manner just described but clearly not all are. I am conscious that all agencies have heavy reporting requirements and I am reluctant to suggest adding to those burdens particularly when the inspecting authorities have many other functions to report upon. Nevertheless this is a highly invasive and secretive activity and the inspecting authority reports are a very valuable guide to performance and integrity.

226. On balance I believe the public should be entitled to receive at least some summary of how the TI systems are performing.

CHAPTER SIX - SECONDARY USE OF INFORMATION

227. This term of reference arose out of the insertion of section 75A in the Interception Act. Section 75A provides as follows:

"If information is given in evidence (whether before or after the commencement of this section) in an exempt proceeding under section 74 or 75, that information, or any part of that information, may later be given in evidence in any proceeding."

228. In it