International production order framework
International Production Order Framework
Criminals are increasingly using global online platforms and communications services to undertake unlawful activity. This means that electronic data relating to serious crimes once traditionally available within Australia is now increasingly being held by communications providers overseas, the majority of which are based in the US (such as Google, Microsoft and Meta).
Current processes for Australian law enforcement agencies obtaining electronic data held by communications service providers in other countries can be lengthy and time-consuming, particularly in light of the increasing demand for electronic data by law enforcement investigations. Access to this electronic data is critical to support these agencies to combat serious crime, and not being able to access this information in a timely manner significantly undermines efforts by Australian law enforcement and national security agencies.
This framework will support Australian law enforcement to access critical electronic information for the purposes of preventing, detecting, investigating or prosecuting serious crime while implementing a robust privacy protection and non-discrimination framework.
Schedule 1 to the Telecommunications (Interception and Access) Act 1979 (TIA Act) establishes the International Production Order (IPO) framework that allows Australia to enter into agreements with other countries to share electronic information for the purposes of countering serious crime.
The Agreement between the Government of Australia and the Government of the United States of America on Access to Electronic Data for the Purpose of Countering Serious Crime (AUS-US Data Access Agreement), which was signed on 15 December 2021, is currently being considered for designation under the IPO framework.
AUS-US Data Access Agreement
The AUS-US Data Access Agreement complements existing international crime cooperation arrangements between Australian and US authorities, such as mutual legal assistance and agency-to-agency assistance. It will enable Australian law enforcement and national security agencies to send IPOs, via the Australian Designated Authority within the Attorney-General’s Department, directly to communications providers in the US seeking the disclosure of electronic information. US law enforcement agencies will also be able to seek electronic data directly from Australian communications providers.
The AUS-US Data Access Agreement includes specific prohibitions on the targeting of each other’s citizens, which means that Australian citizens, permanent residents and persons located in Australia cannot be the subject of US orders, and neither can Australian law enforcement or national security agencies target US citizens or anyone in the US.
The protections and safeguards in Schedule 1 to the TIA Act are similar to the protections in Australia’s domestic warrant framework. IPOs will be independently issued, and subject to safeguards and limitations to ensure that any encroachment on privacy is reasonable and proportionate. There will also be comprehensive oversight by the Commonwealth Ombudsman and the Inspector-General of Intelligence and Security.
The AUS-US Data Access Agreement supplements the protections of the IPO framework with additional safeguards and protections. It emphasises the importance of, and Australia’s commitment to, human rights, civil liberties, the rule of law, principles of non-discrimination and the protection of privacy. This includes:
- safeguards relating to the use of Australian-sourced data in prosecutions that could result in the death penalty being applied in the US, and the use of American-sourced data in Australian prosecutions in a manner that could raise freedom of speech concerns for the US
- safeguards relating to privacy and data protection and principles of non-discrimination
- safeguards and requirements to minimise the collection, retention, use and disclosure of data
- clear guidelines for requests that can be sent, including requirements for independent review or oversight, and that orders must relate to criminal offences punishable by at least 3 years’ imprisonment.
International production orders
Under the IPO framework, certain Commonwealth, state and territory law enforcement and national security agencies can apply to authorised Australian judges, magistrates or Administrative Appeals Tribunal members for an IPO. The process for obtaining an IPO differs depends on the purpose for which the IPO is sought, and the type of electronic information that is sought.
Types of IPO
Schedule 1 to the TIA Act allows IPOs to be issued for the following purposes:
- enforcement of criminal law
- monitoring of a person subject to a Part 5.3 supervisory order
- national security.
Under each of these categories, agencies may seek the following types of electronic information from a US communications provider:
- interception of live communications
- stored communications
- telecommunications data.
Australian Designated Authority
Schedule 1 to the TIA Act establishes the Australian Designated Authority (ADA) within the Attorney-General’s Department. The ADA has a variety of functions under Schedule 1 to the TIA Act and the AUS-US Data Access Agreement, including:
- reviewing IPOs for compliance with the AUS-US Data Access Agreement, and providing written certification where an order is compliant
- transmitting certified IPOs directly to US communications providers
- cancelling IPOs in certain circumstances
- managing any objections
- record keeping and reporting obligations under domestic law and the AUS-US Data Access Agreement
- managing essential interests under the AUS-US Data Access Agreement (death penalty matters for Australia and freedom of speech matters for the US).
The above diagram provides an overview of the general process to obtain data under the IPO framework. As depicted, the ADA receives IPOs for review after they have been issued. Unlike the issuing person, who applies the criteria set out in the Schedule 1 to the TIA Act, the ADA determines whether the IPO complies with the requirements of the AUS-US Data Access Agreement. If satisfied, the ADA provides the IPO to the US communications provider who sends the requested data directly to the requesting agency. Where data is sought for national security purposes, the Attorney‑General’s consent is required prior to making an application for an IPO to an issuing person.
Use of the AUS-US Data Access Agreement:
Australian Designated Authority
3-5 National Circuit, Barton, ACT, 2600
Policy and Legislation:
Cross-border Data Policy Section
3-5 National Circuit, Barton, ACT, 2600
- Full text of the AUS-US Data Access Agreement
- AUS-US Data Access Agreement letters of understanding on death penalty – Australian letter
- AUS-US Data Access Agreement letters of understanding on death penalty – US letter
- AUS-US Data Access Agreement letters of understanding on freedom of speech – Australian letter
- AUS-US Data Access Agreement letters of understanding on freedom of speech – US letter
- AUS-US Data Access Agreement letters of understanding on Guantanamo Bay Military Detention Camp – Australian letter
- AUS-US Data Access Agreement letters of understanding on Guantanamo Bay Military Detention Camp – US letter