International production order framework

International Production Order Framework

Criminals are increasingly using global online platforms and communications services to undertake unlawful activity. This means that electronic data relating to serious crimes once traditionally available within Australia is now increasingly being held by communications providers overseas, the majority of which are based in the US (such as Google, Microsoft and Meta).

Current processes for Australian law enforcement agencies obtaining electronic data held by communications service providers in other countries can be lengthy and time-consuming, particularly in light of the increasing demand for electronic data by law enforcement investigations. Access to this electronic data is critical to support these agencies to combat serious crime, and not being able to access this information in a timely manner significantly undermines efforts by Australian law enforcement and national security agencies.

This framework will support Australian law enforcement to access critical electronic information for the purposes of preventing, detecting, investigating or prosecuting serious crime while implementing a robust privacy protection and non-discrimination framework.

Schedule 1 to the Telecommunications (Interception and Access) Act 1979 (TIA Act) establishes the International Production Order (IPO) framework that allows Australia to enter into agreements with other countries to share electronic information for the purposes of countering serious crime.

The Agreement between the Government of Australia and the Government of the United States of America on Access to Electronic Data for the Purpose of Countering Serious Crime (AUS-US Data Access Agreement), which was signed on 15 December 2021, is currently being considered for designation under the IPO framework.

AUS-US Data Access Agreement

The AUS-US Data Access Agreement complements existing international crime cooperation arrangements between Australian and US authorities, such as mutual legal assistance and agency-to-agency assistance. It will enable Australian law enforcement and national security agencies to send IPOs, via the Australian Designated Authority within the Attorney-General’s Department, directly to communications providers in the US seeking the disclosure of electronic information. US law enforcement agencies will also be able to seek electronic data directly from Australian communications providers.

The AUS-US Data Access Agreement includes specific prohibitions on the targeting of each other’s citizens, which means that Australian citizens, permanent residents and persons located in Australia cannot be the subject of US orders, and neither can Australian law enforcement or national security agencies target US citizens or anyone in the US.

The protections and safeguards in Schedule 1 to the TIA Act are similar to the protections in Australia’s domestic warrant framework. IPOs will be independently issued, and subject to safeguards and limitations to ensure that any encroachment on privacy is reasonable and proportionate. There will also be comprehensive oversight by the Commonwealth Ombudsman and the Inspector-General of Intelligence and Security.

The AUS-US Data Access Agreement supplements the protections of the IPO framework with additional safeguards and protections. It emphasises the importance of, and Australia’s commitment to, human rights, civil liberties, the rule of law, principles of non-discrimination and the protection of privacy. This includes:

  • safeguards relating to the use of Australian-sourced data in prosecutions that could result in the death penalty being applied in the US, and the use of American-sourced data in Australian prosecutions in a manner that could raise freedom of speech concerns for the US
  • safeguards relating to privacy and data protection and principles of non-discrimination
  • safeguards and requirements to minimise the collection, retention, use and disclosure of data
  • clear guidelines for requests that can be sent, including requirements for independent review or oversight, and that orders must relate to criminal offences punishable by at least 3 years’ imprisonment.

International production orders

Under the IPO framework, certain Commonwealth, state and territory law enforcement and national security agencies can apply to authorised Australian judges, magistrates or Administrative Appeals Tribunal members for an IPO. The process for obtaining an IPO differs depends on the purpose for which the IPO is sought, and the type of electronic information that is sought.

Types of IPO

Schedule 1 to the TIA Act allows IPOs to be issued for the following purposes:

  • enforcement of criminal law
  • monitoring of a person subject to a Part 5.3 supervisory order
  • national security.

Under each of these categories, agencies may seek the following types of electronic information from a US communications provider:

  • interception of live communications
  • stored communications
  • telecommunications data.

Australian Designated Authority

Schedule 1 to the TIA Act establishes the Australian Designated Authority (ADA) within the Attorney-General’s Department. The ADA has a variety of functions under Schedule 1 to the TIA Act and the AUS-US Data Access Agreement, including:

  • reviewing IPOs for compliance with the AUS-US Data Access Agreement, and providing written certification where an order is compliant
  • transmitting certified IPOs directly to US communications providers
  • cancelling IPOs in certain circumstances
  • managing any objections
  • record keeping and reporting obligations under domestic law and the AUS-US Data Access Agreement
  • managing essential interests under the AUS-US Data Access Agreement (death penalty matters for Australia and freedom of speech matters for the US).
Step zero, which is only required for National Security IPOs, requires the Requesting Agency to seek the Attorney-General's consent. Step one requires the Requesting Agency to apply to an Issuing Person for an IPO. Step two is the Issuing Person reviewing application and issuing the IPO to the Requesting Agency. Step three requires the Requesting Agency to send the IPO to the Australian Designated Authority for review against the Agreement. Step four requires the Australian Designated Authority to give the

The above diagram provides an overview of the general process to obtain data under the IPO framework. As depicted, the ADA receives IPOs for review after they have been issued. Unlike the issuing person, who applies the criteria set out in the Schedule 1 to the TIA Act, the ADA determines whether the IPO complies with the requirements of the AUS-US Data Access Agreement. If satisfied, the ADA provides the IPO to the US communications provider who sends the requested data directly to the requesting agency. Where data is sought for national security purposes, the Attorney‑General’s consent is required prior to making an application for an IPO to an issuing person.

Contact details

Use of the AUS-US Data Access Agreement:
Australian Designated Authority
ADA@ag.gov.au
3-5 National Circuit, Barton, ACT, 2600

Legislation

Telecommunications (Interception and Access) Act 1979

Related documents