The Commonwealth Ombudsman has said while he’s happy to perform oversight of Australia’s pending Telecommunications Legislation Amendment (International Production Orders) Bill 2020, he anticipates there to be an increase in workload, which would therefore require further funding.
The Bill is intended to amend the Telecommunications (Interception and Access) Act 1979 (TIA Act) to create a framework for Australian agencies to gain access to stored telecommunications data from foreign designated communication providers in countries that have an agreement with Australia, and vice versa. It would also remove the ability for nominated Administrative Appeals Tribunal members to issue certain warrants.
The Bill is a precondition for Australia to obtain a proposed bilateral agreement with the United States in order to implement the US Clarifying Lawful Overseas Use of Data Act (the CLOUD Act).
“If passed, the IPO Bill will make it easier for law enforcement agencies to obtain certain electronic information under proposed and future bilateral or multilateral agreements, when compared to current mutual legal assistance arrangements,” Ombudsman Michael Manthorpe wrote in a submission [PDF] to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and its review of the Bill.
“On this basis, I anticipate that not only will the number of inspections my office is required to perform increase, but so too will the volume of electronic information accessed by Australian law enforcement agencies which my staff will need to asses.”
Manthorpe said while he is “broadly comfortable” with the oversight role of his office for the Bill, if the piece of legislation is passed without appropriate funding, his office won’t be able to undertake the activities necessary to “assure the Parliament these new powers are being used appropriately”.
He added that his office would also have the function of inspecting the records of the Australian Designated Authority.
“This could result in up for 65 additional inspections each year,” he said.
“The Bill proposes requirements that my office inspect and report about the use of IPOs separate from the inspection reporting requirements for the domestic regime. For this reason, my staff would likely need to inspect both a full sample of IPOs and a full sample of domestic authorisations for each type of access and for each agency.”
See also: Why Australia is quickly developing a technology-based human rights problem (TechRepublic)
While the Ombudsman said he had no comments on the contents of the Bill, due to his office being involved with the Department of Home Affairs’ drafting of it, he elaborated on who would have access and what that would mean for his office.
Under the Bill, six Commonwealth agencies and 15 state and territory agencies could gain access to data and information held overseas under each of the three international production orders (IPO) regimes.
In its own submission to the PJCIS, the Australian Privacy Foundation (APF) labelled the Bill as deeply flawed, saying it sees no real need for it to be put in place.
“The Bill is deeply flawed. It conflates bureaucratic convenience with what is imperative,” the foundation said.
“It obfuscates accountability through inadequate transparency, including reliance on the under-resourced Commonwealth Ombudsman.
“It enshrines an inappropriate level of discretion and weakens parliamentary oversight regarding interaction with governments that disrespect human rights.
“It is a manifestation of a drip by drip erosion of privacy protection in the absence of a justiciable constitutionally-enshrined right to privacy in accord with international human rights frameworks.”
New Bill to prepare Australian law enforcement for the US CLOUD Act
The Telecommunications Interception Access Act amendment seeks to ‘enhance the process of exchanging information held by communications providers for the purpose of criminal investigations and prosecutions’.
Aussie law enforcement integrity body wants International Production Orders Bill
It doesn’t really use the current method for obtaining foreign assistance in law enforcement prosecution, but it would use the new one.
Australian Privacy Foundation labels CLOUD Act-readying Bill as ‘deeply flawed’
The foundation also called the Telecommunications International Production Orders Bill a ‘manifestation of a drip by drip erosion of privacy protection in the absence of a justiciable constitutionally-enshrined right to privacy in accord with international human rights frameworks’.
Cops are getting full URLs under Australia’s data retention scheme
There is content on the envelope. A Senate committee has been told that law enforcement agencies sometimes get full URLs from telcos, despite government reassurances.