The law enforcement and intelligence community relies on a range of warrants and authorisations to access the data and communications of the individuals they investigate. The data retention scheme stores the metadata of communications to allow authorised officers to discern the communication histories of suspects. Stored communications warrants allow communications such as SMS, email and voicemail to be accessed by investigators. Intercepted communications warrants allow phone calls to be tapped in the investigation of serious offences generally punishable by three years or more imprisonment. The Telecommunications (Interception and Access) Act 1979 establishes the legal authority for the use of these powers.
The Assistance and Access Act’s industry assistance powers formalise the relationship between the broader communications industry and law enforcement and intelligence agencies. The Act does not replace or modify the need for these underlying warrants and authorisations to access communications or personal data. In fact, due to legal restrictions in the Act they have no capacity to do so. Instead, the powers ensure that industry can assist with the facilitation and execution of these warrants and support the discharge of lawful and appropriately approved powers.
In addition, industry assistance is flexible enough to be used to provide agencies with a broader range of technical assistance that is not connected to a warrant or authorisation, and does not require any additional lawful authority. An example of this is asking for technical information regarding a provider’s systems that will assist the agency to build their own, indigenous capabilities.
Industry assistance and investigative powers
The new measures do not change the existing thresholds that the Telecommunications (Interception and Access) Act 1979 establishes for access to personal information. For example, the interception of a person’s communication requires a warrant to be in place. Generally these warrants are restricted to the investigations of serious crimes attracting seven years imprisonment or more. Similarly warranted access to SMS or email is largely limited to the serious offences attracted to three years imprisonment or more.
The industry assistance process does not, and explicitly cannot, replace the need for these thresholds to be met. They are not alternate channels to access material and information which would otherwise be subject to the conditions of a warrant.
Instead the new measures compliment these powers. If information obtained under a warrant was encrypted, under the new framework an agency could ask that a provider who currently encrypts and decrypts information according to business needs to decrypt the lawfully accessed information for public safety purposes. Equally, an agency could request that a provider restore a password that was temporarily changed to enable a judicially approved computer access warrant to be executed.
The online lives of Australians, including criminals, is increasingly complex aided by the innovation of the communications industry and the sheer scale of services and devices available. Australian agencies must remain adaptable in this complex environment and, partnering with industry, are able to pursue creative ways to disrupt and detect threats while maintaining the integrity of critical cyber security protections like encryption.