Government access to Telecommunications in Australia

Nigel Waters
 
  • Introduction
  • Public consultation and debate on telecommunications privacy issues, and the institutional framework
  • Sanctions and enforcement
  • Part 1: Access to information under the Telecommunications Act 1997
  • Content or substance of communications
  • Part 2: Interception of communications under the Telecommunications (Interception) Act 1979
  • Interception capability
  • Interception Rules and Safeguards
  • Unauthorised interception

  • Authorised Interception


    [Unpublished paper, May 200. Please do not quote without prior consultation.]

    Introduction

    Although Australia has a federal Constitution, telecommunications is clearly and exclusively a federal or Commonwealth matter, and all the relevant legislation is federal.
     
     

    Like most countries, Australia is still in transition from a monopoly state owned telco to a deregulated and competitive telecommunications industry. The Telecommunications Act 1997 represents the most recent phase of successive governments attempts to achieve this transition, whilst at the same time maintaining a range of accountability safeguards, standards, and customer service obligations.
     
     

    Australian legislative developments need to be seen in the context of government attempts to privatise the dominant government owned carrier - Telstra. To date, opposition parties have blocked full privatization - two public floats have taken private ownership to 49%.
     
     

    The initial corporatisation of Telstra in 1992 - a necessary pre-requisite for privatization, had the effect of removing Telstra from the coverage of the federal Privacy Act 1988. However, public pressure forced the then government to retain the application of the Freedom of Information Act and Telstra has continued to be required to grant individuals access and correction rights to personal information.
     
     

    The 1997 Act introduced a system of co-regulation - carriers and carriage service providers (CSPs) (the two main classes of industry participants[1]) are required to support an industry forum to develop standards and codes of practice for a wide variety of technical operational matters, and to subscribe to an industry dispute resolution scheme - the Telecommunications Industry Ombudsman (TIO)[2]. The industry forum established by the participants is the Australian Communications Industry Forum (ACIF)[3] which was given a statutory duty to develop codes of practice on privacy issues.
     
     

    The 1997 Act retained and developed the provisions of the 1991 Act relating to confidentiality and disclosure of information, which to a large extent mirrored the use and disclosure principles of the Privacy Act. Part 13 of the Act is a detailed regime of permitted uses and disclosures, as exceptions to a general duty of confidentiality. It is balanced by the next Part - 14 - which imposes a statutory duty on carriers and carriage service providers to assist government agencies where necessary for law enforcement and revenue protection and safeguarding national security.

    The interaction of Parts 13 & 14 of the Telecommunications Act 1997 governs the access by government agencies to all types of information held by carriers and carriage service providers except the `content or substance' of communications, access to which is separately regulated by the Telecommunications (Interception) Act 1979 (see Part 2 below). The types of information clearly subject to the disclosure regime in the 1997 Act include customer related information such as subscriber details, call charge records, reverse call records, IMEI checks and cell dumps; call tracing; and the affairs or personal particulars (including any unlisted telephone number or any address) of another person.[4]
     
     

    Public consultation and debate on telecommunications privacy issues, and the institutional framework

    Recent changes to the laws governing access to telecommunications related information in Australia have tended to be made as part of more general legislative amendments, dealing with high profile public issues such as ownership, deregulation and community service obligations. It has therefore proved difficult to generate specific focused debate on privacy implications. Privacy and consumer advocacy groups have made specialized submissions on privacy issues, joined on some occasions by civil liberties organizations.

    Telecommunications is unusual as a sector in having relatively well funded consumer bodies - originally set up and supported by the government monopoly carrier Telstra and continued through joint industry funding for the Consumers Telecommunications Network (CTN)[5], which participates in most of the working committees of the new industry forum ACIF as well as lobbying government.
     
     

    In the early 1990s the federal Privacy Commissioner, who then had jurisdiction over Telstra, took some interest in telecommunications privacy issues - including ruling on applications from Telstra for a waiver from the disclosure principle.[6] The Industry Regulator established under the 1991 Telecommunications Act - AUSTEL - also saw privacy as a significant and growing issue and set up an Inquiry into a range of privacy issues. This Inquiry held public meetings around the country, in which the Privacy Commissioner's office participated and invited submissions on a discussion paper. The final report of the AUSTEL Privacy Inquiry in 1992[7] identified a range of important issues. As a result of the report, the then Minister for Communications asked AUSTEL in 1994 to set up a Privacy Advisory Committee to consider specific issues. One of these was calling number display (CND), and the Advisory Committee published a report in January 1996.

    The successor to AUSTEL under the 1997 Act is the Australian Communications Authority (ACA). In accordance with the government's preference for self-regulation - embodied in the 1997 Act - the ACA has not taken any specific initiatives on Privacy, but has participated in the ACIF working parties which have developed codes of practice on the Protection of Customer Personal Information[8], and on Calling Number Display[9]. The former code does little more than repeat the principles in the federal Privacy Act, but in a telecommunications specific context and language (including the disclosure regime outlined in Part 1 of this paper. The CND Code attempts to regulate the secondary uses of calling line identification (CLI) both by carriers and CSPs and by other organizations - mainly by giving telecommunications subscribers a choice of per-call and per-line opt-out from having their CLI available for capture and display by call recipients. The ACIF process involves a round of public consultation, and this took place in 1999-2000 for both of the privacy codes.
     
     

    The ACA has exercised its discretion under the Act to register both the Customer Personal Information and CND Codes. This has the effect of making them mandatory and binding on carriers and CSPs (The organizational use Guidelines in the CND Code are to be enforced through contractual arrangements between the carriers and clients).
     
     

    A number of other ACIF Codes[10] have important privacy implications. They include:

    All the above codes have gone through the ACIF public consultation process, but the IPND Code and the two drafts have not yet been registered by the ACA and are not therefore currently binding on participants.

    Sanctions and enforcement

    Breaches of ACIF Codes can in some cases be investigated by the TIO, who can award compensation in appropriate cases, but can also be reported to ACIF who have a process for holding signatories to account. For ACA registered codes, the ACA has reserve powers in the case of repeated or flagrant breaches but this is a somewhat blunt sanction.

    Some breaches of the Customer Personal Information Code or the (draft) Assistance to Agencies Code are quite likely to also be breaches of the prohibition on disclosure in Part 13 of the Telecommunications Act and these could be criminal offences under s.276-278 - punishable by up to 2 years imprisonment. They could also, from December 2001, be breaches of the National Privacy Principles in the Privacy Act 1988, for which the Privacy Commissioner can investigate and make determinations, including an award of compensation where appropriate. It may be however, that the telecommunications industry applies for registration of their existing (or a revised version of) Customer Personal Information Code, in which case it would become the standard against which Privacy Act compliance would be judged, either by the TIO (if approved as a Code Adjudicator) or by the Privacy Commissioner.

    Part 1: Access to information under the Telecommunications Act 1997

    As noted above, access by government agencies to most types of information held by carriers and carriage service providers is governed by the interaction of Parts 13 & 14 of the Telecommunications Act 1997. A Code of Practice due for publication in 2001 will explain this regime[11], as do a brief fact sheet, and a more detailed but somewhat out of date manual from the Australian Communications Authority[12]. The types of information clearly subject to this disclosure regime include customer related information such as subscriber details, call charge records, reverse call records, IMEI checks and cell dumps; call tracing; and the affairs or personal particulars (including any unlisted telephone number or any address) of another person.[13]
     
     

    The Act allows disclosure of otherwise confidential information where that disclosure is `reasonably necessary' for one of the following purposes:

    Carriers and carriage service providers can meet the `reasonably necessary' test, in two different ways:
  • (b) the Organisation may assess whether the requested disclosure from an Agency is reasonably necessary for [one of the specified] purposes. (s.282 (1) or (2).

  •  

    Disclosures for the first two purposes can be made to any agency of an Australian government, but for the third purpose only to the intelligence agency ASIO (under the separate section 283). However, disclosures under s.282 (3)-(5) - in response to a certificate - can only be made to `enforcement' agencies on a prescribed list.

    Provided a disclosure meets the three tests of reasonable necessity, prescribed purpose and prescribed recipient agency, the disclosing organization is exempt from the prohibition in Part 13 of the Act (which is modeled on the non-disclosure principle in the Privacy Act 1988). Part 13, like the Privacy Act principle, provides separately for other permitted disclosures, including where the disclosure is required by law (such as under a a judicial warrant or court sub-poena) or in emergency life threatening situations.
     
     

    There are detailed criteria set out in the Act for the form and processes for issue of certificates under s.282 (3)-(5), and these are supplemented by written requirements issued by the ACA in December 1998.
     
     

    The Act also imposes record-keeping requirements on carriers and carriage service providers (s.306), and the federal Privacy Commissioner has a statutory role in monitoring procedural compliance with those requirements (s.309).
     
     

    A major cause for concern to privacy advocates has been the failure of any of the authorities to give advice that would encourage the use of the certificate process, which at least has some procedural safeguards, as opposed to more informal requests under s.282 (1) and (2).
     
     

    More generally, there is concern from a privacy perspective about the whole structure of the access regime. Section 313 creates a presumption in favour of co-operation with agencies - something which does not apply to any other private sector organisations. Privacy advocates have argued consistently over the last decade that this is the reverse of the desirable situation. They argue that because communications are inherently more sensitive than many other types of behaviour (and linked closely to values such as freedom of speech and association), information about them should be protected, even against state intrusion, to a higher, rather than a lesser standard. This applies especially to call charge or billing records, which can reveal a considerable amount about an individuals' communications, and yet do not receive any greater protection than relatively innocuous data such as subscribers' names.
     
     

    There are currently no statutory requirements for telecommunications providers to keep particular types of records for specific periods of time to assist law enforcement, although such a requirement has been debated in the ACIF Code working committees and it is understood that some carriers may be complying informally with requests from agencies to keep records for longer than they would need for their own purposes. A principle that personal information should be kept for no longer than necessary for any legitimate purpose is already included in the ACIF Customer Personal Information Code which is binding on all carriers and CSPs[14].
     
     

    It is important to recognize, as already stated above, that telecommunications providers continue to be subject to the standard processes whereby information can be `required by law' by government agencies (and others) such as the execution of search warrants, court sob-poenas and a range of statutory `orders' from specific agencies such as the Australian Taxation Office, Commonwealth welfare agencies, and various State regulators. The Telecommunications Act and Privacy Codes all provide an exception that does not prevent providers from complying with such demands.

    From time to time, the debate over privacy of telecommunications has achieved a wider exposure. The most recent example was in February 2001 when the Opposition in federal parliament asked questions about the total volume of disclosures to government agencies under the Telecommunications Act. The revelation that there were nearly 1 million separate disclosures by telcos in 1999-2000 (a more than 12% increase on the previous year), while not news to anyone who has followed the issue more closely, attracted some media attention.
     
     

    Content or substance of communications

    There is some ambiguity about the scope of the `content or substance' exception in s.282 of the Telecommunications Act 1997. This section of the Act refers to communications which have been carried, or are being carried (including a communication that has been collected or received by such a Carrier or provider for carriage by it but has not been delivered by it). It also only relates to disclosures subject to a certificate issued by an agency to the effect that the disclosure is reasonably necessary.
     
     

    The significance of this latter limitation lies in the fact that the `content or substance' exception only relates to the certificate option for disclosure (s.282 (3)-(5)), and not to the option where the carrier or provider discloses on the basis of its own assessment of `reasonable necessity' (s.282 (1) or (2)).
     
     

    Normal principles of statutory interpretation could be used to argue that because both the certificate provisions and the Telecommunications (Interception) Act clearly deal with the issue of content, it cannot have been intended that s.282 (1) and (2) should provide a loophole with lesser safeguards. However, the drafters of the ACIF Code on Assistance to Agencies, being finalised in April 2001, have declined to give guidance to this effect, confining themselves to the following statements:
     
     

    2.7.2 Subsections 282(1) and 282(2) may authorise disclosure of content and substance. In view of the sensitive nature of the disclosure where content and substance are involved it would be prudent for Organisations to obtain legal advice.
    2.7.3 This means that an Organisation cannot rely on section 282 to disclose information concerning the content of substance of a communication to an Agency. Although the disclosure of that information may be authorised under section 280 of the Act (if a warrant has been obtained), the Organisation should ensure that any disclosure complies with the provisions of the Telecommunications (Interception) Act 1979(Cth) or the relevant State's or Territory's Listening Deviceslegislation.
    .......
    2.7.5 Carriers and Service Providers may have to make judgements as to what constitutes the contents or substance of information or a document in relation to particular technologies, especially store-and-forward technologies such as stored voicemail, e-mail, or paging messages.
    The other ambiguity about the scope of the `content or substance' exception concerns whether it applies to stored communications, such as email, pager or SMS messages or calls recorded in an answering service or messagebank. At what point are such messages or calls deemed to have been `delivered' for the purposes of the exception? - when it has been posted to a user's `mailbox' or message bank? or only when read? It would seem clear that once a user has accessed or read such a stored message it loses the protection of the `content or substance' exception even if the user chooses to leave it temporarily in the carrier/CSPs storage device. Even without resolving the other ambiguity this means that there is at least one category of `content' - stored messages after they have been read - which is subject to the Telecommunications Act regime rather than the stricter Telecommunications (Interception) Act.
     
     

    Part 2: Interception of communications under the Telecommunications (Interception) Act 1979

    Interception capability

    With the introduction of the digital mobile (GSM) networks in the early 1990's, the law enforcement agencies which are able to obtain warrants under the Telecommunications (Interception) Act 1979 (see below) became concerned that they would lose the capability to intercept. This is because, in contrast to the standard fixed telephone services, and the original analogue mobile network[15], digital mobiles automatically encrypt voice and data messages before they are transmitted. Initially, this encryption rendered digital mobile traffic secure from interception. The government included in the legislation (theTelecommunications Act 1991 and the Telecommunications (Interception-Carriers) Act 1992) an obligation on carriers to develop and implement (at their own expense) an interception capability. This proved more difficult and expensive than anticipated, and the carriers were given both a waiver from the requirement for several years and, it is understood, a subsidy towards the cost.

    The interception requirements were subsequently standardised in conformity with an international agreement[16] - and the obligation carried forward into the Telecommunications Act 1997. As a result of an amendment in late 1997, Part 15 of the new Telecommunications Act 1997 now requires both carriers and carriage service providers to ensure that both networks and facilities are able to allow interception in accordance with a warrant issued under the Telecommunications (Interception) Act 1979. It also requires carriers and some nominated carriage service providers to notify the Australian Communications Authority (ACA) of any technological changes that may affect the interception capability, and provides for them to prepare and lodge annual interception capability plans with the Attorney-General.
     
     

    There was for a while some doubt about the application of the Part 15 interception capability requirement to encrypted content. This was clarified in 1998 by an official of the Attorney-General's Department:
     
     

    "Yes, the changes do require carriers and service providers to provide an interception capability. And yes this could include the ability to decrypt messages which may have been encrypted by the carrieror service provider as part of the normal operation of the service. It does not, however, require carriers or service providers to decrypt traffic which has been encrypted by customers before being carried over the network."[17] (emphasis in the original)
    A related development was the effective prohibition of the issue of 'anonymous' pre-paid SIM cards for digital mobile phones. For a period until 1997, it was possible to purchase a SIM card for cash and use it in a mobile phone with no record being made or kept of the purchaser's identity. In another largely unnoticed policy response, the law enforcement community prevailed on the ACA to issue a direction to carriers to require proof of identity from people buying pre-paid SIM cards. Privacy advocates submitted that had there been a proper public debate about this change, someone might have questioned the value to law enforcement agencies of information about the purchaser, who need bear little if any relationship to the eventual user. They suggested that this measure appeared to be yet another 'just in case' extension of surveillance without adequate justification for the collection of detailed identity details about thousands of individual customers.

    Interception Rules and Safeguards

    The government has sought to re-assure the public about interception by imposing rigorous controls over the process. The federal Telecommunications (Interception) Act 1979 makes unauthorized interception unlawful, andregulates the interception of telecommunications by all law enforcement agencies including State and Territory police forces. Until recently, the major safeguard was the necessity to obtain a warrant from a federal court judge, and the range of offences in relation to which warrants can be obtained is limited and specified in the Act. The way in which intercept `product' may be handled and its uses are strictly specified in the Act. There is also a range of other accountability measures such as procedural oversight by Federal and State Ombudsmen and an annual report to the Attorney-General, tabled in Parliament. The regime falls short of practice in some overseas jurisdictions, such as the United States, where there is a requirement to notify people whose communications have been intercepted after the event, once investigations will no longer be prejudiced.

    Separate legislation provides for interception warrants to be obtained by the intelligence agency ASIO, but these warrants are issued by the Attorney-General - a government minister.[18] The ASIO legislation provides for emergency warrants to be issued by the Director-General of the agency itself subject to subsequent ratification by the Minister. In contrast, the general interception regime only provides for a limited category of life-threatening emergencies where interception without a warrant is permitted[19], together with a telephone application process for urgent warrants (rarely used).
     
     

    The Telecommunications (Interception) Act provides for a form of cost recovery by carriers of the costs of interception, through charges for each `intercept' - this is separate from the arrangements for funding the interception capability already described above.
     
     

    The telecommunications interception legislation is, according to a recent government submission[20], "designed to be technology-neutral and applies to any form of communication--voice, fax, images or data--passing over a telecommunications system. Therefore, it already applies broadly to modern forms of communications such as Short Message Services (SMS) over the GSM[21] networks, email and other types of Internet communications, which at some stage must pass over a telecommunications system".[22]
     
     

    Unauthorised interception

    Apart from creating a regime for authorized interception, the Telecommunications (Interception) Act provides sanctions against other interception. Unauthorised interception is an indictable criminal offence, carrying a penalty of up to 2 years imprisonment. The Act also creates a statutory tort, allowing anyone whose communications are intercepted to seek civil remedies[23].
     
     

    However, the effectiveness of the legislation is arguably compromised by uncertainty and ambiguity over two major issues. Firstly the question of `content or substance' already discussed above. Secondly, the issue of `participant monitoring'. This is defined only indirectly by the Act as an exception, but it is generally recognized that the position of, in particular, organizations that are the subscriber for a telephone service, monitoring or recording conversations between their staff and third parties is far from clear[24].
     
     

    Authorised Interception

    The range of offences for which interception warrants may be obtained, and the list of agencies allowed to apply for warrants, have both expanded since the Act was first introduced in 1979. The latter development arguably only reflects the proliferation of law enforcement agencies and oversight or watchdog agencies in recent years. The former development is less easy to explain and arguably to justify, other than as an inevitable `function creep' under pressure to respond to perceived crime threats. Warrants can currently be obtained in relation to two classes of offence - Class 1 offences including murder, kidnapping and narcotics offences; Class 2 includes a range of other serious offences the common criteria being that the offence is punishable by imprisonment for at least 7 years.
     
     

    Interception was originally handled centrally through the Australian Federal Police, but amendments have allowed some eligible authorities (mainly the State police forces) to deal directly with the carriers. Other agencies still have to obtain their intercept `product' through another agency.
     
     

    There are strict record-keeping requirements applying both to carriers and to the eligible authorities serving the warrants[25]. These records are subject to reporting requirements and to oversight by the Federal and State/Territory Ombudsmen, as applicable. The federal Attorney-General's Department publishes an Annual Report on the operation of the Act. The most recent report reveals that 1286 applications were made and warrants were issued in all but two cases[26]. This represents a doubling of applications from the previous two years - explained in the report as partly due to increased funding for Commonwealth law enforcement agencies and increasing complexity and diversification of the telecommunications environment, including greater availability of mobile phone services. The main increases were attributable to the Federal Police, National Crime Authority (both principally an increase in warrants for narcotics offences) and to NSW and Victoria Police and the NSW Crime Commission.
     
     

    In 1998, a telecommunications working group of the International Data Protection Commissioners issued a common position on accountability for interception[27], stating that there should be mechanisms to re-assure the public that interception powers are being used lawfully, appropriately and proportionally. The mechanisms suggested include:

    While the Australian interception regime meets some of these benchmarks, it falls short in relation to some of the detailed reporting standards recommended in the statement. Also, the monitoring powers of the Ombudsmen are restricted to procedural matters rather than extending to the substance of the warrants and justifications. Ideally this would be more appropriately an additional function for the courts, but the federal court is not adequately resourced to undertake the systematic retrospective monitoring of the warrant system.
     
     

    Resourcing issues for the federal court have also led to another significant change to the interception regime. The Telecommunications (Interception) and Listening Device Amendment Act 1997[28] allow warrants to be issued by designated members of the Administrative Appeals Tribunal. This was presented by the government, and eventually accepted by the Opposition, as an unavoidable necessity given the unwillingness of federal court judges to continue to perform the role exclusively.
     
     

    The level of debate on this major development was disappointing[29], with the Opposition only belatedly raising concerns in the House of Representatives when it was too late to effect changes. A number of arguably spurious justifications put forward by the government went largely unchallenged, although the Chief Justice of the Federal Court has confirmed publicly that the judges concern about both the burden of interception warrant approvals and the potential conflict of roles was genuine[30]. The real concern in this matter, according to privacy submissions, is the fact that most of the AAT members who are likely to be designated by the Attorney-General under the amendments are appointed for fixed terms, and are not tenured. Privacy groups submitted that without casting any aspersions on the integrity or diligence of individual AAT members, it is simply not satisfactory to have people whose future career prospects may depend on further governmental appointments deciding something as crucial as the issuing of an interception or `bugging' warrant.
     
     

    The Annual Report on the Act for 1989-99 anticipates the transfer of the warrant issuing function to the proposed new Administrative Review Tribunal (ART) which will replace the AAT, and also the addition of the new federal magistrates as persons authorized to issue warrants. This latter development would partially restore the former status quo, although magistrates, while part of the judiciary, are not tenured like federal court judges.

    Two official federal government reviews of Interception have been completed in recent years, with limited opportunity for public submissions and debate.

    The first review was by the Australian Communications Authority, which looked at the cost effectiveness of the interception obligations on carriers and carriage service providers and the cost sharing arrangements[31]. The second was a broader review of interception policy, promised at the time of the 1997 `warrant issuing' amendments, and conducted by the Commonwealth Attorney-General's Department.[32] Although public submissions to both reviews were invited, they were not widely solicited or publicized, and in the case of the AGs review details were only made available on request, which inevitably limited the number and breadth of inputs. The draft report which was sent to interested parties on request did however give an excellent account of the background and current issues.
     
     

    Other concerns raised in submissions by privacy advocates to the two reviews included:
     
     

    The Attorney-General's Department published a report of their review in May 1999[34], and the Minister tabled the ACA's review in Parliament in July 2000[35].
     
     

    The only significant amendment to the regime since 1997 has been the introduction of `named person' warrants. The government contended that when a person under investigation is able to move rapidly among a selection of services, it becomes difficult to identify all relevant services in advance for the purposes of obtaining a separate warrant authorising the interception of each of those services[36].

    The Government responded to this problem by amending the legislation[37] to provide for a new category of interception warrant: the named person warrant. Named person warrants enable an agency to intercept any services, which are, or are likely to be, used by the person identified on the warrant. Because a named person warrant is not confined to a particular service, an investigating agency now has the flexibility to rapidly connect and disconnect interceptions as the suspect changes from service to service during the currency of the warrant. The named person warrant provisions of the Amendment Act will be subject to a review in 2003.
     
     

    Other recent changes which apply only to ASIO interception warrants, are:
     
     

    Privacy advocates have expressed concern that these amendments could have a precedent effect and lead to law enforcement agencies seeking similar extensions of their powers.

    [1] Carriers provide networks - there are currently three main carriers - Telstra (fixed and mobile); Cabel & Wireless Optus (mobile and some geographically specific fixed networks via cable); and Vodafone (mobile only). A spectrum auction for so called third generation mobile network licences is being held in 2001 and is likely to see additional carriers. Carriage service providers (CSPs) include a wide range of `re-sellers' taking advantage of statutorily mandated access to the Telstra network, and also include Internet Service Providers. There are currently more than 700 CSPs.

    [2] See http://www.tio.org.au

    [3] See http://www.acif.org.au

    [4] ACIF Draft Code C537 : Provision of assistance to national security, enforcement and other government agencies, clauses 2.1.3 and 2.2.1.

    [5] see http://www.ctn.org.au

    [6] Public Interest Determination - Application No 6, 27 September 1991 - the Commissioner found that Telstra did not need an exemption from Information Privacy Principles 11 and 2 in relation to the operation of its Electronic White Pages directory.

    [7] Telecommunications Privacy, AUSTEL, December 1992.

    [8] Code C523 - see http://www.acif.org.au

    [9] Code C522 - see http://www.acif.org.au

    [10] All available at http://www.acif.org.au

    [11] ACIF Draft Code C537 : Provision of assistance to national security, enforcement and other government agencies - consultation draft available at http://www.acif.org.au.

    [12]Telecommunications and Law Enforcement, Fact sheet and Manual - at http://www.aca.gov.au

    [13] ACIF Draft Code C537, clauses 2.1.3 and 2.2.1.

    [14] This will also become a requirement under the recent private sector amendments to the Privacy Act 1988, unless the telecommunications industry applies for a Code of Practice (either the existing one or a revised version) to replace the default statutory principles.

    [15] Analogue mobile calls are in any case broadcast in clear, and can be picked up by cheap and easily available radio scanners.

    [16]International Requirements for Interception, International Law Enforcement Telecommunications Seminar (ILETS)

    [17] Holland, K: 'Recent International Legal Developments in Encryption' , IIR Conferences, 1998 - http://www2.austlii.edu.au/itlaw/articles/Holland.html

    [18]Australian Security Intelligence Organisation Act 1979

    [19]Telecommunications (Interception) Act 1979, s.30.

    [20] Attorney-General's Portfolio submission to a Parliamentary Committee Inquiry into Law Enforcement and New Technology - see http://www.aph.gov.au/nca

    [21] Global Specification Mobile-a digital mobile telephone technology

    [22] This statement begs the question already posed above as to whether the Interception regime applies to such `stored message' communications after they have been deposited in the recipients `mailbox' and/or read for the first time.

    [23]Telecommunications (Interception) Act 1979, Part XA

    [24]Participant Monitoring of Communications, ACIF Guideline, July 1998 - see http://www.acif.org.au

    [25] State or Territory legislation imposing equivalent accountability requirements on State or Territory agencies is a pre-condition for the federal Attorney-General approving access.

    [26]Telecommunications (Interception) Act 197, Annual Report for the year ending 30 June 1999. see http://law.gov.au/publications/annreptelecom.pdf

    [27] International Working Group on Data Protection in Telecommunications: Common Position on Public Accountability in relation to Interception of Private Communications, April 1998.

    [28] No. 160 of 1997.

    [29] Waters, N: Telecommunications Interception: - extending the reach or maintaining the status quo?, Privacy Law & Policy Reporter, Vol 4 No 6, November 1997, page 110

    [30] Letter from the Chief Justice to the Australian Privacy Charter Council, 13 April 1999.

    [31] Australian Communications Authority - Telecommunications Interception Review - Review into longer term cost effectiveness of arrangements for telecommunications interception, Discussion Paper December 1998 (was on www.aca.gov.au ).

    [32] Attorney-General's Department - Policy Review of the Telecommunications (Interception) Act 1979, announced on the Department's Window on the Law web site December 1998 www.law.gov.au//aghome/legalpol/isld/tipr/Welcome.html

    [33]Participant Monitoring of Communications, ACIF Guideline, July 1998 - see http://www.acif.org.au

    [34] see http://law.gov.au/publications/teleintreview/teleintreview.html

    [35] see http://www.aca.gov.au/licence/carrier/interception.htm

    [36] Attorney-General's Portfolio submission to a Parliamentary Committee Inquiry into Law Enforcement and New Technology, June 2000 - see http://www.aph.gov.au/nca

    [37]Telecommunications (Interception) Legislation Amendment Act 2000, No 63/2000

    [38]ASIO Legislation Amendment Act 1999, s.25(2).

    [39]ASIO Legislation Amendment Bill 2000, s.25(10) and s.25(8) respectively.

    [40]ASIO Legislation Amendment Bill 2000, s.25A

    [41]ASIO Legislation Amendment Bill 2000, s.25A(5)

    [42] Government response to the Joint Parliamentary Committee, June 1999 - see http://www.aph.gov.au/house/committee/pjcasio/govresp1.htm . This commitment was supposedly given effect by s.25A(4) - although the precise effect of this in conjunction with s.25A(5) remains unclear.