After more than two months of behind-the-scenes negotiations, the high-powered Joint Committee on Intelligence and Security has agreed to a government reference on a major national security review.
Attorney-General Nicola Roxon attempted to initiate the review in May when she wrote to the Committee proposing an inquiry into range of proposals to “update” various aspects of national security legislation via a very rapid review to be conducted by the end of July. It is understood that the committee baulked at both the proposed timing and content of the proposed terms of reference.
The committee is chaired by Victorian MP Anthony Byrne and includes ALP members Kevin Rudd, Mark Bishop, Ursula Stephens and John Faulkner (all, coincidentally, Rudd backers). Phillip Ruddock is the deputy chair and oppositions frontbenchers George Brandis and David Johnston are also on it, along with Andrew Wilkie, John Forrest and (the decidedly anti-Rudd) Michael Danby.
The paper makes the case for the “urgent reform”, indeed “holistic reform” of the Telecommunications Interception Act to reflect technological changes. Of course, that Act has been amended virtually every year for a decade. But the paper argues that such constant amendment in fact strengthens the case for “urgent” and “holistic” reform because such reform has been piecemeal. Work that out if you can.
Under the rubric of “standardising warrant tests and thresholds, the paper proposes reducing the threshold for telecommunications content interception from offences carrying 7 years’ imprisonment to a lower, unspecified level, but approvingly cites the 3-year level for stored communications.
The paper wants to dump legislated requirements for record-keeping relating to accountability for agency storage and usage or intercepted data because they are “one size fits all”, inflexible and “process oriented” i.e. the same claims made by business when complaining about “red tape”. The paper recommends accountability processes that are “more attuned to providing the information needed to evaluate whether intrusion to privacy under the regime is proportionate to public outcomes”.
In a hugely controversial suggestion, the paper suggests “the exclusion of providers such as social networking providers and cloud computing providers creates potential vulnerabilities in the interception regime that are capable of being manipulated by criminals. Consideration should be given to extending the interception regime to such providers to remove uncertainty.” Given the fights the US government regularly has with Twitter over its efforts to illegally access Twitter data, one doesn’t fancy the Attorney-General’s Department’s chances there.
The paper proposes a mechanism for direct government intervention with carriage and carriage service providers to address security issues. The AGD Secretary of the Attorney General’s Department, with the Director General of Security and the Secretary of the Department of Broadband, could direct a provider to undertake ”modifications to infrastructure, audit, and ongoing monitoring, with costs to be borne by the relevant C/CSP. Grounds for directing mitigation or alternative actions would ultimately be determined by security agencies.” Currently, there is a power to direct a C/CSP to simply shut down, which would remain. This is all intended to “maximise cooperative engagement between C/CSPs and Government on matters of national security”.
ASIO has proposed a new mechanism to enable the Director-General to authorise any criminal conduct by its agents short of sexual assault or conduct likely to result in death or serious injury or forcing someone else to commit a major crime, to enable agents to more effectively operate undercover.
ASIO would also like the removal of the current prohibition on “doing anything under a computer access warrant that adds, deletes or alters data or interferes with, interrupts, or obstructs the lawful use of the target computer by other persons”, and have the power to stop and search people as well as premises with a warrant.
ASIO seeks a virtually open-ended warrant power to use third-party computers to gain access to a target computer, including by the use of force if necessary.
The paper proposes a device to enable the Minister to remove prohibitions on intelligence agencies other than ASIO from gathering intelligence on Australians, in order to enable them to cooperate with ASIO (principally ASIS).
Most interestingly of all, there appears to be no discussion of the rationale for the two-year mandatory data retention régime proposed in the terms of reference; while every other proposal in the TOR, whether government-recommended or simply nominated for consideration, is discussed in detail data retention receives no discussion that is readily apparent — indeed, it appears contradicted by the section on a “tiered” approach to interception that recognises smaller C/CSPs have limited capacity to meet surveillance requirements.
Possibly the complaint in the TIA section that “some carriers have already ceased retaining such data for their business purposes and it is no longer available to agencies for their investigations” is a justification for data retention; if it is, it’s a vague and very brief one.