A Bill for an Act to amend the Telecommunications (Interception and Access) Act 1979, and for related purposes
The Parliament of Australia enacts:
1 Short title
This Act may be cited as the Telecommunications (Interception and Access) Amendment Act 2009.
2 Commencement
This Act commences on the day after this Act receives the Royal Assent.
3 Schedule(s)
Each Act that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.
Schedule 1—Network protection
Telecommunications (Interception and Access) Act 1979
1 Subsection 5(1)
Insert:
appropriately used, in relation to a computer network that is operated by, or on behalf of, a Commonwealth agency, security authority or eligible authority of a State, has the meaning given by section 6AAA.
2 Subsection 5(1)
Insert:
network protection duties, in relation to a computer network, means duties relating to:
(a) the operation, protection or maintenance of the network; or
(b) if the network is operated by, or on behalf of, a Commonwealth agency, security authority or eligible authority of a State—ensuring that the network is appropriately used by employees, office holders or contractors of the agency or authority.
3 Subsection 5(1)
Insert:
office holder means a person who holds, occupies or performs the duties of an office, position or appointment.
4 Subsection 5(1)
Insert:
responsible person for a computer network means:
(a) if an individual operates the network, or the network is operated on behalf of an individual—that individual; or
(b) if a body (whether or not a body corporate) operates the network, or the network is operated on behalf of a body (whether or not a body corporate):
(i) the head (however described) of the body, or a person acting as that head; or
(ii) if one or more positions are nominated by that head, or the person acting as that head, for the purposes of this subparagraph—each person who holds, or is acting in, such a position.
5 Subsection 5F(1)
Omit “(1)”.
6 Subsections 5F(2) and (3)
Repeal the subsections.
7 Subsection 5G(1)
Omit “(1)”.
8 Subsections 5G(2), (3) and (4)
Repeal the subsections.
9 After section 6
Insert:
6AAA When a computer network is appropriately used by an employee etc. of a Commonwealth agency etc.
For the purposes of this Act, if a computer network is operated by, or on behalf of, a Commonwealth agency, security authority or eligible authority of a State, the network is appropriately used by an employee, office holder or contractor of the agency or authority if:
(a) the employee, office holder or contractor has undertaken, in writing, to use the network in accordance with any conditions specified, in writing, by the agency or authority; and
(b) those conditions are reasonable; and
(c) the employee, office holder or contractor complies with those conditions when using the network.
10 At the end of paragraph 6E(2)(b)
Add “or 63E”.
11 After paragraph 7(2)(aa)
Insert:
(aaa) the interception of a communication by a person if:
(i) the person is authorised, in writing, by a responsible person for a computer network to engage in network protection duties in relation to the network; and
(ii) it is reasonably necessary for the person to intercept the communication in order to perform those duties effectively; or
12 Subsection 7(2A)
Omit “and (aa)”, substitute “, (aa) and (aaa)”.
13 After subsection 7(2A)
Insert:
(3) Paragraph (2)(aaa) does not apply to a voice communication in the form of speech (including a communication that involves a recorded or synthetic voice).
14 After subsection 35(1)
Insert:
(1A) Paragraphs (1)(f) and (g) do not apply to a restricted record that is a record of a communication that was intercepted under paragraph 7(2)(aaa).
15 After section 63B
Insert:
63C Dealing in information for network protection purposes etc.
(1) Subject to subsection (3), a person engaged in network protection duties in relation to a computer network may, in performing those duties, communicate or make use of, or cause to be communicated, lawfully intercepted information that was obtained by intercepting a communication under paragraph 7(2)(aaa).
(2) Subject to subsection (3), a person engaged in network protection duties in relation to a computer network may communicate, or cause to be communicated, to the following persons lawfully intercepted information that was obtained by intercepting a communication under paragraph 7(2)(aaa):
(a) a responsible person for the network;
(b) another person if the information is reasonably necessary to enable the other person to perform the other person’s network protection duties in relation to the network.
(3) A person must not communicate or make use of, or cause to be communicated, lawfully intercepted information under subsection (1) or (2) if the information was obtained by converting a communication intercepted under paragraph 7(2)(aaa) into a voice communication in the form of speech (including a communication that involves a recorded or synthetic voice).
63D Dealing in information for disciplinary purposes
(1) This section applies to a person engaged in network protection duties in relation to a computer network if:
(a) the network is operated by, or on behalf of, a Commonwealth agency, security authority or eligible authority of a State; and
(b) the duties are of a kind referred to in paragraph (b) of the definition of network protection duties in subsection 5(1).
(2) Subject to subsections (3) and (4), the person may communicate or make use of, or cause to be communicated, lawfully intercepted information that was obtained by intercepting a communication under paragraph 7(2)(aaa) if the communication or use is for the purpose of:
(a) determining whether disciplinary action should be taken in relation to a use of the network by an employee, office holder or contractor of the agency or authority; or
(b) taking disciplinary action in relation to a use of the network by such an employee, office holder or contractor in a case where the use is not an appropriate use of the network by that employee, office holder or contractor; or
(c) reviewing a decision to take such disciplinary action.
Note: See section 6AAA for when a computer network is appropriately used by such an employee, office holder or contractor.
(3) A person must not communicate or make use of, or cause to be communicated, lawfully intercepted information under subsection (2) if the information was obtained by converting a communication intercepted under paragraph 7(2)(aaa) into a voice communication in the form of speech (including a communication that involves a recorded or synthetic voice).
(4) A person must not communicate or make use of, or cause to be communicated, lawfully intercepted information for a purpose referred to in subsection (2) if the person would contravene another law of the Commonwealth, or a law of a State or Territory, in doing so.
63E Responsible person for a computer network may communicate information to an agency
A responsible person for a computer network may communicate lawfully intercepted information (other than foreign intelligence information) to an officer of an agency if:
(a) the information was communicated to the responsible person under paragraph 63C(2)(a); and
(b) the responsible person suspects, on reasonable grounds, that the information is relevant to determining whether another person has committed a prescribed offence.
16 Section 72
After “section 63B,”, insert “63C, 63D, 63E,”.
17 Section 73
Omit “A person”, substitute “(1) Subject to subsections (2) and (3), a person”.
18 Section 73
After “subsection 63B(2)”, insert “, 63C(2) or 63D(2)”.
19 Section 73
Omit “this section”, substitute “this subsection”.
20 At the end of section 73
Add:
(2) If a person to whom information has been communicated in accordance with subsection 63D(2) communicates the information to another person (the recipient) under subsection (1) of this section, the recipient must not communicate, use, or make a record of, the information under subsection (1) of this section if the recipient would contravene another law of the Commonwealth, or a law of a State or Territory, in doing so.
(3) If the recipient communicates that information to a third person under subsection (1) of this section, the third person must not communicate, use, or make a record of, the information under that subsection if the third person would contravene another law of the Commonwealth, or a law of a State or Territory, in doing so.
21 At the end of section 79
Add:
(3) This section does not apply to a restricted record that is a record of a communication that was intercepted under paragraph 7(2)(aaa).
22 At the end of Part 2‑6
Add:
79A Responsible person for a computer network must ensure restricted records are destroyed
(1) This section applies if:
(a) a restricted record is a record of a communication that was intercepted under paragraph 7(2)(aaa); and
(b) the restricted record is in the possession of:
(i) a responsible person for the computer network concerned; or
(ii) the individual or body (whether or not a body corporate) who operates the network, or on whose behalf the network is operated; or
(iii) a person engaged in network protection duties in relation to the network.
(2) The responsible person must cause the restricted record to be destroyed as soon as practicable after becoming satisfied that the restricted record is not likely to be required:
(a) for the purpose of enabling a person to perform the person’s network protection duties in relation to the network; or
(b) if the network is operated by, or on behalf of, a Commonwealth agency, security authority or eligible authority of a State—for any of the following purposes:
(i) determining whether disciplinary action should be taken in relation to a use of the network by an employee, office holder or contractor of the agency or authority;
(ii) taking disciplinary action in relation to a use of the network by such an employee, office holder or contractor in a case where the use is not an appropriate use of the network by that employee, office holder or contractor;
(iii) reviewing a decision to take such disciplinary action.
23 Paragraph 81(1)(d)
After “each restricted record”, insert “(other than a restricted record that is a record of a communication that was intercepted under paragraph 7(2)(aaa))”.
Schedule 2—Other amendments
Part 1—Amendments
Telecommunications (Interception and Access) Act 1979
1 Subsection 5(1) (at the end of subparagraphs (b)(i), (ii), (iia) and (iib) of the definition of permitted purpose)
Add “or”.
2 Subsection 5(1) (at the end of paragraph (b) of the definition of permitted purpose)
Add:
(v) the performance of a function or duty, or the exercise of a power, by a person, court or other body under, or in relation to a matter arising under, Division 104 of the Criminal Code; or
(vi) the performance of a function or duty, or the exercise of a power, by a person, court, tribunal or other body under, or in relation to a matter arising under, Division 105 of the Criminal Code, so far as the function, duty or power relates to a preventative detention order; or
3 Subsection 5(1) (subparagraph (e)(i) of the definition of permitted purpose)
Omit “of an officer of the New South Wales Police Service”, substitute “(within the meaning of section 5 of that Act) of a police officer (within the meaning of that Act)”.
4 Subsection 5(1) (after subparagraph (e)(i) of the definition of permitted purpose)
Insert:
(ia) an investigation under the Police Integrity Commission Act of corrupt conduct (within the meaning of section 5A of that Act) of an administrative officer (within the meaning of that Act); or
(ib) an investigation under the Police Integrity Commission Act of misconduct (within the meaning of section 5B of that Act) of a Crime Commission officer (within the meaning of that Act); or
5 Subsection 5(1) (subparagraph (e)(ii) of the definition of permitted purpose)
Omit “such an investigation”, substitute “an investigation covered by subparagraph (i), (ia) or (ib)”.
6 Subsection 5(1) (subparagraphs (e)(iii) and (iv) of the definition of permitted purpose)
Omit “Service”, substitute “Force”.
7 Subsection 5(1)
Insert:
preventative detention order has the same meaning as in Part 5.3 of the Criminal Code.
8 After paragraph 5B(1)(ba)
Insert:
(bb) a proceeding under, or a proceeding relating to a matter arising under, Division 104 of the Criminal Code; or
(bc) a proceeding under, or a proceeding relating to a matter arising under, Division 105 of the Criminal Code, so far as the proceeding relates to a preventative detention order; or
9 Subsection 18(1)
Repeal the subsection, substitute:
(1) The following:
(a) the Managing Director of a carrier;
(b) the secretary of a carrier;
(c) an employee of a carrier authorised in writing for the purposes of this paragraph by the Managing Director or the secretary of the carrier;
may issue a written certificate signed by him or her setting out such facts as he or she considers relevant with respect to acts or things done by, or in relation to, employees of the carrier in order to enable a warrant to be executed.
10 Subsection 18(2)
After “secretary”, insert “, or an employee,”.
11 Subsection 129(1)
Repeal the subsection, substitute:
(1) The following:
(a) the Managing Director of a carrier or a body corporate of which the carrier is a subsidiary;
(b) the secretary of a carrier or a body corporate of which the carrier is a subsidiary;
(c) an employee of a carrier authorised in writing for the purposes of this paragraph by a person referred to in paragraph (a) or (b);
may issue a written certificate signed by him or her setting out such facts as he or she considers relevant with respect to acts or things done by, or in relation to, employees of the carrier in order to enable a warrant to be executed.
12 Subsection 129(2)
Omit “the Managing Director or secretary of a carrier, or of a body corporate of which the carrier is a subsidiary”, substitute “a person referred to in paragraph (a), (b) or (c) of that subsection”.
13 After section 185
Insert:
185A Evidentiary certificates relating to acts by carriers
(1) The following:
(a) the Managing Director of a carrier or a body corporate of which the carrier is a subsidiary;
(b) the secretary of a carrier or a body corporate of which the carrier is a subsidiary;
(c) an employee of a carrier authorised in writing for the purposes of this paragraph by a person referred to in paragraph (a) or (b);
may issue a written certificate signed by him or her setting out such facts as he or she considers relevant with respect to acts or things done by, or in relation to, employees of the carrier in order to enable the disclosure of information or a document covered by an authorisation in force under a provision of Division 3 or 4 of Part 4‑1.
(2) A document purporting to be a certificate issued under subsection (1) and purporting to be signed by a person referred to in paragraph (a), (b) or (c) of that subsection:
(a) is to be received in evidence in an exempt proceeding without further proof; and
(b) is, in an exempt proceeding, conclusive evidence of the matters stated in the document.
(3) For the purposes of this section, the question whether a body corporate is a subsidiary of another body corporate is to be determined in the same manner as the question is determined under the Corporations Act 2001.
185B Evidentiary certificates relating to acts by the Organisation
(1) The Director‑General of Security or the Deputy Director‑General of Security may issue a written certificate signed by him or her setting out such facts as he or she considers relevant with respect to:
(a) anything done by an officer or employee of the Organisation in connection with the disclosure of information or a document covered by an authorisation in force under a provision of Division 3 or 4 of Part 4‑1; or
(b) anything done by an officer or employee of the Organisation in connection with:
(i) the communication by a person to another person of information, or information contained in a document, covered by such an authorisation; or
(ii) the making use of such information; or
(iii) the making of a record of such information; or
(iv) the custody of a record of such information; or
(v) the giving in evidence of such information.
(2) A document purporting to be a certificate issued under subsection (1) by the Director‑General of Security or the Deputy Director‑General of Security and to be signed by him or her:
(a) is to be received in evidence in an exempt proceeding without further proof; and
(b) is, in an exempt proceeding, prima facie evidence of the matters stated in the document.
185C Evidentiary certificates relating to acts by enforcement agencies
(1) A certifying officer of an enforcement agency may issue a written certificate signed by him or her setting out such facts as he or she considers relevant with respect to:
(a) anything done by an officer or staff member of the agency in connection with the disclosure of information or a document covered by an authorisation in force under a provision of Division 3 or 4 of Part 4‑1; or
(b) anything done by an officer or staff member of the agency in connection with:
(i) the communication by a person to another person of information, or information contained in a document, covered by such an authorisation; or
(ii) the making use of such information; or
(iii) the making of a record of such information; or
(iv) the custody of a record of such information; or
(v) the giving in evidence of such information.
(2) A document purporting to be a certificate issued under subsection (1) by a certifying officer of an enforcement agency and to be signed by him or her:
(a) is to be received in evidence in an exempt proceeding without further proof; and
(b) is, in an exempt proceeding, prima facie evidence of the matters stated in the document.
Part 2—Validation, application and transitional provisions
14 Validation of the dealing with information by the Australian Federal Police
If:
(a) before the commencement of this item, an officer or staff member of the Australian Federal Police communicated to another person, made use of, or made a record of, information of a kind referred to in section 67 of the Telecommunications (Interception and Access) Act 1979; and
(b) apart from this item:
(i) the officer or staff member would have contravened section 63 of that Act by communicating, using or recording that information; and
(ii) the officer or staff member would not have contravened that section if subparagraphs (b)(v) and (vi) of the definition of permitted purpose in subsection 5(1) of that Act had been in force;
the officer or staff member is taken not to have contravened that section by communicating, using or recording that information.
15 Application—investigations
Subparagraphs (e)(ia) and (ib) of the definition of permitted purpose in subsection 5(1) of the Telecommunications (Interception and Access) Act 1979, as inserted by this Schedule, apply in relation to an investigation that begins after the commencement of this item whether or not the conduct or misconduct under investigation occurred before, on or after that commencement.
16 Transitional—previously issued evidentiary certificates
(1) This item applies to a certificate if:
(a) the certificate was issued under subsection 18(1) or 129(1) of the Telecommunications (Interception and Access) Act 1979 before the commencement of this item; and
(b) the certificate was in force immediately before that commencement.
(2) The certificate has effect, after that commencement, as if it had been issued under that provision of that Act as inserted by this Schedule.
17 Application—issue of evidentiary certificates
(1) Sections 18 and 129 of the Telecommunications (Interception and Access) Act 1979, as amended by this Schedule, apply in relation to acts or things done before, on or after the commencement of this item.
(2) Sections 185A, 185B and 185C of that Act, as inserted by this Schedule, apply in relation to an authorisation made under Part 4.1 of that Act before, on or after the commencement of this item.