in

IGIS asks ASIO be required to provide transparency in IPO regime

The Inspector-General of Intelligence and Security (IGIS) was stood up to ensure the legality and propriety of the Australian intelligence community actions. As one of its roles, IGIS would have oversight of how the Australian Security Intelligence Organisation (ASIO) uses the international production orders (IPO) regime, if legislation currently under consideration goes ahead as planned.

The Telecommunications Legislation Amendment (International Production Orders) Bill 2020 is intended to amend the Telecommunications (Interception and Access) Act 1979 (TIA Act) to create a framework for Australian agencies to gain access to stored telecommunications data from foreign designated communication providers in countries that have an agreement with Australia, and vice versa.

The Bill is a precondition for Australia to obtain a proposed bilateral agreement with the United States in order to implement the US Clarifying Lawful Overseas Use of Data Act (the CLOUD Act).

Under the IPO Bill, ASIO would be required to report to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) on what IPOs it seeks, but not to make them public.

IGIS believes public transparency should be considered.

“You don’t deal with public concern by hiding,” inspector-general Margaret Stone said.

“If you consider the provisions for law enforcement agencies which the Bill includes a specific provision requiring statistics on each agency use of the IPO regime to be included in a public annual report, that seems to us was worthy of consideration for ASIO.”

Stone, appearing before the PJCIS on Tuesday, said that should particularly be the case, given that ASIO’s use of the IPOs is, in a sense, second hand.

“By that I mean ASIO’s functions relate to security, and the broad definition of security in the ASIO Act may overlap with some elements of serious crime as required under the CLOUD Bill, but not be totally coextensive,” she added.

Stone said public trust would likely be enhanced by an understanding from the public that some things cannot be made plain, but others can.

“The real attempt at transparency, it is likely to create better public trust and enable us to do our job of ensuring the government … the activities of the agencies, if basically the only things that are kept secret are those that need to be kept secret, rather than the risk of worrying the public,” she said.

Comparing Australia’s existing and pending regimes in the law enforcement space to those in other countries such as the United Kingdom, deputy inspector-general Jake Blight told PJCIS the nation was slipping behind.

“I think it’s fair to say the processes are rather more transparent than here and therefore the committee might want to look at our submissions on those points and see whether Australia wants to be more in-step with overseas or not,” Blight said.

“I think we’re a little out of step technologically and a little out of step with the legislation … in the guidelines I think there’s a lot of unrealised potential.”

Having already provided a submission to the PJCIS which focused on a number of concerns such as the ageing guidelines that ASIO would be required to follow should the IPO regime go ahead as drafted, IGIS also reiterated concerns regarding the level of authority required to seek an IPO.

As the Bill is currently drafted, any one of ASIO’s several thousand employees could theoretically be authorised to apply for an IPO. Stone’s suggestion is to restrict authorisation to only the director-general of ASIO and the deputies, of which there are presently three.

“While we accept that with multiple IPO applications it may not be feasible for the director-general to approve all, there are three deputies at ASIO … it seems to me there’s a concern about delegating it to any member of the ASIO staff where there’s no training or experience in relation to these matters,” Stone said.

“None of that detracts from what would be the good sense of the director-general, but it would in our view be worth considering if this should go in the legislation.”

Also facing the committee on Tuesday was the Office of the Commonwealth Ombudsman, which in its submission asked for more funding to appropriately deal with the added workload the IPO Bill could potentially result in.

“If passed, the IPO Bill will make it easier for law enforcement agencies to obtain certain electronic information under proposed and future bilateral or multilateral agreements, when compared to current mutual legal assistance arrangements,” ombudsman Michael Manthorpe wrote previously.

“On this basis, I anticipate that not only will the number of inspections my office is required to perform [will] increase, but so too will the volume of electronic information accessed by Australian law enforcement agencies which my staff will need to asses.”

On Tuesday, Manthorpe said the Department of Home Affairs was aware that Ombudsman resourcing still needed to be addressed.

Manthorpe estimates there to be 65 additional inspections annually, if the IPO Bill was to go ahead.

“We will not know how many inspections or how large they will be until agencies start to actually use the powers, but if all the agencies use the powers, and bearing in mind we have state and territory law enforcement agencies in the picture as well as Commonwealth … hence in the order of 20 agencies maximum we would be overseeing, if they all use the powers I would envisage we need something in the range of 10-15 people,” he said.

“Probably in the order of a couple of million dollars [of funding].”

When the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 became law, the Ombudsman asked the government for additional resources. On Tuesday, Manthorpe said his office has not been given any more staff, despite asking for “half a dozen”.

Deputy chair of the committee Anthony Byrne said he was concerned as the PJCIS had been given assurances that the government would favouringly consider additional resourcing for the Commonwealth Ombudsman’s office to handle the Assistance and Access Bill.

PJCIS had already asked IGIS if she needed further resourcing to handle the IPO Bill.

“We have extensive oversight of ASIO, ASIO at times might feel like its too much, but our relations with them are very cordial, we get cooperation from them when we need to look at things, obviously if we had an unlimited budget and unlimited staff, we would do more,” Stone said.

“The oversight that we do is targeted, very finely titrated in relation to our budget.”

MORE ON THE IPO BILL


Source: Information Technologies - zdnet.com

Toll attacker made off with past and present employee data and commercial agreements

Android app promised to serve news updates, served ESET with a DDoS attack instead