in

PJCIS demands 23 changes before foreign entities get Australian data under IPO regime

The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has recommended the passage of the Bill that would pave the way for Australia to share communications data with other countries, but only if the government implements the 23 other recommendations it has made.

The Telecommunications Legislation Amendment (International Production Orders) Bill 2020 (IPO Bill), if passed, would allow Australia to obtain a proposed bilateral agreement with the United States, in the first instance, under its Clarifying Lawful Overseas Use of Data Act (CLOUD Act).

The IPO Bill is intended to amend the Telecommunications (Interception and Access) Act 1979 (TIA Act) to create a framework for Australian agencies to gain access to stored telecommunications data from further foreign designated communication providers in countries that have an agreement with Australia, and vice versa.

But the committee has asked for a number of fixes to the TIA Act before waving through the IPO Bill.

Must read: Intelligence review recommends new electronic surveillance Act for Australia

One recommendation from the PJCIS is that these foreign agreements be published and tabled in the regulations, subject to Parliamentary scrutiny and a period of disallowance.

It also wants a disallowance period inserted into the TIA Act where arrangements with foreign parties are extended for another three years. The PJCIS does not require any arrangement extensions to be privy to Parliamentary scrutiny, but it does require a handful of prerequisites, with the first being the foreign government is prohibited from intentionally targeting an Australian citizen or permanent resident, either directly or through a non-Australian.

All interception activities of the foreign government, therefore, are only to be carried out for the purpose of obtaining information about communications of an individual who is outside of Australia.

Further clauses include that the foreign party must not be engaging in collection activities on behalf of the Australian government, or any other government, and that it not share the data it obtained with any other government.

The IPO Bill proposes three different types of international production orders that can be sought for three purposes. The types of production orders include interception of data, access to stored communications, and access to telecommunications data.

Such an order may be sought for the purpose of an investigation of an offence of a serious nature; or the monitoring of a person subject to a control order, so as to protect the public from terrorist acts, prevent support for terrorist acts and hostile acts overseas, and detect breaches of the control order; or the carrying out by the Australian Security Intelligence Organisation (ASIO) of its functions.

It wants the Bill amended to also require ASIO to retain a copy of a particular document for three years, or for as long as any of the data obtained under an international production order is retained, whichever is longer; and retain all relevant materials supporting an application for international production order for this period.

See also: Australia’s tangle of electronic surveillance laws needs unravelling

The TIA Act, the PJCIS said, should also be amended to avoid “scope creep” — it has asked that an international agreement only be issued for the purpose of obtaining information relating to the listed criteria.

The committee also wants “urgent circumstances” defined in the TIA Act and powers inserted to define that ASIO’s Director-General of Security may only delegate powers to a senior position holder.  

The committee also wants the country seeking a designated international agreement with Australia to meet criteria, such as respect for the rule of law, human rights obligations, and clear legal procedures and restrictions governing the use of electronic surveillance investigatory powers.

With concerns raised on the possibility of Australia granting foreign law enforcement bodies with data that could be used to condemn an individual to death, due to countries such as the US still practising the death penalty as an example, the PJCIS said the relevant minister must receive a written assurance from the government of the foreign country “relating to the non-use of Australian-sourced information obtained by virtue of the agreement in connection with any proceeding for a death penalty offence in the country or territory”.

On the IPO Bill itself, it wants only officers or officials who are designated as authorised officers by the head of an enforcement agency to be given the ability to apply for IPOs. Due to this, when it comes to authorising an individual to be an authorised officer, the PJCIS has asked for a requirement that the head of an enforcement agency must be satisfied it is necessary for an individual to be an “authorised officer” in order for the individual to carry out his or her normal duties.

See also: Budget 2021: ASIO the big winner from AU$1.9 billion national security pool

Elsewhere, the PJCIS has asked that the government ensure the Office of the Commonwealth Ombudsman has sufficient resources to enable effective oversight of powers under the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, as well as the IPO Bill.

It also wants assurance that the Inspector-General of Intelligence and Security is given appropriate resources to enable effective oversight of ASIO regarding its proposed IPO Bill powers.

The PCJIS has asked as well that it be allowed to review the effectiveness and continuing need for an international production orders regime three years after the date on which the first designated international agreement comes into force.

Finally, the committee said it will wave the Bill through if all of its recommendations are addressed.

“The committee recommends that, following implementation of the recommendations in this report, the Bill be passed by Parliament,” it wrote.

MORE ON THE IPO BILL

 


Source: Information Technologies - zdnet.com

US agrees to remove Xiaomi from Communist Chinese military company list

Colonial Pipeline restarts operations brought down by ransomware