Commonwealth of Australia Explanatory Memoranda Commonwealth of Australia Explanatory Memoranda[Index] [Search] [Download] [Bill] [Help]
2019-2020-2021
THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA
HOUSE OF REPRESENTATIVES
SURVEILLANCE LEGISLATION AMENDMENT (IDENTIFY AND DISRUPT) BILL
2020
SUPPLEMENTARY EXPLANATORY MEMORANDUM
Amendments and New Clauses to be Moved on Behalf of the Government
(Circulated by authority of the
Minister for Home Affairs, the Hon Karen Andrews MP)
SURVEILLANCE LEGISLATION AMENDMENT (IDENTIFY AND DISRUPT) BILL
GENERAL OUTLINE
1. The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 will amend
the Surveillance Devices Act 2004 (SD Act), the Crimes Act 1914 (Crimes Act) and
associated legislation to introduce new law enforcement powers to enhance the ability of the
Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission
(ACIC) to combat online serious crime.
2. The amendments to the Bill address a number of recommendations made by the
Parliamentary Joint Committee on Intelligence and Security in its Advisory report on the
Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020.
3. The amendments to the Bill will:
require additional matters to be specified in an application for a data disruption
warrant, and emergency authorisations for disruption of data, namely:
o for data disruption warrants - an assessment of how disruption of data held in
a target computer is likely to substantially assist in frustrating a relevant
offence;
o for data disruption warrants - an assessment of the likelihood that disruption
of data held in a target computer is likely to substantially assist in frustrating a
relevant offence; and
o for emergency authorisations for disruption of data - that there are no
alternative methods that could be used to avoid risk of serious violence to a
person or substantial damage to property that are likely to be as effective as
disruption of data;
require issuing authorities to be satisfied of additional matters before issuing a warrant
or an assistance order:
o for network activity warrants - the issue of the warrant is justified and
proportionate, having regard to the relevant offences;
o for assistance orders - the assistance order is reasonable and necessary to
enable the warrant or emergency authorisation to be executed; and
o for assistance orders - the assistance order is justifiable and proportionate,
having regard to the nature and gravity of the offence, and the likely impact of
compliance on the specified person or on other persons, including persons
lawfully using the computer;
require additional matters to be considered before a warrant, emergency authorisation
or an assistance order may be issued:
o for data disruption warrants - the nature of the things proposed to be
authorised by the warrant;
2
o for data disruption warrants - the extent to which the execution of the warrant
is likely to result in access to, or disruption of, data of persons lawfully using a
computer, and any privacy implications (to the extent known) resulting from
that access or disruption;
o for data disruption warrants - any steps that are proposed to be taken to avoid
or minimise the extent to which the execution of the warrant is likely to impact
on persons lawfully using a computer;
o for data disruption warrants and account takeover warrants - the extent to
which the execution of the warrant is likely to cause a person to suffer a
temporary loss of money, digital currency or property other than data, to the
extent known;
o for network activity warrants - any privacy implications resulting from access,
to the extent known;
o for account takeover warrants and emergency authorisations for disruption of
data - the extent to which the execution of the warrant or emergency
authorisation is likely to impact on persons lawfully using a computer, to the
extent known;
o for all warrants - if the issuing authority believes on reasonable grounds that
data or an account belongs to a journalist and the offence to which the warrant
relates is an offence against a secrecy provision, that the public interest in
issuing the warrant outweighs the public interest in protecting the
confidentiality of the identity of a journalist's source and facilitating the
exchange of information between journalists and members of the public so as
to facilitate reporting of matters in the public interest;
o for all warrants - specifying certain offences to which weight must be given
when having regard to the nature and gravity of the conduct constituting the
offence for which the warrant is sought;
o for emergency authorisations for disruption of data - whether the likely impact
of the execution of the emergency authorisation on persons lawfully using a
computer is proportionate, having regard to the risk of serious violence or
substantial damage;
o for assistance orders - whether the specified person is or has been subject to
another assistance order, to the extent known;
impose additional limitations and requirements on the exercise of authority conferred
under data disruption warrants and network activity warrants, namely:
o for data disruption warrants and network activity warrants - to return a
computer or other thing removed from a premises in accordance with the
warrant as soon as is reasonably practicable to do so once the computer or
thing is no longer required for the purposes of doing any thing authorised by
the warrant; and
3
o for data disruption warrants - to notify the Ombudsman where material loss or
damage is caused to one or more persons lawfully using a computer, within 7
days after the person executing the warrant became aware of that loss or
damage;
amend reporting requirements and frequency of Ombudsman's inspections from
six-monthly to annually, in line with existing regimes overseen by the Ombudsman;
provide a legislative basis for independent and parliamentary review of powers
contained in the Bill; and
introduce sunset provisions for warrants and emergency authorisations under the Bill.
4
FINANCIAL IMPACT STATEMENT
4. The amendments to this Bill will have no impact on Government revenue.
ABBREVIATIONS
The following abbreviations will be incorporated throughout this supplementary explanatory
memorandum:
Administrative Appeals Tribunal (AAT)
Australian Federal Police (AFP)
Australian Criminal Intelligence Commission (ACIC)
Crimes Act 1914 (Crimes Act)
Parliamentary Joint Committee on Intelligence and Security (PJCIS)
Surveillance Devices Act 2004 (SD Act)
Telecommunications (Interception and Access) Act 1979 (TIA Act)
5
STATEMENT OF COMPATIBILITY WITH HUMAN RIGHTS
Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.
AMENDMENTS TO THE SURVEILLANCE LEGISLATION AMENDMENT
(IDENTIFY AND DISRUPT) BILL 2020
1. These amendments are compatible with the human rights and freedoms recognised or
declared in the international instruments listed in section 3 of the Human Rights
(Parliamentary Scrutiny) Act 2011.
Overview of the Legislative Amendments
2. The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 will amend
the Surveillance Devices Act 2004 (SD Act), the Crimes Act 1914 (Crimes Act) and
associated legislation to introduce new law enforcement powers to enhance the ability of the
Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission
(ACIC) to combat online serious crime.
3. The amendments to the Bill will:
require additional matters to be specified in an application for a data disruption
warrant, and emergency authorisations for disruption of data, namely:
o for data disruption warrants - an assessment of how disruption of data held in
a target computer is likely to substantially assist in frustrating a relevant
offence;
o for data disruption warrants - an assessment of the likelihood that disruption
of data held in a target computer is likely to substantially assist in frustrating a
relevant offence; and
o for emergency authorisations for disruption of data - that there are no
alternative methods that could be used to avoid risk of serious violence to a
person or substantial damage to property that are likely to be as effective as
disruption of data;
require issuing authorities to be satisfied of additional matters before issuing a warrant
or an assistance order:
o for network activity warrants - the issue of the warrant is justified and
proportionate, having regard to the relevant offences;
o for assistance orders - the assistance order is reasonable and necessary to
enable the warrant or emergency authorisation to be executed; and
o for assistance orders - the assistance order is justifiable and proportionate,
having regard to the nature and gravity of the offence, and the likely impact of
compliance on the specified person or on other persons, including persons
lawfully using the computer;
6
require additional matters to be considered before a warrant, emergency authorisation
or an assistance order may be issued:
o for data disruption warrants - the nature of the things proposed to be
authorised by the warrant;
o for data disruption warrants - the extent to which the execution of the warrant
is likely to result in access to, or disruption of, data of persons lawfully using a
computer, and any privacy implications (to the extent known) resulting from
that access or disruption;
o for data disruption warrants - any steps that are proposed to be taken to avoid
or minimise the extent to which the execution of the warrant is likely to impact
on persons lawfully using a computer;
o for data disruption warrants and account takeover warrants - the extent to
which the execution of the warrant is likely to cause a person to suffer a
temporary loss of money, digital currency or property other than data, to the
extent known;
o for network activity warrants - any privacy implications resulting from access,
to the extent known;
o for account takeover warrants and emergency authorisations for disruption of
data - the extent to which the execution of the warrant or emergency
authorisation is likely to impact on persons lawfully using a computer, to the
extent known;
o for all warrants - if the issuing authority believes on reasonable grounds that
data or an account belongs to a journalist and the offence to which the warrant
relates is an offence against a secrecy provision, that the public interest in
issuing the warrant outweighs the public interest in protecting the
confidentiality of the identity of a journalist's source and facilitating the
exchange of information between journalists and members of the public so as
to facilitate reporting of matters in the public interest;
o for all warrants - specifying certain offences to which weight must be given
when having regard to the nature and gravity of the conduct constituting the
offence for which the warrant is sought;
o for emergency authorisations for disruption of data - whether the likely impact
of the execution of the emergency authorisation on persons lawfully using a
computer is proportionate, having regard to the risk of serious violence or
substantial damage;
o for assistance orders - whether the specified person is or has been subject to
another assistance order, to the extent known;
impose additional limitations and requirements on the exercise of authority conferred
under data disruption warrants and network activity warrants, namely:
7
o for data disruption warrants and network activity warrants - to return a
computer or other thing removed from a premises in accordance with the
warrant as soon as is reasonably practicable to do so once the computer or
thing is no longer required for the purposes of doing any thing authorised by
the warrant; and
o for data disruption warrants - to notify the Ombudsman where material loss or
damage is caused to one or more persons lawfully using a computer, within 7
days after the person executing the warrant became aware of that loss or
damage;
amend reporting requirements and frequency of Ombudsman's inspections from
six-monthly to annually, in line with existing regimes overseen by the Ombudsman;
provide a legislative basis for independent and parliamentary review of powers
contained in the Bill; and
introduce sunset provisions for warrants and emergency authorisations under the Bill.
Human rights implications
4. The human rights impacts of the Bill were outlined in the Statement of Compatibility
with Human Rights that accompanied the Bill. The amendments to the Bill are intended to
further strengthen and clarify safeguards which ensure that the new data disruption warrants,
network activity warrants and account takeover warrants introduced by the Bill do not
arbitrarily or unlawfully interfere with the human rights engaged. The amendments help to
ensure that any limitations on human rights are reasonable, necessary and proportionate to
achieve the legitimate public safety objectives of the warrants.
5. The amendments engage the following human rights in the International Covenant on
Civil and Political Rights (ICCPR):
the prohibition on arbitrary or unlawful interference with privacy contained in Article
17 of the ICCPR; and
the right to freedom of expression in Article 19 of the ICCPR.
The prohibition on arbitrary or unlawful interference with privacy contained in Article 17
of the ICCPR
6. The amendments engage the prohibition on arbitrary or unlawful interference with
privacy contained in Article 17 of the ICCPR.
7. Article 17 provides that no one shall be subjected to arbitrary or unlawful interference
with their privacy, family, home or correspondence, nor to unlawful attacks on his or her
honour and reputation, and that everyone has the right to the protection of the law against
such interference or attacks.
8. The protection against interference with privacy under Article 17 can be permissibly
limited in order to achieve a legitimate objective and where the limitations are lawful and not
arbitrary.
8
9. The term unlawful in Article 17 of the ICCPR means that no interference can take
place except as authorised under domestic law. Additionally, the term arbitrary in Article
17(1) of the ICCPR means that any interference with privacy must be in accordance with the
provisions, aims and objectives of the ICCPR and should be reasonable in the particular
circumstances.
10. The United Nations Human Rights Committee has interpreted reasonableness to
mean that any limitation must be proportionate and necessary in the circumstances.
11. The purpose of the Bill, and the associated limitations on the protection against
arbitrary or unlawful interference with privacy, is to protect public safety by providing law
enforcement agencies with additional powers to combat serious crime online. The Bill aims
to protect the rights and freedoms of individuals by equipping law enforcement agencies with
the tools they need to keep Australians safe. The limitations placed on privacy are not
arbitrary or unlawful. They are carefully framed and considered in order to ensure public
safety and a balanced approach to the intrusion on individuals' private data with the
maximum safeguards.
12. The amendments to the Bill positively engage the right to privacy by providing
additional safeguards to ensure that the warrants will only be issued where reasonably
necessary and proportionate to achieve a legitimate objective, as described below.
Additional matters in an application for a warrant
13. The amendments require additional matters to be specified in an application for a data
disruption warrant. The amendments expand what the affidavit accompanying an application
must set out to include: the grounds on which the warrant is sought, the things proposed to be
authorised, and an assessment as to how the proposed disruption of data is likely to
substantially assist in frustrating the commission of the offences targeted by the warrant and
of the likelihood that the disruption of data will achieve that objective.
14. Requiring this additional information to be set out in applications for data disruption
warrants complements the matters to which the issuing authority must have regard in
assessing those applications, and ensures that the issuing authority will have specific regard
to the activities proposed to be carried out under the warrant, as well as the likelihood those
activities will substantially assist in the frustration of the commission of offences targeted by
the warrant, when assessing the application. This assists the issuing authority in making his or
her determination about whether the issue of a data disruption warrant is reasonably
necessary and proportionate, having regard to all the circumstances.
Additional considerations before issuing a warrant
15. The amendments provide additional criteria of which the issuing authority must be
satisfied before issuing a warrant. The amendments also provide for additional considerations
to which the issuing authority must have regard in determining whether to issue the warrant.
These considerations are designed to ensure the issuing authority only issues the warrant
where it is reasonable, and not arbitrarily.
Issuing threshold for data disruption warrants
9
16. The amendments provide that, before issuing a data disruption warrant, the issuing
authority must be satisfied that the disruption of data authorised by the warrant is reasonably
necessary and proportionate, having regard to the offences in relation to which the warrant is
sought. The government amendments increase the threshold from justifiable and
proportionate. Requiring that the issuing authority be satisfied that the disruption of data is
reasonably necessary accounts for consideration of the scale and severity of the offences
targeted by the warrant and whether the proposed disruption activity is a reasonable and
proportionate means of frustrating their commission. The requirement will ensure that the
issuing authority weighs up the benefits of targeting the particular offences that the proposed
data disruption seeks to frustrate, with the likely effect that data disruption could have beyond
frustrating those offences.
Issuing threshold for network activity warrants
17. The amendments also include an additional criterion for the issuing of network
activity warrants. The issuing authority must be satisfied that the issue of the warrant is
justified and proportionate, having regard to the kinds of offences in relation to which the
network activity warrant is sought. This requires the issuing of the warrant to be defensible
by a reasonable person, as well as an assessment to be made of the impact of the warrant
against the types of offences that the AFP or the ACIC is seeking to prevent, detect or
frustrate through the use of the network activity warrant. A threshold of justifiable and
proportionate is appropriate due to the nature of the network activity warrant as an
intelligence collection power and target discovery tool. Ensuring issuing authorities are
satisfied that the execution of the warrant is justifiable and proportionate assists in meeting
the requirement that any limitation on the right to privacy is necessary and reasonable, and
not arbitrary.
Mandatory considerations for the issue of warrants
18. The amendments include additional considerations to which the issuing authority
must have regard before deciding whether to issue each of the warrants. An important
additional consideration is the extent to which the execution of the warrant is likely to impact
on third parties, which includes considerations of privacy (to the extent known). This will
ensure that the issuing authority weighs the anticipated value of the execution of the warrant
against the intrusiveness of the activities proposed to be authorised by the warrant. This will
assist the issuing authority to assess proportionality by ensuring that they balance the utility
of the warrant against the scale, scope and intrusiveness of the activities proposed to be
authorised by that warrant.
19. The execution of each of the warrants will invariably intrude on personal privacy to
some degree. The amendments require the issuing authority to have regard to the implications
of such an intrusion, to the extent that it is known, helping to ensure that any limitation on the
right to privacy through use of the warrants is necessary, reasonable, and proportionate to the
legitimate objective of protecting public safety.
Assistance orders
20. The amendments introduce additional requirements for the issuing authority to be
satisfied of before granting an assistance order for a data disruption warrant or emergency
authorisation for data disruption. These amendments require the issuing authority to be
10
satisfied that the assistance order is reasonable and necessary, as well as justifiable and
proportionate having regard to the nature and gravity of the offences targeted.
21. The amendments also require the issuing authority to have regard to the likely impact
of compliance with the order on the specified person, as well as other persons lawfully using
the computer, to the extent known. The requirement to be satisfied of these matters, having
regard to those considerations, ensures that the giving of assistance orders or emergency
authorisation for data disruption is reasonable, necessary and proportionate in the
circumstances, and that the orders will not be granted arbitrarily.
Parliamentary review and sunset
22. The amendments provide a legislative basis for the Independent National Security
Legislation Monitor and the Parliamentary Joint Committee on Intelligence and Security to
review the operation, effectiveness and implications of the Bill as it relates to network
activity warrants, data disruption warrants and account takeover warrants. As the powers are
new, and impact privacy, independent review will ensure that the safeguards in the
framework are appropriate and the Bill achieves its legitimate objective of public safety in the
least rights restrictive way possible.
23. The amendments also provide that the framework for the AFP and the ACIC to obtain
warrants will only have effect for five years following commencement. This means that the
Parliament will be required to reconsider the powers before this time, and be satisfied that
they remain reasonable, necessary and proportionate to achieving the legitimate objective of
public safety.
Protection of the right to freedom of expression contained in Article 19 of the ICCPR
24. Article 19(2) of the ICCPR provides that everyone shall have the right to freedom of
expression, including the right 'to seek, receive and impart information and ideas of all kinds
and regardless of frontiers, either orally, in writing or in print, in the form of art, or through
any other media of his choice'.
25. Article 19(3) of the ICCPR provides that the exercise of the rights provided for in
Article 19(2) carries with it special duties and responsibilities. It may therefore be subject to
certain restrictions, but these shall only be such as are provided by law and are necessary for
the protection of national security or public order, or of public health or morals.
26. As the Bill contains measures which are aimed at combatting the use of the dark web
and anonymising technologies, as well as any obfuscating of identities and illegal activities
online, the Bill may indirectly have the effect of discouraging the use of such technologies for
legitimate purposes. It is plausible that a person concerned about access to private data by
government agencies may minimise his or her use of anonymising technologies or other
online services.
27. The amendments to the Bill, described in paragraphs 12 to 21 above, positively
engage the right to freedom of expression by providing additional safeguards to ensure that
warrants are executed for legitimate purposes. The amendments provide additional
assurances that any limitation on the freedom of expression is necessary and proportionate in
achieving the legitimate objective of public order and safety.
11
Additional criteria for issuing a warrant in respect of journalists
28. The amendments require the issuing authority to have regard to additional matters
before issuing each of the warrants in circumstances where the warrant relates to a journalist,
or a journalist's employer, and each of the offences sought to be frustrated under the warrant
is an offence against a secrecy provision.
29. In these circumstances, the issuing authority is required to consider whether the public
interest in issuing the warrant outweighs the public interest in protecting the confidentiality of
the identity of the journalist's source, as well as the public interest in facilitating the exchange
of information between journalists and members of the public so as to facilitate reporting of
matters in the public interest.
30. It is important that the AFP and the ACIC are able to investigate the unauthorised
disclosure of information that, if disclosed, is inherently harmful or would otherwise cause
harm to Australia's interests. However, this provision recognises that such investigations
should only be conducted while also protecting freedom of expression through consideration
for the importance in maintaining the confidentiality of journalist's sources, and reporting on
matters in the public interest.
Conclusion
31. The amendments are compatible with human rights because they clarify and
strengthen the limitations and safeguards in the Bill. To the extent that the measures may
limit human rights, those limitations are reasonable, necessary and proportionate in achieving
a legitimate objective.
12
NOTES ON AMENDMENTS
Preliminary
Amendment 1 - Clause 2, page 2 (table item 4)
1. This amendment inserts new Schedule 3A in item 4 of the table under subsection 2(1) of
this Bill. This table provides for the commencement of each provision in this Bill.
2. New Schedule 3A provides for statutory reviews of the Bill by the Independent National
Security Legislation Monitor (INSLM) and the Parliamentary Joint Committee on
Intelligence and Security (PJCIS).
3. This amendment provides that new Schedule 3A is to commence on the day after this Bill
receives the Royal Assent.
Amendment 2 - Schedule 1, item 13, page 5 (before line 13)
4. This amendment inserts new section 27KAA at the beginning of Division 5 of Part 2 of
the SD Act. Division 5 establishes the framework for the AFP and the ACIC to obtain data
disruption warrants.
5. New section 27KAA provides that Division 5 ceases to have effect five years after it
commences. Division 5 commences the day after the Act receives the Royal Assent. The
effect of this provision is that the data disruption warrant provisions in Division 5 will
only be operative for five years following commencement.
6. This ensures that while a data disruption warrant can only be issued or executed during
this five-year period, the reporting obligations and oversight arrangements for data
disruption warrants will continue to operate beyond this timeframe.
Amendment 3 - Schedule 1, item 13, page 6 (lines 8 and 9)
7. This amendment amends the procedure for making applications for data disruption
warrants at subsection 27KA(3). This amendment provides that the affidavit supporting
the application for a data disruption warrant must set out certain additional matters.
8. First, the affidavit must set out the grounds on which the warrant is sought. This is
consistent with the requirements for affidavits supporting applications for computer access
warrants in existing subsection 27A(8). An application for a data disruption warrant will
have to provide as much information as necessary for the issuing authority to be satisfied
that there are reasonable grounds for the suspicion founding the application for the
warrant.
9. The affidavit must also set out the things proposed to be authorised under the warrant
under subsection 27KE(2). Subsection 27KE(2) sets out the things that may be authorised
under a data disruption warrant, including using a computer for the purposes of disrupting
data if doing so is likely to assist in frustrating the commission of the offences targeted by
the warrant. Requiring applications for data disruption warrants to include this information
13
ensures that the issuing authority will have specific regard to the activities proposed to be
carried out under the warrant when assessing the application. This assists the issuing
authority in making his or her determination about whether the issue of a data disruption
warrant is reasonably necessary and proportionate in the circumstances.
10. Affidavits supporting applications for data disruption warrants must also provide an
assessment as to how the disruption of data is likely to substantially assist in frustrating the
commission of the offences targeted by the warrant, and of the likelihood that the
disruption of data will achieve that objective. This information need only be included in
the application to the extent that such an assessment is possible.
11. Requiring this information to be set out in affidavits supporting applications for data
disruption warrants aligns with the matters to which the issuing authority must have regard
in assessing those applications. In particular, the issuing authority is required to consider
the likelihood that the disruption of data authorised by the warrant will frustrate the
commission of the offences targeted (paragraph 27KE(2)(b)). This may involve weighing
up the type of criminal conduct, scope of the conduct, and the type of disruption methods
sought to combat that conduct, in order to determine the likely effect of the disruption
activity on the criminal conduct. Providing for this information to be included in the
warrant application will ensure that the issuing authority has sufficient information
available to make their determination.
12. The requirement for this information to only be included 'to the extent that is possible'
accounts for the fact that it will not always be possible for an applicant to anticipate all of
the potential impacts of data disruption activity, or all of the offences that that disruption
will or may frustrate. For example, it will often be unknown exactly who would have
committed a further offence if the disruption activity had not taken place. As such, the
applicant is only required to provide an assessment of such matters to the extent possible
in the circumstances.
Amendment 4 - Schedule 1, item 13, page 7 (after line 9)
13. This amendment inserts new sections 27KBA and 27KBB which set out the procedures for
the endorsement of data disruption warrant applications by the AFP and the ACIC
respectively. This amendment provides that the making of an application for a data
disruption warrant must first be endorsed by an endorsing officer before a law
enforcement officer is able to apply under section 27KA.
14. As with existing warrants in the SD Act, data disruption warrants can be applied for by
law enforcement officers of the AFP and the ACIC. The definition of 'law enforcement
officer' in existing section 6A of the SD Act includes all employees of, and secondees to,
the AFP and the ACIC.
15. New sections 27KBA and 27KBB provide operational flexibility in terms of who may
apply for data disruption warrants, and recognise that the 'reasonable suspicion' required
to apply for the warrant should be held by the relevant investigating officer who has
intimate knowledge of the investigation, while also ensuring that the decision to make the
14
application is subject to the endorsement of an appropriately senior, qualified and
experienced officer.
27KBA Endorsement of application--Australian Federal Police
16. New subsection 27KBA(1) provides that a law enforcement officer of the AFP, or another
person of their behalf, may only apply for a data disruption warrant if the making of that
application has been endorsed. Applications may be endorsed by an endorsing officer of
the AFP, either orally or in writing.
17. Subsection 27KBA(2) provides that the endorsing officer may only endorse the making of
an application for the issue of a data disruption warrant if he or she is satisfied that it
would be appropriate in the circumstances. For example, the endorsing officer may decide
to endorse the making of an application if he or she considers that it is appropriate with
regard to the purposes for which the warrant is to be sought.
18. Subsection 27KBA(3) sets out who is an endorsing officer of the AFP for the purposes of
new section 27KBA. An endorsing officer of the AFP is either a law enforcement officer,
or a person who is in a class of law enforcement officers, of the AFP (within meaning of
section 6A). That person, or class of persons, must be declared by the AFP Commissioner,
in writing, to be an endorsing officer. This declaration is not a legislative instrument
(subsection 27KBA(6)). The AFP Commissioner may, by writing, delegate this power to
an SES employee or a person of equivalent rank under section 63.
19. Subsections 27KBA(4) and (5) set out limits on whom the AFP Commissioner may
declare to be endorsing officers.
20. The first limit is that the person, or each person in the class (as the case applies), must hold
a position within the AFP that is of at least superintendent or higher rank. This ensures that
decisions to endorse the making of applications for data disruption warrants are restricted
to officers who hold an appropriate level of seniority and expertise. Ensuring that
endorsing officers must hold a rank of at least superintendent may also assist in providing
greater assurance in relation to the rigour and consistency of the quality of data disruption
warrant applications.
21. Secondly, the AFP Commissioner must be satisfied that the person, or each person in the
class (as the case applies), has the relevant skills, knowledge and experience to endorse the
making of applications for the issue of data disruption warrants. It is important to ensure
that, in all circumstances, appropriate persons are able to endorse the making of data
disruption warrant applications. This could be persons who have relevant knowledge about
the particular investigation to which the application relates, relevant specialist operational
or technical expertise, depending on the circumstances.
22. Finally, the AFP Commissioner must be satisfied that the person, or each person in the
class (as the case applies), has completed all current internal training requirements relating
to endorsing the making of applications for the issue of data disruption warrants. The AFP
has mandatory training requirements to ensure that all AFP officers who are eligible to
apply for warrants, or authorise the use of powers, are familiar with their legislative
15
obligations. This training provides all information required for officers to understand the
powers available under legislation, statutory obligations and threshold requirements,
reporting obligations and oversight, the importance of legislative compliance and adverse
consequences of non-compliance, and how to find assistance and resources to meet their
obligations. The AFP's training framework is reviewed during inspections by the
Commonwealth Ombudsman.
23. Subsection 27KBA(6) provides that a declaration under this section is not a legislative
instrument. This provision is merely declaratory of the law and does not prescribe a
substantive exemption from the requirements of the Legislation Act 2003 (the Legislation
Act).
27KBB Endorsement of application--Australian Crime Commission
24. New subsection 27KBB(1) provides that a law enforcement officer of the ACIC, or
another person of their behalf, may only apply for a data disruption warrant if the making
of that application has been endorsed. Applications may be endorsed by an endorsing
officer of the ACIC, either orally or in writing.
25. Subsection 27KBB(2) provides that the endorsing officer may only endorse the making of
an application for the issue of a data disruption warrant if he or she is satisfied that it
would be appropriate in the circumstances. For example, the endorsing officer may decide
to endorse the making of an application if he or she considers that it is appropriate with
regard to the purposes for which the warrant is to be sought.
26. Subsection 27KBB(3) sets out who is an endorsing officer of the ACIC for the purposes
of new section 27KBB. An endorsing officer of the ACIC is either a law enforcement
officer, or a person who is in a class of law enforcement officers, of the ACIC (within
meaning of section 6A). That person, or class of persons, must be declared by the CEO of
the ACIC, in writing, to be an endorsing officer. This declaration is not a legislative
instrument (subsection 27KBB(6)). The CEO of the ACIC may, by writing, delegate this
power to an SES employee or a person of equivalent rank under section 63.
27. Subsections 27KBB(4) and (5) set out the limits on whom the CEO of the ACIC may
declare to be endorsing officers.
28. The first limit is that the person, or each person in the class (as the case applies), must hold
a position with the ACIC that is an executive level member of staff. This is to ensure that
decisions to endorse the making of applications for data disruption warrants are restricted
to officers who hold an appropriate level of seniority and expertise. Ensuring that
endorsing officers must hold an executive level position may also assist in providing
greater assurance in relation to the rigour and consistency of the quality of data disruption
warrant applications.
29. Secondly, the CEO of the ACIC must be satisfied that the person, or each person in the
class (as the case applies), has the relevant skills, knowledge and experience to endorse the
making of applications for the issue of data disruption warrants. It is important to ensure
that, in all circumstances, appropriate persons are able to endorse the making of data
16
disruption warrant applications. This could be persons who have relevant knowledge about
the particular investigation to which the application relates, relevant specialist operational
or technical expertise, depending on the circumstances.
30. Finally, the CEO of the ACIC must be satisfied that the person, or each person in the class
(as the case applies), has completed all current internal training requirements relating to
endorsing the making of applications for the issue of data disruption warrants. The
ACIC's training framework is reviewed during inspections by the Commonwealth
Ombudsman.
31. Subsection 27KBB(6) provides that a declaration under this section is not a legislative
instrument. This provision is merely declaratory of the law and does not prescribe a
substantive exemption from the requirements of the Legislation Act.
Amendment 5 - Schedule 1, item 13, page 7 (line 15)
32. This amendment amends the criteria of which the eligible Judge or nominated AAT
member must be satisfied before issuing a data disruption warrant at subsection 27KC(1).
This amendment provides that the eligible Judge or nominated AAT member may issue a
data disruption warrant if satisfied that the disruption of data authorised by the warrant is
reasonably necessary and proportionate, having regard to the offences in relation to which
the warrant is sought.
33. The threshold of 'reasonably necessary' ensures that the eligible Judge or nominated AAT
member must consider that the disruption of data would be reasonably appropriate and
adapted for the purposes in which it was sought. 'Reasonably necessary' in this context is
not intended to mean that the disruption of data must be essential or unavoidable for that
purpose. Requiring that the eligible Judge or nominated AAT member be satisfied that the
disruption of data is reasonably necessary accounts for consideration of the scale and
severity of the offences targeted by the warrant and whether the proposed disruption
activity is a reasonable and appropriate means of frustrating their commission.
34. This threshold has been set due to the nature of the criminal activity targeted by data
disruption warrants, that is, serious crimes perpetrated using encryption or anonymising
technologies. As a result of these obfuscating tools, there is unlikely to be sufficient
information at the time of application that would satisfy the issuing authority that the
proposed data disruption activity is absolutely essential. Rather, the requirement to be
satisfied of reasonable necessity and proportionality will ensure that the issuing authority
weighs up the benefits of targeting the particular offences that the proposed data disruption
seeks to frustrate alongside the likely effect that data disruption could have beyond
frustrating those offences.
35. Whether the disruption of data is reasonably necessary will be determined by the issuing
authority on a case by case basis. The disruption of data may be considered reasonably
necessary and proportionate in circumstances where it is difficult to undertake traditional
law enforcement activity and disrupting data would assist in frustrating offending and
minimising harms to victims, or potential victims, of crime.
17
Amendment 6 - Schedule 1, item 13, page 7 (after line 33)
36. This amendment expands the considerations for issuing data disruption warrants at
subsection 27KC(2). This amendment provides that an eligible Judge or a nominated AAT
member must have regard to certain matters, in addition to the other matters set out in
subsection 27KC(2), in deciding whether to issue a data disruption warrant.
37. The eligible Judge or nominated AAT member must have regard to the nature of the things
proposed to be authorised by the warrant under section 27KE. The issuing authority may
decide to authorise the doing of certain acts or things under the warrant if he or she is
satisfied that it is appropriate in the circumstances (subsection 27KE(2)). Having regard to
the nature of the things proposed to be authorised under the warrant supports the issuing
authority in considering whether the issuing criteria in section 27KC are met.
38. The eligible Judge or nominated AAT member must also consider the extent to which the
execution of the warrant is likely to result in access to, or disruption of, data of persons
lawfully using a computer. In this context, 'lawfully using a computer' means persons who
are using a computer for lawful purposes, or who are not otherwise suspected of criminal
activity in this particular matter. The eligible Judge or nominated AAT member must also
consider any privacy implications (to the extent known) resulting from that access or
disruption. Consideration of this matter, in addition to the other matters set out in
subsection 27KC(2), assists the eligible Judge or nominated AAT member to assess the
reasonable necessity and proportionality of executing the warrant in the circumstances.
For example, the eligible Judge or nominated AAT member may decide to refuse an
application for a data disruption warrant if a third party person's ability to conduct their
business or personal affairs is likely to be disproportionately impacted by the execution of
a warrant.
39. Access to, or disruption of, data, including of third party persons will invariably intrude on
personal privacy. This provision requires the eligible Judge or nominated AAT member to
have regard to the implications of such an intrusion, to the extent that it is known. For
example, if the data disruption methodologies involved access to data on a computer used
by both a person of interest and a person who is not involved in criminal activity, and
there was the potential for law enforcement to see files belonging to the third-party while
identifying the data to be disrupted. This would be relevant to the question of reasonable
necessity and proportionality as provided for in paragraph 27KC(1)(b).
40. It is open to the eligible Judge or nominated AAT member to consider broader third party
impacts when determining data disruption warrant applications. For example, depending
on the circumstances, the eligible Judge or nominated AAT member may decide to
consider whether the execution of the warrant could impact on a person's ability to
provide or receive care, or have contact with family members. The eligible Judge or
nominated AAT member may also wish to consider whether the execution of the warrant
would result in access to, or disruption of, data of a lawyer, and whether this information
would be subject to legal professional privilege. To the extent the AFP or the ACIC is
aware of information relevant to broader third party impacts such as those outlined above,
this information should be included in the affidavit supporting the application. If the
eligible Judge or nominated AAT member were advised of a potential for the execution of
18
the warrant to impact on third parties, he or she would need to be satisfied that this was
reasonably necessary and proportionate to the offences targeted by the warrant.
41. In addition, the eligible Judge or nominated AAT member must also consider any steps
that are proposed to be taken to help avoid or minimise the impact of the execution of the
warrant on persons lawfully using a computer. Consideration of this matter complements
the new requirement to consider the impact on third parties at paragraph 27KC(2)(cb).
This is an important consideration to make in satisfying the issuing test for reasonable
necessity and proportionality.
42. The eligible Judge or nominated AAT member must also take into account the extent to
which the execution of the warrant is likely to cause a person to suffer a temporary loss of
money, digital currency or property other than data. This consideration need only be made
so far as the matter is known to the issuing authority. If the AFP or the ACIC is aware of
information relevant to this consideration, this information should be included in the
affidavit supporting the application.
43. Subsection 27KE(12) provides that a data disruption warrant must not be executed in a
manner that causes a person to suffer a permanent loss of money, digital currency or
property other than data. The AFP or the ACIC is permitted to access or modify data
associated with a person's financial accounts under a data disruption warrant, but only
where those modifications do not result in permanent loss.
44. Requiring the eligible Judge or nominated AAT member to have regard to any temporary
loss likely to be suffered under a data disruption warrant safeguards against any undue
long-term impact on a person's finances, working alongside other considerations at
subsection 27KC(2), including any alternative or less intrusive means of achieving the
objective of the warrant. For example, if there is likely to be a temporary financial impost
on a third party as a result of the execution of a data disruption warrant, but a similar
operational effect could be achieved through less intrusive means that would not cause a
temporary financial impost, then this will be considered by the eligible Judge or
nominated AAT member.
45. The eligible Judge or nominated AAT member must also consider whether he or she
believes on reasonable grounds that the data sought to be disrupted is of a person working
in their professional capacity as a journalist, or a journalist's employer, and whether each
of the offences sought to be frustrated under the warrant is an offence against a secrecy
provision. If so, the eligible Judge or nominated AAT member must have regard to
whether the public interest in issuing the warrant outweighs the public interest in
protecting the confidentiality of the identity of the journalist's source and the public
interest in facilitating the exchange of information between the journalist and members of
the public as to facilitate reporting on matters in the public interest. If the AFP or the
ACIC is aware of information relevant to whether the data sought to be disrupted is that of
a journalist, or a journalist's employer, this information should be included in the affidavit
supporting the application.
46. The concept of a 'journalist' mirrors the approach in Division 4C of Part 4-1 of the TIA
Act, which creates a framework for national security and law enforcement agencies to
19
obtain journalist information warrants to allow the authorisation of carriers to disclose
telecommunication data for the purpose of identifying a journalist's source. Similar to
Division 4C of Part 4-1 of the TIA Act, the term 'journalist' is not defined. Indicators that
a person is acting in a professional capacity include regular employment, adherence to
enforceable ethical standards and membership of a professional body.
47. One circumstance under which the activities of journalists and media organisations could
become subject to the exercise of law enforcement powers, including a data disruption
warrant, is the unauthorised disclosure or publication of information that is made or
obtained in a person's capacity as a Commonwealth officer. It is important that the AFP
and the ACIC are able to investigate the unauthorised disclosure of information that, if
disclosed, is inherently harmful or would otherwise cause harm to Australia's interests.
However, this provision recognises that such investigations should be conducted while
also protecting press freedom through consideration of the importance in maintaining the
confidentiality of journalist's sources, and reporting on matters in the public interest. For
this reason, the provision is limited to where the warrant is sought for suspected breaches
of secrecy provisions.
48. In deciding whether data that is covered by the warrant is of a person who is working in a
professional capacity as a journalist or of an employer of such a person, consideration will
need to be given to the connection between the data being disrupted and the person.
Examples of when data is of a person include data that was created by, and in the
possession of the person. Where the target computer is owned by the journalist, there
would be a strong presumption that the data held in that computer would be of the
journalist.
Amendment 7 - Schedule 1, item 13, page 8 (after line 3)
49. This amendment inserts new subsection 27KC(3) which provides for certain matters to
which the eligible Judge or nominated AAT member must give weight when taking into
consideration the nature and gravity of the conduct constituting the offences targeted in
determining the application for a data disruption warrant under section 27KC.
50. The issuing authority must have regard to the nature and gravity of the conduct
constituting the offences targeted by the warrant under subsection 27KC(2)(a). This
amendment provides that while considering the nature and gravity of the conduct, the
issuing authority must give weight to whether the conduct amounts to, causes, involves or
is related to the matters listed. Requiring the issuing authority to 'give weight to' such
matters will cause them to attach a particular importance to these matters, or regard them
to be especially relevant for the purposes of considering this matter. This ensures that the
significance of these kinds of conduct is given greater weight over other kinds of conduct
that are not listed.
51. Importantly, this does not prevent a data disruption warrant from being issued where the
conduct constituting the offences targeted is not covered by those kinds of conduct (see
subsection 27KC(5)), provided that in those cases the issuing authority is satisfied that, in
all the circumstances, the issue of the warrant is reasonably necessary and proportionate.
20
52. Data disruption warrants are intended to be used to frustrate serious criminality
perpetrated on the dark web and through the use of anonymising technologies. The matters
listed in subsection 27KC(3) reflect the most serious kinds of conduct in relation to which
a data disruption warrant could be issued. Providing express consideration of these matters
assists the issuing authority in having regard to the nature and gravity of the conduct
constituting the offences, as part of determining whether execution of the warrant is
reasonably necessary and proportionate. For example, the issuing authority may consider
that there is an increased likelihood of the execution of the warrant being reasonably
necessary and proportionate if the conduct constituting the offences targeted is of a kind
included in the list, rather than if the conduct related to a lesser form of offending that is
not listed.
53. In considering the nature and gravity of the conduct constituting the offences targeted by
the warrant, the issuing authority must give weight to whether the offence meets one of the
following categories.
54. The first category is whether the conduct amounts to an activity against the security of the
Commonwealth, or an offence against Chapter 5 of the Criminal Code (new paragraph
27KC(3)(a)). A data disruption warrant could be sought for the purposes of, for example,
disrupting a terrorist organisation's access to an encrypted communications platform in
order to frustrate the planning of a terror attack by making communication between
members of the group more difficult.
55. The second category is whether the conduct amounts to an activity against the proper
administration of Government, or an offence against Chapter 7 of the Criminal Code (new
paragraph 27KC(3)(b)). For example, this could include conduct involving corrupting
benefits given to, or received by, a Commonwealth public official. It is important this
kind of conduct is captured in circumstances where the AFP or the ACIC is seeking to
uncover, identify and frustrate trusted insiders who are assisting transnational, serious and
organised crime groups in carrying out their illegal activities, and may be communicating
with groups on dedicated encrypted platforms.
56. The third category is whether the conduct causes, or has the potential to cause, serious
violence, or serious harm, to a person, or amounts to an offence against Chapter 8 of the
Criminal Code (new paragraph 27KC(3)(c)). The inclusion of 'serious harm'
acknowledges some serious crime types against a person may not always involve violence,
such as trafficking in persons or forced labour. For example, a data disruption warrant may
be sought in order to delete images depicting child abuse material on an online platform,
or disrupt user's access to that online platform or deleting messages from an offender who
is grooming a child to engage in sexual activity outside Australia, to prevent further access
to, or disruption of, that material or activity.
57. The fourth category is whether the conduct causes, or has the potential to cause, a danger
to the community, or amounts to an offence against Chapter 9 of the Criminal Code (new
paragraph 27KC(3)(d)). A data disruption warrant could be sought for the purposes of, for
example, disrupting access to a dark web marketplace to frustrate trafficking of drugs and
firearms by a serious and organised crime group.
21
58. The fifth category is whether the conduct causes, or has the potential to cause, substantial
damage to, or loss of, data, property or critical infrastructure, or amounts to an offence
against Chapter 10 of the Criminal Code (new paragraph 27KC(3)(e)). This includes
money laundering offences in Part 10.2 and various cybercrime offences in Part 10.7 of
the Criminal Code. A data disruption warrant could, for example, be used to frustrate the
ability for cybercrime syndicates to operate malware and cause harm to victims within
Australia by digitally neutralising those malware threats.
59. The sixth category is whether the conduct involves, or is related to, the commission of
transnational crime, serious crime, or organised crime that is not covered by any of the
preceding paragraphs. Including this sixth category is important because transnational,
serious and organised crime groups will frequently be involved in a broad range of serious
offending, including criminal activity which facilitates their larger criminal conspiracy.
60. New subsection 27KC(4) provides that the requirement to give weight to the matters listed
at subsection 27KC(3) does not preclude the issuing authority from considering any
additional matters that he or she considers appropriate in the circumstances. This accounts
for consideration of other offences, including any preparatory offences in relation to the
kinds of conduct set out above. For example, this may include other incidental offences
that may be directly or indirectly connected with, or may be a part of, a course of activity
involving the commission of any conduct constituting the kinds referred to above.
61. New subsection 27KC(5) clarifies that the requirement to give weight to the matters listed
at subsection 27KC(3) does not prevent a data disruption warrant from being issued in a
case where the conduct constituting the offences is not covered by subsection 27KC(3).
Importantly, new subsection 27KC(3) does not restrict the types of offences in respect of
which data disruption warrants can be issued, or raise the offence threshold for the
application for these warrants.
62. Rather, new subsection 27KC(3) ensures that the issuing authority attaches a particular
importance to these matters, or regards them to be especially relevant for the purposes of
deciding whether to issue the warrant. If the conduct constituting the offences targeted is
not covered by the kinds of conduct listed, the applicant may wish to provide additional
justification to ensure that the issuing authority may become satisfied that the execution of
the warrant is reasonably necessary and proportionate in the circumstances.
63. It is important to ensure that data disruption warrants are able to be issued in respect of
relevant offences within meaning of section 6. This will ensure that the AFP and the ACIC
can investigate all relevant telecommunications and computer offences in the Criminal
Code where the majority of offending will be facilitated using computer networks and
where evidence will be held in computers.
64. New subsection 27KC(6) defines a secrecy provision as a law that prohibits the
communication, divulging or publication of information, or the production or publication
of a document. This term is used in subparagraph 27KC(2)(ce)(ii). Examples of secrecy
provisions include offences contrary to Part 5.6 of the Criminal Code, section 45 of the
SD Act and section 63 of the TIA Act.
22
Amendment 8 - Schedule 1, item 13, page 11 (lines 3 and 4)
65. This amendment amends subsection 27KE(3) which provides for the return of a computer
or other thing that was removed from a premises under a data disruption warrant. This
amendment provides that where a computer or other thing is removed from a premises in
accordance with paragraph 27KE(2)(f), the computer or thing must be returned as soon as
is reasonably practicable to do so, once it is no longer required for the purposes of doing
any thing authorised in the warrant.
66. A computer may need to be removed from premises to allow the AFP or the ACIC to
analyse, or obtain access to, the data held on it, using specialised equipment located
offsite. The category of other things that may be removed is limited to things that are, in
some way, needed to execute the warrant. This will often be data storage devices or other
peripheral items for the operation of a computer but may also include, for example, a piece
of paper with a password written on it or a computer manual. It could also include a safe
or vehicle believed to contain such information that is otherwise unable to be accessed
during the entry to a premises.
67. What is reasonably practicable will depend on the facts and circumstances of each case.
For example, if it is unsafe or there is no reasonable opportunity for officers to return the
computer or other thing without alerting a target person that they might be under
investigation, then in those circumstances it might not be reasonably practicable to return
the computer or other thing, regardless of the period of time. However, as soon as it
becomes practicable to do so, the computer or other thing must be returned.
Amendment 9 - Schedule 1, item 13, page 11 (lines 29 and 30)
68. This amendment amends subsection 27KE(7) which sets out certain acts that are not
authorised under a data disruption warrant. A data disruption warrant does not authorise
the addition, deletion or alteration of data, or the doing of any thing, that is like to cause
any other material loss or damage to persons lawfully using a computer. This amendment
provides an exception to this limitation so that an agency may undertake such actions
where it is reasonably necessary and proportionate to the successful execution of the
warrant.
69. This provision recognises that there may be circumstances in which it would be reasonably
necessary and proportionate to cause loss or damage to the data of third parties in the
execution of a data disruption warrant. For example, it may be reasonably necessary and
proportionate for the AFP or the ACIC to shut down a particular online site hosting the
live-streaming of child abuse despite the owner or administrator of that site not necessarily
being suspected of this type of criminality. Prohibiting causing material loss or damage to
third party persons altogether would make such situations impractical to target with a data
disruption warrant. Due to the sophistication of modern computer systems and networks, it
may be difficult for agencies to guarantee that their targeted changes would never impact
third parties.
23
Amendment 10 - Schedule 1, item 13, page 13 (lines 16 and 17)
70. This amendment makes the equivalent amendment to subsection 27KE(10) to the
amendment made to subsection 27KE(7) above. Subsection 27KE(10) clarifies that any
actions taken to conceal access under subsection 27KE(9) do not authorise the same
activities that are not authorised under a data disruption warrant.
71. This amendment provides that the concealment of access provisions do not authorise
causing material loss or damage to persons lawfully using a computer unless doing so is
reasonably necessary and proportionate do any of the things authorised by the warrant or
authorised by the concealment of access provisions under subsection 27KE(9). This
accounts for the doing of any thing reasonably necessary to conceal the fact that any thing
has been done under a data disruption warrant in accordance with paragraph 27KE(9)(c).
Amendment 11 - Schedule 1, item 13, page 13 (line 20)
72. This amendment makes the equivalent amendment to subsection 27KE(11) to the
amendment made to subsection 27KE(3) above. Subsection 27KE(11) provides for the
return of a computer or other thing that was removed from a premises for the purposes of
concealing access under a data disruption warrant.
73. This amendment provides that where a computer or other thing is removed from a
premises in accordance with paragraph 27KE(9)(f), the computer or thing must be
returned as soon as is reasonably practicable to do so, once it is no longer required for the
purposes of doing any thing specified in the warrant.
Amendment 12 - Schedule 1, item 13, page 13 (lines 24 to 26)
74. This amendment amends the statutory conditions to which a data disruption warrant is
subject under subsection 27KE(12). This amendment provides that if damage to data
occurs during the execution of a data disruption warrant, the damage must be reasonably
necessary and proportionate to the offences targeted by the warrant. A data disruption
warrant will be invalid if it results in loss or damage to data that is not reasonably
necessary and proportionate.
Amendment 13 - Schedule 1, page 16 (before line 25)
75. This amendment inserts new section 27KU before subsection 28(1C) which sets the
framework for the AFP and the ACIC to obtain emergency authorisations for disruption of
data held in a computer.
76. New section 27KU provides that subsections 28(1C) and (1D) ceases to have effect 5
years after commencement and that an emergency authorisation for disruption of data has
no effect after five years from the day after commencement. The effect of this provision is
that these emergency authorisation for disruption of data provisions will only be operative
for five years following commencement.
77. This ensures that while an emergency authorisation for disruption of data can only be
given or executed during this five-year period, the reporting obligations and oversight
24
arrangements for the emergency authorisations will continue to operate beyond this
timeframe.
Amendment 14 - Schedule 1, item 15, page 17 (after line 4)
78. This amendment introduces another criteria for what a law enforcement officer must
reasonably suspect in order to apply for an emergency authorisation for disruption of data.
New paragraph 28(1)(ba) provides that, in addition to the matters listed at subsection
28(1C), the law enforcement officer applying for the authorisation must also reasonably
suspect that there are no alternative methods that could have been used to help reduce or
avoid the risk of serious violence to a person or substantial damage to property, and that
are likely to be as effective as disruption of data in dealing with that risk. This ensures that
applications for emergency authorisations are limited to circumstances in which it no other
viable alternatives are available.
79. Requiring that the applicant be satisfied of these matters will involve him or her
undertaking an assessment of the viability and effectiveness of alternatives in the
circumstances in each case, and the exclusion of those alternatives if they are not likely to
be equally effective. That assessment would take into account the circumstances of
urgency and emergency which have prompted the application. Importantly, this would not
necessarily require alternative forms of intervention to have been exhausted to ensure the
emergency authorisation framework is capable of operating effectively in circumstances of
significant urgency.
Amendment 15 - Schedule 1, item 17, page 17 (before line 20)
80. This amendment inserts additional matters to which the appropriate authorising officer
must have regard in determining whether an emergency authorisation for disruption of
data held in a computer should be issued.
81. Paragraph 28(4A)(a) requires the appropriate authorising officer to consider the extent to
which the execution of the emergency authorisation is likely to result in access to, or
disruption of, data of persons lawfully using a computer. This requires consideration of the
extent to which the data that is likely to be accessed or disrupted by innocent third parties
who are using, or are reliant on the target computer. For example, data belonging to family
members, business associates or clients.
82. Paragraph 28(4A)(b) requires the appropriate authorising officer to consider whether the
likely impact on such persons is proportionate, having regard to the risk of serious
violence or substantial damage. While it is expected that if the data of innocent third
parties is accessed or disrupted, the impact of that access or disruption, including
intrusions into privacy, must be commensurate with the threat posed by the serious
violence or substantial damage to property.
83. Subsection 28(4B) clarifies that the appropriate authorising officer is not limited by
subsection 28(4A) as to the matters to which they may have regard.
25
Amendment 16 - Schedule 1, item 17, page 17 (line 24)
84. This amendment amends the statutory conditions to which an emergency authorisation for
disruption of data held in a computer is subject. It provides that an emergency
authorisation must not be executed in a manner that results in damage to data unless the
damage is reasonably necessary and proportionate, having regard to the risk of serious
violence or substantial damage.
85. The threshold of 'reasonably necessary' ensures that the person executing the
authorisation must turn their mind to whether action undertaken in reliance on the
authorisation is likely to result in damage, and if so, whether the damage is reasonably
appropriate and adapted for the purposes in which it was sought. 'Reasonably necessary'
in this context is not intended to mean essential or unavoidable for that purpose. This
statutory condition requires the executing officer to consider the scale and severity of the
risk of serious violence or substantial damage underpinning the authorisation and whether
the proposed disruption activity is a reasonable and appropriate means of frustrating their
commission.
Amendment 17 - Schedule 1, item 41, page 28 (line 30)
86. This amendment is consequential on the introduction of subsection 49C(2).
Amendment 18 - Schedule 1, item 41, page 29 (after line 6)
87. This amendment introduces s 49C(2) which requires the chief officer of a law enforcement
agency to notify the Commonwealth Ombudsman when material loss or damage to one or
more persons lawfully using a computer is caused by executing a data disruption warrant.
88. Paragraph 49C(2)(c) requires the chief officer to notify the Commonwealth Ombudsman
that action under the warrant caused material loss or damage to persons lawfully using a
computer and the particulars of that loss or damage. The particulars should include an
explanation of why the loss or damage was necessary to do a thing mentioned in
subsection 27KE(2).
89. Paragraph 49C(2)(d) requires the chief officer to give this notification within 7 days of
when the person executing the warrant becomes aware of that loss or damage.
90. This amendment will ensure the Commonwealth Ombudsman is aware of any instances
when material loss or damage is caused by the execution of particular data disruption
warrants. This will inform the approach to inspections of records covering the period when
such warrants were issued, and support early identification should significant or systemic
issues arise in relation to material loss or damage.
Amendment 19 - Schedule 1, page 29 (after line 32)
91. This amendment inserts a provision to ensure that a person is entitled to compensation if
they suffer loss or injury as a result of certain action undertaken under an emergency
authorisation for disruption of data held in a computer, where the giving of the emergency
authorisation was not approved under section 35B.
26
92. This amendment takes into account the possible scenario where emergency authorisations
are not subsequently ratified by the eligible Judge or nominated AAT member.
Amendments 20 and 21 - Schedule 1, item 47, page 31 (after lines 2 and 9)
93. These amendments introduce additional requirements of which an eligible Judge or
nominated AAT member must be satisfied before granting an assistance order for a data
disruption warrant or an emergency authorisation given in response to an application
under subsection 28(1C).
94. Subsections 64B(2)(aa) and 64B(2)(ba) require the assistance order to be reasonable and
necessary to enable the warrant or emergency authorisation to be executed. In this context,
necessary is not intended to mean essential or indispensable, but rather that the assistance
order is appropriate and adapted to enable the warrant to be executed in light of all the
circumstances. An assistance order under a data disruption warrant may for example, be
reasonable and necessary in respect of a system administrator who has access to login
details that could assist the taking down of live streams of child abuse material.
95. Subsections 64B(2)(ab) and 64(2)(bb) requires the assistance order to be justifiable and
proportionate having regard to the nature and gravity of the conduct constituting the
offence (in relation to an order made under a warrant) or the risk of serious violence or
substantial damage (in relation to an order made under an emergency authorisation), and
the likely impact of compliance, including in respect of innocent third parties, so far as it
is known to the eligible Judge or nominated AAT member.
96. An assistance order is justifiable if it is defensible having regard to the matters identified
in subparagraphs (i) to (iii). An order is proportionate if the requirements under the order
are commensurate to the same matters. Where the likelihood of adverse impacts on
persons is high, in particular for persons lawfully using the computers, there will need to
be greater justification for the assistance order.
Amendment 22 - Schedule 1, item 47, page 32 (after line 13)
97. This amendment amends section 64B of the SD Act which relates to assistance orders for
data disruption warrants and emergency authorisations given in response to an application
under subsection 28(1C) of the SD Act.
98. Subsection 64B(2A) requires an eligible Judge or nominated AAT member who is
determining whether an assistance order should be granted to have regard to whether the
person is, or has been subject to another assistance order under the SD Act or the Crimes
Act, so far as that matter is known to the eligible Judge or nominated AAT member. This
requires the eligible Judge or nominated AAT member to consider the burden on the
person subject to the order. However, just because a person has been the subject of another
assistance order does not mean the eligible Judge or nominated AAT member is prevented
from granting the assistance order.
27
99. This provision only requires consideration to the extent known, recognising in many
circumstances, neither agencies nor issuing authorities will have visibility of other
assistance orders which may have been granted.
100. Subsection 64B(2B) clarifies that the eligible Judge or nominated AAT member is not
limited by subsection 64B(2A) as to the matters to which they may have regard.
101. Subsections 64B(2C) and (2D) provides that assistance orders cease to be in force when
the warrant or emergency authorisation under which the assistance order has been
obtained, ceases to be in force.
102. Subsection 64B(2E) provides that a person who in good faith, acts in compliance with an
assistance order is not subject to any civil liability arising from those acts.
103. For the avoidance of doubt, an assistance order for a data disruption warrant or an
emergency authorisation given in response to an application under subsection 28(1C)
cannot ever authorise the detention of a person.
Amendment 23 - Schedule 2, item 8, page 40 (lines 2 to 9)
104. This amendment substitutes subsection 7A(1) to amend the definition of criminal network
of individuals set out in section 7A. The meaning of a criminal network of individuals is
relevant for the purposes of obtaining a network activity warrant under new Division 6 of
Part 2. A key consideration in applying for a network activity warrant under new section
27KK is suspicion on reasonable grounds that a group of individuals is a criminal network
of individuals.
105. The effect of this amendment is that there must be a connection between the electronic
links that form the network and the engagement in, facilitation of, or communication about
the engagement in or facilitation of, serious criminal activity. The 'electronic links'
between the group of individuals could either be use of a particular communications
service, or broader electronic communication using multiple services. This ensures that a
network activity warrant can only be used to target the users of electronic services and
communications platforms to the extent that those platforms enable serious criminal
conduct, or that are used to facilitate or communicate about that conduct. This reflects the
central purpose of the network activity warrant in enabling the collection of intelligence
about criminal networks that is relevant to the prevention, detection and frustration of
criminal activity (see paragraph 27KK(1)(b)).
106. New subsection 7A(1) defines when an electronically linked group of individuals is a
criminal network of individuals. Section 6 provides that an 'electronically linked group of
individuals' is a group of at least two individuals, where an individual in the group must
either use (or be likely to use) an electronic service or communicate (or be likely to
communicate) electronically, or do both, with at least one other individual in the group.
107. New subsection 7A(1) provides that an electronically linked group of individuals is a
criminal network of individuals where the electronic link between the individuals must be
28
to enable any of the individuals in the group to do one or more of the following things
(subparagraphs 7A(a)(i)-(iv) and (b)(i)-(iv)):
a) engage in conduct that constitutes a relevant offence, for example, to share child
exploitation material on the electronic service;
b) communicate with any of the individuals in the group about any of the
individuals' engagement in the relevant criminal conduct, for example, where
members of an online forum discuss the child exploitation material they have
shared on a different electronic service;
c) facilitate another person's engagement in criminal conduct, whether or not the
person engaged in the relevant criminal conduct is an individual in the group, for
example, where two individuals communicate electronically to help set up
arrangements for a third person to traffic drugs; or
d) communicate with any of the individuals in the group about facilitating another
person's engagement (who may or may not be an individual in the group) in the
relevant criminal conduct - for example, where an encrypted messaging app is
used to communicate about having engaged a drug mule.
108. This test is drafted with two limbs (paragraphs 7A(a) and (b)), of which either or both
must be satisfied, to reflect the two limbs of the definition of 'electronically linked group
of individuals' inserted into section 6 of the SD Act. The first limb applies where the
electronic link that forms the network is use of the same electronic service (paragraph
7A(1)(a)). In those cases, the use of that electronic service must enable any of the
individuals in the group to do one or more of four things. The second limb applies where
the electronic link that forms the network is simply the electronic communication between
the individuals, who may not all be using the same electronic service (paragraph
7A(1)(b)). In those cases, the electronic communication must enable any of the individuals
in the group to do one or more of the four things set out above.
109. The word 'facilitate' is used to capture those individuals who are, knowingly or
unknowingly, facilitating engagement by another person in conduct constituting a relevant
offence as defined in section 6 of the SD Act. It is necessary that these individuals fall
within scope of the warrant because the devices they use may hold, or lead to, valuable
intelligence about criminal activity. The breadth of this definition is balanced by the
stringent criteria to obtain a network activity warrant and the limitations on the use of
information obtained under the warrant for intelligence collection purposes only.
110. The word 'communicate' captures situations where there are a group of individuals who
are electronically linked and using that link to communicate about the criminal conduct
they are engaging in or facilitating. However, the criminal conduct itself is actually
engaged in or facilitated on a different electronic service. This is to ensure that the AFP
and the ACIC will be able to collect intelligence on the network of individuals who are
communicating about the engagement or facilitation in criminal activity, even where the
conduct itself occurs on a different service. For example, a group of individuals may use a
29
dark web forum to exchange child exploitation material, and then talk about their activities
while using another communications platform. It is important that the AFP and the ACIC
will be able to target the networks using the electronic services enabling these
communications in order to obtain valuable intelligence about criminal conduct occurring
elsewhere.
111. There is no requirement that every individual who is part of the criminal network be
committing, or intending to commit, a relevant offence. This is particularly important
because the purpose of the warrant is for the AFP and the ACIC to gather criminal
intelligence about the activities of groups of individuals. Requiring the AFP and the ACIC
to fully understand all individuals prior to obtaining the warrant would defeat the purpose
of this warrant and the valuable criminal intelligence that cannot be gained any other way.
112. There may also be circumstances where the persons engaging in or facilitating the criminal
conduct are not the exclusive users of a particular electronic service. In such
circumstances, it may be necessary for the AFP or the ACIC to access the computers
related to other users of that service (such as, the system administrator of that service that
is, unknown to them, being used to facilitate the criminality). This is critical in order to
achieve the objective of the network activity warrant, that is, to identify the individuals
participating in the engagement of the criminal conduct.
113. Importantly, the definition of a criminal network of individuals does not require that
individuals within the group consider themselves members, or that the group is formalised
sufficiently to have a membership. While organised groups will be captured by the
definition, it is necessary to also capture circumstances where individuals are not
coordinated in any way, and do not have knowledge of each other's activities or
existences, but are still electronically linked and engaging in, facilitating, or
communicating about the engagement in or facilitation of, conduct that constitutes a
relevant offence. This would capture, for example, a group of people who post on a dark
web forum dedicated to child exploitation - they may not act in concert nor are they
organised in any way, but use the shared communication platform used to engage in,
facilitate, or communicate about criminal activity.
Amendment 24 - Schedule 2, item 9, page 40 (before line 19)
114. This amendment inserts new section 27KKA at the beginning of Division 6 of Part 2 of
the SD Act. Division 6 establishes the framework for the AFP and the ACIC to obtain
network activity warrants.
115. New section 27KKA provides that Division 6 ceases to have effect five years after
Division 6 commences. Division 6 commences the day after the Act receives the Royal
Assent. The effect of this provision is that the network activity warrant provisions in
Division 6 will only be operative for five years following commencement.
116. This ensures that while a network activity warrant can only be issued or executed during
this five-year period, the reporting obligations and oversight arrangements for network
activity warrants will continue to operate beyond this timeframe.
30
Amendment 25 - Schedule 2, item 9, page 42 (after line 26)
117. This amendment inserts an additional criterion of which the eligible Judge or nominated
AAT member must be satisfied before he or she may issue a network activity warrant.
118. Section 27KM(1)(aa) will require the eligible Judge or nominated AAT member to be
satisfied the issue of the warrant is justified and proportionate, having regard to the kinds
of offences in relation to which the network activity warrant is sought. The word
"justified" is included to require the issuing of the warrant to be defensible by a reasonable
person. The word "proportionate" requires an assessment of the impact of the warrant
against the types of offences that the AFP or the ACIC is seeking to prevent, detect or
frustrate through the use of the network activity warrant.
119. As a network activity warrant authorises the use of any computer that is, from time to
time, used, or likely to be used, by any of the individuals in the criminal network of
individuals, the reach of a network activity warrant could be substantial. This criterion
requires the eligible Judge or nominated AAT member to assess whether the effect of the
warrant is commensurate to the nature and seriousness of the kinds of offences that are the
subject of the warrant.
Amendment 26 - Schedule 2, item 9, page 43 (line 22)
120. This amendment amends paragraph 27KM(2)(f) to require the eligible Judge or nominated
AAT member to have regard to any privacy implications of persons who are lawfully
using a computer where the execution of the warrant is likely to result in access to data.
This information need only be included in the application to the extent that it is known to
the AFP or the ACIC.
121. Access to data, including of third party persons, will invariably intrude on personal
privacy. This provision requires the eligible Judge or nominated AAT member to have
regard to the implications of such an intrusion, to the extent that it is known. For example,
if the target computer includes a computer used by multiple family members, or a
computer at a public library, the personal privacy of other users might be affected by the
execution of the warrant. This would be relevant to the question of justifiability and
proportionality as provided for in paragraph 27KM(1)(aa).
122. It is open to the eligible Judge or nominated AAT member to consider broader third party
impacts when determining network activity warrant applications. For example, depending
on the circumstances, the eligible Judge or nominated AAT member may decide to
consider whether the execution of the warrant could impact on a person's ability to
provide or receive care, or have contact with family members. The eligible Judge or
nominated AAT member may also wish to consider whether the execution of the warrant
would result in access to, or disruption of, data of a lawyer, and whether this information
would be subject to legal professional privilege. To the extent the AFP or the ACIC is
aware of information relevant to broader third party impacts such as those outlined above,
this information should be included in the affidavit supporting the application.
31
Amendment 27 - Schedule 2, item 9, page 43 (after line 22)
123. This amendment inserts additional matters the eligible Judge or nominated AAT member
must have regard to in determining whether a network activity warrant should be issued.
124. The eligible Judge or nominated AAT member must also consider whether he or she
believes on reasonable grounds that the data held in the computer is of a person working in
their professional capacity as a journalist, or a journalist's employer, and whether each of
the offences sought to be prevented, detected or frustrated under the warrant is an offence
against a secrecy provision. If so, the eligible Judge or nominated AAT member must have
regard to whether the public interest in issuing the warrant outweighs the public interest in
protecting the confidentiality of the identity of the journalist's source and the public
interest in facilitating the exchange of information between the journalist and members of
the public as to facilitate reporting on matters in the public interest. If the AFP or the
ACIC is aware of information relevant to whether the data held in the computer is that of a
journalist, or a journalist's employer, this information should be included in the affidavit
supporting the application.
125. The concept of a 'journalist' mirrors the approach in Division 4C of Part 4-1 of the TIA
Act, which creates a framework for national security and law enforcement agencies to
obtain journalist information warrants to allow the authorisation of carriers to disclose
telecommunication data for the purpose of identifying a journalist's source. Similar to
Division 4C of Part 4-1 of the TIA Act, the term 'journalist' is not defined. Indicators that
a person is acting in a professional capacity include regular employment, adherence to
enforceable ethical standards and membership of a professional body.
126. One circumstance under which the activities of journalists and media organisations could
become subject to the exercise of law enforcement powers, including a network activity
warrant, is the unauthorised disclosure or publication of information that is made or
obtained in a person's capacity as a Commonwealth officer. It is important that the AFP
and the ACIC are able to investigate the unauthorised disclosure of information that, if
disclosed, is inherently harmful or would otherwise cause harm to Australia's interests.
However, this provision recognises that such investigations should be conducted while
also protecting press freedom through consideration for the importance in maintaining the
confidentiality of journalist's sources, and reporting on matters in the public interest. For
this reason, the provision is limited to where the warrant is sought for suspected breaches
of secrecy provisions.
127. In deciding whether data that is covered by the warrant is of a person who is working in a
professional capacity as a journalist or of an employer of such a person, consideration will
need to be given to the connection between the data being disrupted and the person.
Examples of when data is of a person include data that was created by, and in the
possession of the person. Where the target computer is owned by the journalist, there
would be a strong presumption that the data held in that computer would be of the
journalist.
32
Amendment 28 - Schedule 2, item 6, page 43 (after line 24)
128. This amendment inserts new subsection 27KM(2A) which provides for certain matters to
which the eligible Judge or nominated AAT member must give weight when taking into
consideration the nature and gravity of the conduct constituting the kinds of offences
targeted in determining the application for a network activity warrant under section 27KM.
These are the same matters which must be given weight to with respect to decisions to
issue data disruption warrants at new subsection 27KC(3).
129. The issuing authority must have regard to the nature and gravity of the conduct
constituting the kinds of offences in relation to which information will be obtained under
the network activity warrant under subsection 27KM(2)(a). This amendment provides that
while considering the nature and gravity of the conduct, the issuing authority must give
weight to whether the conduct amounts to, causes, involves or is related to the matters
listed. Requiring the issuing authority to 'give weight to' such matters will cause them to
attach a particular importance to these matters, or regard them to be especially relevant for
the purposes of considering this matter. This ensures that the significance of these kinds of
conduct is given greater weight over other kinds of conduct that are not listed.
130. Importantly, this does not prevent a network activity warrant from being issued where the
conduct constituting the offences targeted is not covered by those kinds of conduct (see
subsection 27KM(5)), provided that in those cases the issuing authority is satisfied that, in
all the circumstances, the issue of the warrant is justified and proportionate.
131. As with data disruption warrants, network activity warrants are intended to be used to
frustrate serious criminality perpetrated on the dark web and through the use of
anonymising technologies. The matters listed in subsection 27KM(2A) reflect the most
serious kinds of conduct in relation to which a network activity warrant could be issued.
Providing express consideration of these matters assists the issuing authority in having
regard to the nature and gravity of the conduct constituting the offences, as part of
determining whether execution of the warrant is justified and proportionate. For example,
the issuing authority may consider that there is an increased likelihood of the execution of
the warrant being justified and proportionate if the conduct constituting the kinds of
relevant offences is of a kind included in the list, rather than if the conduct related to a
lesser form of offending that is not listed.
132. In considering the nature and gravity of the conduct constituting the offences targeted by
the warrant, the issuing authority must give weight to whether the offence meets one of the
following categories.
133. The first category is whether the conduct amounts to an activity against the security of the
Commonwealth, or an offence against Chapter 5 of the Criminal Code (new paragraph
27KM(2A)(a)). A network activity warrant could be sought for the purposes of, for
example, collecting intelligence on a terrorist organisation's planning of a terror attack,
and enable the agency to gather evidence about the plot and potential offenders.
134. The second category is whether the conduct amounts to an activity against the proper
administration of Government, or an offence against Chapter 7 of the Criminal Code (new
33
paragraph 27KM(2A)(b)). For example, this could include conduct involving corrupting
benefits given to, or received by, a Commonwealth public official. It is important this kind
of conduct is captured in circumstances where the AFP or the ACIC is seeking to uncover,
identify and frustrate trusted insiders who are assisting transnational, serious and
organised crime groups in carrying out their illegal activities, and may be communicating
with groups on dedicated encrypted platforms.
135. The third category is whether the conduct causes, or has the potential to cause, serious
violence, or serious harm, to a person, or amounts to an offence against Chapter 8 of the
Criminal Code (new paragraph 27KM(2A)(c)). The inclusion of 'serious harm'
acknowledges some serious crime types against a person may not always involve violence
- such as trafficking in persons or forced labour. For example, a network activity warrant
may be sought in order to collect intelligence relating to child abuse material on an online
platform.
136. The fourth category is whether the conduct causes, or has the potential to cause, a danger
to the community, or amounts to an offence against Chapter 9 of the Criminal Code (new
paragraph 27KM(2A)(d)). A network activity warrant could be sought for the purposes of,
for example, collecting intelligence relating to a dark web marketplace to frustrate
trafficking of drugs and firearms by a serious and organised crime group. Similarly, a
network access warrant could be sought to target the dedicated communications platform
used by unidentified members of an organised crime group, to gather intelligence about a
planned importation of drugs or firearms.
137. The fifth category is whether the conduct causes, or has the potential to cause, substantial
damage to, or loss of, data, property or critical infrastructure, or amounts to an offence
against Chapter 10 of the Criminal Code (new paragraph 27KM(2A)(e)). This includes
money laundering offences in Part 10.2 and various cybercrime offences in Part 10.7 of
the Criminal Code. A network activity warrant could, for example, be used to collect
intelligence on cybercrime syndicates who operate malware and cause harm to victims
within Australia.
138. The sixth category is whether the conduct involves, or is related to, the commission of
transnational crime, serious crime, or organised crime that is not covered by any of the
preceding paragraphs. Including this sixth category is important because transnational,
serious and organised crime groups will frequently be involved in a broad range of serious
offending, including criminal activity which facilitates their larger criminal conspiracy.
139. New subsection 27KM(2B) provides that the requirement to give weight to the matters
listed at subsection 27KC(2A) does not preclude the issuing authority from considering
any additional matters that he or she considers appropriate in the circumstances. This
accounts for consideration of other offences, including any preparatory offences in relation
to the kinds of conduct set out above. For example, this may include other incidental
offences that may be directly or indirectly connected with, or may be a part of, a course of
activity involve the commission of any conduct constituting the kinds referred to above.
140. New subsection 27KM(2C) clarifies that the requirement to give weight to the matters
listed at subsection 27KM(2A) does not prevent a network activity warrant from being
34
issued in a case where the conduct constituting the offences does not fall within the listed
categories. Importantly, new subsection 27KM(2A) does not restrict the types of offences
in respect of which network activity warrants can be issued, or raised the offence threshold
for the application for these warrants.
141. Rather, new subsection 27KC(2A) ensures that the issuing authority attaches a particular
importance to these matters, or regards them to be especially relevant for the purposes of
deciding whether to issue the warrant. If the conduct constituting the kinds of offences in
relation to which information may be obtained is not covered by the kinds of conduct
listed, the applicant may wish to provide additional justification to ensure that the issuing
authority may become satisfied that the execution of the warrant is justifiable and
proportionate in the circumstances.
142. It is important to ensure that network activity warrants are able to be issued in respect of
relevant offences within meaning of section 6. This will ensure that the AFP and the ACIC
can investigate all relevant telecommunications and computer offences in the Criminal
Code where the majority of offending will be facilitated using computer networks and
where evidence will be held in computers.
Amendment 29 - Schedule 2, item 6, page 43 (after line 30)
143. This amendment defines a secrecy provision as a law that prohibits the communication,
divulging or publication of information, or the production or publication of a document.
This term is used in subparagraph 27KM(2)(fa)(ii). Examples of secrecy provisions
include offences contrary to Part 5.6 of the Criminal Code, section 45 of the SD Act and
section 63 of the TIA Act.
Amendments 30 and 31 - Schedule 2, item 9, page 46 (lines 25 and 26) and page 49
(line 3)
144. These amendments requires a computer or other thing removed under a network activity
warrant to be returned as soon reasonably practicable to do so when the purposes of doing
any thing authorised in the warrant no longer exists including where it is not required to
conceal the fact that any thing has been done under the warrant.
145. A computer may need to be removed from premises to allow the AFP or the ACIC to
analyse, or obtain access to, the data held on it, using specialised equipment located
offsite. The category of other things that may be removed is limited to things that are, in
some way, needed to execute the warrant. This will often be data storage devices or other
peripheral items for the operation of a computer but may also include, for example, a piece
of paper with a password written on it or a computer manual. It could also include a safe
or vehicle believed to contain such information that is otherwise unable to be accessed
during the entry to a premises.
146. What is reasonably practicable will depend on the facts and circumstances of each case.
For example, if it is unsafe or that there is no reasonable opportunity for officers to return
the computer or other thing without alerting a target person that they might be under
investigation, then in those circumstances it might not be reasonably practicable to return
35
the computer or other thing, regardless of the period of time. However, as soon as it
becomes practicable to do so, the computer or other thing must be returned.
Amendment 32 - Schedule 2, page 66 (after line 14)
147. This amendment amends section 64A of the SD Act which relates to assistance orders for
computer access warrants, network activity warrants and emergency authorisations given
in response to an application under subsection 28(1A), 29(1A) or 30(1A) of the SD Act.
148. Subsection 64A(7A) requires an eligible Judge or nominated AAT member who is
determining whether an assistance order should be granted to have regard to whether the
person is, or has been subject to another assistance order under the SD Act or the Crimes
Act, so far as that matter is known to the eligible Judge or nominated AAT member. This
requires the eligible Judge or nominated AAT member to consider the burden on the
person subject to the order. However, just because a person has been the subject of another
assistance order does not mean the eligible Judge or nominated AAT member is prevented
from granting the assistance order. If the AFP or the ACIC is aware of information
relevant to this consideration, this information should be included in the affidavit
supporting the application.
149. Subsection 64A(7B) clarifies that the eligible Judge or nominated AAT member is not
limited by subsection 64A(7A) as to the matters to which they may have regard.
150. Subsections 64A(7C) and (7D) provides that assistance orders cease to be in force when
the warrant or emergency authorisation under which the assistance order has been
obtained, ceases to be in force.
151. Subsection 64A(7E) provides that a person who in good faith, acts in compliance with an
assistance order is not subject to any civil liability arising from those acts.
152. For avoidance of doubt, an assistance order for a computer access warrant, network
activity warrant or emergency authorisation given in response to an application under
subsection 28(1A), 29(1A) or 30(1A) of the SD Act cannot ever authorise the detention of
a person.
Amendment 33 - Schedule 3, item 4, page 101 (before line 12)
153. This amendment inserts new section 3ZZUMA in Division 2 of Part IAAC of the Crimes
Act. Division 2 of Part IAAC establishes the framework for the AFP and the ACIC to
obtain account takeover warrants.
154. New section 3ZZUMA provides that Division 2 of Part IAAC ceases to have effect five
years after Division 2 of Part IAAC commences. Division 2 of Part IAAC commences the
day after the Act receives the Royal Assent. The effect of this provision is that the account
takeover provisions in Division 2 of Part IAAC will only be operative for five years
following commencement.
36
155. This ensures that while an account takeover warrant can only be issued or executed during
this five-year period, the reporting obligations and oversight arrangements for account
takeover warrants can continue to operate beyond this timeframe.
Amendments 34 to 36 - Schedule 3, item 4, page 101 (lines 25, 27 to 29, 31)
156. These amendments amend section 3ZZUN of the Crimes Act.
157. Section 3ZZUN requires an application for an account takeover warrant to be made in
person, unless the applicant believes that it is impracticable to do so.
158. Subsections 3ZZUN(2A) to (2D) set out what an application for an account takeover
warrant must contain. This amendment provides that the affidavit supporting the
application for an account takeover must set out certain matters.
159. Subsection 3ZZUN(2A) requires that an application must specify the name of the
applicant, the nature and duration of the warrant sought, and be supported by an affidavit
setting out the grounds on which the warrant is sought, unless subsection (2B) applies.
160. Subsection 3ZZUN(2B) provides that if a law enforcement officer believes that taking
control of the target accounts is immediately necessary for the purpose of enabling
evidence to be obtained of the commission of the offence and it is impracticable for an
affidavit to be prepared or sworn before an application for a warrant is made, then an
application for an account takeover warrant can be made before an affidavit is sworn. This
subsection is triggered in urgent circumstances.
161. Subsection 3ZZUN(2C) provides that in such urgent circumstances, the applicant must
nevertheless provide as much information to the magistrate as the magistrate considers
reasonably practicable in the circumstances, and a sworn affidavit must be provided to the
magistrate no later than 72 hours after making the application.
162. Subsection 3ZZUN(2D) provides that if an affidavit has been prepared, whether sworn or
unsworn, and transmission by fax is available, then the applicant must transmit a copy of
the fax to the magistrate.
Amendment 37 - Schedule 3, item 4, page 102 (after line 23)
163. This amendment inserts additional matters to which the magistrate must have regard in
determining whether an account takeover warrant should be issued.
164. Paragraph 3ZZUP(2)(da) requires the magistrate to consider the extent to which the
execution of the warrant is likely to impact on persons lawfully using a computer, so far as
that matter is known to the magistrate. For example, the magistrate may decide to refuse
an application for an account takeover warrant if a third party person's ability to conduct
their business and personal affairs is likely to be disproportionately impacted by the
execution of a warrant in light of its purpose. If the AFP or the ACIC is aware of
information relevant to this consideration, this information should be included in the
affidavit supporting the application.
37
165. It is open to the magistrate to consider broader third party impacts when determining
account takeover warrant applications. For example, depending on the circumstances, the
magistrate may decide to consider whether the execution of the warrant could impact on a
person's ability to provide or receive care, or have contact with family members. The
magistrate may also wish to consider whether the execution of the warrant would result in
access to, or disruption of, data of a lawyer, and whether this information would be subject
to legal professional privilege. To the extent the AFP or the ACIC is aware of information
relevant to broader third party impacts such as those outlined above, this information
should be included in the affidavit supporting the application.
166. Paragraph 3ZZUP(2)(db) requires the magistrate to consider the extent to which the
execution of the warrant is likely to cause a person to suffer a temporary loss of money,
digital currency or property other than data. This consideration need only be made so far
as the matter is known to the issuing authority. If the AFP or the ACIC is aware of
information relevant to this consideration, this information should be included in the
affidavit supporting the application.
167. Paragraph 3ZZUR(8)(b) provides that an account takeover warrant must not be executed
in a manner that causes a person to suffer a permanent loss of money, digital currency or
property other than data. The AFP or the ACIC is permitted to access or modify data
associated with a person's financial accounts under an account takeover warrant, but only
where those modifications do not result in permanent loss. An account takeover warrant
only authorises the AFP or the ACIC to take exclusive control of an online account for the
period of the warrant. Any other activity or use of the account must be authorised by a
separate warrant or a controlled operation, as the circumstances dictate.
168. Requiring the magistrate to have regard to any temporary loss likely to be incurred under
an account takeover warrant safeguards against any undue impact on a person's finances,
including third parties.
169. The magistrate must also consider whether he or she believes on reasonable grounds that
each target account is held by a person who is a person working in their professional
capacity as a journalist, or a journalist's employer, and whether the alleged relevant
offences in which the warrant has been sought is an offence against a secrecy provision. If
so, the magistrate must have regard to whether the public interest in issuing the warrant
outweighs the public interest in protecting the confidentiality of the identity of the
journalist's source and the public interest in facilitating the exchange of information
between the journalist and members of the public as to facilitate reporting on matters in
the public interest. If the AFP or the ACIC is aware of information relevant to whether
each target account is held by a person who is a journalist, or a journalist's employer, this
information should be included in the affidavit supporting the application.
170. The concept of a 'journalist' mirrors the approach in Division 4C of Part 4-1 of the TIA
Act, which creates a framework for national security and law enforcement agencies to
obtain journalist information warrants to allow the authorisation of carriers to disclose
telecommunication data for the purpose of identifying a journalist's source. Similar to
Division 4C of Part 4-1 of the TIA Act, the term 'journalist' is not defined. Indicators that
38
a person is acting in a professional capacity include regular employment, adherence to
enforceable ethical standards and membership of a professional body.
171. One circumstance under which the activities of journalists and media organisations could
become subject to the exercise of law enforcement powers, including an account takeover
warrant, is the unauthorised disclosure or publication of information that is made or
obtained in a person's capacity as a Commonwealth officer. It is important that the AFP
and the ACIC are able to investigate the unauthorised disclosure of information that, if
disclosed, is inherently harmful or would otherwise cause harm to Australia's interests.
However, this provision recognises that such investigations should be conducted while
also protecting press freedom through consideration for the importance in maintaining the
confidentiality of journalist's sources, and reporting on matters in the public interest. For
this reason, the provision is limited to where the warrant is sought for suspected breaches
of secrecy provisions.
Amendment 38 - Schedule 3, item 4, page 102 (after line 28)
172. This amendment inserts new subsection 3ZZUP(3) which provides for certain matters to
which the magistrate must give weight when taking into consideration the nature and
gravity of the alleged relevant offences in respect of which an account takeover warrant is
sought in determining the application under section 3ZZUP. These are the same matters to
which weight must be given with respect to decisions to issue data disruption warrants and
network activity warrants at new subsections 27KC(3) and 27KM(2A) of the SD Act.
173. The issuing authority must have regard to the nature and gravity of the alleged relevant
offence, or alleged relevant offences, in respect of which an account takeover warrant is
sought under paragraph 3ZZUP(2)(a). This amendment provides that while considering
the nature and gravity of the conduct, the issuing authority must give weight to whether
the conduct amounts to, causes, involves or is related to the matters listed. Requiring the
issuing authority to 'give weight to' such matters will cause them to attach a particular
importance to these matters, or regard them to be especially relevant for the purposes of
considering this matter. This ensures that the significance of these kinds of conduct is
given greater weight over other kinds of conduct that are not listed.
174. Importantly, this does not prevent an account takeover warrant from being issued where
the conduct constituting the alleged relevant offence is not covered by those kinds of
conduct (see subsection 3ZZUP(5)), provided that in those cases the issuing authority is
satisfied that, in all the circumstances, the issue of the warrant is proportionate.
175. As with data disruption warrants and network activity warrants, account takeover warrants
are intended to be used to frustrate serious criminality perpetrated on the dark web and
through the use of anonymising technologies. The matters listed in subsection 3ZZUP(3)
reflect the most serious kinds of conduct in relation to which an account takeover warrant
could be issued. Providing express consideration of these matters assists the issuing
authority in having regard to the nature and gravity of the conduct constituting the
offences, as part of determining whether an account takeover warrant should be issued,
upon being satisfied of the grounds on which it was sought at paragraph 3ZZUP(1)(a). For
example, the issuing authority may consider that there is an increased likelihood of the
39
execution of the warrant satisfying the issuing criteria if the conduct constituting the
relevant offence is of a serious kind included in the list, rather than if the conduct related
to a lesser form of offending that is not listed.
176. In considering the nature and gravity of the conduct constituting the offences targeted by
the warrant, the issuing authority must give weight to whether the offence meets one of the
following categories.
177. The first category is whether the conduct amounts to an activity against the security of the
Commonwealth, or an offence against Chapter 5 of the Criminal Code (new paragraph
3ZZUP(3)(a)). An account takeover warrant could be sought for the purposes of, for
example, investigating a terrorist organisation's planning of a terror attack, and enable the
agency to gather evidence about the plot and potential offenders.
178. The second category is whether the conduct amounts to an activity against the proper
administration of Government, or an offence against Chapter 7 of the Criminal Code (new
paragraph 3ZZUP(3)(b)). For example, this could include conduct involving corrupting
benefits given to, or received by, a Commonwealth public official. It is important this kind
of conduct is captured in circumstances where the AFP or the ACIC is seeking to uncover,
identify and frustrate trusted insiders who are assisting transnational, serious and
organised crime groups in carrying out their illegal activities, and may be communicating
with groups on dedicated encrypted platforms.
179. The third category is whether the conduct causes, or has the potential to cause, serious
violence, or serious harm, to a person, or amounts to an offence against Chapter 8 of the
Criminal Code (new paragraph 3ZZUP(3)(c)). The inclusion of 'serious harm'
acknowledges some serious crime types against a person may not always involve violence,
such as trafficking in persons or forced labour. For example, an account takeover warrant
may be sought to investigate offences relating to child abuse material on an online
platform.
180. The fourth category is whether the conduct causes, or has the potential to cause, a danger
to the community, or amounts to an offence against Chapter 9 of the Criminal Code (new
paragraph 3ZZUP(3)(d)). An account takeover warrant could be sought for the purposes
of, for example, investigating a dark web marketplace involved in trafficking of drugs and
firearms by a serious and organised crime group.
181. The fifth category is whether the conduct causes, or has the potential to cause, substantial
damage to, or loss of, data, property or critical infrastructure, or amounts to an offence
against Chapter 10 of the Criminal Code (new paragraph 3ZZUP(3)(e)). This includes
money laundering offences in Part 10.2 and various cybercrime offences in Part 10.7 of
the Criminal Code. An account takeover warrant could, for example, be used to frustrate
the ability for cybercrime syndicates to operate malware and cause harm to victims within
Australia.
182. The sixth category is whether the conduct involves, or is related to, the commission of
transnational crime, serious crime, or organised crime that is not covered by any of the
preceding paragraphs. Including this sixth category is important because transnational,
40
serious and organised crime groups will frequently be involved in a broad range of serious
offending, including criminal activity which facilitates their larger criminal conspiracy.
183. New subsection 3ZZUP(4) provides that the requirement to give weight to the matters
listed at subsection 3ZZUP(2A) does not preclude the issuing authority from considering
any additional matters that he or she considers appropriate in the circumstances. This
accounts for consideration of other offences, including any preparatory offences in relation
to the kinds of conduct set out above. For example, this may include other incidental
offences that may be directly or indirectly connected with, or may be a part of, a course of
activity involve the commission of any conduct constituting the kinds referred to above.
184. New subsection 3ZZUP(4) clarifies that the requirement to give weight to the matters
listed at subsection 3ZZUP(3) does not prevent an account takeover warrant from being
issued in a case where the conduct constituting the offences does not fall within the listed
categories. Importantly, new subsection 3ZZUP(3) does not restrict the types of offences
in respect of which account takeover warrants can be issued, or raised the offence
threshold for the application for these warrants.
185. Rather, new subsection 3ZZUP(3) ensures that the issuing authority attaches a particular
importance to these matters, or regards them to be especially relevant for the purposes of
deciding whether to issue the warrant. If the conduct constituting the alleged offences in
relation to which the warrant is sought is not covered by the kinds of conduct listed, the
applicant may wish to provide additional justification to ensure that the issuing authority
may become satisfied of the grounds on which the application was made.
186. New subsection 3ZZUP(6) defines a secrecy provision as a law that prohibits the
communication, divulging or publication of information, or the production or publication
of a document. This term is used in subparagraph 3ZZUP(2)(dc)(ii). Examples of secrecy
provisions include offences contrary to Part 5.6 of the Criminal Code, section 45 of the SD
Act and section 63 of the TIA Act.
Amendment 39 - Schedule 3, item 4, page 110 (before line 10)
187. This amendment inserts new section 3ZZUWA in Division 3 of Part IAAC of the Crimes
Act. Division 3 of Part IAAC establishes the framework for the AFP and the ACIC to
obtain emergency authorisations for taking control of online accounts.
188. New section 3ZZUWA provides that Division 3 of Part IAAC ceases to have effect five
years after this Bill commences. The effect of this provision is that the emergency
authorisations for taking control of online accounts in Division 3 of Part IAAC will only
be operative for five years following commencement.
189. This ensures that while an emergency authorisation can only be issued or executed during
this five-year period, the reporting obligations and oversight arrangements for emergency
authorisations will continue to operate beyond this timeframe.
41
Amendment 40 - Schedule 3, item 4, page 115 (after line 18)
190. This amendment amends section 3ZZVG of the Crimes Act which relates to assistance
orders for account takeover warrants and emergency authorisations given under section
3ZZUX of the Crimes Act.
191. Subsection 3ZZVG(2A) requires a magistrate who is determining whether an assistance
order should be granted to have regard to whether the person is, or has been subject to
another assistance order under the SD Act or the Crimes Act, so far as that matter is
known to the magistrate. This requires the magistrate to consider the burden on the person
subject to the order. However, just because a person has been the subject of another
assistance order does not mean the magistrate is prevented from granting the assistance
order. If the AFP or the ACIC is aware of information relevant to this consideration, this
information should be included in the application.
192. Subsection 3ZZVG(2B) clarifies that the magistrate is not limited by subsection
3ZZVG(2A) as to the matters to which they may have regard.
193. Subsections 3ZZVG(2C) and (2D) provides that assistance orders cease to be in force
when the warrant or emergency authorisation under which the assistance order has been
obtained, ceases to be in force.
194. Subsection 3ZZVG(2E) provides that a person who in good faith, acts in compliance with
an assistance order is not subject to any civil liability arising from those acts.
195. An assistance order for an account takeover warrant or emergency authorisation given
under section 3ZZUX of the Crimes Act cannot ever authorise the detention of a person.
Amendments 41 to 56 - Schedule 3, item 4, page 120 to 122
196. These amendments amend the reporting requirements from the agencies to the Minister
and the Commonwealth Ombudsman from six-monthly to annually.
197. The purpose of these amendments are to align reporting requirements relating to account
takeover warrants and emergency authorisations with the requirements under other Crimes
Act regimes that the Commonwealth Ombudsman oversees, such as the assumed identity
framework under Part IAC and the witness identity protection certificate framework under
Part IACA (see subsections 15LD(1) and 15MU(1) respectively).
Amendment 57 - Schedule 3, item 4, page 128 (lines 17 and 18)
198. This amendment amends the period between the Commonwealth Ombudsman's inspection
of the agencies records to ensure compliance with Part IAAC of the Crimes Act from six-
monthly to annually.
199. The purpose of this amendment is to align the frequency of the Commonwealth
Ombudsman's inspection period of records relating to account takeover warrants and
emergency authorisations with the requirements under other Crimes Act regimes that the
42
Commonwealth Ombudsman oversees, such as the controlled operation framework under
Part IAB (see subsection 15HS(1)).
200. Annual rather than six-monthly inspections will provide the Commonwealth Ombudsman
with greater flexibility and discretion in managing the oversight of account takeover
warrants and emergency authorisations.
Amendment 58 - Schedule 3, item 4, page 132 (lines 26 and 27)
201. This amendment amends the period in which the Commonwealth Ombudsman must make
a written report to the Minister of the results of his or her inspection under Part IAAC of
the Crimes Act from six-monthly to annually.
202. The purpose of this amendment is to align the Ombudsman's reporting requirements
relating to account takeover warrants and emergency authorisations with the requirements
under other Crimes Act regimes that the Commonwealth Ombudsman oversees, such as
the controlled operation framework under Part IAB (see subsection 15HO(1)).
203. Annual rather than six-monthly reporting will provide the Commonwealth Ombudsman
with greater flexibility and discretion in managing the oversight of account takeover
warrants.
Amendments 59 - Schedule 3, page 134 (after line 26)
204. This amendment amends the National Emergency Declaration Act 2020 to remove the
ability for the Minister to modify, by determination, a provision of Part IAAC of the
Crimes Act that requires or permits certain matters when a national emergency declaration
is in force. This amendment ensures that the requirements of Part IAAC, like other warrant
powers in the Crimes Act, cannot be disapplied by the Minister during a national
emergency.
Amendment 60 - Page 135
205. This amendment amends the INSLM Act and the IS Act to provide a legislative basis for
the INSLM and the PJCIS to review the operation, effectiveness and implications of
Schedules 1, 2 and 3 of the Bill as it relates to network activity warrants, data disruption
warrants and account takeover warrants. As the powers introduced under this Bill are new
and novel, and have the potential to impact the general public as well as law enforcement
agencies, it is appropriate that it is independently reviewed.
206. Subsection 6(1E) of the INSLM Act requires the INSLM to commence its review of
Schedules 1, 2 and 3 of the Bill within three years from the day the Bill receives Royal
Assent.
207. Paragraph 29(1)(bcaa) of the Intelligence Services Act 2001 provides the PJCIS with the
function of reviewing Schedules 1, 2 and 3 of the Bill as soon as practicable after four
years from the day the Bill receives Royal Assent, if the PJCIS resolves to do so.
43
44
Index]
[Search]
[Download]
[Bill]
[Help]