Hear this story and other latest updates on our Let's Talk Security Podcast Episode here:

Listen on Apple Podcasts
google-podcasts-logo-6

This would repeal the existing parts of three Acts to form a new one that covers the use of computer access and surveillance devices powers and combine them to avoid duplication, contradictory definitions, and any further ad hoc amendments to the existing three Acts.

Electronic surveillance powers enable agencies to use electronic or technical means, which would otherwise be unlawful, to covertly listen to a person's conversations, access a person's electronic data, observe certain aspects of a person's behaviour, and track a person's movements. Currently, these powers are contained within the Telecommunications (Interception and Access) Act 1979 (TIA Act), the Surveillance Devices Act 2004 (SD Act), and the Australian Security Intelligence Organisation Act 1979 (ASIO Act).

Parts of the Telecommunications Act 1997 and the Criminal Code Act 1995 are also directly relevant when considering these powers.

Those are a lot of acts, and they also think that they are no longer fit for purpose, since they are almost 30 to 70 years old, And after 40 years of continued amendments, problems with the framework have accumulated.

The framework contains a range of highly intrusive powers that are functionally equivalent, but controls and regulates their use in a highly inconsistent fashion.

To summarise, the core definitions in a new electronic surveillance Act should: Provide clarity to agencies, oversight bodies, and the public about the scope of agencies' powers; ensure that there are no gaps in the types of information that agencies may intercept, access, or obtain under warrants and authorisations; and be capable of applying to new technologies over time.

Under a new electronic surveillance Act, the Attorney-General should be given the power to require a company to develop and maintain a specified attribute-based interception capability. If such a capability has been developed, agencies should be able to obtain attribute-based interception warrants in cases where it will be practicable for the warrant to be executed.