I present a supplementary explanatory memorandum to the bill. By leave—I move government amendments (1) to (60), as circulated, together:
(1) Clause 2, page 2 (table item 4), after “3,”, insert “3A,”.
(2) Schedule 1, item 13, page 5 (before line 13), before section 27KA, insert:
27KAA Sunsetting
This Division ceases to have effect 5 years after it commences.
(3) Schedule 1, item 13, page 6 (lines 8 and 9), omit paragraph 27KA(3)(b), substitute:
(b) subject to this section, must be supported by an affidavit setting out:
(i) the grounds on which the warrant is sought; and
(ii) the things proposed to be authorised by the warrant in accordance with section 27KE; and
(iii) an assessment of how disruption of data held in the target computer is likely to substantially assist as described in paragraph (1)(c), to the extent that such an assessment is possible; and
(iv) an assessment of the likelihood that disruption of data held in the target computer will substantially assist as described in paragraph (1)(c), to the extent that such an assessment is possible.
(4) Schedule 1, item 13, page 7 (after line 9), after section 27KB, insert:
27KBA Endorsement of application — Australian Federal Police
(1) A law enforcement officer of the Australian Federal Police (or another person on the law enforcement officer’s behalf) must not make an application for the issue of a data disruption warrant unless the making of the application has been endorsed, either orally or in writing, by an endorsing officer of the Australian Federal Police.
(2) An endorsing officer of the Australian Federal Police must not endorse the making of an application for the issue of a data disruption warrant unless the endorsing officer is satisfied that the making of the application is appropriate in all the circumstances.
(3) For the purposes of this section, an endorsing officer of the Australian Federal Police means:
(a) a law enforcement officer of the Australian Federal Police who is declared, in writing, by the chief officer of the Australian Federal Police to be an endorsing officer of the Australian Federal Police; or
(b) a person who is in a class of law enforcement officers of the Australian Federal Police that is declared, in writing, by the chief officer of the Australian Federal Police to be a class of endorsing officers of the Australian Federal Police.
(4) The chief officer of the Australian Federal Police must not make a declaration under paragraph (3)(a) in relation to a law enforcement officer of the Australian Federal Police unless:
(a) the law enforcement officer is a superintendent, or a person holding a higher rank, in the Australian Federal Police; and
(b) the chief officer is satisfied that the law enforcement officer has the relevant skills, knowledge and experience to endorse the making of applications for the issue of data disruption warrants; and
(c) the chief officer is satisfied that the law enforcement officer has completed all current internal training requirements relating to endorsing the making of applications for the issue of data disruption warrants.
(5) The chief officer of the Australian Federal Police must not make a declaration under paragraph (3)(b) in relation to a class of law enforcement officers of the Australian Federal Police unless:
(a) each person in that class is a superintendent, or a person holding a higher rank, in the Australian Federal Police; and
(b) the chief officer is satisfied that each person in that class has the relevant skills, knowledge and experience to endorse the making of applications for the issue of data disruption warrants; and
(c) the chief officer is satisfied that each person in that class has completed all current internal training requirements relating to endorsing the making of applications for the issue of data disruption warrants.
(6) A declaration under this section is not a legislative instrument.
27KBB Endorsement of application — Australian Crime Commission
(1) A law enforcement officer of the Australian Crime Commission (or another person on the law enforcement officer’s behalf) must not make an application for the issue of a data disruption warrant unless the making of the application has been endorsed, either orally or in writing, by an endorsing officer of the Australian Crime Commission.
(2) An endorsing officer of the Australian Crime Commission must not endorse the making of an application for the issue of a data disruption warrant unless the endorsing officer is satisfied that the making of the application is appropriate in all the circumstances.
(3) For the purposes of this section, an endorsing officer of the Australian Crime Commission means:
(a) a law enforcement officer of the Australian Crime Commission who is declared, in writing, by the chief officer of the Australian Crime Commission to be an endorsing officer of the Australian Crime Commission; or
(b) a person who is in a class of law enforcement officers of the Australian Crime Commission that is declared, in writing, by the chief officer of the Australian Crime Commission to be a class of endorsing officers of the Australian Crime Commission.
(4) The chief officer of the Australian Crime Commission must not make a declaration under paragraph (3)(a) in relation to a law enforcement officer of the Australian Crime Commission unless:
(a) the law enforcement officer is an executive level member of the staff of the Australian Crime Commission; and
(b) the chief officer is satisfied that the law enforcement officer has the relevant skills, knowledge and experience to endorse the making of applications for the issue of data disruption warrants; and
(c) the chief officer is satisfied that the law enforcement officer has completed all current internal training requirements relating to endorsing the making of applications for the issue of data disruption warrants.
(5) The chief officer of the Australian Crime Commission must not make a declaration under paragraph (3)(b) in relation to a class of law enforcement officers of the Australian Crime Commission unless:
(a) each person in that class is an executive level member of the staff of the Australian Crime Commission; and
(b) the chief officer is satisfied that each person in that class has the relevant skills, knowledge and experience to endorse the making of applications for the issue of data disruption warrants; and
(c) the chief officer is satisfied that each person in that class has completed all current internal training requirements relating to endorsing the making of applications for the issue of data disruption warrants.
(6) A declaration under this section is not a legislative instrument.
(5) Schedule 1, item 13, page 7 (line 15), omit “justifiable”, substitute “reasonably necessary”.
(6) Schedule 1, item 13, page 7 (after line 33), after paragraph 27KC(2)(c), insert:
(ca) the nature of the things proposed to be authorised by the warrant in accordance with section 27KE; and
(cb) the extent to which the execution of the warrant is likely to result in access to, or disruption of, data of persons lawfully using a computer, and any privacy implications (to the extent known) resulting from that access or disruption; and
(cc) any steps that are proposed to be taken to avoid or minimise the extent to which the execution of the warrant is likely to impact on persons lawfully using a computer; and
(cd) the extent to which the execution of the warrant is likely to cause a person to suffer a temporary loss of:
(i) money; or
(ii) digital currency; or
(iii) property (other than data);
so far as that matter is known to the eligible Judge or nominated AAT member; and
(ce) if:
(i) the eligible Judge or nominated AAT member believes on reasonable grounds that the data covered by the warrant (within the meaning of section 27KE) is data of a person who is working in a professional capacity as a journalist or of an employer of such a person; and
(ii) each of the offences referred to in paragraph 27KA(1)(c) is an offence against a secrecy provision;
whether the public interest in issuing the warrant outweighs:
(iii) the public interest in protecting the confidentiality of the identity of the journalist’s source; and
(iv) the public interest in facilitating the exchange of information between journalists and members of the public so as to facilitate reporting of matters in the public interest; and
(7) Schedule 1, item 13, page 8 (after line 3), at the end of section 27KC, add:
(3) For the purposes of having regard to the nature and gravity of the conduct constituting the offences referred to in paragraph 27KA(1)(c), the eligible Judge or a nominated AAT member must give weight to the following matters:
(a) whether that conduct amounts to:
(i) an activity against the security of the Commonwealth; or
(ii) an offence against Chapter 5 of the Criminal Code;
(b) whether that conduct amounts to:
(i) an activity against the proper administration of Government; or
(ii) an offence against Chapter 7 of the Criminal Code;
(c) whether that conduct:
(i) causes, or has the potential to cause, serious violence, or serious harm, to a person; or
(ii) amounts to an offence against Chapter 8 of the Criminal Code;
(d) whether that conduct:
(i) causes, or has the potential to cause, a danger to the community; or
(ii) amounts to an offence against Chapter 9 of the Criminal Code;
(e) whether that conduct:
(i) causes, or has the potential to cause, substantial damage to, or loss of, data, property or critical infrastructure; or
(ii) amounts to an offence against Chapter 10 of the Criminal Code;
(f) whether that conduct involves, or is related to, the commission of:
(i) transnational crime; or
(ii) serious crime; or
(iii) organised crime;
that is not covered by any of the preceding paragraphs.
(4) Subsection (3) does not limit the matters that may be considered by the eligible Judge or nominated AAT member.
(5) To avoid doubt, this Act does not prevent a data disruption warrant from being issued in a case where the conduct constituting the offences referred to in paragraph 27KA(1)(c) is not covered by subsection (3).
(6) For the purposes of this section, secrecy provision means a provision of a law of the Commonwealth or of a State that prohibits:
(a) the communication, divulging or publication of information; or
(b) the production of, or the publication of the contents of, a document.
(8) Schedule 1, item 13, page 11 (lines 3 and 4), omit “within a reasonable period”, substitute “as soon as is reasonably practicable to do so once the computer or thing is no longer required for the purposes of doing any thing authorised by the warrant”.
(9) Schedule 1, item 13, page 11 (lines 29 and 30), omit “justified and proportionate, having regard to the offences covered by the warrant”, substitute “reasonably necessary, and proportionate, to do one or more of the things specified in the warrant”.
(10) Schedule 1, item 13, page 13 (lines 16 and 17), omit “justified and proportionate, having regard to the offences covered by the warrant”, substitute “reasonably necessary, and proportionate, to do one or more of the things specified in the warrant or authorised by subsection (9)”.
(11) Schedule 1, item 13, page 13 (line 20), omit “within a reasonable period”, substitute “as soon as is reasonably practicable to do so once the computer or thing is no longer required for the purposes of doing any thing mentioned in paragraph (9)(c)”.
(12) Schedule 1, item 13, page 13 (lines 24 to 26), omit “justified and proportionate, having regard to the offences covered by the warrant”, substitute “reasonably necessary, and proportionate, to do one or more of the things specified in the warrant or authorised by subsection (9)”.
(13) Schedule 1, page 16 (before line 25), before item 14, insert:
13A Before section 28
Insert:
27KU Sunsetting — emergency authorisation for disruption of data held in a computer
(1) Subsections 28(1C) and (1D) cease to have effect 5 years after they commence.
(2) An emergency authorisation for disruption of data held in a computer has no effect after the end of the 5-year period beginning at the commencement of this section.
(14) Schedule 1, item 15, page 17 (after line 4), after paragraph 28(1C)(b), insert:
(ba) there are no alternative methods that:
(i) could have been used by law enforcement officers to help reduce or avoid that risk; and
(ii) are likely to be as effective as disruption of data held in the target computer; and
(15) Schedule 1, item 17, page 17 (before line 20), before subsection 28(5), insert:
(4A) In deciding whether to give an emergency authorisation for disruption of data held in a computer, the appropriate authorising officer must have regard to:
(a) the extent to which the execution of the emergency authorisation is likely to result in access to, or disruption of, data of persons lawfully using a computer; and
(b) whether the likely impact of the execution of the emergency authorisation on persons lawfully using a computer is proportionate, having regard to the risk of serious violence or substantial damage referred to in paragraph (1C)(a).
(4B) Subsection (4A) does not limit the matters to which the appropriate authorising officer may have regard.
(16) Schedule 1, item 17, page 17 (line 24), omit “justified”, substitute “reasonably necessary”.
(17) Schedule 1, item 41, page 28 (line 30), before “If”, insert “(1)”.
(18) Schedule 1, item 41, page 29 (after line 6), at the end of section 49C, add:
(2) If:
(a) a data disruption warrant was issued in response to an application made by a law enforcement officer of a law enforcement agency; and
(b) the person executing the warrant becomes aware that a thing mentioned in subsection 27KE(2) that was done under the warrant has caused material loss or damage to one or more persons lawfully using a computer;
the chief officer of the law enforcement agency must:
(c) notify the Ombudsman:
(i) that the thing has caused material loss or damage to one or more persons lawfully using a computer; and
(ii) of the particulars of that loss or damage; and
(d) do so within 7 days after the person executing the warrant became so aware.
(19) Schedule 1, page 29 (after line 32), after item 46, insert:
46A At the end of section 64
Add:
(3) If:
(a) a person suffers loss or injury as a result of the use of:
(i) a computer; or
(ii) a telecommunications facility operated or provided by the Commonwealth or a carrier; or
(iii) any other electronic equipment; or
(iv) a data storage device;
for the purpose of obtaining access to, or disrupting, data that is held in the computer; and
(b) the use of the computer, facility, equipment or device, as the case may be, was authorised by an emergency authorisation for disruption of data held in a computer; and
(c) the giving of the emergency authorisation was not approved under section 35B;
the Commonwealth is liable to pay to the person who has suffered the loss or injury:
(d) such compensation as is agreed on between the Commonwealth and that person; or
(e) in default of such an agreement—such compensation as is determined by action against the Commonwealth in a court of a State or Territory that has jurisdiction in relation to the matter.
(20) Schedule 1, item 47, page 31 (after line 2), after paragraph 64B(2)(a), insert:
(aa) in a case where the computer is the subject of a data disruption warrant—the assistance order is reasonable and necessary to enable the warrant to be executed; and
(ab) in a case where the computer is the subject of a data disruption warrant—the assistance order is justifiable and proportionate, having regard to:
(i) the nature and gravity of the conduct constituting the offences referred to in paragraph 27KA(1)(c); and
(ii) the likely impact of compliance with the assistance order on the specified person, so far as that matter is known to the eligible Judge or nominated AAT member; and
(iii) the likely impact of compliance with the assistance order on other persons (including persons who may lawfully be using the computer), so far as that matter is known to the eligible Judge or nominated AAT member; and
(21) Schedule 1, item 47, page 31 (after line 9), after paragraph 64B(2)(b), insert:
(ba) in a case where the computer is the subject of an emergency authorisation given in response to an application under subsection 28(1C)—the assistance order is reasonable and necessary to enable the emergency authorisation to be executed; and
(bb) in a case where the computer is the subject of an emergency authorisation given in response to an application under subsection 28(1C)—the assistance order is justifiable and proportionate, having regard to:
(i) the risk of serious violence or substantial damage referred to in paragraph 28(1C)(a); and
(ii) the likely impact of compliance with the assistance order on the specified person, so far as that matter is known to the eligible Judge or nominated AAT member; and
(iii) the likely impact of compliance with the assistance order on other persons (including persons who may lawfully be using the computer), so far as that matter is known to the eligible Judge or nominated AAT member; and
(22) Schedule 1, item 47, page 32 (after line 13), after subsection 64B(2), insert:
(2A) In determining whether the assistance order should be granted, the eligible Judge or nominated AAT member must have regard to whether the specified person is, or has been, subject to:
(a) another order under this section; or
(b) an order under section 64A of this Act; or
(c) an order under section 3LA or 3ZZVG of the Crimes Act 1914;
so far as that matter is known to the eligible Judge or nominated AAT member.
(2B) Subsection (2A) does not limit the matters to which the eligible Judge or nominated AAT member may have regard.
Duration of assistance order
(2C) If an assistance order is granted in relation to a computer that is the subject of a data disruption warrant, the order ceases to be in force when the warrant ceases to be in force.
(2D) If an assistance order is granted in relation to a computer that is the subject of an emergency authorisation given in response to an application under subsection 28(1C), the order ceases to be in force when the emergency authorisation ceases to be in force.
Protection from civil liability
(2E) A person is not subject to any civil liability in respect of an act done by the person:
(a) in compliance with an assistance order; or
(b) in good faith in purported compliance with an assistance order.
(23) Schedule 2, item 8, page 40 (lines 2 to 9), omit subsection 7A(1), substitute:
(1) For the purposes of this Act, a criminal network of individuals is an electronically linked group of individuals, where:
(a) in a case where each individual in the group uses, or is likely to use, the same electronic service as at least one other individual in the group—the use of that electronic service enables any of the individuals in the group to:
(i) engage in conduct that constitutes a relevant offence; or
(ii) communicate with any of the individuals in the group about any of the individuals in the group engaging in conduct that constitutes a relevant offence; or
(iii) facilitate the engagement, by another person (whether or not an individual in the group), in conduct that constitutes a relevant offence; or
(iv) communicate with any of the individuals in the group about facilitating the engagement, by another person (whether or not an individual in the group), in conduct that constitutes a relevant offence; or
(b) in a case where each individual in the group communicates with at least one other individual in the group by electronic communication—the electronic communication enables any of the individuals in the group to:
(i) engage in conduct that constitutes a relevant offence; or
(ii) communicate with any of the individuals in the group about any of the individuals in the group engaging in conduct that constitutes a relevant offence; or
(iii) facilitate the engagement, by another person (whether or not an individual in the group), in conduct that constitutes a relevant offence; or
(iv) communicate with any of the individuals in the group about facilitating the engagement, by another person (whether or not an individual in the group), in conduct that constitutes a relevant offence.
(24) Schedule 2, item 9, page 40 (before line 19), before section 27KK, insert:
27KKA Sunsetting
This Division ceases to have effect 5 years after it commences.
(25) Schedule 2, item 9, page 42 (after line 26), after paragraph 27KM(1)(a), insert:
(aa) that the issue of the warrant is justified and proportionate, having regard to the kinds of offences in relation to which information will be obtained under the warrant; and
(26) Schedule 2, item 9, page 43 (line 22), after “computer”, insert “, and any privacy implications (to the extent known to the eligible Judge or nominated AAT member) resulting from that access”.
(27) Schedule 2, item 9, page 43 (after line 22), after paragraph 27KM(2)(f), insert:
(fa) if:
(i) the eligible Judge or nominated AAT member believes on reasonable grounds that the data covered by the warrant (within the meaning of section 27KP) is data of a person who is working in a professional capacity as a journalist or of an employer of such a person; and
(ii) each of the offences referred to in paragraph 27KK(1)(b) is an offence against a secrecy provision;
whether the public interest in issuing the warrant outweighs:
(iii) the public interest in protecting the confidentiality of the identity of the journalist’s source; and
(iv) the public interest in facilitating the exchange of information between journalists and members of the public so as to facilitate reporting of matters in the public interest; and
(28) Schedule 2, item 6, page 43 (after line 24), after subsection 27KM(2), insert:
(2A) For the purposes of having regard to the nature and gravity of the conduct constituting the kinds of offences in relation to which information will be obtained under the warrant, the eligible Judge or nominated AAT member must give weight to the following matters:
(a) whether that conduct amounts to:
(i) an activity against the security of the Commonwealth; or
(ii) an offence against Chapter 5 of the Criminal Code;
(b) whether that conduct amounts to:
(i) an activity against the proper administration of Government; or
(ii) an offence against Chapter 7 of the Criminal Code;
(c) whether that conduct:
(i) causes, or has the potential to cause, serious violence, or serious harm, to a person; or
(ii) amounts to an offence against Chapter 8 of the Criminal Code;
(d) whether that conduct:
(i) causes, or has the potential to cause, a danger to the community; or
(ii) amounts to an offence against Chapter 9 of the Criminal Code;
(e) whether that conduct:
(i) causes, or has the potential to cause, substantial damage to, or loss of, data, property or critical infrastructure; or
(ii) amounts to an offence against Chapter 10 of the Criminal Code;
(f) whether that conduct involves, or is related to, the commission of:
(i) transnational crime; or
(ii) serious crime; or
(iii) organised crime;
that is not covered by any of the preceding paragraphs.
(2B) Subsection (2A) does not limit the matters that may be considered by the eligible Judge or nominated AAT member.
(2C) To avoid doubt, this Act does not prevent a network activity warrant from being issued in a case where the conduct constituting the kinds of offences in relation to which information will be obtained under the warrant is not covered by subsection (2A).
(29) Schedule 2, item 6, page 43 (after line 30), at the end of section 27KM, add:
(4) For the purposes of this section, secrecy provision means a provision of a law of the Commonwealth or of a State that prohibits:
(a) the communication, divulging or publication of information; or
(b) the production of, or the publication of the contents of, a document.
(30) Schedule 2, item 9, page 46 (lines 25 and 26), omit “within a reasonable period”, substitute “as soon as is reasonably practicable to do so once the computer or thing is no longer required for the purposes of doing any thing authorised by the warrant”.
(31) Schedule 2, item 9, page 49 (line 3), omit “within a reasonable period”, substitute “as soon as is reasonably practicable to do so once the computer or thing is no longer required for the purposes of doing any thing mentioned in paragraph (8)(c)”.
(32) Schedule 2, page 66 (after line 14), after item 31, insert:
31A After subsection 64A(7)
Insert:
(7A) In determining whether the assistance order should be granted, the eligible Judge or nominated AAT member must have regard to whether the specified person is, or has been, subject to:
(a) another order under this section; or
(b) an order under section 64B of this Act; or
(c) an order under section 3LA or 3ZZVG of the Crimes Act 1914;
so far as that matter is known to the eligible Judge or nominated AAT member.
(7B) Subsection (7A) does not limit the matters to which the eligible Judge or nominated AAT member may have regard.
Duration of assistance order
(7C) If an assistance order is granted in relation to a computer that is the subject of a computer access warrant or a network activity warrant, the order ceases to be in force when the warrant ceases to be in force.
(7D) If an assistance order is granted in relation to a computer that is the subject of an emergency authorisation given in response to an application under subsection 28(1A), 29(1A) or 30(1A), the order ceases to be in force when the emergency authorisation ceases to be in force.
Protection from civil liability
(7E) A person is not subject to any civil liability in respect of an act done by the person:
(a) in compliance with an assistance order; or
(b) in good faith in purported compliance with an assistance order.
(33) Schedule 3, item 4, page 101 (before line 12), before section 3ZZUN, insert:
3ZZUMA Sunsetting
This Division ceases to have effect 5 years after it commences.
(34) Schedule 3, item 4, page 101 (line 25), omit “by means of a written document signed by the applicant”, substitute “in person”.
(35) Schedule 3, item 4, page 101 (lines 27 to 29), omit “if the applicant has reason to believe that the delay caused by making a formal application may affect the success of the investigation—orally in person, or”, substitute “if the applicant believes that it is impracticable for the application to be made in person—”.
(36) Schedule 3, item 4, page 101 (after line 31), after subsection 3ZZUN(2), insert:
(2A) An application:
(a) must specify:
(i) the name of the applicant; and
(ii) the nature and duration of the warrant sought; and
(b) subject to this section, must be supported by an affidavit setting out the grounds on which the warrant is sought.
Unsworn applications
(2B) If a law enforcement officer believes that:
(a) taking control of the target accounts is immediately necessary, in the course of the investigation mentioned in paragraph (1)(c), for the purpose of enabling evidence to be obtained of the commission of the offences mentioned in that paragraph; and
(b) it is impracticable for an affidavit to be prepared or sworn before an application for a warrant is made;
an application for an account takeover warrant under subsection (1) may be made before an affidavit is prepared or sworn.
(2C) If subsection (2B) applies, the applicant must:
(a) provide as much information as the magistrate considers is reasonably practicable in the circumstances; and
(b) not later than 72 hours after the making of the application, send a duly sworn affidavit to the magistrate, whether or not a warrant has been issued.
(2D) If:
(a) subsection (2B) applies; and
(b) transmission by fax is available; and
(c) an affidavit has been prepared;
the person applying must transmit a copy of the affidavit, whether sworn or unsworn, to the magistrate who is to determine the application.
(37) Schedule 3, item 4, page 102 (after line 23), after paragraph 3ZZUP(2)(d), insert:
(da) the extent to which the execution of the warrant is likely to impact on persons lawfully using a computer, so far as that matter is known to the magistrate; and
(db) the extent to which the execution of the warrant is likely to cause a person to suffer a temporary loss of:
(i) money; or
(ii) digital currency; or
(iii) property (other than data);
so far as that matter is known to the magistrate; and
(dc) if:
(i) the magistrate believes on reasonable grounds that each target account is held by a person who is working in a professional capacity as a journalist or of an employer of such a person; and
(ii) the alleged relevant offence, or each of the alleged relevant offences, in respect of which the warrant is sought is an offence against a secrecy provision;
whether the public interest in issuing the warrant outweighs:
(iii) the public interest in protecting the confidentiality of the identity of the journalist’s source; and
(iv) the public interest in facilitating the exchange of information between journalists and members of the public so as to facilitate reporting of matters in the public interest; and
(38) Schedule 3, item 4, page 102 (after line 28), at the end of section 3ZZUP, add:
(3) For the purposes of having regard to the nature and gravity of the alleged relevant offence, or alleged relevant offences, in respect of which the warrant is sought, the magistrate must give weight to the following matters:
(a) whether the conduct constituting the alleged relevant offence, or alleged relevant offences, in respect of which the warrant is sought amounts to:
(i) an activity against the security of the Commonwealth; or
(ii) an offence against Chapter 5 of the Criminal Code;
(b) whether the conduct constituting the alleged relevant offence, or alleged relevant offences, in respect of which the warrant is sought amounts to:
(i) an activity against the proper administration of Government; or
(ii) an offence against Chapter 7 of the Criminal Code;
(c) whether the conduct constituting the alleged relevant offence, or alleged relevant offences, in respect of which the warrant is sought:
(i) causes, or has the potential to cause, serious violence, or serious harm, to a person; or
(ii) amounts to an offence against Chapter 8 of the Criminal Code;
(d) whether the conduct constituting the alleged relevant offence, or alleged relevant offences, in respect of which the warrant is sought:
(i) causes, or has the potential to cause, a danger to the community; or
(ii) amounts to an offence against Chapter 9 of the Criminal Code;
(e) whether the conduct constituting the alleged relevant offence, or alleged relevant offences, in respect of which the warrant is sought:
(i) causes, or has the potential to cause, substantial damage to, or loss of, data, property or critical infrastructure; or
(ii) amounts to an offence against Chapter 10 of the Criminal Code;
(f) whether the conduct constituting the alleged relevant offence, or alleged relevant offences, in respect of which the warrant is sought involves, or is related to, the commission of:
(i) transnational crime; or
(ii) serious crime; or
(iii) organised crime;
that is not covered by any of the preceding paragraphs.
(4) Subsection (3) does not limit the matters that may be considered by the magistrate.
(5) To avoid doubt, this Act does not prevent an account takeover warrant from being issued in a case where the conduct constituting the alleged relevant offence, or alleged relevant offences, in respect of which the warrant is sought is not covered by subsection (3).
(6) For the purposes of this section, secrecy provision means a provision of a law of the Commonwealth or of a State that prohibits:
(a) the communication, divulging or publication of information; or
(b) the production of, or the publication of the contents of, a document.
(39) Schedule 3, item 4, page 110 (before line 10), before section 3ZZUX, insert:
3ZZUWA Sunsetting
This Division ceases to have effect 5 years after it commences.
(40) Schedule 3, item 4, page 115 (after line 18), after subsection 3ZZVG(2), insert:
(2A) In determining whether the assistance order should be granted, the magistrate must have regard to whether the specified person is, or has been, subject to:
(a) another order under this section; or
(b) an order under section 3LA of this Act; or
(c) an order under section 64A or 64B of the Surveillance Devices Act 2004;
so far as that matter is known to the magistrate.
(2B) Subsection (2B) does not limit the matters to which the magistrate may have regard.
Duration of assistance order
(2C) If an assistance order is granted in relation to a computer that is the subject of an account takeover warrant, the order ceases to be in force when the warrant ceases to be in force.
(2D) If an assistance order is granted in relation to a computer that is the subject of an emergency authorisation, the order ceases to be in force when the emergency authorisation ceases to be in force.
Protection from civil liability
(2E) A person is not subject to any civil liability in respect of an act done by the person:
(a) in compliance with an assistance order; or
(b) in good faith in purported compliance with an assistance order.
(41) Schedule 3, item 4, page 120 (line 2), omit “6 monthly”, substitute “annual”.
(42) Schedule 3, item 4, page 120 (line 4), omit “and 31 December”.
(43) Schedule 3, item 4, page 120 (lines 9 and 10), omit “6 months”, substitute “12 months”.
(44) Schedule 3, item 4, page 120 (line 13), omit “6 months”, substitute “12 months”.
(45) Schedule 3, item 4, page 120 (lines 19 and 20), omit “6 months”, substitute “12 months”.
(46) Schedule 3, item 4, page 120 (line 26), omit “6 months”, substitute “12 months”.
(47) Schedule 3, item 4, page 120 (line 30), omit “6 months”, substitute “12 months”.
(48) Schedule 3, item 4, page 121 (line 2), omit “6 months”, substitute “12 months”.
(49) Schedule 3, item 4, page 121 (line 8), omit “6 months”, substitute “12 months”.
(50) Schedule 3, item 4, page 121 (line 15), omit “6 months”, substitute “12 months”.
(51) Schedule 3, item 4, page 121 (lines 26 and 27), omit “6 months”, substitute “12 months”.
(52) Schedule 3, item 4, page 121 (line 30), omit “6 months”, substitute “12 months”.
(53) Schedule 3, item 4, page 121 (lines 36 and 37), omit “6 months”, substitute “12 months”.
(54) Schedule 3, item 4, page 122 (lines 5 and 6), omit “6 months”, substitute “12 months”.
(55) Schedule 3, item 4, page 122 (line 10), omit “6 months”, substitute “12 months”.
(56) Schedule 3, item 4, page 122 (lines 19 and 20), omit “6 months”, substitute “12 months”.
(57) Schedule 3, item 4, page 128 (lines 17 and 18), omit “6 months”, substitute “12 months”.
(58) Schedule 3, item 4, page 132 (lines 26 and 27), omit “6 monthly”, substitute “12 monthly”.
(59) Schedule 3, page 134 (after line 26), at the end of the Schedule, add:
National Emergency Declaration Act 2020
5 Paragraph 15(8)(a)
After “IAAA,”, insert “IAAC,”.
(60) Page 135 (before line 1), before Schedule 4, insert:
Schedule 3A — Reviews
Independent National Security Legislation Monitor Act 2010
1 At the end of subsection 6(1)
Add:
; (e) the function conferred by subsection (1E).
2 Before subsection 6(2)
Insert:
(1E) The Independent National Security Legislation Monitor must:
(a) review the operation, effectiveness and implications of the amendments made by Schedules 1, 2 and 3 to the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021; and
(b) commence to do so before the end of the 3-year period beginning on the day that Act receives the Royal Assent.
Intelligence Services Act 2001
3 After paragraph 29(1)(bc)
Insert:
(bcaa) if the Committee resolves to do so—to commence, as soon as practicable after the fourth anniversary of the day the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021 receives the Royal Assent, a review of the operation, effectiveness and implications of the amendments made by Schedules 1, 2 and 3 to that Act; and
I thank the Parliamentary Joint Committee on Intelligence and Security—the committee—for its comprehensive review of the bill. The government has prepared amendments in response to recommendations made by the committee. The amendments I move today will enhance oversight of powers contained in the bill. In line with the committee’s recommendations, the Independent National Security Legislation Monitor—the INSLM—will commence a review of the powers in this bill within three years of the bill receiving royal assent. The PJCIS also has the option of reviewing the bill after four years from the bill receiving royal assent, and the powers will sunset five years from the date of royal assent. I am also introducing a series of amendments to give effect to a number of the committee’s recommendations which focused on strengthening arrangements for when these new powers can be applied for and issued. These amendments will strengthen the issuing criteria for data disruption warrants to include that the disruption of the data is reasonably necessary and proportionate; require additional matters to be specified in an application for data disruption and account takeover warrants, including, for example, the type of acts of data disruption that are proposed to be carried out under the warrant; and provide that an application for a data disruption warrant must be endorsed by a sufficiently senior officer who is of a rank that has been approved by the Commissioner of the Australian Federal Police or CEO of the Australian Criminal Intelligence Commission and who has completed the necessary training.
Amendments are also being introduced to strengthen protection for third parties and journalists. These amendments will ensure that loss or damage to innocent third parties as a result of a data disruption warrant can be caused only to the extent to which it is necessary and proportionate and will require notification of the Commonwealth Ombudsman, if this occurs; strengthen the issuing criteria for network activity warrants to include consideration of privacy implications, to the extent known, where the warrant is likely to result in access to data of persons who are lawfully using a computer; strengthen the issuing criteria for data disruption and account takeover warrants to include consideration of whether the power is likely to have an adverse impact on third parties, including privacy implications, to the extent known; and provide an additional public interest test for data disruption warrants, network activity warrants and account takeover warrants where an investigation of an unauthorised disclosure offence is in relation to a person working in a professional capacity as a journalist. On the issue of providing greater protection for journalists, I note that the government is committed to implementing the recommendations from the PJCIS press freedoms report, including the expansion of the public interest advocate regime. This issue is most appropriately addressed across all aspects of the electronic surveillance framework and will be progressed alongside holistic reforms to Australia’s electronic surveillance laws which are already underway.
Government amendments being introduced today also address a range of the committee’s recommendations in relation to assistance orders. These amendments will require assistance orders for data disruption warrants to be reasonably necessary to enable the warrant to be executed and the assistance sought to be justifiable and proportionate; require that issuing authorities consider whether a person is, or has been, subject to other mandatory assistance orders, to the extent known; clarify that a person may only be subject to an assistance order while a warrant or an emergency authorisation is in force; and provide protection from civil liability in respect of an act done in compliance with an assistance order or in good faith with an assistance order.
Each of the amendments I have outlined is intended to address the concerns identified by the committee which led to its recommendations. I particularly note recommendations 10 and 30, which were of significant focus during the committee’s consideration of the bill. The government has worked in good faith to address the committee’s concerns. The amendments I have introduced ensure that warrants for the new powers are more likely to be issued for more serious crime types whilst still being available to fight all forms of serious crime and to tighten the definition of ‘criminal network of individuals’ whilst still enabling valuable criminal intelligence to be collected. These amendments, like many others being introduced today, balance essential safeguards with the need to preserve the operational effectiveness of the new powers.
These government amendments do not address all of the committee’s recommendations. In particular, the committee made a number of recommendations proposing to expand the oversight role of the committee to the intelligence functions of the ACIC and AFP and extend the oversight remit of the Inspector-General of Intelligence and Security to include all intelligence functions of the AFP. The ACIC and AFP are already subject to extensive parliamentary oversight, including by the Parliamentary Joint Committee on Law Enforcement. Expanding IGIS oversight to all of the AFP’s intelligence functions is contrary to the recommendations of the comprehensive review of the framework governing the National Intelligence Community and the government’s public response to those recommendations.
In addition, there were several recommendations made by the committee which are more appropriately considered as part of the holistic review of Australia’s electronic surveillance framework currently underway. These include recommendations to expand the function of the Commonwealth Ombudsman to cover the proprietary of the AFP’s and ACIC’s policies and activities, remove the ability for AAT members to issue warrants under the bill and change postwarrant concealment powers.
I also note the committee’s recommendation that my department not make further submissions that are provided on behalf of the Home Affairs portfolio. Joint submissions have been longstanding practice of previous governments and remain appropriate today. Portfolio submissions provide the committee and public with a comprehensive overview of the operational, policy and legislative issues, all of which must be understood and considered as a whole for good policy development. I believe the Australian people expect the government to act in a coordinated and coherent way. This approach does not preclude portfolio agencies also providing additional submissions, as they did for this bill, to further assist the committee’s consideration of specific operational issues.
I’m also taking this opportunity to introduce two additional government amendments. The first makes minor amendments to the National Emergency Declaration Act 2020 to clarify that the minister’s power to modify administrative arrangement requirements during a national emergency does not apply to apply to account takeover warrants. The second would amend the frequency of the Ombudsman’s inspection of records relating to account takeover warrants and subsequent reports to the minister on these inspections from six to 12 monthly. The Ombudsman raised this amendment with the committee during its inquiry as giving the Ombudsman more flexibility in how it conducts its essential oversight role. Making this change is consistent with recommendation 17 of the committee on the frequency of agency reporting.
The new powers introduced by this bill are critical in enabling law enforcement to tackle the fundamental shift in how serious criminality is occurring online. Without enhancing the AFP’s and ACIC’s powers, we leave them with outdated ways of attacking an area of criminality that is only increasing in prevalence. I commend these amendments to the House.
Question agreed to.
Bill, as amended, agreed to.