PJCIS recommends passage of Bill that will allow incidental collection of Australian data

In less than a week, the Parliamentary Joint Committee on Intelligence and Security (PJCIS) has conducted a review into the Foreign Intelligence Legislation Amendment Bill that will allow for the practice of incidentally collecting the data of Australians, and recommended it be passed.

The Telecommunications Interception and Access Act (TIA Act) previously banned the practice, but the government and its security agencies have argued that Australia has been falling behind foreign agencies.

“The challenge with the existing foreign communications warrant is that the interception of domestic communications (communications that both start and end within Australia) is prohibited, even where that interception is inadvertent or unavoidable,” the PJCIS report said.

The report said this approach made sense when interception warrants were introduced in 2000, and the main ways to communicate where telephone and fax lines, which had “reliable geographic identifiers such as country code, city code and exchange code”, but the use of the internet has changed that environment.

“Advances in technology — particularly widespread use of internet‑based communications and mobile applications — mean that it can be impossible to know, at the point of interception, if a communication is foreign or domestic,” the report added.

“Currently, to avoid breaching the TIA Act, intelligence agencies do not intercept foreign communications where there is even the smallest risk of incidentally intercepting domestic communications. This considerable constraint on the collection of foreign intelligence is creating the real risk that intelligence agencies are missing critical foreign intelligence.”

The committee argued the changes would be accompanied by a set of “robust safeguards” including warrants only being able to be issued for obtaining foreign intelligence from foreign communications, the warrant request must specify the risk of interception domestic data, as well as having the Attorney-General create a mandatory written procedure that will cover screening domestic communications, destroying all domestic records captured, and that agencies need to alert the Inspector‑General of Intelligence and Security (IGIS) of when domestic data is captured.

The one loophole for keeping domestic data will be when communications “relates, or appears to relate” to circumstances that involve a “significant risk to a person’s life”.

“Only in the exceptional circumstance where there is a significant risk to life will intelligence agencies be able to rely on inadvertently intercepted domestic communications. This exception will ensure Australia’s intelligence agencies can respond to, for example, an imminent terrorist attack,” the report said.

Prior to the Attorney-General creating or modifying the procedure, they must consult with the Foreign Minister, Defence Minister, IGIS, and the head of ASIO.

“The Attorney‑General must review the mandatory procedure as soon as practicable within one year of it being issued, and then every 3 years,” the report said.

The Bill also includes powers allowing the Attorney-General to issue foreign intelligence warrants to collect “foreign intelligence on Australians in Australia who are acting for, or on behalf of, a foreign power”. This practice is also currently banned.

“These amendments will close a legislative gap where foreign intelligence can be collected offshore on an Australian working for a foreign power, but that same intelligence cannot be collected inside Australia on that Australian under a warrant,” the report said.

“There are circumstances where Australian citizens and permanent residents are of legitimate foreign intelligence interest. For example, where an Australian citizen is acting as an agent of a foreign state.”

The committee said during its inquiry it had been assured that non-compliance would be reported to IGIS, and recommended the Bill be amended to the PJCIS would also be informed about changes to the procedure, and the committee could review the Bill within five years of it receiving assent.

“The committee notes that this Bill aligns Australia with the Five Eyes community but with a stronger set of safeguards,” it said.

“These are not powers that the Parliament provides lightly and the committee sees its role in reviewing the provision of such powers as one of its most important functions.”

The Bill was referred to the PJCIS on Friday, and handed down its report on Wednesday after a single classified hearing.

“It is not ordinarily the preference of the committee to conduct private inquiries nor to do so on an expedited basis,” it wrote.

“The committee only agreed to in this instance because of the unique circumstances of this bill and the additional risks to Parliamentary sittings caused by the current COVID outbreaks.”

At the time of writing, the Bill had cleared the House with amendments and was in its second reading in the Senate.

On Wednesday, the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 cleared Parliament, and hands new powers to the Australian Federal Police and the Australian Criminal Intelligence Commission that would allow them to modify, add, copy, or delete data when dealing with online crime.

The new powers have a sunset clause of five years.

Related Coverage

• Australia’s ‘hacking’ Bill passes the Senate after House made 60 amendments
• PJCIS demands 23 changes before foreign entities get Australian data under IPO regime
• Home Affairs asks for a rush on Critical Infrastructure Bill to allow ASD to act lawfully
• Critical infrastructure Bill has a government ‘step in’ powers labelling problem
• The Chris Krebs case for including election systems as critical infrastructure