Government agencies investigated by Commonwealth Ombudsman.
Australia’s Commonwealth Ombudsman has found that Government agencies have not adequately kept the records relating to agencies’ use of stored communications and telecommunications data, as needed under the Telecommunications (Interception and Access) Act 1979 (the Act).
The Ombudsman can investigate complaints about actions and decisions of Australian Government agencies to see if they are wrong, unjust, unlawful, discriminatory or just plain unfair.
The Ombudsman recently released its report Monitoring agency access to stored communications and telecommunications data under Chapters 3 and 4 of the Telecommunications (Interception and Access) Act 1979 For the period 1 July 2018 to 30 June 2019
The report found 10 inspections of agencies’ use of stored communications powers under Chapter 3 of the Act and 10 inspections of agencies’ use of telecommunications data powers under Chapter 4 of the Act. We made 13 recommendations to four agencies.
The Ombudsman also made suggestions, including some better practice suggestions, to the agencies inspected.
“While we continue to see improvement in most agencies’ processes to manage the use of these powers and achieve compliance with the Act, we also identified areas at some agencies where further work is needed to adequately satisfy the Act’s requirements,” stated the report. “In addition, several issues that we identified during our 2017–18 inspections, were identified again in 2018–19 inspections.
While some of these were due to the retrospective nature of our inspections, in some instances we found that agencies had not taken adequate remedial action to address our previous findings.”
According to the Ombudsman, stored communications are communications that have already occurred and are stored on a carrier’s systems—they contain the content of the communication.
An agency must apply to an external issuing authority (such as a judge or eligible Administrative Appeals Tribunal member) for a warrant to access stored communications.
Before a warrant is issued, an agency may authorise the ‘preservation’ of a stored communication to ensure it is retained by the carrier until such time as the communication can be accessed under a warrant. Telecommunications data is information about a communication but does not include the content or substance of that communication.
Agencies may internally authorise access to this information, subject to a number of conditions and requirements. However, if an agency wishes to access telecommunications data that will identify a journalist’s information source, the agency must apply to an external issuing authority for a warrant before it can make such an authorisation.
Access to stored communications and telecommunications data intrudes on an individual’s right to privacy but occurs covertly, so they will not know it has occurred and will not have access to complaint or other review mechanisms that would ordinarily be available if an individual considers action has been taken unreasonably.
This makes independent oversight of these powers essential, particularly for telecommunications data powers because the decision to authorise the intrusion into a person’s privacy is generally made by the agency rather than an external issuing authority.