Protection of Communications:
Telecommunications Act 1997 (C'th)

Last Updated: 12 Oct 2006


This section provides an overview of the provisions of the Telecommunications Act 1997 (Cth) relevant to privacy protection and regulation of access by government agencies to information about telecommunications users and their communications.

During the period 15 December 2004 to 12 June 2006, this Act was the only legislation regulating access by government agencies to stored communications (i.e. email, SMS and voice mail messages stored on carriage service providers' equipment). Those provisions were subject to a sunset clause which was due to expire in mid June 2006.

The law was changed effective from 13 June 2006 to significantly improve privacy protection for stored communications. From that date, access to stored communications has been regulated by the Telecommunications (Interception and Access) Act 1979 ("TIA Act") which restricts access to stored communications from carriage service providers (includes ISPs) to agencies that have been able to obtain a new type of warrant named a "stored communications warrant" (see EFA's page about the TIA Act for more information).

Contents


Telecommunications Act 1997 (C'th)

The Telecommunications Act 1997 (Cth) applies to telecommunications carriers and carriage service providers which includes Internet Service Providers (ISPs), all of which are referred to as "CSPs" (carriage service providers) in this document.

The Act includes provisions obligating CSPs to protect the privacy of communications and personal information about telecommunications users, except when disclosure of particular information is authorised by the law. (In addition, CSPs are required to comply with the Privacy Act 1988 (C'th) unless the small business exemption applies to them).

Part 13 of the Telecommunications Act 1997, titled "Protection of Communications", makes it an offence for a CSP and its employees to use or disclose any information or document which comes into its possession in the course of its CSP business, where the information relates to:

  • the contents or substance of a communication carried by the CSP (delivered or not); or
  • carriage services supplied, or intended to be supplied, by the CSP; or
  • the affairs or personal particulars of another person.

Exceptions to the prohibition on disclosure of information include:

  • where the disclosure is reasonably necessary for the enforcement of the criminal law, enforcement of a law imposing a pecuniary penalty, and protection of public revenue;
  • where the disclosure is made to ASIO for the performance of its functions;
  • where the disclosure is required or is otherwise authorised under a warrant or under law.

In relation to exceptions, Part 14 obligates CSPs to give officers and authorities of the Commonwealth, States and Territories such help (which includes providing information about Internet users and their use of the Internet) as is "reasonably necessary" for the enforcement of the criminal law, or the enforcement of laws imposing pecuniary penalties or the protection of the public revenue. In addition, Part 15 obligates CSPs to ensure that their network is able to intercept a communication passing over it in accordance with an interception warrant issued under the Telecommunications (Interception and Access) Act 1979.

The type of customer information an ISP may be required to disclose includes:

  • the identity, source, path and destination of nominated Internet services, which may come from sources including:
    • customer registration details;
    • destination and origin email addresses for (user) target communications;
    • calling line identification (for user access links);
    • geographical location of a target service;
    • network/traffic related data; and
    • log files (for example, back up tapes showing details of a subscribers Internet sessions, including files received),
    and/or
  • the content of nominated communications.

In relation to the content or substance of communications (as distinct from source or destination email addresses, etc), the law was changed effective from 13 June 2006. From that date, disclosure of the content or substance of communications by CSPs to law enforcement agencies has been subject to the enforcement agency obtaining a stored communications warrant issued under the provisions of the Telecommunications (Interception and Access) Act 1979 (see EFA's page about the TIA Act for more information).

The primary means by which ISPs (and other telecommunications carriage service providers and carriers) can be required to disclose information to government agencies are:

Part 13/Section 282 Telecommunications Act requests

Part 13 of the Telecommunications Act allows criminal law enforcement, public revenue and civil penalty enforcement agencies (defined in subsection 282(10) of the Act) to make certified and uncertified requests for the disclosure of customer information.

In the case of a certified request, a CSP is entitled to rely on the written certification of a senior officer of an authorised agency that the disclosure is "reasonably necessary". The telecommunications regulator, the Australian Communications & Media Authority, has developed a Determination of Requirements in relation to complying with this section of the Act.

In the case of an uncertified request, an agency may make a written request that sets out the offence provision being investigated and the CSP must make a judgement and be satisfied that the disclosure of the information is "reasonably necessary" for the enforcement of criminal law, protection of public revenue or enforcement of a law imposing a pecuniary penalty.

The above provisions have resulted in massive invasion of citizens' privacy without a search warrant. Further, it appears that powers to access telecommunications information, originally intended to combat serious crime, have been being used for numerous other purposes. For example, in February 2001 The Age reported:

"Watchdog groups are demanding urgent changes to a system that last year allowed police and other government agencies to access confidential phone records on more than a million occasions without search warrants.

The Australian Communications Authority has confirmed that telecommunications companies passed on information to law-enforcement and other government agencies 998,548 times in 1999-2000 - a move condemned as wholesale invasion of privacy.

The extraordinary access to phone records does not include information given to the Australian Security Intelligence Organisation, which is believed to be substantial and which the agency is not obliged to disclose.

The information revealed included telephone accounts, numbers dialled, the time calls were made and their duration, and use of the Internet. These disclosures were made at a rate of more than 19,000 a week, or nearly 4000 on any working day.

This process is separate from telephone interception, or phone tapping, which has also increased dramatically in the past three years, but which requires law-enforcement officers to obtain a warrant. ..."

(Source: Anger at plundered phone records, Brendan Nicholson, The Age, 4 Feb 2001)

Warrants and other forms of authorisation by or under law

Section 280(1) of the Telecommunications Act 1997 states that CSPs are not prohibiting from disclosure or use of information or a document if:

"(a) in a case where the disclosure or use is in connection with the operation of an enforcement agency - the disclosure or use is required or authorised under a warrant; or
(b) in any other case - the disclosure or use is required or authorised by or under law."

(Enforcement agency has the same meaning as in Section 282, i.e. a criminal law-enforcement agency, a civil penalty-enforcement agency, or a public revenue agency.)

It should be noted however that effective from 13 June 2006, Section 280 does not authorise CSPs to disclose the content or substance of stored communications in response to a search warrant because the provisions of the Telecommunications (Interception and Access) Act 1979 prohibit access by agencies from CSPs unless the agency has obtained a stored communications warrant. (See EFA's page about the TIA Act for information about stored communications warrants).


Forthcoming Amendments to the Act

In the August 2005 Report of the Review of the Regulation of Access to Communications, commissioned by the government and prepared by Anthony S Blunn AO, Mr Blunn found that:

"[T]he provisions of the Telecommunications Act 1997 governing access to stored communications are inadequate and inappropriate".
"[T]he present distribution of functions relating to accessing telecommunications data for security and law enforcement purposes between Parts 13, 14 and 15 of the Telecommunications Act 1997 and the Telecommunications (Interception) Act 1979 is complicated, confusing and dysfunctional".
and stated that:
"1.8.9. In my view, and as illustrated by the issue of stored communications, the provisions of these Parts [of the Telecommunications Act] which deal fundamentally with access to data for security and law enforcement purposes do not sit comfortably in the Telco Act.
...
1.8.10. Accordingly, at least in-so-far as they relate to accessing telecommunications data for security and law enforcement purposes, I have recommended that they be incorporated into legislation dealing comprehensively and over-ridingly with data access. This would provide a basis for consistency in application, greater responsiveness and remove the confusion caused by different legislation providing different regimes and using different language for what are basically the same issues.
"

In conjunction with introducing the 2006 amendments to the TIA Act which significantly improved the laws governing access to stored communications, the government stated that other recommendations of the Blunn Review were under consideration with a view to introducing further amendments to relevant legislation in the Spring 2006 session of Parliament.

It is therefore reasonably likely that some of the provisions of Part 13 of the Telecommunications Act 1997, such as the provisions of Section 282 and 280 discussed above, may be amended/transferred into the TIA Act in order to result in that legislation "dealing comprehensively and over-ridingly with data access".

EFA recommended in our submissions to the Blunn Review and to the Senate Legislation Committee inquiry into the 2006 amendments to the TIA Act that Sections 280 and 282 of the Telecommunications Act 1997, at the least, be amended to make readily clear and apparent that the provisions of the TIA Act in relation to stored communications over-ride the Telec. Act. EFA remains of the view that such amendments are necessary in order to eliminate any potential for confusion.


Other Resources