Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2016
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Version of 3 March 2015
Roger Clarke **
© Xamax Consultancy Pty Ltd, 2015
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/DV/TA313.html
The Telecommunications Act s.313 creates a very substantial and almost entirely uncontrolled power to 'request' providers of Internet services to "give such help as is reasonably necessary" to any government agency, of the Commonwealth, State or Territory, in respect of almost any law, nomatter how minor.
It only became apparent in recent years that this power is being used by a great many agencies for a great many purposes, many of them trivial. Moreover, there are almost no controls over the rampant abuse. And some agencies have applied the power in a technically incompetent manner, which has resulted in significant collateral damage. A Parliamentary Committee is considering what changes should be made to the provisions of s.313.
It is not clear that s.313 fulfils any justifiable need that is not addressed by other much better defined and controlled mechanisms. It is completely unacceptable in a democracy for the Parliament to grant the Executive powers that are convenient to the Executive, but that drive a truck through the careful balances that have been achieved over centuries of development of the law.
It is possible that s.313 does fill one or more gaps. If so, it is up to the affected agencies to publicly demonstrate that is the case, and sustain their argument in the face of counter-arguments. If a need is demonstrated, then the appropriate course of action is for the Executive to bring forward appropriate amendments to existing mechanisms. Under no circumstances should Parliament grant carte blanche to agencies, as s.313 does.
The Committee should recommend that s.313 be rescinded, and that the Executive be requested to bring forward arguments for specific and suitably constrained and controlled powers that address any gaps that may arise from its rescission.
In the event that the Committee does not recommend that s.313 be rescinded, the provisions require wholesale re-working, in order to overcome a long list of serious problems. The following comments summarise the key things that are wrong with it, and the necessary characteristics of a replacement for it.
The first set of issues relate to the scope of the powers.
Five categories of "purpose" are listed under s.313(3)(c)-(e), and all five are seriously problematical:
The Committee should recommend that the purpose be expressly limited to serious criminal laws, defined as those that have penalties of five or more years in gaol.
The relevant expression is "officers and authorities of the Commonwealth and of the States and Territories" (s.313(3)), without any apparent clarification or qualification. This represents hundreds of thousands of individuals in thousands of agencies. This is an extraordinary number of people and organisations, and the problem of enormous scope is compounded by the gross inadequacy of controls over their use of the power.
The Committee should recommend that a list of agencies be defined, and that the list include only those agencies that enforce serious criminal laws as defined in (1) above.
Under s.313(1) and (2), a moderate number of large 'carriers', at least 200-300 'carriage service providers' (ISPs), and some hundreds of 'carriage service intermediaries' (re-sellers, agents and Internet cafe-style providers) are subject to these 'requests'. These 500-1,000 organisations are mostly small companies, and have neither the competence or the resources to evaluate the reasonableness of the 'requests' - which accordingly are effectively 'demands'.
The Committee should recommend that the Executive provide an analysis of the categories of organisation on which 'requests' are to be made, and an assessment of alternative approaches to the definitions of those categories.
It is currently entirely unclear to the public, and indeed to the 500-1,000 companies, what they can be 'requested' to do.
The Committee should recommend that the actions that can be imposed on organisations be expressly stated and clearly defined.
The second set of issues relates to definition of the grounds on which the power may be exercised, and the threshhold tests to be applied in relation to each criterion.
There appears to be no definition of the basis at which a 'request' is justifiable, e.g. on the basis of the degree of gravity of a matter, or of the extent to which reasonable grounds for suspicion exist, and/or of the extent to which compliance with a request may assist the agency.
The Committee should recommend that the Executive propose the specific grounds that can be used to justify exercise of the power.
There appears to be no definition of the threshhold tests that need to be applied in order to determine whether a proposed exercise of the power is justified.
The Committee should recommend that the Executive propose, in respect of each ground, the specific threshhold conditions that must be satisfied; and that the threshholds apply standard regulatory principles, particularly those of justification and proportionality.
The third set of issues relates to measures to ensure that the exercise of the power is subject to controls over abuse and unintended consequences.
No meaningful information is published about agencies' invocation of s.313, what they use it for, how often, and what value it delivers. Specifically in respect of blocks arising from the Interpol Child Abuse list, the Committee states that "When a user seeks to access one of these sites, they are provided a block page that provides certain information, including reasons for the block, and contact details for any dispute". However, it is far from clear whether agencies in Australia apply such techniques.
The Committee should recommend that, in respect of every exercise of the power, an appropriate form of disclosure must be made. For example, in the case of the blocking of a web-page, an agency must be subject to a legal obligation to communicate the facts, and the dispute process.
There appear to be no process whereby any independent party tests whether the basis on which an officer proposes to issue a 'request' reaches whatever threshhold tests are applicable. In particular, the process does not include judicial warrants. Such an absence of controls is a gross breach of regulatory norms. In all circumstances, it is essential that the exercise of the power be subject to the pre-condition that a competent, resourced and independent party receive and consider the agency's justification, deny unreasonable proposals and authorise reasonable ones.
The Committee should recommend that the scheme involve an independent party that has the responsibility and authority to test whether the basis on which a requesting agency proposes exercise of the power satisfies the defined critera and reaches the applicable threshholds, failing which the agency cannot use the power.
Despite the almost complete absence of transparency, several instances of technical incompetence have come to light, which have caused considerable collateral damage. It is unacceptable for the Parliament to countenance amateurism in the application of such powers.
The Committee should recommend that the independent body referred to in (8) must have sufficient technical as well as legal competence.
Beyond transparency, demands by agencies must be able to be objected to, both by the organisation subject to the demand, and by parties who are or would be affected by the action.
The Committee should recommend that the Executive propose specific mechanisms whereby the exercise of the power can be contested by any affected party; and that wrongful or unjustifiably harmful exercise of the power be subject to sanctions.
The current s.313 is an embarrassment to the legislative drafters, to the Australian public, and to the Parliament. This Committee needs to recommend its rescission, or drastically overhaul the existing provisions.
Expressed in a manner that aligns with the Inquiry's Terms of Reference:
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in the Research School of Computer Science at the Australian National University.
He is also immediate past Chair of the Australian Privacy Foundation, and Company Secretary of the Internet Society of Australia.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 2 March 2015 - Last Amended: 3 March 2015 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/TA313.html