of the net
This page is under development.
It covers -
The law enforcement and national security obligations
of ISPs are to -
provide Commonwealth and state/territory officials with
"reasonably necessary assistance" in relation
to enforcement of criminal law and laws imposing a pecuniary
penalty, protecting public revenue and safeguarding
their best to prevent their network and facilities being
used in commission of offences against Commonwealth
and state/territory laws
their network or facility is able to intercept a communication
passing over it, in accordance with a warrant issued
under the Telecommunications (Interception) Act
to the prohibition on disclosure of customer information
encompass where the disclosure is
necessary" for enforcement of the criminal law
or the protection of the public revenue
to ASIO for the performance of its functions
required or is otherwise authorised under a warrant
or under law.
must give reasonable help to agencies on terms and conditions
agreed by the agency and the ISP, and on the basis that
the ISP neither benefits from (nor assumes the costs of)
giving that help.
Customer information of interest includes -
the "identity, source, path and destination"
of nominated internet services, and/or
the content of nominated communications.
information needed to satisfy requests regarding the identity,
source, path and destination of nominated services may
customer registration details
destination and origin email addresses for
(user) target communications
calling line identification (for user access links)
geographical location of a target service
network/traffic related data
files (for example, back up tapes showing details of
a subscriber's sessions online, including files received).
information does not include network/traffic-related data,
ie information required through transmission through networks.
Australian and New Zealand legislation currently does
not specifically require ISPs (or other carriage service
providers) to keep this type of information for law enforcement
or national security purposes. However, a government agency
may request the holding of information pending further
information or court order. Agencies may request access
as part of the reasonably necessary assistance requirement
or may make a specific request that an ISP keep certain
information regarding a particular user.
Requests for access to customer information held by ISPs
Part 13 Telecommunications Act requests
warrants (either interception or general search)
notice authorised by, or under, law
by agencies to the content of an internet communication
in transit will amount to an interception, authorised
under the federal Telecommunications (Interception)
Once a communication has been accessed by the user (or
deemed to have been accessed, for instance, after it has
left the network, or has been stored), it may be accessed
by agencies acting under broader statutory or general
law powers. Those powers include a search warrant, a notice
to produce or an agency request for release of information
derived from powers authorised by or under law such as
section 280 of the federal Telecommunications Act
1997. That includes other statutory, judicial and
quasi-judicial powers, such as court orders made during
the discovery process, summons for witnesses to attend
and produce records and subpoenas for documents.
Part 13 of the Act allows criminal law enforcement, public
revenue and civil penalty enforcement agencies to make
certified and uncertified requests for the disclosure
of customer information.
For an uncertified request, the ISP must be satisfied
that the disclosure of the information is reasonably necessary
for the enforcement of criminal law, protection of public
revenue or enforcement of a law imposing a pecuniary penalty.
Certified requests are those where a senior officer of
a criminal law enforcement agency or a public revenue
agency certifies in writing that the disclosure is reasonably
necessary, with the ISP relying on that document that
disclosure is reasonably necessary. For uncertified requests,
the ISP must make the judgement that the disclosure is
The requirement to provide "reasonably necessary"
assistance does not apply to ASIO. Disclosures may be
made to an officer or employee of ASIO authorised in writing
by the Director-General of Security to receive the disclosure,
where it is made for the performance of ASIO functions,
or where the officer or employee certifies that the disclosure
is connected with those functions. ASIO requests will
usually be in writing, but ACMA notes that there may be
instances where an urgent verbal inquiry may be necessary.
A warrant may be used to access other customer information,
including stored communications. Agencies may choose not
to use the warrant process if the information may be requested
by other means.