title for Australasian Telecommunications profile
home | about | site use | resources | publications | timeline   spacer graphic   Ketupa
overview

beginnings

competition

ISPs

hosting

agencies

regulation

backbone

periphery

numbering

demand

supply

futures

CIIP

crimes

policing

crises

statistics

landmarks 1

landmarks 2








related pages icon
related
Guides:

Networks
& GII

Security
& Infocrime

Censorship




related pages icon
related
Profiles:

Stalking

Bullying 

Suicide

Bombmaking

Messaging

Making sense
of the net

Communication
revolutions

section heading icon     policing

This page is under development.

It covers -

     introduction

The law enforcement and national security obligations of ISPs are to -

  • to provide Commonwealth and state/territory officials with "reasonably necessary assistance" in relation to enforcement of criminal law and laws imposing a pecuniary penalty, protecting public revenue and safeguarding national security
  • do their best to prevent their network and facilities being used in commission of offences against Commonwealth and state/territory laws
  • ensure their network or facility is able to intercept a communication passing over it, in accordance with a warrant issued under the Telecommunications (Interception) Act 1979

Exceptions to the prohibition on disclosure of customer information encompass where the disclosure is

  • "reasonably necessary" for enforcement of the criminal law or the protection of the public revenue
  • made to ASIO for the performance of its functions
  • required or is otherwise authorised under a warrant or under law.

ISPs must give reasonable help to agencies on terms and conditions agreed by the agency and the ISP, and on the basis that the ISP neither benefits from (nor assumes the costs of) giving that help.

section marker     customer info

Customer information of interest includes -

  • the "identity, source, path and destination" of nominated internet services, and/or
  • the content of nominated communications.

ISP information needed to satisfy requests regarding the identity, source, path and destination of nominated services may include -

  • customer registration details
  • destination and origin email addresses for
    (user) target communications
  • calling line identification (for user access links)
  • geographical location of a target service
  • network/traffic related data
  • log files (for example, back up tapes showing details of a subscriber's sessions online, including files received).

'Content' information does not include network/traffic-related data, ie information required through transmission through networks.

Australian and New Zealand legislation currently does not specifically require ISPs (or other carriage service providers) to keep this type of information for law enforcement or national security purposes. However, a government agency may request the holding of information pending further information or court order. Agencies may request access as part of the reasonably necessary assistance requirement or may make a specific request that an ISP keep certain information regarding a particular user.

Requests for access to customer information held by ISPs include -

  • Part 13 Telecommunications Act requests
  • warrants (either interception or general search)
  • notice authorised by, or under, law
  • Court process

Access by agencies to the content of an internet communication in transit will amount to an interception, authorised under the federal Telecommunications (Interception) Act 1979.

Once a communication has been accessed by the user (or deemed to have been accessed, for instance, after it has left the network, or has been stored), it may be accessed by agencies acting under broader statutory or general law powers. Those powers include a search warrant, a notice to produce or an agency request for release of information derived from powers authorised by or under law such as section 280 of the federal Telecommunications Act 1997. That includes other statutory, judicial and quasi-judicial powers, such as court orders made during the discovery process, summons for witnesses to attend and produce records and subpoenas for documents.

Part 13 of the Act allows criminal law enforcement, public revenue and civil penalty enforcement agencies to make certified and uncertified requests for the disclosure of customer information.
For an uncertified request, the ISP must be satisfied that the disclosure of the information is reasonably necessary for the enforcement of criminal law, protection of public revenue or enforcement of a law imposing a pecuniary penalty. Certified requests are those where a senior officer of a criminal law enforcement agency or a public revenue agency certifies in writing that the disclosure is reasonably necessary, with the ISP relying on that document that disclosure is reasonably necessary. For uncertified requests, the ISP must make the judgement that the disclosure is reasonably necessary.

The requirement to provide "reasonably necessary" assistance does not apply to ASIO. Disclosures may be made to an officer or employee of ASIO authorised in writing by the Director-General of Security to receive the disclosure, where it is made for the performance of ASIO functions, or where the officer or employee certifies that the disclosure is connected with those functions. ASIO requests will usually be in writing, but ACMA notes that there may be instances where an urgent verbal inquiry may be necessary.

A warrant may be used to access other customer information, including stored communications. Agencies may choose not to use the warrant process if the information may be requested by other means.






icon for link to next page   next page  (key statistics)


this site
the web

Google

version of October 2005
© Caslon Analytics