Comms Alliance asks for International Production Orders compliance cost coverage
The Communications Alliance has asked the government to add further details to the Telecommunications Legislation Amendment (International Production Orders) Bill 2020 (IPO Bill), specifically around the cost of compliance for carriers and carriage services providers (CSPs), and to make the Bill more in line with the spirit of the United States' Clarifying Lawful Overseas Use of Data Act (CLOUD Act).
In a submission [PDF] to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and its inquiry into the Bill, Comms Alliance said while its CSP members had no major concerns with the contents of the pending Bill, it noted that CSPs should not have to cop the burden of added costs for complying with the Bill's requirements.
"We highlight that the Bill currently does not contain any arrangements for the reimbursement of costs that providers are likely to incur when complying with an IPO," it wrote. "We request that a reimbursement scheme be included, mirroring the arrangements contained in Section 314 of the Telecommunications Act 1997."
See also: Data retention costs Australian telcos upwards of AU$210 million to date
The IPO Bill is intended to amend the Telecommunications (Interception and Access) Act 1979 (TIA Act) to create a framework for Australian agencies to gain access to stored telecommunications data from foreign designated communication providers in countries that have an agreement with Australia, and vice versa.
It paves the way for Australia to obtain a proposed bilateral agreement with the United States for implementing the CLOUD Act.
The Comms Alliance said its search engine and platform members are supportive of the idea of "improved international information sharing arrangements" and that they welcome the CLOUD Act.
It said, however, that due to the global nature of their operations, some aspects of the draft legislation fall short of their expectations. Specifically, they note that the CLOUD Act itself does not create a compulsory obligation on the service provider to comply with a request, yet the Bill seeks to require the compulsory production of user data from service providers pursuant to international agreements and seeks to subject service providers to civil penalties for non-compliance.
"This attempt to require the compulsory production of user data and the associated contemplated civil penalties do not conform with the intention and spirit of the CLOUD Act and, accordingly, ought to be removed from the Bill," Comms Alliance wrote.
"In addition, Clause 125 sets a very low compliance threshold (indeed it is hard to think of a lower threshold) on designated communications providers, ie the compliance threshold is triggered by the provision of a service (from an already extensive range of services that are within scope) to a single Australian resident."
It also expressed concerns with the ability for the Attorney-General to nominate a member of the security division of the Australian Appeals Tribunal (AAT) for the purpose of issuing IPOs in relation to national security.
Comms Alliance said independent judicial oversight and authorisation of IPOs should be required, given the potential intrusiveness of IPOs where they relate to interception, stored communications, or communications data of individuals, such as "covert access to potentially significant amounts of personal information".
It added that it backs the requirement for judicial authorisation of IPOs and the establishment of a national system for public interest monitors in relation to IPO applications.
Pointing to another clause of the Bill, which only allows the designated communications provider to whom an IPO is directed to object to the IPO, "on the grounds that the order does not comply with the designated international agreement nominated in the application for the order", Comms Alliance said this could potentially be a very limited set of circumstances.
"This is particularly concerning as the Bill allows for significant invasions of an individual's privacy but does not envisage Parliamentary oversight for the creation of the designated international agreements which are to 'operationalise' the Bill," it said.
MORE ON THE IPO BILL
- IGIS highlights out of date thresholds for ASIO in International Production Orders Bill
- AGD says Australian data restricted for use in US capital offence investigations
- Google wants Australia to remove civil penalties from CLOUD Act-readying Bill
- Home Affairs says Australia likely next to sign CLOUD Act arrangement with the US
- Tech experts concerned by lack of notice in International Production Orders Bill
- WA corruption body concerned with middleman process in production orders Bill
- Ombudsman seeks more funding to cope with international production orders Bill
- Aussie law enforcement integrity body wants International Production Orders Bill
- WA Police seeks clarification on what it can access under production orders Bill
- Australian Privacy Foundation labels CLOUD Act-readying Bill as 'deeply flawed'
- NSW Police signs new tech deal, backs International Protections Orders Bill