Comms Alliance asks for International Production Orders compliance cost coverage

Representing carriers and carriage services providers, the Communications Alliance has also taken issue with the associated contemplated civil penalties of the Bill, saying they do not conform with the intention and spirit of the CLOUD Act.
Written by Asha Barbaschow, Contributor

The Communications Alliance has asked the government to add further details to the Telecommunications Legislation Amendment (International Production Orders) Bill 2020 (IPO Bill), specifically around the cost of compliance for carriers and carriage services providers (CSPs), and to make the Bill more in line with the spirit of the United States' Clarifying Lawful Overseas Use of Data Act (CLOUD Act).

In a submission [PDF] to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and its inquiry into the Bill, Comms Alliance said while its CSP members had no major concerns with the contents of the pending Bill, it noted that CSPs should not have to cop the burden of added costs for complying with the Bill's requirements.

"We highlight that the Bill currently does not contain any arrangements for the reimbursement of costs that providers are likely to incur when complying with an IPO," it wrote. "We request that a reimbursement scheme be included, mirroring the arrangements contained in Section 314 of the Telecommunications Act 1997."

See also: Data retention costs Australian telcos upwards of AU$210 million to date

The IPO Bill is intended to amend the Telecommunications (Interception and Access) Act 1979 (TIA Act) to create a framework for Australian agencies to gain access to stored telecommunications data from foreign designated communication providers in countries that have an agreement with Australia, and vice versa.

It paves the way for Australia to obtain a proposed bilateral agreement with the United States for implementing the CLOUD Act.

The Comms Alliance said its search engine and platform members are supportive of the idea of "improved international information sharing arrangements" and that they welcome the CLOUD Act.

It said, however, that due to the global nature of their operations, some aspects of the draft legislation fall short of their expectations. Specifically, they note that the CLOUD Act itself does not create a compulsory obligation on the service provider to comply with a request, yet the Bill seeks to require the compulsory production of user data from service providers pursuant to international agreements and seeks to subject service providers to civil penalties for non-compliance.

"This attempt to require the compulsory production of user data and the associated contemplated civil penalties do not conform with the intention and spirit of the CLOUD Act and, accordingly, ought to be removed from the Bill," Comms Alliance wrote.

"In addition, Clause 125 sets a very low compliance threshold (indeed it is hard to think of a lower threshold) on designated communications providers, ie the compliance threshold is triggered by the provision of a service (from an already extensive range of services that are within scope) to a single Australian resident."

It also expressed concerns with the ability for the Attorney-General to nominate a member of the security division of the Australian Appeals Tribunal (AAT) for the purpose of issuing IPOs in relation to national security.

Comms Alliance said independent judicial oversight and authorisation of IPOs should be required, given the potential intrusiveness of IPOs where they relate to interception, stored communications, or communications data of individuals, such as "covert access to potentially significant amounts of personal information".

It added that it backs the requirement for judicial authorisation of IPOs and the establishment of a national system for public interest monitors in relation to IPO applications.

Pointing to another clause of the Bill, which only allows the designated communications provider to whom an IPO is directed to object to the IPO, "on the grounds that the order does not comply with the designated international agreement nominated in the application for the order", Comms Alliance said this could potentially be a very limited set of circumstances. 

"This is particularly concerning as the Bill allows for significant invasions of an individual's privacy but does not envisage Parliamentary oversight for the creation of the designated international agreements which are to 'operationalise' the Bill," it said.


Editorial standards