The controversial Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, has received the backing of the Parliamentary Joint Committee on Intelligence and Security (PJCIS) in its review of the laws.
The TOLA Act, passed three years ago, was criticised heavily when it first became law as it gave intelligence and law enforcement agencies powers to request or demand assistance from communications providers to access encrypted communications.
Since its passing, the most public display of these powers has been Operation Ironside, which AFP commissioner Reece Kershaw last year labelled as the Australian Federal Police's (AFP) "most significant operation in policing history".
In the PJCIS' review [PDF] of the legislation, it supported the powers enacted in the laws but recommended additional safeguards and oversight mechanisms aimed at providing the public with confidence the legislation would be used proportionally and for its intended purpose.
"Agencies have made the case that these powers remain necessary to combat serious national security threats, and some of the worst fears held by industry at the time of passage have not been realised," committee chair and Liberal Senator James Paterson said.
Among those recommended safeguards are that any law enforcement requests cannot result in any persons being detained, as well as more authorisation checks prior to the issuance of notices and warrants through the TOLA Act.
These recommended checks include a requirement for the Director-General of Security, who is currently the Australian Security Intelligence Organisation's (ASIO) head Mike Burgess, to be satisfied with the reasonableness and proportionality of a voluntary assistance request prior to its issuance, external authorisation from the Attorney-General or issuing authority for any concealment activities in relation to executing computer access warrants, and ASIO retaining and requiring written reasons whenever a voluntary assistance request is made.
The committee has also called for the federal government, in consultation with relevant stakeholders, to develop a prescribed set of requirements for information that must be included in technical assistance requests.
"These are intrusive powers that must be robustly overseen to ensure they are used appropriately, and there are improvements that can be made to the oversight framework which the committee has recommended," Paterson said.
The PJCIS also wants more reviews of the laws, such as a periodic survey in three year's time to ascertain ongoing economic impacts of the TOLA Act legislation on Australia's IT industry and a review of the concepts of "serious offence", "relevant offence", and others contained in the Act.
The committee explained in the review that it hopes the ongoing reviews would address the concerns raised by industry bodies in about the impact of the various notices and requests contained in the TOLA Act.
It also recommended that the ASIO brief the PJCIS on the acts or things implemented as part of any compulsory assistance order to facilitate and assist the ongoing review and oversight of the legislation.
Another recommendation put forth by the PJCIS is for the Inspector-General of Intelligence to receive expanded functions so it can oversee the intelligence functions of the Australian Federal Police.
Speaking to the concerns that the TOLA Act is potentially incompatible with the US CLOUD Act, the committee also said it was satisfied with the co-existence of the two laws as the US Department of Justice said it had no issues with the TOLA Act being in operation.
The confirmation came shortly after Australia and the United States entered into a landmark CLOUD Act agreement in December, which gave Australia's law enforcement agencies the ability to issue orders compelling US service providers to provide communications data for the purposes of combatting serious crime directly on US-based companies, and vice versa.
- AFP used controversial encryption laws in its 'most significant operation in policing history'
- Home Affairs' online team referred over 1,500 violent or extremist items for take-down
- Australia's tangle of electronic surveillance laws needs unravelling
- US and Australia enter CLOUD Act agreement for cross-border access to electronic evidence
- Tech giants, telcos and Digital Rights Watch want clarity on monitoring requirements for online violent abhorrent content
- Social media platforms being regulated as telcos under discussion in Australia