Telco intercepts should be expanded to OTT providers: AGD

Telecommunications interception laws should cover over-the-top providers in addition to telcos, the Attorney-General's Department has argued, citing the 'challenge of encryption'.
Written by Corinne Reichert, Contributor

The Attorney-General's Department (AGD) has argued in favour of extending Australia's telecommunications interception laws from telcos to over-the-top providers.

Speaking before the Joint Committee on Law Enforcement on Friday, AGD Assistant Secretary Andrew Warnes said this expansion would help combat the "challenge of encryption".

"The obligations that sit under the Telecommunications Act under Section 313 for reasonable assistance to law enforcement only applied now to those subset of telecommunications providers that are carriers, and not to the over-the-top providers and the social media platforms and things," Warnes said.

"So when you now put on an intercept, that communication may be potentially encrypted, and you may not get information back that is in a usable form, or you may get information that takes some time for you to be able to decipher and use, and sometimes in circumstances of urgency.

"That's one of the challenges we're looking at; it's one that government has come out and said that we're actively working towards legislation on."

Section 313 of the Telecommunications Act states that carriers and carriage service providers provide law enforcement with help via interception services, including the execution of an interception warrant under the Telecommunications (Interception and Access) Act, for the purposes of criminal law enforcement, protecting public revenue, and safeguarding national security.

Also speaking during the hearing on Friday was Australian Criminal Intelligence Commission (ACIC) CEO Michael Phelan, who said the process of telco interceptions is becoming increasingly difficult due to new technologies, with 5G mobile networks to make this even harder.

According to Phelan, as of a year ago, around 60 percent of the traffic that law enforcement was dealing with in interception orders was data rather than voice, which he said will only increase when 5G networks arrive.

"When we move to systems like 5G -- 4G is problematic as is, but when you move to 5G, when identifiers don't exist for a device and they use dynamic IP addresses, then it will make it even difficult to use the metadata to track," Phelan told the committee.

"It's an evolving issue, so it's not lost upon anybody what we need to do for law enforcement to be able to continue to intercept."

In a hearing that also included representatives from the Australian Institute of Criminology, Australian Border Force, and the Commonwealth Director of Public Prosecutions, Phelan argued that the legislation needs to be more device-agnostic in order to deal with advances in technology.

This is because "technology goes too quick for us, for the legislation to keep up with", Phelan said, adding that it is never too early to begin preparing for 5G, with both Telstra and Optus planning to launch 5G networks in 2019.

"We're coping, but over the horizon it will get worse," Phelan said.

"The legislation is still framed around a device and a person, whereas ... we're after parts and pieces of information regardless of the medium over which it travels. So if we want to intercept, what we want to do is have legislation that just says, 'look I want to intercept communications'.

"How those communications travel, what form those communications make, whether they're data, whether they're voice, whether they're on a device or anything, we want the legislation to be technology agnostic."

In a bid to give additional intercept powers to law enforcement, the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 came into effect in October 2015, mandating that customers' call records, location information, IP addresses, billing information, and other data be stored for two years by telcos, accessible without a warrant by law-enforcement agencies.

While the purpose of the data-retention legislation was to use retained data in an effort to combat national security threats such as terrorism, an AGD report in August revealed that it is mainly being used to investigate drug-related offences.

During October 13, 2015, to June 30, 2016, the AGD report said illicit drug offences involved 57,166 authorisations to view telco data. This was followed by miscellaneous, homicide, robbery, fraud, theft, and abduction.

Terrorism offences ranked below property damage and cybercrime, with 4,454 data retention authorisations made during that period.

Related Coverage

Editorial standards