Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Cloud and network service providers are receiving duplicate technical requests from Australian law enforcement and other authorities as a result of disclosure legislation.
According to a Commonwealth Ombudsman report, Australian authorities are requesting the same “voluntary” technical assistance from designated communications providers (DCPs).
From 1 July 2023 to 30 June 2024, authorities issued 69 technical assistance requests (TARs), with 53 made by the NSW Police.
However, the Ombudsman found that multiple agencies are often requesting the same information thanks to disclosure and coordination legislation that prevents other agencies from knowing that a request has been made.
“This may be because there are prohibitions on agencies communicating industry assistance information and outcomes under the act, so they do not necessarily have visibility of the requests that are being made to DCPs,” the report said.
“Section 317ZF of the Telecommunications Act states that unauthorised disclosure of information about, or obtained under, an industry assistance instrument is an offence.”
Requests are made under a relatively new power called industry assistance, which was introduced under the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018. The power allows law enforcement to submit TARs to network communications providers for “assistance … in conjunction with existing warrants and authorisations for specified purposes”.
The Ombudsman report also found that TARs were being issued inappropriately, such as in cases in which the request is not “reasonable and proportionate” and in cases in which the TAR is not required for the investigation.
“We found that NSW Police did not adequately demonstrate that authorised officers had turned their mind to the reasonableness or proportionality of a request to a DCP before issuing a TAR. Instead of recording their own considerations, authorising officers were adopting the considerations of requesting officers by way of signing and dating applications,” the report said.
“We noted that the applications also contained pre-ticked checkboxes that purportedly demonstrated that authorised officers had considered the matters required by s 317JC(a)-(i) of the Telecommunications Act.”
The report continued, adding that “under s 317ZH(1)(a) of the Telecommunications Act, requesting DCP assistance through a TAR when a warrant or authorisation could be issued to achieve the same objective may render the TAR ineffective”.
In one instance, it was found that the DCP was able to provide information access without using the industry assistance power, and yet the authority still used a TAR.
Be the first to hear the latest developments in the cyber industry.
