International production order framework
Criminal activity on global online platforms and communications services means the data needed by Australian law enforcement agencies to tackle these crimes is now often held by communications providers overseas. Most of these providers are based in the United States (such as Google, Microsoft and Meta).
This is making it harder for Australian law enforcement and security agencies to access crucial electronic data in a timely manner, undermining investigative efforts by these agencies to combat serious crime and other threats to Australia's interests.
The AUS-US Data Access Agreement will better support Australian law enforcement agencies' access to critical electronic information to prevent, detect, investigate and prosecute serious crime, while ensuring robust safeguards are in place to protect the rights and privacy of individuals and organisations and to ensure accountability.
Australia-US joint press statement announcing the entry into force of the AUS-US Data Access Agreement
On 30 January 2024, Australia and the United States brought into force the Agreement between the Government of the United States of America and the Government of Australia on Access to Electronic Data for the Purpose of Countering Serious Crime (the AUS-US Data Access Agreement) through a formal exchange of diplomatic notes.
The Attorneys‑General of the United States and Australia published a joint statement highlighting the benefits of the AUS-US Data Access Agreement in combating serious crimes as well as the safeguards and protections in place to protect human rights and the rule of law.
Background
Schedule 1 to the Telecommunications (Interception and Access) Act 1979 (TIA Act) establishes the International Production Order (IPO) framework that allows Australia to enter into agreements with other countries to share electronic information for the purposes of countering serious crime.
The Australian and United States governments signed the AUS-US Data Access Agreement on 15 December 2021. It allows Australian and United States law enforcement and national security agencies to obtain orders for data held by communications service providers in the partner nation without the need for separate review and authorisation from their own government.
This will reduce timeframes and enhance the overall effectiveness of Australian and United States investigations and prosecutions of serious crimes.
Purposes for seeking information
Schedule 1 to the TIA Act allows IPOs to be issued for the following purposes:
- enforcement of criminal law
- monitoring of a person subject to a Part 5.3 supervisory order
- national security.
Types of electronic information agencies can seek
Agencies may seek the following from US service providers:
- interception of live communications
- access to stored communications
- telecommunications data.
For example, this could include files uploaded to a storage/backup service, emails and chat history, as well as information related to those communications such as the time sent, associated geolocation data, IP addresses or the identities of the persons sending the messages.
Safeguards and protections
Australian citizens, permanent residents, or anyone currently residing in Australia cannot be intentionally targeted by United States authorities under the agreement. Protections are in place against the collection, retention, use and disclosure of data relating to Australian persons.
Similarly, Australian law enforcement or national security agencies cannot intentionally target citizens of the United States or anyone in the United States. Requests to obtain data relating to Receiving Party Persons will continue to be made through existing government-to-government channels, such as mutual assistance.
The AUS-US Data Access Agreement contains safeguards for all people (regardless of residency status) in line with Australia’s commitment to human rights, civil liberties, the rule of law, principles of non-discrimination, and the protection of privacy. This includes:
- safeguards relating to the use of Australian-sourced data in prosecutions that could result in the death penalty being applied in the United States, and the use of American-sourced data in Australian prosecutions in a manner that could raise freedom of speech concerns for the United States
- safeguards relating to privacy and data protection and principles of non-discrimination
- safeguards and requirements to minimise the collection, retention, use and disclosure of data
- clear requirements for requests that can be sent, including requirements for independent review or oversight, and that orders must relate to criminal offences punishable by at least 3 years’ imprisonment.
Who can obtain and issue IPOs
Enforcement agencies, criminal-law enforcement agencies, interception agencies (as defined under the TIA Act), and ASIO are eligible to use the framework to obtain international production orders. These include Australian Government agencies, state and territory police, and other state enforcement agencies. They are the same agencies that can obtain equivalent information from domestic providers under the TIA Act.
As an additional scrutiny measure, only agencies that we certify as having adequate policies and procedures to appropriately use and protect the sensitive information they will receive are able to issue an order under the agreement to a United States provider. We also require all officers who will use the IPO framework in these agencies to undertake specific training on the requirements of the schedule and the agreement.
Judges and Administrative Review Tribunal (ART) members will independently issue orders to Australian law enforcement and national security agencies.
Designated authorities
We are the Designated Authority for Australia. The United States Department of Justice (USDOJ) is the Designated Authority for the United States.
As the Australian Designated Authority (ADA), our role includes reviewing Australian IPOs to make sure they have been validly issued and that they comply with the AUS-US Data Access Agreement.
We then transmit compliant orders to the United States communications provider, and serve as the single point of contact for United States providers and requesting agencies. We are also the final decision-maker if an Australian provider objects to a United States Order under the agreement and are unable to resolve it with the USDOJ directly.
Process for obtaining data under the IPO framework
The ADA receives IPOs for review after they have been issued. Unlike the issuing person, who applies the criteria set out in the Schedule 1 to the TIA Act, the ADA determines whether the IPO complies with the requirements of the AUS-US Data Access Agreement. If satisfied, the ADA provides the IPO to the US communications provider who sends the requested data directly to the requesting agency. Where data is sought for national security purposes, the Attorney‑General's consent is required prior to making an application for an IPO to an issuing person.
Contact details
Use of the AUS-US Data Access Agreement:
Australian Designated Authority
ADA@ag.gov.au
3-5 National Circuit, Barton, ACT, 2600
Legislation
Telecommunications (Interception and Access) Act 1979
Related documents
- Full text of the AUS-US Data Access Agreement
- AUS-US Data Access Agreement letters of understanding on death penalty – Australian letter
- AUS-US Data Access Agreement letters of understanding on death penalty – US letter
- AUS-US Data Access Agreement letters of understanding on freedom of speech – Australian letter
- AUS-US Data Access Agreement letters of understanding on freedom of speech – US letter
- AUS-US Data Access Agreement letters of understanding on Guantanamo Bay Military Detention Camp – Australian letter
- AUS-US Data Access Agreement letters of understanding on Guantanamo Bay Military Detention Camp – US letter