Electronic surveillance framework

Overview

The Commonwealth electronic surveillance framework is set out in the following legislation:

Although we administer this legislation, we do not investigate crimes. If you think your communications are being illegally intercepted or recorded, report the matter to your local police.

Telecommunications (Interception and Access) Act 1979

The Telecommunications (Interception and Access) Act 1979 (TIA Act) prohibits the interception of live telecommunications and the accessing of stored communications. Separately, the Telecommunications Act 1997 (Telecommunications Act) also prohibits telecommunications providers (and their employees) from using or disclosing any information or documents that relate to the contents or substance of a telecommunication and services supplied by the telecommunications provider to a person.

What is interception?

Interception is the listening to or recording, by any means, of a communication in its passage over a telecommunications system without the knowledge of the person making the communication. For example, listening to a live phone call as it passes over the telecommunications system. 

What is a stored communication?

A stored communication is a communication that is not passing over a telecommunications system and is held on equipment that is operated by, and is in possession of, a carrier, and cannot be accessed without the assistance of an employee of the carrier. For example, accessing servers operated by a carrier to access a voicemail or text message after it has been received.

What is telecommunications data?

Telecommunications data is information or documents about a telecommunication that is not the contents or substance of a communication. For example, subscriber or customer information, dialling and traffic data, location data, and IP addresses.

The TIA Act contains limited exceptions to these prohibitions, including by allowing law enforcement and national security agencies to perform their functions and protect Australians. Under the TIA Act, certain authorised law enforcement agencies can apply for warrants and issue authorisations to:

  • intercept communications
  • preserve and access stored communications, and
  • access telecommunications data.

Other exceptions include an employee of a carrier conducting duties in connection with installation or maintenance of telecommunications service or system or an authorised person conducting network protection duties in relation to a network.

While agencies are generally required to apply for a warrant to access the content of communications, they can access the content of communications without an interception or stored communications warrant in certain circumstances, such as in an emergency.

Authorisations for access to telecommunications data are made by authorising officers internal to an agency. Where an agency seeks to authorise access to telecommunications data about a journalist or their employer to identify a source, they must also apply to an independent issuing authority for a journalist information warrant. 

When deciding whether to issue a warrant or make an authorisation, decision-makers must consider:

  • how much the warrant or authorisation would interfere with privacy
  • the gravity of the conduct or the offence or offences
  • how likely the information obtained by the warrant or authorisation would be to assist the investigation, and
  • the extent to which less invasive methods have been used, including how likely other methods would be to assist the investigation.

Under the TIA Act, it is prohibited to use or disclose any information obtained under a warrant or authorisation. There are limited exceptions to this, such as where it is disclosed in court, or necessary for national security or law enforcement purposes. For example, for the continued investigation by another agency of an offence.

For more information, the annual report on the TIA Act and Part 15 of the Telecommunications Act provides statistical information on the use of powers under the TIA Act, including the number of warrants and authorisations issued each year.

Read more about the oversight and accountability measures in Australia's electronic surveillance framework.

Read more about obligations placed on industry to support Australia's electronic surveillance framework as well as the cost of complying with the industry assistance framework.

Parliamentary Joint Committee on Intelligence and Security's report on the mandatory data retention regime

The Parliamentary Joint Committee on Intelligence and Security report on the mandatory data retention regime in the TIA Act made 22 recommendations to improve the effectiveness and oversight of the mandatory data retention regime.

Read more about the Government response to the mandatory data retention regime review.

Surveillance Devices Act 2004

Unlike the TIA Act, the Surveillance Devices Act 2004 (SD Act) does not prohibit the use of surveillance devices, or on accessing and altering data held in computers. The prohibitions on the use of surveillance devices are instead found in state and territory legislation, and Part 10.7 of the Criminal Code, which prohibits accessing and altering data held in a computer.

The SD Act contains exceptions to these prohibitions, allowing authorised law enforcement agencies to apply for warrants and seek authorisations to:

  • use tracking and surveillance devices
  • access data held in a computer
  • disrupt data held in a computer, and
  • obtain information about criminal networks.

The Australian Security Intelligence Organisation Act 1979 (ASIO Act) sets out circumstances in which the Australian Security Intelligence Organisation (ASIO) can apply for warrants to use surveillance devices or to access data held in a computer. The ASIO Act is administered by the Department of Home Affairs. For more information, please visit the ASIO's website.

What is a surveillance device?

A surveillance device is:

  • a data surveillance device – devices or programs used on computers
  • a listening device – devices used to listen to or record conversations
  • an optical surveillance device – devices used to record visuals or observe activities, or
  • a tracking device – devices used to locate or track a person or object.

A surveillance device can also be a device which is a combination of any of these devices.

Law enforcement agencies can only obtain warrants under the SD Act for certain types of serious offences (generally those punishable by a maximum term of imprisonment of 3 years or more). When deciding whether to issue a warrant, decision-makers must consider

  • how much the warrant would interfere with privacy
  • the gravity of the conduct constituting the offence or offences
  • how likely the information obtained by the warrant would be to assist the investigation, and
  • the existence of any alternative means of obtaining the evidence or information sought to be obtained.

Agencies can use SD Act powers without a warrant by internal authorisation by an appropriately authorised member of staff in certain circumstances, such as:

  • where there is an imminent risk of serious violence to a person or substantial damage to property
  • where there are urgent circumstances in relation to a recovery order, and
  • where there is a risk of loss of evidence.

Under the SD Act, it is prohibited to use or disclose any information obtained under a warrant. There are limited exceptions to this, such as where the information is disclosed in court, or for national security or law enforcement purposes (for example, for the continued investigation of a relevant offence).

The Surveillance Legislation Amendment (Identify and Disrupt) Act 2021 (SLAID Act) inserted 2 new warrant powers into the SD Act for the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) to combat crime online, including on the dark web. These new powers were data disruption and network activity warrants.

Data disruption warrants enable the interruption of criminal activity facilitated or conducted online.

Network activity warrants enable the collection of intelligence on criminal networks operating online.

The SLAID Act also inserted account takeover warrants into the Crimes Act 1914 (Crimes Act).

Information obtained under a network activity warrant, however, cannot be disclosed in court except in extremely narrow circumstances. Importantly, the Independent National Security Legislation Monitor (INSLM) is due to commence a review of the powers inserted by the SLAID Act by September 2024.

For more information, the annual report on the SD Act provides statistical and other information on the use of powers under the SD Act, including the number of warrants issued by each year.

Read more about the oversight and accountability measures in Australia's electronic surveillance framework.

Part 15 of the Telecommunications Act 1997

Under Part 15 of the Telecommunications Act, law enforcement and national security agencies can seek assistance from designated communications providers (DCP) to address technical obstacles to investigations into serious crime and national security threats. They can do this by issuing a:

  • Technical Assistance Request (to request voluntarily assistance)
  • Technical Assistance Notice (to compel assistance), or
  • Technical Capability Notice (to require a DCP to build a new capability).

A DCP includes companies that provide social media or email service who do not operate services only over the Australian telecommunications network, and those who provide hardware that is used to connect to the network. This framework is known as the industry assistance framework.

Read more about obligations placed on industry to support Australia's electronic surveillance framework as well as costs to comply with the industry assistance framework.

For more information on the powers contained in Part 15 of the Telecommunications Act, the Annual Report on the TIA Act and Part 15 of the Telecommunications Act provides statistical and other information on the use of the industry assistance framework.

Find out more about the powers afforded under the industry assistance framework on the industry obligations web page.

Read more about the oversight and accountability measures in Australia's electronic surveillance framework here.

Part IAAC of the Crimes Act 1914 

Part IAAC of the Crimes Act allows the AFP and the ACIC to apply for a warrant that authorises them to take control of a person's online account for the purposes of gathering evidence to further a criminal investigation.

The AFP and the ACIC can only apply for account takeover warrants for certain types of offences. When deciding whether to issue an account takeover warrant, decision-makers must consider:

  • how much the warrant would interfere with privacy
  • the gravity of the conduct constituting the offence or offences
  • the likely evidentiary value of any evidence sought to be obtained
  • the extent to which the execution of the warrant is likely to cause a person to suffer a temporary loss of money, digital currency, or property, and
  • the existence of any alternative means of obtaining the evidence sought to be obtained.

The AFP and the ACIC can authorise the use of account takeover powers without a warrant in certain circumstances, such as in an emergency. These emergency account takeover powers are subject to conditions under Part IAAC of the Crimes Act, including that a record of the emergency authorisation must be recorded within 48 hours after giving an emergency authorisation and a magistrate must be sought afterwards for approval of the emergency authorisation.

Under Part IAAC of the Crimes Act, the use or disclosure of any information obtained under an account takeover warrant is prohibited unless an exception applies. The exceptions are very limited, and include in the prosecution or investigation of an offence, or for national security purposes. 

The AFP and the ACIC must also keep records of each account takeover warrant or authorisations and must submit an annual report to the Minister and the Ombudsman. Both the AFP and the ACIC records are subject to inspection by the Commonwealth Ombudsman as well.

For more information on the use of account takeover warrants, refer to the AFP's annual report and the ACIC's annual report.