Privacy Law and Policy Reporter
The Review of the Long-Term Cost Effectiveness of Telecommunications Interception (the Barrett Review) by Pat Barrett of the Department of Finance was delivered in March 1994 to Federal Cabinet. Part 1 of this article (see (1994) 1 PLPR 161) discussed the Review's recommendations concerning the threats to interception effectiveness and a proposed solution in 'international user agreements'. This concluding part discusses costing issues and proposals for strengthening privacy protection. (References in square brackets [n.n] are to paragraph numbers of the Review, with [0.n] referring to paragraphs of the summary chapter, and references preceded by 'R' are to recommendations in that summary chapter.)
The Review argues that the degree of privacy protection already provided by the Telecommunications (Interception) Act 1979 (Cth) (TI Act) is 'among the highest in the world' [4.3.16] but argues that it must be strengthened commensurate with the extensions to surveillance recommended in the Review.
The Review argues its investigations show that the existing mechanisms for ensuring agency compliance with the TI Act are very effective. First, no deficiencies were found by Mr Barrett when he examined agency processes 'in great detail'. He found that there was considerable variety between agencies in terms of who made the decision as to what intercepted data was passed on to investigators, with practices varying between separate monitoring staff, separate analysts, and the investigators themselves. However, he concluded that either practice was acceptable [4.2.7].
Second, he reviewed the reports of inspections of surveillance agency records carried out twice per year by the Commonwealth Ombudsman (see ss 83 and 84) and equivalent State authorities (usually State Ombudsmen (see s 35(1)(j))) and concluded that 'inspections to date have indicated a very high level of compliance with statutory requirements' (percentages are given) [4.2.11]. There has been no evidence of deliberate breaches, only inexperience and shortcomings in training [4.2.12].
Although both the current and previous Commonwealth Ombudsmen consider that the Privacy Commissioner would be more suitable to carry out the interception audit function, the 1991 review of the TI Act concluded that this function should be left with the Ombudsman [4.2.14]. The Review recommends that the Australian Privacy Commissioner should exercise the TI inspection and reporting functions now exercised by the Ombudsman, as the focus is on privacy protection, not administrative processes [R 6].
The most controversial recommendation by the Review is that surveillance agencies should be required to notify any innocent person whose telephone service has been intercepted of the fact of interception within 90 days of the cessation of the interception [R 7]. If investigation was continuing after 90 days, police could apply for a deferral of the obligation to inform. Otherwise, the Review recommends, a person should be informed unless they are to be arrested [4.3.2].
The notification proposal was put forward by both the NSW Privacy Committee and the Australian Privacy Commissioner, and is already found in the equivalent US and Canadian interception legislation. Mr Barrett held detailed discussions with US and Canadian law enforcement authorities, and found that the notification requirements have caused 'little real difficulty' [4.3.3]. In those countries the person is merely informed of the fact of interception between specified dates. The Review recommends that the nature of the offence under investigation should also be disclosed.
The notification proposal was 'strongly criticised by all police forces' [4.3.4], with critical comments that it would:
The Review acknowledges that these points have 'some validity' but rejects them in light of the 'lack of concern' by US and Canadian agencies [4.3.5].
If the notification proposal is not accepted, the Review recommends that, alternatively, records of such interceptions should be available for inspection by the Privacy Commissioner (or, at present, Ombudsman) and report to the Attorney-General [R 7].
The Review recommends that a person whose telephone communication is unlawfully intercepted should have a civil right of action against the person unlawfully intercepting or publishing the communication [R 8]. It notes that such a right was included in Canadian legislation in 1993. It gives an example of 'a mobile phone conversation of a person with a high public profile' being intercepted 'through the use of a scanning device and published in the media' [4.3.6]. The proposal is also relevant to situations such as the 'Age Tapes'.
It is already an offence under s 63 of the TI Act to 'communicate to another person' or 'make use of' information obtained from either a lawful or an unlawful interception. However, use of this section requires the Government to prosecute the media that publish the content of the interception. A moment's reflection shows how unlikely such prosecution may be in some cases due to the political implications of the publication or the prosecution.
In cases such as these, it would be a far more potent privacy protection if the person aggrieved could take civil actions against the media (assuming, as usual, that the unlawful interceptors cannot be identified) because they will usually have no inhibitions against suing. At present, it is uncertain whether any such civil action is available. An action for breach of confidence faces difficulties such as case law suggesting (probably incorrectly) that telephone conversations are not inherently 'circumstances of confidence'; problems about the extent of obligations of third party recipients (such as the media); problems about the point at which confidences enter the public domain (see Johns v ASC (1994) 1 PLPR 10); and the possibility of successful 'disclosure of iniquity' defences. A defamation action faces similar problems of successful defences, and even fewer prospects of success if the plaintiff is engaged in political activities (see Theophanus v Herald and Weekly Times Ltd (1994) 1 PLPR 170).
The potential strength of such an action suggests that any proposal to enact it will raise strong opposition from the media and others unless there are some 'public interest' defences, of which there are no suggestion in the Barrett Review.
The Review also takes up suggestions made by the NSW Privacy Committee and the NSW Council for Civil Liberties, to improve the accountability of agencies for the cost-effectiveness of interception [4.3.13]. It recommends that surveillance agencies should be required to report on the proportion of warrants yielding information used in prosecutions and the average cost per warrant [R 12].
Telecommunications interception is seen as a tool for law enforcement and national security, and therefore a public good which should be funded from government resources. While Telecom was the only telecommunications carrier, it was consistent with this approach for the carrier to fund TI as part of the telecommunications function. However, in a multicarrier and de-regulated market, this simple approach is not available [7.1.1].
The Review canvasses four alternative funding models [7.1.7]:
The agencies generally favour option 1. This could lead to agencies over-using interception as a surveillance method if they (or government) do not have to take its full costs into account. Furthermore, the costs would only be spread over communications consumers not all taxpayers. This option was therefore considered 'less efficient and equitable' than option 3 [7.2].
Option 3, while treating TI as a public good, is rejected because it could result in delays as governments balanced agency requests for TI funds against competing priorities, and distortions as agencies would have little incentive to try to obtain cost reductions from carriers for proposals that were relatively certain of government funding [7.4].
Option 4 is similarly rejected, primarily because of the lack of direct involvement of the carriers with the agencies in the funding decisions, with a consequent lack of financial discipline in decision-making, in comparison with option 2 [7.5].
The Review prefers option 2, and recommends that 'carriers should be required to meet the initial capital cost of acquiring an interception capacity, and allowed to recover the cost on a commercial basis as agreed between each carrier and each agency that wishes to use the interception capability for that service' [R 16]. The 'access fee' proposed is to be by line availability rather than on a warrant by warrant basis [7.6.4]. This approach makes it easier to recover costs from State surveillance agencies on an equitable basis [7.6.3]. AUSTEL's Law Enforcement Access Committee (LEAC) as the proper forum for such matters to be resolved [7.6.4].
The Review also points out that, in the longer run, the implementation of agreed International User Requirements 'would virtually mean adoption of option 1, as the costs of the interception capability would most likely be imbedded in the products' [7.6.1].
These funding proposals - and the other recommendations of the Review - are only recommended to apply until the full deregulation of telecommunications after 30 June 1997. The Review considers that there is insufficient information available to make a realistic assessment of the post-1997 telecommunications framework [0.18]. The Review recommends that a further review take place in the first half of 1997 [R 1].
The Review notes that the year 2000 is important in any consideration of telecommunications interception because of the staging of the Sydney Olympics. 'There is already international interest in our telecommunications interception capacity and that of our law enforcement and security agencies to provide adequate protection to a range of international visitors and participants' [0.9].
The Barrett Review shows that surveillance is as integral a part of the emerging 'information superhighway' as a radar speed-trap is to road transport. Its emphasis on the implications for the competitiveness of the Australian telecommunications industry of the adoption of different alternative approaches to interception requirements, and its preferred solution of 'International User Requirements', is a timely warning of the principle forces that will determine the shape of telecommunications surveillance in the future. Australian views on interception methods, or on the appropriate methods of protecting privacy and civil liberties, may count for increasingly little.