Allens Arthur Robinson

• Introduction
• All recent publications
• Communications, Media & Technology publications
• Communications, Media & Technology services

Focus: Computer network protection

18 November 2009

In brief: The Federal Government has recently introduced legislation seeking to improve network owners' and operators' ability to protect their networks, by expanding the circumstances in which the interception of communications passing over a network is permitted. Partner Peter James (view CV) and Lawyers Valeska Bloch and William Kim examine the proposed changes.

• Background to the existing telecommunications interception regime
• Proposed amendments to the TIAA
• What will change?
• What next?

Background to the existing telecommunications interception regime

Under the Telecommunications (Interception and Access) Act 1979 (Cth) (the TIAA), it is an offence to:

• intercept, or to permit to be intercepted, a communication passing over a telecommunications system; or
• communicate, make use of or record information obtained by such interception.

These interception prohibitions apply only to listening or recording occurring while the communication is being made (ie in real time), and before it has been delivered to the telecommunication service provided to the intended recipient.

It is not an offence if the person making the communication has consented to the listening or recording; eg by consenting to an acceptable usage policy (AUP). However, an AUP is only effective to the extent that the communication is made by the person who has consented under the AUP. In other words, only the listening or recording of outbound traffic from users who have signed an AUP is not prohibited. Conversely, listening to or recording any inbound traffic before it is accessible by the intended recipient is prohibited (unless the person has provided consent).

Proposed amendments to the TIAA

In July 2009, the Federal Government released a discussion paper and exposure draft legislation relating to computer network protection. On 16 September 2009, the Bill and Explanatory Memorandum were introduced to Parliament.

The discussion paper and the Explanatory Memorandum acknowledge that as network attacks become more sophisticated, routine network protection activities, such as listening to and recording communications on a network, are critical to the effective operation of networks and the integrity of network data, and that under the existing TIAA, some of these activities (depending on where it occurs, by whom and whether consent is obtained) are unlawful. Currently, this may result in inadvertent breaches of the TIAA by network owners and operators. The proposed amendments expand and clarify the circumstances in which the access, use and disclosure of information passing over a network is permitted for the purposes of network protection.

What will change?

• Lawful network protection activities: Network protection activities that copy or access a communication, without the knowledge of the sender, while it is passing over a computer network, will continue to constitute an unlawful interception, unless the interception:
  • is carried out by a person lawfully engaged in duties relating to the protection, operation or maintenance of the network¹ ; and
  • is reasonably necessary for the performance of those duties.
• Secondary use and disclosure exceptions: Information that is intercepted by way of network protection activities will still be subject to the general prohibition on the secondary use and disclosure of lawfully intercepted information, subject to exceptions including:
  • making records for the purpose of lawfully communicating the relevant information;
  • the disclosure of information between law enforcement agencies and for the purposes of national security;
  • giving evidence in certain proceedings; or
  • where it is reasonably necessary to communicate information to another person for the purpose of protecting the network.
• Interception of speech: The proposed amendments will not authorise the interception of speech for network protection purposes. Voice communication in packet data form may be intercepted and disclosed in that format, but information gained by reconstituting the communication into speech may not be communicated to another person or otherwise used.

What next?

The Senate Legal and Constitutional Affairs Legislation Committee in its report released on 16 November 2009 has recommended that the Bill be passed and notes that concerns raised in submissions to the Committee have been satisfactorily addressed; no further amendments are likely. The Bill has been moved for second reading in the Senate and is expected to be passed before 12 December 2009². If passed, the Act will avoid contraventions of the law by systems administrators in the course of reasonable protection of a corporation's communications network.

Footnotes

1. In the case of networks operated by, or on behalf of, a federal agency, security authority or eligible authority of a state, this extends to duties relating to ensuring that the network is appropriately used by employees, office holders or contractors of the agency or authority.
2. The 12th of December 2009 is the sunset date of the existing temporary arrangements dealing with computer network protection applicable only to federal agencies, security authorities and eligible authorities of a state.

For further information, please contact:

• Peter JamesPartner, Brisbane
  Ph: +61 7 3334 3360
  Peter.James@aar.com.au
• Ian McGillPartner, Sydney
  Ph: +61 2 9230 4893
  Ian.McGill@aar.com.au
• Michael PattisonPartner, Melbourne
  Ph: +61 3 9613 8839
  Michael.Pattison@aar.com.au

Return to top

---

Tweet or bookmark with What are these?