Telecommunications and Other Legislation Amendment Act 2017

(111 of 2017)

An Act to amend the law relating to telecommunications, and for related purposes

[Assented to 18 September 2017]

The Parliament of Australia enacts:

1   Short title

This Act is the Telecommunications and Other Legislation Amendment Act 2017.

2   Commencement

 

(1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.

Commencement information

Column 1

Column 2

Column 3

Provisions

Commencement

Date/Details

1. Sections 1 to 3 and anything in this Act not elsewhere covered by this table

The day this Act receives the Royal Assent.

18 September 2017

2. Schedule 1

The day after the end of the period of 12 months beginning on the day this Act receives the Royal Assent.

18 September 2018

Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.

      

(2) Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.

3   Schedules

Legislation that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.

Schedule 1   Amendments

Part 1   Main amendments

Telecommunications Act 1997

1   Section 5

After:

• The ACMA, carriers and carriage service providers must do their best to prevent telecommunications networks and facilities from being used to commit offences.

insert:

• Carriers and carriage service providers must do their best to protect telecommunications networks and facilities from unauthorised interference or unauthorised access.

2   Section 7

Insert:

adverse security assessment has the meaning given by section 35 of the Australian Security Intelligence Organisation Act 1979.

Attorney-General's Department means the Department administered by the Minister administering the Australian Security Intelligence Organisation Act 1979.

Attorney-General's Secretary means the Secretary of the Attorney-General's Department.

Director-General of Security means the Director-General of Security holding office under the Australian Security Intelligence Organisation Act 1979.

nominated carriage service provider means a carriage service provider covered by a declaration in force under subsection 197(4) of the Telecommunications (Interception and Access) Act 1979.

notifiable equipment has the same meaning as in the Telecommunications (Interception and Access) Act 1979.

telecommunications service has the same meaning as in the Telecommunications (Interception and Access) Act 1979.

telecommunications system has the same meaning as in the Telecommunications (Interception and Access) Act 1979.

3   After subsection 105(5A)

Insert:

(5B) Paragraph (5A)(a) does not apply in relation to Part 14 to the extent that Part 14 was amended by the Telecommunications and Other Legislation Amendment Act 2017.

4   Before section 311

Insert:

Division 1 - Simplified outline

5   Section 311

After:

• The ACMA, carriers and carriage service providers must do their best to prevent telecommunications networks and facilities from being used to commit offences.

insert:

• Carriers and carriage service providers have a duty to do their best to protect telecommunications networks and facilities from unauthorised interference, or unauthorised access, for the purposes of security. Carriers and certain carriage service providers must notify changes to telecommunications services or telecommunications systems that are likely to have a material adverse effect on their capacity to comply with this duty.

6   At the end of section 311

Add:

• The Attorney-General may give directions to a carrier or a carriage service provider in certain circumstances where certain activities may be prejudicial to security.

• The Attorney-General's Secretary may obtain information from carriers, carriage service providers and carriage service intermediaries if the information is relevant to assessing compliance with the duty of those persons to protect telecommunications networks and facilities from unauthorised interference or unauthorised access.

7   Before section 312

Insert:

Division 2 - Obligations of ACMA and carriers and carriage service providers

8   After subsection 313(1)

Insert:

(1A) For the purposes of security (within the meaning of the Australian Security Intelligence Organisation Act 1979), a carrier or carriage service provider must, in connection with:

(a) the operation by the carrier or provider of telecommunications networks or facilities; or

(b) the supply by the carrier or provider of carriage services;

do the carrier's best or the provider's best to protect telecommunications networks and facilities owned, operated or used by the carrier or provider from unauthorised interference or unauthorised access to ensure:

(c) the confidentiality of communications carried on, and of information contained on, telecommunications networks or facilities; and

(d) the availability and integrity of telecommunications networks and facilities.

Note 1: Security , among other things, covers the protection of, and of the people of, the Commonwealth and the States and Territories from espionage, sabotage, attacks on Australia's defence system and acts of foreign interference.

Note 2: A person who uses a carriage service to supply various kinds of broadcasting services is not a carriage service provider merely because of that use (and therefore not subject to the duty imposed by this subsection): see subsections 87(1) and (2) and 93(1) and (2).

(1B) Without limiting subsection (1A), the duty imposed by that subsection includes the requirement for the carrier or carriage service provider to maintain competent supervision of, and effective control over, telecommunications networks and facilities owned or operated by the carrier or provider.

9   After subsection 313(2)

Insert:

(2A) For the purposes of security (within the meaning of the Australian Security Intelligence Organisation Act 1979), a carriage service intermediary must do the intermediary's best to protect telecommunications networks and facilities used to supply the carriage service referred to in subsection 87(5) from unauthorised interference or unauthorised access to ensure:

(a) the confidentiality of communications carried on, and of information contained on, telecommunications networks or facilities; and

(b) the availability and integrity of telecommunications networks and facilities.

Note: Security , among other things, covers the protection of, and of the people of, the Commonwealth and the States and Territories from espionage, sabotage, attacks on Australia's defence system and acts of foreign interference.

10   Paragraph 313(5)(a)

Omit "subsection (1), (2),", substitute "subsection (1), (1A), (2), (2A),".

11   At the end of subsection 313(5)

Add:

; or (c) in compliance with a direction given under subsection 315A(1) or 315B(2).

12   After section 314

Insert:

Division 3 - Notification of changes to telecommunications services or telecommunications systems relating to obligation under subsection 313(1A) or (2A)

Subdivision A - Individual notifications

314A Individual notifications

(1) This section applies if, at any time, a carrier or a nominated carriage service provider becomes aware that the implementation by the carrier or provider of a changethat is proposed to a telecommunications service or a telecommunications systemis likely to have a material adverse effect on the capacity of the carrier or provider to comply with its obligations under subsection 313(1A) or (2A).

Kinds of changes

(2) A change to a telecommunications service or a telecommunications system includes (but is not limited to) the following:

(a) the carrier or carriage service provider providing one or more new telecommunication services;

(b) the carrier or carriage service provider changing the location of notifiable equipment (including moving equipment outside Australia);

(c) the carrier or carriage service provider procuring notifiable equipment (including procuring equipment that is located outside Australia);

(d) the carrier or carriage service provider entering into outsourcing arrangements:

(i) to have all or part of the telecommunication services provided for the carrier or provider; or

(ii) to have all or part of the provision of telecommunication services managed for the carrier or provider; or

(iii) to have all or some information to which section 276 applies in relation to the carrier or provider, managed for the carrier or provider;

(e) the carrier or carriage service provider entering into arrangements to have all or some information to which section 276 applies in relation to the carrier or provider accessed by persons outside Australia;

(f) the carrier or carriage service provider entering into arrangements to have all or some information or documents to which subsection 187A(1) of the Telecommunications (Interception and Access) Act 1979 applies in relation to the carrier or provider kept outside Australia.

(2A) Subsection (1) does not apply to changes to a telecommunications service or a telecommunications system that are changes determined in an instrument under subsection (2B).

(2B) The Communications Access Co-ordinator may, by legislative instrument, make a determination for the purposes of subsection (2A).

Note: For variation and revocation, see subsection 33(3) of the Acts Interpretation Act 1901.

Notification of change

(3) The carrier or provider must notify the Communications Access Co-ordinator, in writing, of its intention to implement the proposed change. The notification must include a description of the proposed change.

Exemptions

(4) The Communications Access Co-ordinator may, by notice in writing given to a carrier or a nominated carriage service provider, exempt the carrier or provider from the operation of this section.

Note: For revocation, see subsection 33(3) of the Acts Interpretation Act 1901.

(5) The Communications Access Co-ordinator may, by notice in writing given to a carrier or a nominated carriage service provider, exempt the carrier or provider from the operation of this section in relation to changes specified in the notice.

Note: For variation and revocation, see subsection 33(3) of the Acts Interpretation Act 1901.

(5A) The Communications Access Co-ordinator may grant an exemption under subsection (4) or (5) on his or her own initiative or on written application by a carrier or a nominated carriage service provider.

(5B) If a carrier or a nominated carriage service provider makes such an application, the Communications Access Co-ordinator must, within 60 days of receiving the application, either:

(a) give the carrier or provider an exemption under subsection (4) or (5); or

(b) give the carrier or provider a notice in writing refusing the application, including setting out the reasons for the refusal.

(5C) Applications may be made to the Administrative Appeals Tribunal for review of a decision of the Communications Access Co-ordinator under paragraph (5B)(b) to refuse an application.

(6) An exemption under subsection (4) or (5) has effect accordingly.

(6A) An exemption under subsection (4) or (5) may specify the period during which it is to remain in force. The exemption remains in force for that period unless it is revoked earlier or it ceases to be in force as mentioned in subsection (6B).

(6B) An exemption under subsection (4) or (5) may be given subject to conditions specified in the exemption. The exemption ceases to be in force if the carrier or nominated carriage service provider breaches a condition.

(7) An exemption under subsection (4) or (5) is not a legislative instrument.

314B Assessment of proposed change

Further information

(1) If:

(a) under subsection 314A(3), a carrier or a nominated carriage service provider notifies the Communications Access Co-ordinator of a proposed change; and

(b) the Co-ordinator considers that further information, in relation to the proposed change, is required for the Co-ordinator to assess whether there is a risk of unauthorised interference with, or unauthorised access to, telecommunications networks or facilities that would be prejudicial to security;

the Co-ordinator may, by notice in writing given to the carrier or provider, set out the further information the Co-ordinator requires.

(2) A notice under subsection (1) must be given to the carrier or provider within 30 days of the notification of the proposed change to the Communications Access Co-ordinator.

Assessment of proposed change

(3) If:

(a) the Communications Access Co-ordinator considers a proposed change notified under subsection 314A(3) (including a proposed change where further information is provided as mentioned in this section); and

(b) in relation to the proposed change, the Co-ordinator is satisfied that there is a risk of unauthorised interference with, or unauthorised access to, telecommunications networks or facilities that would be prejudicial to security;

the Co-ordinator must give a written notice to the carrier or provider:

(c) advising the carrier or provider of that risk; and

(d) setting out the duty imposed by subsection 313(1A) or (2A); and

(e) setting out the consequences for the carrier or provider for not complying with that duty.

(4) A notice under subsection (3) may also set out the measures the Communications Access Co-ordinator considers the carrier or provider could adopt to eliminate or reduce therisk referred to in subsection (3).

(5) If:

(a) the Communications Access Co-ordinator considers a proposed change notified under subsection 314A(3) (including a proposed change where further information is provided as mentioned in this section); and

(b) in relation to the proposed change, the Co-ordinator is satisfied that there is not a risk of unauthorised interference with, or unauthorised access to, telecommunications networks or facilities that would be prejudicial to security;

the Co-ordinator must give a written notice to the carrier or provider to that effect.

(6) In response to a proposed change notified to the Communications Access Co-ordinator under subsection 314A(3), a notice must be given to the carrier or provider:

(a) within 30 days of the notification; or

(b) if under subsection (1) the Communications Access Co-ordinator sought further information from the carrier or provider - as soon as practicable and no later than 30 days after the carrier or provider gave that further information.

The notice must be a notice under subsection (3) or (5).

Definitions

(7) In this section:

security has the same meaning as in the Australian Security Intelligence Organisation Act 1979.

Subdivision B - Security capability plans

314C Security capability plans

(1) A carrier or a nominated carriage service provider may give the Communications Access Co-ordinator a written instrument (a security capability plan ) under this section.

(2) A security capability plan may set out one or more changes to a telecommunications service or a telecommunications system the carrier or provider proposes to implement in the future that are likely to have a material adverse effect on the capacity of the carrier or provider to comply with its obligations under subsection 313(1A) or (2A).

(3) A security capability plan may set out the time each of the changes is proposed to be implemented.

Kinds of changes

(4) For the purposes of subsection (2), a change to a telecommunications service or a telecommunications system includes (but is not limited to):

(a) changes referred to in subsection 314A(2); and

(b) changes determined in an instrument under subsection (5) of this section.

(5) The Communications Access Co-ordinator may, by legislative instrument, determine changes for the purposes of paragraph (4)(b).

Other matters plan may include

(6) A security capability plan may set out the carrier's or provider's practices, policies or strategies to comply with its obligations under subsection 313(1A) or (2A).

(7) A security capability plan may set out the measures the carrier or provider is implementing, or proposing to implement, to mitigate the risk of unauthorised interference with, or unauthorised access to, telecommunications networks or facilities.

One instrument each 12-month period

(8) A carrier or a nominated carriage service provider cannot give more than one instrument under this section in any 12-month period.

314D Assessment of security capability plan

Further information

(1) If:

(a) a carrier or a nominated carriage service provider gives the Communications Access Co-ordinator a security capability plan setting out one or more proposed changes mentioned in subsection 314C(2); and

(b) the Co-ordinator considers that further information, in relation to a particular proposed change, is required for the Co-ordinator to assess whether there is a risk of unauthorised interference with, or unauthorised access to, telecommunications networks or facilities that would be prejudicial to security;

the Co-ordinator may, by notice in writing given to the carrier or provider, set out the further information the Co-ordinator requires.

(2) A notice under subsection (1) must be given to the carrier or provider within 60 days of the plan being given to the Communications Access Co-ordinator.

Assessment of proposed change

(3) If:

(a) the Communications Access Co-ordinator considers a particular proposed change mentioned in subsection 314C(2) that is set out in a security capability plan (including a proposed change where further information is provided as mentioned in this section); and

(b) in relation to the proposed change, the Co-ordinator is satisfied that there is a risk of unauthorised interference with, or unauthorised access to, telecommunications networks or facilities that would be prejudicial to security;

the Co-ordinator must give a written notice to the carrier or provider:

(c) advising the carrier or provider of that risk; and

(d) setting out the duty imposed by subsection 313(1A) or (2A); and

(e) setting out the consequences for the carrier or provider for not complying with that duty.

(4) A notice under subsection (3) may also set out the measures the Communications Access Co-ordinator considers the carrier or provider could adopt to eliminate or reduce therisk referred to in subsection (3).

(5) If:

(a) the Communications Access Co-ordinator considers a particular proposed change mentioned in subsection 314C(2) that is set out in a security capability plan (including a proposed change where further information is provided as mentioned in this section); and

(b) in relation to the proposed change, the Co-ordinator is satisfied that there is not a risk of unauthorised interference with, or unauthorised access to, telecommunications networks or facilities that would be prejudicial to security;

the Co-ordinator must give a written notice to the carrier or provider to that effect.

(6) In response to a proposed change mentioned in subsection 314C(2) that is set out in a security capability plan, a notice must be given to the carrier or provider:

(a) within 60 days of the plan being given to the Communications Access Co-ordinator; or

(b) if under subsection (1) the Communications Access Co-ordinator sought further information from the carrier or provider - as soon as practicable and no later than 60 days after the carrier or provider gave that further information.

The notice must be a notice under subsection (3) or (5) and may relate to one or more such changes.

Definitions

(7) In this section:

security has the same meaning as in the Australian Security Intelligence Organisation Act 1979.

314E Relationship with section 314A

Dual notifications not required

(1) If, under section 314C, a carrier or a nominated carriage service provider has given a security capability plan setting out one or more proposed changes mentioned in subsection 314C(2), the carrier or provider is not required to notify those proposed changes under section 314A.

Certain modificationsto changes are changes in their own right

(2) If:

(a) under section 314C, a carrier or a nominated carriage service provider has given a security capability plan setting out one or more proposed changes mentioned in subsection 314C(2); and

(b) the carrier or provider becomes aware that the implementation by the carrier or provider of any modification to such a proposed change is likely to have a material adverse effect on the capacity of the carrier or provider to comply with its obligations under subsection 313(1A) or (2A);

then section 314A applies in relation to the modification as if the modification were a change in its own right.

Division 4 - Carriage service provider may suspend supply of carriage service in an emergency

13   After section 315

Insert:

Division 5 - Directions by Attorney-General

315A Direction if use or supply of carriage services prejudicial to security

(1) If:

(a) a person who is a carrier or carriage service provider proposes to use, or uses, for the person's own requirements or benefit, or proposes to supply, or supplies, to another person, one or more carriage services; and

(b) the Attorney-General, after consulting the Prime Minister and the Minister administering this Act, considers that the proposed use or supply would be, or the use or supply is, as the case may be, prejudicial to security;

the Attorney-General may give the carrier or carriage service provider a written direction not to use or supply, or to cease using or supplying, the carriage service or the carriage services.

(2) A direction under subsection (1) must relate to a carriage service generally and cannot be expressed to apply to the supply of a carriage service to a particular person, particular persons or a particular class of persons.

Direction to be given after adverse security assessment

(3) The Attorney-General must not give a carrier or carriage service provider a direction under subsection (1) unless an adverse security assessment in respect of the carrier or carriage service provider is given to the Attorney-General in connection with this section.

Copy of direction to be given to ACMA

(4) The Attorney-General must give the ACMA a copy of any direction under subsection (1).

Compliance with direction

(5) A person must comply with a direction given to the person under subsection (1).

Definitions

(6) In this section:

security has the same meaning as in the Australian Security Intelligence Organisation Act 1979.

315B Direction if risk of unauthorised interference or access involving telecommunications networks or facilities

(1) This section applies if, in connection with:

(a) the operation by a carrier or carriage service provider of telecommunications networks or facilities; or

(b) the supply by a carrier or carriage service provider of a carriage service; or

(c) the supply by a carriage service provider of a carriage service, being a supply arranged by a carriage service intermediary;

the Attorney-General is satisfied that there is a risk of unauthorised interference with, or unauthorised access to, telecommunications networks or facilities that would be prejudicial to security.

(2) The Attorney-General may give a carrier, carriage service provider or carriage service intermediary a written direction requiring the carrier, provider or intermediary to do, or to refrain from doing, a specified act or thing within the period specified in the direction.

(3) A direction under subsection (2) may be given only if the Attorney-General is satisfied that requiring the carrier, carriage service provider or carriage service intermediary to do, or to refrain from doing, the specified act or thing is reasonably necessary for purposes relating to eliminating or reducing therisk referred to in subsection (1).

Direction to be given after adverse security assessment

(4) The Attorney-General must not give a carrier, carriage service provider or carriage service intermediary a direction under subsection (2) unless an adverse security assessment in respect of the carrier, provider or intermediary is given to the Attorney-General in connection with this section.

Direction to be given after negotiations in good faith

(5) The Attorney-General must not give a carrier, carriage service provider or carriage service intermediary a direction under subsection (2) unless the Attorney-General is satisfied that reasonable steps have been taken to negotiate in good faith with the carrier, provider or intermediary to achieve an outcome of eliminating or reducing therisk referred to in subsection (1).

Matters to which regard must be had before giving direction

(6) Before giving a carrier, carriage service provider or carriage service intermediary a direction under subsection (2), the Attorney-General must have regard to the following matters:

(a) the adverse security assessment mentioned in subsection (4);

(b) the costs, in complying with any direction, that would be likely to be incurred by the carrier, provider or intermediary;

(c) the potential consequences that any direction may have on competition in the telecommunications industry;

(d) the potential consequences that any direction may have on customers of the carrier, provider or intermediary.

The Attorney-General must give the greatest weight to the matter mentioned in paragraph (a).

(7) Subsection (6) does not limit the matters to which regard may be had.

Consultation

(8) Before giving a carrier, carriage service provider or carriage service intermediary a direction under subsection (2), the Attorney-General must:

(a) consult the Minister administering this Act; and

(b) do the following:

(i) by written notice, given to the carrier, provider or intermediary, set out the proposed direction;

(ii) in that notice, invite the carrier, provider or intermediary to make written representations to the Attorney-General in relation to the proposed direction within the period specified in the notice;

(iii) have regard to any such representations made within that period.

(9) For the purposes of subparagraph (8)(b)(ii), the period to be specified in the notice must be at least 28 days after the notice is given. However, the Attorney-General may specify a shorter period if the Attorney-General considers it necessary to do so because of urgent circumstances.

(10) Subsection (8) does not limit the persons with whom the Attorney-General may consult.

Copy of direction to be given to ACMA

(11) The Attorney-General must give the ACMA a copy of any direction under subsection (2).

Compliance with direction

(12) A person must comply with a direction given to the person under subsection (2).

Definitions

(13) In this section:

security has the same meaning as in the Australian Security Intelligence Organisation Act 1979.

Division 6 - Attorney-General's Secretary's information-gathering powers

315C Attorney-General's Secretary may obtain information and documents from carriers and carriage service providers

(1) This section applies to a carrier, carriage service provider or carriage service intermediary if the Attorney-General's Secretary has reason to believe that the carrier, provider or intermediary has information or a document that is relevant to assessing compliance with the duty imposed by subsection 313(1A) or (2A).

(2) The Attorney-General's Secretary may, by written notice given to the carrier, provider or intermediary, require the carrier, provider or intermediary:

(a) to give to that Secretary, within the period and in the manner and form specified in the notice, any such information; or

(b) to produce to that Secretary, within the period and in the manner specified in the notice, any such documents; or

(c) to make copies of any such documents and to produce to that Secretary, within the period and in the manner specified in the notice, those copies.

(3) The carrier, provider or intermediary must comply with a requirement under subsection (2).

Matters to which regard must be had before giving notice

(4) Before giving a carrier, carriage service provider or carriage service intermediary a notice under subsection (2), the Attorney-General's Secretary must have regard to the costs, in complying with any requirement in the notice, that would be likely to be incurred by the carrier, provider or intermediary.

(5) Subsection (4) does not limit the matters to which regard may be had.

Content of notice

(6) A notice given to a carrier under this section must set out the effect of the following provisions:

(a) subsection (3);

(b) section 68;

(c) section 570;

(d) Part 1 of Schedule 1;

(e) sections 137.1 and 137.2 of the Criminal Code (false or misleading information or documents).

(7) A notice given to a carriage service provider or carriage service intermediary under this section must set out the effect of the following provisions:

(a) subsection (3);

(b) section 101;

(c) section 570;

(d) Part 1 of Schedule 2;

(e) sections 137.1 and 137.2 of the Criminal Code (false or misleading information or documents).

Copying documents - reasonable compensation

(8) A carrier, carriage service provider or carriage service intermediary is entitled to be paid by the Commonwealth reasonable compensation for complying with a requirement covered by paragraph (2)(c).

315D Self-incrimination

(1) A person is not excused from giving information or producing a document or a copy of a document under section 315C on the ground that the information or the production of the document or copy might tend to incriminate the person or expose the person to a penalty.

(2) However, in the case of an individual:

(a) the information given or the document or copy produced; or

(b) giving the information or producing the document or copy; or

(c) any information, document or thing obtained as a direct or indirect consequence of giving the information or producing the document or copy;

is not admissible in evidence against the individual:

(d) in criminal proceedings other than proceedings for an offence against section 137.1 or 137.2 of the Criminal Code that relates to this Division; or

(e) in civil proceedings other than proceedings under section 570 for recovery of a penalty in relation to a contravention of subsection 315C(3).

315E Copies of documents

(1) The Attorney-General's Secretary may inspect a document or copy produced under section 315C and may make and retain copies of such a document.

(2) The Attorney-General's Secretary may retain possession of a copy of a document produced in accordance with a requirement covered by paragraph 315C(2)(c).

315F Retention of documents

(1) The Attorney-General's Secretary may take, and retain for as long as is necessary, possession of a document produced under section 315C.

(2) The person otherwise entitled to possession of the document is entitled to be supplied, as soon as practicable, with a copy certified by the Attorney-General's Secretary to be a true copy.

(3) The certified copy must be received in all courts and tribunals as evidence as if it were the original.

(4) Until a certified copy is supplied, the Attorney-General's Secretary must, at such times and places as he or she thinks appropriate, permit the person otherwise entitled to possession of the document, or a person authorised by that person, to inspect and make copies of the document.

315G Delegation by Attorney-General's Secretary

(1) The Attorney-General's Secretary may, in writing, delegate any or all of his or her powers and functions under sections 315C, 315E and 315F to the Director-General of Security.

(2) In exercising a power or performing a function under a delegation under subsection (1), the Director-General of Security must comply with any directions of the Attorney-General's Secretary.

Division 7 - Information sharing and confidentiality

315H Information sharing and confidentiality

(1) A person who obtains information or a document under section 314A, 314B, 314C, 314D, 315C or this subsection may disclose any of that information, or provide the document (or a copy of it), to another person for either or both of the following purposes:

(a) the assessment of the risk of unauthorised interference with, or unauthorised access to, telecommunications networks or facilities and, if there is such a risk, the assessment of the risk to security;

(b) the purposes of security.

Note: The Privacy Act 1988 applies to the disclosure of personal information.

Limitation

(2) However, if a person obtains information or a document under section 314A, 314B, 314C, 314D, 315C or subsection (1) of this section, the person must not disclose any of that information, or provide the document (or a copy of it), to a person who is not a Commonwealth officer, to the extent that the information is identifying information or that the document (or a copy of it) contains identifying information.

Confidentiality

(3) Subject to this section, a person who obtains information or a document under section 314A, 314B, 314C, 314D, 315C or this section must treat the information or document as confidential.

Definitions

(4) In this section:

Commonwealth officer means:

(a) a person who is in the employment of the Commonwealth, other than a person who is engaged outside Australia to perform duties outside Australia as an employee; or

(b) a person who holds or performs the duties of any office or position established by or under a law of the Commonwealth; or

(c) a member of the Australian Defence Force; or

(d) the Commissioner of the Australian Federal Police, a Deputy Commissioner of the Australian Federal Police, an AFP employee, a special member or a special protective service officer (all within the meaning of the Australian Federal Police Act 1979).

Note: Paragraph (a) of this definition covers, for example, persons employed by the Director-General of Security, on behalf of the Commonwealth, under subsection 84(1) of the Australian Security Intelligence Organisation Act 1979.

identifying information means information that identifies the carrier, carriage service provider or carriage service intermediary concerned.

security has the same meaning as in the Australian Security Intelligence Organisation Act 1979.

Division 8 - Annual report

315J Annual report

(1) The Attorney-General's Secretary must report each financial year to the Attorney-General on the operation of this Part, to the extent that this Part was amended by the Telecommunications and Other Legislation Amendment Act 2017.

(1A) Without limiting subsection (1), a report under that subsection for a financial year must include the following information for that year:

(a) the number of directions the Attorney-General gave under subsection 315A(1);

(b) the number of directions the Attorney-General gave under subsection 315B(2);

(c) the following:

(i) the number of notifications the Communications Access Co-ordinator received under subsection 314A(3);

(ii) in response to such notifications, the average number of days taken by the Co-ordinator to give a notice under subsection 314B(3) or (5);

(iii) in response to such notifications, the percentage of notices given within the period under subsection 314B(6) by the Co-ordinator under subsection 314B(3) or (5);

(d) the following:

(i) the number of applications the Communications Access Co-ordinator received under subsection 314A(5A);

(ii) in response to such applications, the average number of days taken by the Co-ordinator to give a notice under subsection 314A(4) or (5) or paragraph 314A(5B)(b);

(iii) in response to such applications, the percentage of notices given within the period under subsection 314A(5B) by the Co-ordinator under subsection 314A(4) or (5) or paragraph 314A(5B)(b);

(e) the following:

(i) the number of security capability plans the Communications Access Co-ordinator received under subsection 314C(1);

(ii) in response to such plans, the average number of days taken by the Co-ordinator to give a notice under subsection 314D(3) or (5);

(iii) in response to such plans, the percentage of notices given within the period under subsection 314D(6) by the Co-ordinator under subsection 314D(3) or (5);

(f) the number of notices the Attorney-General's Secretary gave under subsection 315C(2);

(g) details of the information sharing arrangements between the Commonwealth and carriers and carriage service providers in relation to this Part, to the extent that this Part was amended by the Telecommunications and Other Legislation Amendment Act 2017;

(h) a summary of any feedback or complaints made in relation to this Part, to the extent that this Part was amended by that Act;

(i) trends or issues in relation to the matters covered by paragraphs (a) to (h).

(2) The Attorney-General's Secretary must give a report under subsection (1) to the Attorney-General as soon as practicable after the end of the financial year concerned.

(3) The Attorney-General must cause a copy of a report under subsection (1) to be laid before each House of the Parliament within 15 sitting days of that House after receiving the report.

Division 8A - Review by Parliamentary Joint Committee on Intelligence and Security

315K Review by Parliamentary Joint Committee on Intelligence and Security

(1) The Parliamentary Joint Committee on Intelligence and Security must review the operation of this Part, to the extent that this Part was amended by the Telecommunications and Other Legislation Amendment Act 2017.

(2) The review:

(a) must start on or before the second anniversary of the commencement of this section; and

(b) must be concluded on or before the third anniversary of the commencement of this section.

(3) The Committee must give the Attorney-General a written report of the review.

14   Before section 316

Insert:

Division 9 - Generality of Part not limited

15   Subsections 564(1) and (2)

Omit "or the ACCC", substitute ", the ACCC or the Attorney-General".

16   After subsection 564(3)

Insert:

Limit on standing of the Attorney-General

(3A) Despite subsections (1) and (2), the Attorney-General is not entitled to apply for an injunction unless the application relates to a contravention of:

(a) the carrier licence condition set out in Part 1 of Schedule 1 in so far as that condition relates to subsection 313(1A), 314A(3), 315A(5), 315B(12) or 315C(3); or

(b) the service provider rule set out in Part 1 of Schedule 2 in so far as that rule relates to subsection 313(1A) or (2A), 314A(3), 315A(5), 315B(12) or 315C(3).

17   Before subsection 564(4)

Insert:

Definitions

18   Subsection 571(1)

Omit "or the ACCC", substitute ", the ACCC or the Attorney-General".

19   Before subsection 571(3)

Insert:

Limit on standing of the ACMA

20   At the end of section 571

Add:

Limit on standing of the Attorney-General

(4) Despite subsection (1), the Attorney-General is not entitled to institute a proceeding for the recovery of a pecuniary penalty unless the proceeding relates to a contravention of:

(a) the carrier licence condition set out in Part 1 of Schedule 1 in so far as that condition relates to subsection 313(1A), 314A(3), 315A(5), 315B(12) or 315C(3); or

(b) the service provider rule set out in Part 1 of Schedule 2 in so far as that rule relates to subsection 313(1A) or (2A), 314A(3), 315A(5), 315B(12) or 315C(3).

21   Section 572A

After "ACMA", insert "or the Attorney-General".

22   Subsections 572B(1), (3) and (4)

After "ACMA", insert "or the Attorney-General".

23   At the end of subsection 572B(5)

Add "The Attorney-General may arrange for the publishing of the undertaking on the Attorney-General's Department's website.".

24   After subsection 572B(5)

Insert:

(5A) Despite subsection (1), the Attorney-General is not entitled to accept an undertaking under this section unless the undertaking relates to compliance with:

(a) the carrier licence condition set out in Part 1 of Schedule 1 in so far as that condition relates to subsection 313(1A), 314A(3), 315A(5), 315B(12) or 315C(3); or

(b) the service provider rule set out in Part 1 of Schedule 2 in so far as that rule relates to subsection 313(1A) or (2A), 314A(3), 315A(5), 315B(12) or 315C(3).

(5B) The ACMA's powers under subsections (3) to (5) are only in relation to undertakings it has accepted. The Attorney-General's powers under those subsections are only in relation to undertakings he or she has accepted.

25   Subsection 572C(1)

After "ACMA" (wherever occurring), insert "or the Attorney-General".

26   At the end of section 572C

Add:

(3) The ACMA's power under subsection (1) is only in relation to undertakings it has accepted. The Attorney-General's power under that subsection is only in relation to undertakings he or she has accepted.

27   Subsections 581(3) and (3A)

Repeal the subsections.

28   Subsection 581(4)

Omit "or (3)".

29   Subsection 581(5)

Repeal the subsection.

Telecommunications (Interception and Access) Act 1979

30   Subparagraph 202A(a)(ii)

After "Telecommunications Act 1997", insert "(other than subsection 313(1A) or (2A) of that Act)".

31   At the end of paragraph 202B(1)(b)

Add "(other than subsection 313(1A) or (2A) of that Act)".

Part 2   Other amendments

Administrative Decisions (Judicial Review) Act 1977

32   Paragraph (daa) of Schedule 1

Omit ", or subsection 581(3),".

Australian Security Intelligence Organisation Act 1979

33   Subsection 35(1) (subparagraph (d)(ii) of the definition of prescribed administrative action)

Repeal the subparagraph, substitute:

(ii) subsection 315A(1) or 315B(2);

34   Paragraph 38A(1)(b)

Repeal the paragraph, substitute:

(b) section 315A or 315B;

Part 3   Transitional and saving provisions

35   Transitional and saving provisions

(1) A direction in force under subsection 581(3) of the Telecommunications Act 1997immediately before the commencement of this item has effect on and after that commencement as if it were a direction in force under subsection 315A(1) of that Act.

(2) An assessment mentioned in subsection 38A(1) of the Australian Security Intelligence Organisation Act 1979 that is given to the Attorney-General under that Act before the commencement of this item in connection with subsection 581(3) of the Telecommunications Act 1997 has effect on and after that commencement as if it were given in connection with section 315A of the Telecommunications Act 1997.

(3) Paragraph (daa) of Schedule 1 to the Administrative Decisions (Judicial Review) Act 1977, as in force immediately before the commencement of this item, continues to apply on and after that commencement in relation to a decision of the Attorney-General under subsection 581(3) of the Telecommunications Act 1997 made before that commencement.