Surveillance Legislation Amendment (Identify and Disrupt) Act 2021 (98 of 2021)

Schedule 2   Network activity warrants

Part 1   Main amendments

Surveillance Devices Act 2004

9   At the end of Part 2

Add:

Division 6 - Network activity warrants

27KKA Sunsetting

This Division ceases to have effect 5 years after it commences.

27KK Application for network activity warrant

(1) The chief officer of the Australian Federal Police or the Australian Crime Commission may apply for the issue of a network activity warrant if the chief officer suspects on reasonable grounds that:

(a) a group of individuals is a criminal network of individuals; and

(b) access to data held in a computer (the target computer ) that is, from time to time, used, or likely to be used, by any of the individuals in the group will substantially assist in the collection of intelligence that:

(i) relates to the group or to any of the individuals in the group; and

(ii) is relevant to the prevention, detection or frustration of one or more kinds of relevant offences.

(2) For the purposes of subsection (1), it is immaterial whether:

(a) the identities of the individuals in the group can be ascertained; or

(b) the target computer can be identified; or

(c) the location of the target computer can be identified; or

(d) there are likely to be changes, from time to time, in the composition of the group.

Procedure for making applications

(3) An application under subsection (1) may be made to an eligible Judge or to a nominated AAT member.

(4) An application:

(a) must specify:

(i) the name of the applicant; and

(ii) the nature and duration of the warrant sought; and

(b) subject to this section, must be supported by an affidavit setting out the grounds on which the warrant is sought.

Unsworn applications

(5) If the chief officer of the Australian Federal Police or the Australian Crime Commission believes that:

(a) immediate access to data held in the target computer referred to in subsection (1) will substantially assist as described in paragraph (1)(b); and

(b) it is impracticable for an affidavit to be prepared or sworn before an application for a warrant is made by the chief officer;

an application by the chief officer for a warrant under subsection (1) may be made before an affidavit is prepared or sworn.

(6) If subsection (5) applies, the applicant must:

(a) provide as much information as the eligible Judge or nominated AAT member considers is reasonably practicable in the circumstances; and

(b) not later than 72 hours after the making of the application, send a duly sworn affidavit to the eligible Judge or nominated AAT member, whether or not a warrant has been issued.

Target computer

(7) The target computer referred to in subsection (1):

(a) must be a computer that is, from time to time, used or likely to be used by an individual (whose identity may or may not be known); and

(b) may be one or more of the following:

(i) a particular computer;

(ii) a computer that is, from time to time, on particular premises.

27KL Remote application

(1) If the chief officer of the Australian Federal Police or the Australian Crime Commission believes that it is impracticable for an application for a network activity warrant to be made in person, the application may be made under section 27KK by telephone, fax, email or any other means of communication.

(2) If transmission by fax is available and an affidavit has been prepared, the person applying must transmit a copy of the affidavit, whether sworn or unsworn, to the eligible Judge or to the nominated AAT member who is to determine the application.

27KM Determining the application

(1) An eligible Judge or a nominated AAT member may issue a network activity warrant if satisfied:

(a) that there are reasonable grounds for the suspicion founding the application for the warrant; and

(aa) that the issue of the warrant is justified and proportionate, having regard to the kinds of offences in relation to which information will be obtained under the warrant; and

(b) in the case of an unsworn application - that it would have been impracticable for an affidavit to have been sworn or prepared before the application was made; and

(c) in the case of a remote application - that it would have been impracticable for the application to have been made in person.

(2) In determining whether a network activity warrant should be issued, the eligible Judge or nominated AAT member must have regard to:

(a) the nature and gravity of the conduct constituting the kinds of offences in relation to which information will be obtained under the warrant; and

(b) the extent to which access to data under the warrant will assist in the collection of intelligence that:

(i) relates to the group referred to in paragraph 27KK(1)(a) or to any of the individuals in the group; and

(ii) is relevant to the prevention, detection or frustration of one or more kinds of relevant offences; and

(c) the likely intelligence value of any information sought to be obtained; and

(d) whether the things authorised by the warrant are proportionate to the likely intelligence value of any information sought to be obtained; and

(e) the existence of any alternative, or less intrusive, means of obtaining the information sought to be obtained; and

(f) the extent to which the execution of the warrant is likely to result in access to data of persons who are lawfully using a computer, and any privacy implications (to the extent known to the eligible Judge or nominated AAT member) resulting from that access; and

(fa) if:

(i) the eligible Judge or nominated AAT member believes on reasonable grounds that the data covered by the warrant (within the meaning of section 27KP) is data of a person who is working in a professional capacity as a journalist or of an employer of such a person; and

(ii) each of the offences referred to in paragraph 27KK(1)(b) is an offence against a secrecy provision;

whether the public interest in issuing the warrant outweighs:

(iii) the public interest in protecting the confidentiality of the identity of the journalist's source; and

(iv) the public interest in facilitating the exchange of information between journalists and members of the public so as to facilitate reporting of matters in the public interest; and

(g) any previous warrant sought or issued under this Division in relation to the group referred to in paragraph 27KK(1)(a).

(2A) For the purposes of having regard to the nature and gravity of the conduct constituting the kinds of offences in relation to which information will be obtained under the warrant, the eligible Judge or nominated AAT member must give weight to the following matters:

(a) whether that conduct amounts to:

(i) an activity against the security of the Commonwealth; or

(ii) an offence against Chapter 5 of the Criminal Code;

(b) whether that conduct amounts to:

(i) an activity against the proper administration of Government; or

(ii) an offence against Chapter 7 of the Criminal Code;

(c) whether that conduct:

(i) causes, or has the potential to cause, serious violence, or serious harm, to a person; or

(ii) amounts to an offence against Chapter 8 of the Criminal Code;

(d) whether that conduct:

(i) causes, or has the potential to cause, a danger to the community; or

(ii) amounts to an offence against Chapter 9 of the Criminal Code;

(e) whether that conduct:

(i) causes, or has the potential to cause, substantial damage to, or loss of, data, property or critical infrastructure; or

(ii) amounts to an offence against Chapter 10 of the Criminal Code;

(f) whether that conduct involves, or is related to, the commission of:

(i) transnational crime; or

(ii) serious crime; or

(iii) organised crime;

that is not covered by any of the preceding paragraphs.

(2B) Subsection (2A) does not limit the matters that may be considered by the eligible Judge or nominated AAT member.

(2C) To avoid doubt, this Act does not prevent a network activity warrant from being issued in a case where the conduct constituting the kinds of offences in relation to which information will be obtained under the warrant is not covered by subsection (2A).

(3) If a network activity warrant is issued in response to an application made by the chief officer of the Australian Federal Police or the Australian Crime Commission, the chief officer must:

(a) notify the issue of the warrant to the Inspector-General of Intelligence and Security; and

(b) do so within 7 days after the issue of the warrant.

(4) For the purposes of this section, secrecy provision means a provision of a law of the Commonwealth or of a State that prohibits:

(a) the communication, divulging or publication of information; or

(b) the production of, or the publication of the contents of, a document.

27KN What must a network activity warrant contain?

(1) A network activity warrant must:

(a) state that the eligible Judge or nominated AAT member issuing the warrant is satisfied of the matters referred to in subsection 27KM(1) and has had regard to the matters referred to in subsection 27KM(2); and

(b) specify:

(i) the name of the applicant; and

(ii) the kinds of relevant offences in respect of which the warrant is issued; and

(iii) the criminal network of individuals to which the warrant relates; and

(iv) the date the warrant is issued; and

(v) the period during which the warrant is in force (see subsection (2)); and

(vi) the name of the law enforcement officer primarily responsible for executing the warrant; and

(vii) any conditions subject to which things may be done under the warrant; and

(c) if the warrant authorises the use of a surveillance device - specify:

(i) the surveillance device authorised to be used; and

(ii) the purpose or purposes for which the surveillance device may be used under the warrant.

(2) A warrant may only be issued for a period of no more than 90 days.

Note: The access to data held in the target computer pursuant to a warrant may be discontinued earlier - see section 27KS.

(3) A warrant must be signed by the person issuing it and include the person's name.

(4) For the purposes of subparagraph (1)(b)(iii), a criminal network of individuals may be specified by identifying one or more matters or things that are sufficient to identify the criminal network of individuals.

(5) As soon as practicable after completing and signing a warrant issued on a remote application, the person issuing it must:

(a) inform the applicant of:

(i) the terms of the warrant; and

(ii) the date on which, and the time at which, the warrant was issued; and

(b) give the warrant to the applicant while retaining a copy of the warrant for the person's own record.

27KP What a network activity warrant authorises

(1) A network activity warrant must authorise the doing of specified things (subject to any restrictions or conditions specified in the warrant) in relation to the relevant target computer.

(2) The things that may be specified are any of the following that the eligible Judge or nominated AAT member considers appropriate in the circumstances:

(a) entering specified premises for the purposes of doing the things mentioned in this subsection;

(b) entering any premises for the purposes of gaining entry to, or exiting, the specified premises;

(c) using:

(i) the target computer; or

(ii) a telecommunications facility operated or provided by the Commonwealth or a carrier; or

(iii) any other electronic equipment; or

(iv) a data storage device;

for the purpose of obtaining access to data (the relevant data ) that is held in the target computer at any time while the warrant is in force, in order to determine whether the relevant data is covered by the warrant;

(d) if necessary to achieve the purpose mentioned in paragraph (c) - adding, copying, deleting or altering other data in the target computer;

(e) if, having regard to other methods (if any) of obtaining access to the relevant data which are likely to be as effective, it is reasonable in all the circumstances to do so:

(i) using any other computer or a communication in transit to access the relevant data; and

(ii) if necessary to achieve that purpose - adding, copying, deleting or altering other data in the computer or the communication in transit;

(f) removing a computer or other thing from premises for the purposes of doing any thing specified in the warrant in accordance with this subsection, and returning the computer or other thing to the premises;

(g) copying any data to which access has been obtained, and that:

(i) appears to be relevant for the purposes of determining whether the relevant data is covered by the warrant; or

(ii) is covered by the warrant;

(h) intercepting a communication passing over a telecommunications system, if the interception is for the purposes of doing any thing specified in the warrant in accordance with this subsection;

(i) using a surveillance device for the purposes of doing any thing specified in the warrant in accordance with this subsection;

(j) any other thing reasonably incidental to any of the above.

Note: As a result of the warrant, a person who, by means of a telecommunications facility, obtains access to data stored in a computer will not commit an offence under Part 10.7 of the Criminal Code or equivalent State or Territory laws (provided that the person acts within the authority of the warrant).

(3) If:

(a) a network activity warrant authorises the removal of a computer or other thing from premises as mentioned in paragraph (2)(f); and

(b) a computer or thing is removed from the premises in accordance with the warrant;

the computer or thing must be returned to the premises as soon as is reasonably practicable to do so once the computer or thing is no longer required for the purposes of doing any thing authorised by the warrant.

(4) For the purposes of paragraph (2)(g), if:

(a) access has been obtained to data; and

(b) the data is subject to a form of electronic protection;

the data is taken to be relevant for the purposes of determining whether the relevant data is covered by the warrant.

When data is covered by a warrant

(5) For the purposes of this section, data is covered by a warrant if access to the data will substantially assist as described in paragraph 27KK(1)(b). To avoid doubt, it is immaterial whether the composition of the group mentioned in that paragraph changes during the period when the warrant is in force.

Certain acts not authorised

(6) Subsection (2) does not authorise the addition, deletion or alteration of data, or the doing of any thing, that is likely to:

(a) materially interfere with, interrupt or obstruct:

(i) a communication in transit; or

(ii) the lawful use by other persons of a computer;

unless the addition, deletion or alteration, or the doing of the thing, is necessary to do one or more of the things specified in the warrant; or

(b) cause any other material loss or damage to other persons lawfully using a computer.

Warrant must provide for certain matters

(7) A network activity warrant must:

(a) authorise the use of any force against persons and things that is necessary and reasonable to do the things specified in the warrant; and

(b) if the warrant authorises entering premises - state whether entry is authorised to be made at any time of the day or night or during stated hours of the day or night.

Concealment of access etc.

(8) If any thing has been done in relation to a computer under:

(a) a network activity warrant; or

(b) this subsection;

then, in addition to the things specified in the warrant, the warrant authorises the doing of any of the following:

(c) any thing reasonably necessary to conceal the fact that any thing has been done under the warrant or under this subsection;

(d) entering any premises where the computer is reasonably believed to be, for the purposes of doing the things mentioned in paragraph (c);

(e) entering any other premises for the purposes of gaining entry to or exiting the premises referred to in paragraph (d);

(f) removing the computer or another thing from any place where it is situated for the purposes of doing the things mentioned in paragraph (c), and returning the computer or other thing to that place;

(g) if, having regard to other methods (if any) of doing the things mentioned in paragraph (c) which are likely to be as effective, it is reasonable in all the circumstances to do so:

(i) using any other computer or a communication in transit to do those things; and

(ii) if necessary to achieve that purpose - adding, copying, deleting or altering other data in the computer or the communication in transit;

(h) intercepting a communication passing over a telecommunications system, if the interception is for the purposes of doing any thing mentioned in this subsection;

(i) using a surveillance device, if the use is for the purposes of doing any thing mentioned in this subsection;

(j) any other thing reasonably incidental to any of the above;

at the following time:

(k) at any time while the warrant is in force or within 28 days after it ceases to be in force;

(l) if none of the things mentioned in paragraph (c) are done within the 28-day period mentioned in paragraph (k) - at the earliest time after that 28-day period at which it is reasonably practicable to do the things mentioned in paragraph (c).

(9) Subsection (8) does not authorise the doing of a thing that is likely to:

(a) materially interfere with, interrupt or obstruct:

(i) a communication in transit; or

(ii) the lawful use by other persons of a computer;

unless the doing of the thing is necessary to do one or more of the things specified in subsection (8); or

(b) cause any other material loss or damage to other persons lawfully using a computer.

(10) If a computer or another thing is removed from a place in accordance with paragraph (8)(f), the computer or thing must be returned to the place as soon as is reasonably practicable to do so once the computer or thing is no longer required for the purposes of doing any thing mentioned in paragraph (8)(c).

27KQ Extension and variation of network activity warrant

(1) If a network activity warrant was issued in response to an application by the chief officer of the Australian Federal Police or the Australian Crime Commission, the chief officer may apply, at any time before the expiry of the warrant:

(a) for an extension of the warrant for a period of no more than 90 days after the day the warrant would otherwise expire; or

(b) for a variation of any of the other terms of the warrant.

(2) The application is to be made to an eligible Judge or to a nominated AAT member and must be accompanied by the original warrant.

(3) Sections 27KK and 27KL apply, with any necessary changes, to an application under this section as if it were an application for the warrant.

(4) The eligible Judge or nominated AAT member may grant an application if satisfied that the matters referred to in subsection 27KM(1) still exist, having regard to the matters in subsection 27KM(2).

(5) If the eligible Judge or nominated AAT member grants the application, the eligible Judge or nominated AAT member must endorse the new expiry date or the other varied term on the original warrant.

(6) An application may be made under this section more than once.

(7) If a network activity warrant is extended or varied in response to an application made by the chief officer of the Australian Federal Police or the Australian Crime Commission, the chief officer must:

(a) notify the extension or variation to the Inspector-General of Intelligence and Security; and

(b) do so within 7 days after the extension or variation.

27KR Revocation of network activity warrant

(1) A network activity warrant may, by instrument in writing, be revoked by an eligible Judge or nominated AAT member on the initiative of the eligible Judge or nominated AAT member at any time before the expiration of the period of validity specified in the warrant.

(2) If the circumstances set out in subsection 27KS(2) apply in relation to a network activity warrant:

(a) if the warrant was issued in response to an application made by the chief officer of the Australian Federal Police - the chief officer of the Australian Federal Police must, by instrument in writing, revoke the warrant; or

(b) if the warrant was issued in response to an application made by the chief officer of the Australian Crime Commission - the chief officer of the Australian Crime Commission must, by instrument in writing, revoke the warrant.

(3) The instrument revoking a warrant must be signed by the eligible Judge, the nominated AAT member, the chief officer of the Australian Federal Police or the chief officer of the Australian Crime Commission, as the case requires.

(4) If an eligible Judge or nominated AAT member revokes a warrant, the eligible Judge or nominated AAT member must give a copy of the instrument of revocation to:

(a) if the warrant was issued in response to an application made by the chief officer of the Australian Federal Police - the chief officer of the Australian Federal Police; or

(b) if the warrant was issued in response to an application made by the chief officer of the Australian Crime Commission - the chief officer of the Australian Crime Commission.

(5) If:

(a) an eligible Judge or nominated AAT member revokes a warrant; and

(b) at the time of the revocation, a law enforcement officer is executing the warrant;

the law enforcement officer is not subject to any civil or criminal liability for any act done in the proper execution of that warrant before the officer is made aware of the revocation.

(6) If:

(a) a network activity warrant was issued in response to an application made by the chief officer of the Australian Federal Police or the Australian Crime Commission; and

(b) an eligible Judge or nominated AAT member revokes the warrant;

the chief officer must:

(c) notify the revocation to the Inspector-General of Intelligence and Security; and

(d) do so within 7 days after the revocation.

(7) If a network activity warrant is revoked by the chief officer of the Australian Federal Police or the Australian Crime Commission, the chief officer must:

(a) notify the revocation to the Inspector-General of Intelligence and Security; and

(b) do so within 7 days after the revocation.

27KS Discontinuance of access under warrant

Scope

(1) This section applies if a network activity warrant is issued.

Discontinuance of access

(2) If:

(a) the warrant was sought by the chief officer of the Australian Federal Police or the Australian Crime Commission; and

(b) the chief officer is satisfied that access to data under the warrant is no longer required for the purpose referred to in paragraph 27KK(1)(b);

the chief officer must, in addition to revoking the warrant under section 27KR, take the steps necessary to ensure that access to data authorised by the warrant is discontinued.

(3) If:

(a) the warrant was sought by the chief officer of the Australian Federal Police or the Australian Crime Commission; and

(b) the chief officer is notified that the warrant has been revoked by an eligible Judge or a nominated AAT member under section 27KR;

the chief officer must take the steps necessary to ensure that access to data authorised by the warrant is discontinued as soon as practicable.

(4) If the law enforcement officer who is primarily responsible for executing the warrant believes that access to data under the warrant is no longer necessary for the purpose referred to in paragraph 27KK(1)(b), the law enforcement officer must immediately inform the chief officer of the law enforcement agency to which the law enforcement officer belongs or is seconded.

27KT Relationship of this Division to parliamentary privileges and immunities

To avoid doubt, this Division does not affect the law relating to the powers, privileges and immunities of any of the following:

(a) each House of the Parliament;

(b) the members of each House of the Parliament;

(c) the committees of each House of the Parliament and joint committees of both Houses of the Parliament.


Copyright notice

© Australian Taxation Office for the Commonwealth of Australia

You are free to copy, adapt, modify, transmit and distribute material on this website as you wish (but not in any way that suggests the ATO or the Commonwealth endorses you or any of your services or products).