Questions on Notice submitted to the Attorney General on PRISM

Senator Ludlam asked the Minister representing the Attorney-General, upon notice, on 11 June 2013

(1)Is the Australian Government or any of its law enforcement agencies aware that the United States (US) National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) are utilising a back-door program called PRISM to tap directly into the central servers of US Internet companies to source meta and content data information without warrants.

(1)The Australian Government does not wish to comment on other state's lawful capabilities for the investigation of law enforcement and national security matters. However, I can refer to statements made by President Obama and the United States Director of National Intelligence that United States intelligence agencies operate within the law, are subject to strict congressional and judicial oversight and that access to telecommunications information was authorised by a warrant issued by the United States Foreign Intelligence Surveillance Court.

(2)Has information obtained using PRISM without warrant by the FBI or NSA about Australian citizens-including audio and video chats, photographs, e-mails, documents, and connection logs or other material-been shared with Australian law enforcement or intelligence agencies.

(2)As indicated in my response to question on notice 3003 (1)above, the Australian Government understands that information obtained by United States agencies was authorised by a warrant issued by the United States Foreign Surveillance Court. Australia's intelligence agencies operate under a strong legal framework to protect Australians at all times, including when dealing with information from outside Australia. Intelligence Services Act 2001 agencies, such as the Australian Signals Directorate, are required by law to obtain specific authorisation either from the Minister for Defence or the Minister for Foreign Affairs to produce intelligence on an Australian. For matters relating to threats to security, the Attorney-General must also support the approval. All such activities are independently examined by the Inspector-General of Intelligence and Security to ensure that authorisations are conducted in accordance with the law. Any information obtained by our agencies from the US is subject to these protections.

(3)Does the Australian Government believe it is appropriate that the US intelligence agencies appear to be engaged in warrantless real-time surveillance of the entire online population.

(3)As indicated in my response to questions on notice 3003 (1) and (2) above, the Australian Government understands that information obtained by United States agencies was authorised by a warrant issued by the United States Foreign Surveillance Court.

(4)Are the communications and information held by Australian Government, law enforcement and intelligence agencies also collected or is there an agreement to prevent the use of PRISM or other back door programs.

(4)Any access to communications in Australia must be in accordance with the provisions of the Telecommunications (Interception and Access) Act 1979.

(5)Given the use of Microsoft programs at Parliament House and electorate offices, are the communications of Australian Federal Members of Parliament protected from or vulnerable to the PRISM program.

(5)The communications of Federal Members of Parliament are protected by law, just as the communications of all Australians are protected by law. In Australia, the privacy of communications is protected by the Telecommunications (Interception and Access) Act 1979 (the Interception Act). The Interception Act prohibits the listening to, copying or recording of a communication as it passes over an Australian telecommunications system.

(6)How do the Australian Privacy Principles apply to Australian customers of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple.

(6)The Government's position is that entities carrying on business in Australia or an external territory should be subject to Australian laws. This includes the Privacy Act 1988, which contains the Australian Privacy Principles (APPs).Importantly, the fact that an entity that carries on a business in Australia is located overseas or otherwise has no physical presence in Australia should not provide a basis for that entity to avoid its legal obligations and responsibilities to individuals in Australia. An individual in Australia should benefit from the protection provided to their personal information by the Privacy Act and the APPs, and entities should be accountable and responsible to individuals for providing the appropriate protection for that personal information. Some entities that provide online services may have a physical presence in Australia and will be considered to be ‘carrying on a business in Australia'. However, it is also the case that an entity can carry on a business in Australia without having a physical presence in Australia. This issue is addressed by section 5B of the Privacy Act 1988, which deals with the extra-territorial operation of the Privacy Act, and subsection 5B(3) in particular. The Explanatory Memorandum for the Privacy Amendment (Enhancing Privacy Protection) Act 2012 makes clear that, under paragraph 5B(3)(c) of the Privacy Act, the collection of personal information ‘in Australia or an external territory' includes the collection of personal information from an individual who is physically within the borders of Australia or an external territory, by an overseas entity (see page 218).

(7)Has the Australian Government ever offered immunity from legal proceedings to companies that open their servers to data-intercepting efforts by Australian intelligence organisations.

(7)All communication interception activities carried out by Australian agencies are conducted in strict accordance with Australian law. Under subsection 313(5) of the Telecommunications Act 1997, a carrier or carriage service provider is not liable to an action or other proceeding for damages for or in relation to an act done or omitted in good faith while rendering lawful assistance to law enforcement and national security agencies, as required by section 313 of the Act, for example, through enabling the execution of interception warrants issued under the TIA Act.