Following on from Kim’s last post, if there was ever a time when national security and anti- terrorism legislation wasn’t a tech-law issue, that time has passed. The Telecommunications (Interception and Access) Amendment Bill 2007 is currently before a Senate Committee. There are 26 submissions . The industry will have to get its head around the new framework. National Security is now a tech law issue and I think it is going to get complicated.

The Bill deals with a number of issues, including authorisation for access to ‘telecommunications data’ provided by ‘telecommunications services’. The terms used in the bill are much broader than the current Telco Act provisions. There is some concern that many more services will be captured by the new provisions – such as content services & applications.

Interception capability is also back on the agenda and exemptions are going to be much harder to obtain, including perhaps, as AMTA notes, stalling the launch of new products and services while interception capability is assessed.

There is also concern from Electronic Frontiers Australia that ‘telecommunications data’ will actually reveal the ‘content’ or ‘substance’ of communications (which is currently subject to a warrant regime). Telecommunications data sounds innocuous – but it’s not (and it is not really defined): it could be what websites a person visited; the IP addresses involved; how long a person stayed on a particular site; or how long they chatted; which pages they browsed; where their email was routed; what they downloaded; what they bought.

Mobile phones are likely to be able to be used as tracking devices because of the location data which is available. Privacy is not the only concern here – internal procedures will need to be developed to deal with the framework. This might be fine for the big telcos with established law enforcement procedures already in place. However, smaller players who have not been subject to such regulation in the past may find compliance more difficult. There may also be issues which arise in respect of employees handling the national security sensitive information.

A ‘new’ regulator has been created to deal with the new regime: the Communications Access Co-ordinator (formerly the Agency Co-ordinator) who will liaise between industry and government law enforcement and national security agencies requiring access to communications. The new regulator has a lot of power – including determining the reasonableness of the interception capability plan. Reasonableness is currently not defined and the legislation offers no guidance to the CAC. This concern was raised by AMTA in its submission.