E-mails may trap ISPs in web of intrigue

Internet service providers may be forced to assist in criminal investigations and face more incidents of data surveillance if proposed changes to the laws on e-mail interception by law enforcement agencies proceed.

Proposed amendments to the Telecommunications Interception Legislation Bill will open the scope for enforcement agencies to intercept undelivered e-mails stored on an ISP's server.

Under the current regime, ISPs are obliged to provide information to assist federal and state law enforcement agencies when both an interception warrant and a search warrant are issued.

Irene Graham, executive director of online privacy advocacy body Electronic Frontiers Australia (EFA), said if the bill gets passed as it stands in draft form, law enforcement agencies will need only a search warrant to demand an ISP disclose the contents and substance of e-mail messages that are stored on their systems.

Representatives of various law enforcement agencies, including the Australian Federal Police and the Australian Security Intelligence Organisation, along with Frontiers and other industry representatives, met with a Senate Committee last week to discuss the proposed changes, as part of a three-day hearing on legislation relating to security and terrorism.

At the hearing various agencies voiced concerns that a lack of understanding of technical specifications in the legislation, regarding the delivery and the storing of e-mailed communications, has frustrated police investigations in the past.

The issue centres on the different legislation covering delayed access or stored e-mail, compared to legislation covering delivered e-mail communication.

The current Telecommunications Interception Act protects all communications that are in passage over a telecommunications system, including e-mail and SMS, and requires both an interception warrant and a search warrant.

Once an e-mail is downloaded onto a person's computer, it is deemed to have ceased its passage over the telecommunications system and is protected by other legislation.

At the moment, when an agency approaches an ISP with a search warrant, the ISP cannot differentiate between e-mails that are opened and unopened, so the ISP can deny access to data until the agency presents an interception warrant as well.

"The Government proposes to remove the existing protections for undelivered e-mails. Presumably the problem, if there really is one, could also be solved by amending the Telecommunications Interception Act so that an interception warrant could be used for both undelivered and delivered e-mails. But that option would not give anywhere near as many agencies anywhere near as much power to invade the privacy of Internet users," Graham said.

"We think the proposed amendments are unclear but in view of existing law, we now think the intent of the proposed law is definitely to give less protection to the privacy of e-mail than currently exists. That is, e-mail in transit will have far less protection in transit than does a telephone call. So much for 'technology neutral' laws that the Government loves to talk about," she said.

"ISPs will be likely to receive a significantly larger number of 'requests' from a much larger range of enforcement agencies. And, given the proposed law does not explain what exactly is meant by a new term, 'stored communication', ISPs may find themselves at risk of infringing the existing Telecommunications Interception Act whilst trying to comply with search warrants."

Sources within the ISP industry, who did not wished to be named, also expressed concern over how this increased obligation to help criminal investigations will impact on their administrative overheads.

Simon Hackett, managing director at the ISP, Internode said there is a potential for collateral damage on top of extra administration costs and additional workload for ISPs if this legislation passes.

"The ISP sector continues to try to survive a tendency to add legislation that isn't necessarily useful or necessary," he said.

"When somebody pops in with search warrant then the concern is to try to ensure this doesn't cause operational problems to the ISP. If a search warrant is used there is a set of risks, and an ISP could be impacted negatively by that. For instance, there is a potential for collateral damage for ISPs."

Hackett added there is an onus on the Government to educate the ISPs that will have to act on the legislation.

Gayle Hill, special consul at law agency Freehills, said: "It is prudent for ISPs to read carefully the terms of any warrant. Read very carefully what you are obliged to expose and to whom you're going to expose it."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Australian Federal PoliceEFAElectronic Frontiers AustraliaFederal PoliceInternode

Show Comments