Almost three years after the Australian Securities and Investments Commission (ASIC) discovered that notices it had issued to a number of telecommunications carriers had led to the erroneous blocking of hundreds of thousands of websites for some Internet users, the government has yet to develop guidelines for use of the controversial legal mechanism.
Under Section 313 of the Telecommunications Act 1997, government agencies, including ASIC, have issued notices to telcos that requires them to block access to online locations linked to criminal activity.
S313 compels telcos to "give officers and authorities of the Commonwealth and of the States and Territories such help as is reasonably necessary" for "enforcing the criminal law and laws imposing pecuniary penalties", "assisting the enforcement of the criminal laws in force in a foreign country", "protecting the public revenue", and "safeguarding national security".
As a result, a sizeable array of state and federal agencies can potentially employ the mechanism.
When ASIC in early 2013 issued a request for an IP-based block targeting online fraud it effectively rendered inaccessible a number of non-fraud-related websites to some Australians.
In the wake of the incident in March 2013, an internal review by ASIC of the s313 notices it had issued revealed that in one case it had blocked more than 250,000 unrelated websites.
The ASIC incident in mid-2014 triggered a parliamentary inquiry into the use of s313.
The inquiry made two recommendations. The first was that all agencies that employed s313 to disrupt the operation of illegal online services have the “requisite level of technical expertise within the agency to carry out such activity, or established procedures for drawing on the expertise of other agencies.”
The second recommendation, which was accepted by the government, was the development of whole-of-government guidelines to govern the use of s313 to block online services.
The inquiry's report said those guidelines should include the development of agency-specific internal policies consistent with the guidelines; clearly defined authorisations at a senior level; defining activities subject to disruption; industry and stakeholder consultation; review and appeal processes; public announcements, where appropriate; and reporting arrangements.
In addition the guidelines would cover the use of ‘stop’ pages for blocked websites that outline the reason for a block and details of the avenue for review of a website block.
Computerworld can reveal that development of those guidelines is still a work in progress, however.
A freedom of information request revealed that ASIC, for example, has still not developed any new guidelines for the use of s313 since the website-blocking incidents.
“ASIC has not sought to utilise powers under s.313 of the [Telecommunications Act] since March 2013 whilst waiting on the outcome of the Parliamentary inquiry,” the agency said in response to the FOI request.
“ASIC will be developing procedures and guidelines in accordance with the recommendations made in that inquiry.”
A spokesperson for the Department of Communications and the Arts said that it is “is currently consulting government agencies on draft guidelines as recommended by the parliamentary committee.”
“Following this consultation, the department will consult the telecommunications industry and other stakeholders,” the spokesperson said.
“Consistent with the response to the committee’s recommendations, the government will then publicly release the guidelines.”
The department did not respond to a request for details of the timeline for finalising the guidelines.
A website-blocking law of a different stripe — one that allows copyright holders to apply for injunctions forcing ISP to block access to piracy-linked sites — is set to be used for the first time later this month.