Agencies given new rules for s313 site blocking

The government has formalised guidelines that set out how agencies should use controversial website-blocking powers, following an ASIC blunder that saw more than 250,000 sites accidentally shuttered.

Draft guidelines on the use of section 313 of the Telecommunications Act had sat in consultation for over a year since they were launched last April.

The formal guidelines released today are largely unchanged from the draft version. They are not mandatory for agencies to follow.

Section 313 notices allow law enforcement agencies to request blocks from telcos for sites believed to be involved in illegal activities.

Until now agencies were not required to be transparent about s313 use.

The use of the powers came to public attention thanks to a high-profile 2013 ASIC bungle that stemmed from a misunderstanding about how IP addresses work.

The error prompted a house of representatives report into use of the section 313 laws that recommended agencies be allowed to continue using the provision, but that they adhere to guidelines that would be created by the government on s313 use.

The provision has been in place for almost 15 years, but agencies only started using it at scale in 2012.

The formal guidelines set out a series of "good practice measures" the government suggests should be followed when using s313 to block access to illegal websites.

Agencies are encouraged to seek authority from an agency head "as a minimum" before using the powers; specify how long a block is to remain in place; monitor any blocks; and limit them to serious criminal or civil offences, or threats to national security.

Agencies should also make sure they have access to appropriate technical expertise so requests are "effective, responsible and executed appropriately".

The guidelines advise agencies to stick to requesting URL blocks, rather than IP address blocks.

The public should be informed of any block requests through media releases and stop pages, the guidelines say, and agencies should have processes in place to support complaints or reviews.

Agencies should also report their use of s313 each year to ACMA for inclusion in its annual report.

However, agencies don't need to publish requests where this might "jeopardise ongoing or planned investigations, operational activities or give rise to other law enforcement or national security concerns", the guidelines state.