Do telcos make for competent spies?

The overseer of Australia’s intelligence and security agencies has warned that laws to make telecommunications interception more targeted could backfire and result in more collection and handover errors from ISPs and carriers.

In a rare foray into public debate, Inspector-General of Intelligence and Security (IGIS) Dr Vivienne Thom wrote [pdf] to a Senate Committee examining reform of the Telecommunications Interception Act (TIA) to share her experiences overseeing ASIO's use of interception.

Dr Thom was referring to a May 2013 recommendation made by the Parliamentary Joint Committee on Intelligence and Security (PJCIS), specifically that intelligence agencies should be required to specify exactly what data they demand from telcos and ISPs, in more detail than the broad-brush approach used to date.

The PJCIS had recommended the dividing of a piece of telecommunications data into attributes - such as time or location — to ensure that intelligence agencies would not be collecting additional information they did not need, enhancing privacy protections for both targets and unintended targets.

It was one of the central foundations for the current Senate examination of changes to the Telecommunications Interception Act (TIA).

"In general, it is not the role of the IGIS to comment on current or proposed government policy. However, there are some matters on which I have particular experience because of my oversight of the activities of ASIO," Dr Thom said in her submission.

While Dr Thom saw merit in limiting broad-brush access to telco data, she raised concerns about how telcos might cope with sorting relevant bits of traffic from irrelevant bits to fulfil warrants for intelligence services.

"Any significant change to the current regime could, at least initially, result in more errors by carriers," she argued.

"I would expect to see any regime include appropriate measures to ensure that the content of communications which were not the specific target of the warrant would not be retained longer than necessary for ‘sorting’, to ensure that such information is kept secure, and to provide for appropriate levels of oversight for carriers."

Dr Thom also raised concerns over how readily an intelligence agency such as ASIO might be able to vary the attributes of telco data listed in an approved warrant, arguing such powers "would substantially change the balance between what is currently decided by the Attorney-General and what is within the authority of the Director-General of Security."

Keeping 'the law' in check

Where IGIS is the federal overseer for intelligence agencies under the TIA, the Commonwealth Ombudsman performs roughly the same function for law enforcement agencies.

It, too, wants to see oversight maintained into TIA use.

The Ombudsman has also asked the Senate to consider beefing up its powers to ensure law enforcement agencies comply with TIA rules.

One of its suggestions was to impose a "public reporting mechanism" to improve transparency.