The federal government has released draft guidelines for use of its controversial section 313 website blocking laws in an attempt to avoid a repeat of a 2013 blunder by the Australian Securities and Investments Commission.
ASIC used section 313 of theTelecommunications Act to block access to fraud sites but inadvertently shuttered over 250,000 sites in 2013. It later revealed it "wasn't aware" a single IP address could host multiple websites.
Section 313 notices allow law enforcement agencies to request telecommunications companies block websites believed to be involved in illegal activities. Agencies using the provision aren't required to be transparent about its use.
The provision has been in place for almost 15 years, but the likes of ASIC and the AFP - along with another whose identity has been kept secret for "national security" reasons - only started using the law vigorously from 2012.
The ASIC bungle prompted a house of representatives report into use of the section 313 laws mid-last year, which recommended that, despite past misuse, agencies should continue to be allowed to use the provision.
However, it recommended the government develop guidelines for use of s313, and that agencies ensure they have "requisite level of technical expertise" to use the powers.
The Communications department this week published its draft guidelines governing the use of s313.
The non-mandatory guidelines encourage law enforcement agencies to follow the suggested "good practice measures" when using s313 to block access to illegal websites.
Measures include obtaining authority from an agency head "as a minimum" before using the powers; specifying how long a block is to remain in place and monitoring the blocks; and limiting site blocks to serious criminal or civil offences, or threats to national security.
Agencies should also make sure they have access to appropriate technical expertise, from another agency if none can be found internally, the guidelines advise.
"This will help ensure that a request is effective, responsible and executed appropriately. Prior to making a request, agencies should consult internet service providers about how assistance may be best provided," the guidelines state.
"When making a request, agencies should endeavour to make it as targeted as possible. This usually means requesting that a uniform resource locater (URL)—the specific address of a website—be blocked, rather than internet protocol (IP) addresses.
"IP addresses generally host multiple websites, requests to block these risks disrupting access to non-target websites."
The latter was the case in one of ASIC's 2013 site blocking bungles, when it blocked one IP address hosting 1090 websites - including that of the Melbourne Free University - in an attempt to shut down two fraudulent websites.
The guidelines also suggest agencies inform the public - through media releases, stop pages and annual reporting - of any blocks currently underway, and have processes in place to support complaints and reviews.
However, agencies don't need to publish requests where the report might "jeopardise ongoing or planned investigations, operational activities or give rise to other law enforcement or national security concerns", according to the guidelines.
The government is taking consultation on its draft guidelines until May 27.