The review was commissioned by the Minister for Communications, Information Technology and the Arts, Senator the Honourable Richard Alston, on 17 November 1998 to examine the longer term cost-effectiveness of telecommunications interception arrangements contained in Parts 14 and 15 of the Telecommunications Act 1997. I commenced in the capacity of an Associate Member of the ACA to lead the review on 18 January 1999.

This report addresses the terms of reference for the review, as well as providing the background to the review and a survey of the major changes in telecommunications since the completion of the review conducted by Mr Pat Barrett in 1994.

The review was carried out by a team of officers within the ACA, who were assisted by consultants KPMG and Gibson Quai. Details of the review process are set out in Chapter 1. Chapter 2 describes the environment under which the various telecommunications interception regimes have operated since 1990 and provides necessary background material for the remainder of the review. The following six chapters cover each of the terms of reference.

I would like to thank the many agencies, Commonwealth and State, as well as a number of companies from within the telecommunications industry, which contributed both by discussion and submission and comment on drafts of the review.

I wish to express my sincere thanks to all the officers of the ACA who assisted with the review and in particular to John Haydon, Gavin Malane and Patrick Emery. Their efforts with those of KPMG and Gibson Quai have enabled the review to be concluded professionally and in a relatively short period.

Dale Boucher

Associate Member

June 1999

The Australian Communications Authority (ACA) concludes that in broad terms the current arrangements for telecommunications interception (TI) are cost-effective and appropriate. Under these arrangements TI must be available for all services, carriers and carriage service providers (C/CSPs) must provide and fund TI capability and agencies must pay usage costs. These arrangements also accord in fundamental terms with current or emerging approaches to TI in comparable overseas jurisdictions.

The high value of TI to society in public interest benefit terms is, in the opinion of the ACA, well established and is further documented in this review.

These broad arrangements must be underpinned by legislative fine tuning and strong and integrated administrative arrangements to address particular issues. Such issues include a fundamental divergence of commercial and national or community interest imperatives which in practice are having adverse effects on the availability of TI.

The ACA recommends therefore that the following new measures, which should lead to a more cost-effective and smoothly operating TI regime, be taken.

There is an obligation in the Telecommunications Act 1997 (the Act) for persons providing particular carriage services to ensure that each facility or network that they own or operate is capable of executing an interception warrant. In practice this obligation is understood to mean that all carriage services should be capable of interception. This understanding should be clarified and reinforced in law. This will signal clearly to C/CSPs that interceptibility of communications is a fundamental legal obligation to be met by them.

Recommendation 1: the broad policy framework - that each carriage service be capable of interception - should be maintained and reinforced.

The current requirement for TI capability, that interception be provided where a warrant is issued, is vague and does not provide adequate certainty for C/CSPs in meeting their interception capability obligations. Among other things, it does not provide a basis for guidance as to what technical capability must be provided to ensure TI warrants can be executed. It also does not make clear the responsibilities of individual C/CSPs in a multi-provider telecommunications industry. Furthermore it does not establish categorically that call associated data must of necessity be provided with call content when executing a warrant. In a practical sense, uncertainty and disagreement about issues such as these is hampering the provision of TI. Legislative and regulatory action should be taken to resolve them. Any such action should not compromise the underlying policy objective that a TI warrant should be able to be executed in respect of all services.

It should be possible to establish a standard, or standards if necessary, to clarify the TI capability obligation for C/CSPs. This will ensure that the TI capability will meet agency requirements. Agencies (through the Agency Co-ordinator) and individual C/CSPs should also be able to agree on other acceptable definitions of the TI capability obligation in particular circumstances.

As a basic proposition, the Attorney-General in consultation with the Minister for Communications, Information Technology and the Arts (the Minister), could make a determination under s.322 of the Act to specify an internationally recognised technical standard derived from the International User Requirement (IUR) as the benchmark for the provision of TI in Australia. Section 322 should also permit alternative standards to be made for the different circumstances of C/CSPs, and permit the Agency Co-ordinator to settle requirements on a case by case basis. In all circumstances it should be made clear by legislation that C/CSPs must provide call associated data as well as call content when executing a TI warrant.

Recommendation 2a: section 322 of the Telecommunications Act be amended to allow the Attorney-General (in consultation with the Minister) to determine one or more standards for TI capability for specified types of services, as well as permitting alternative arrangements (which as a minimum must comply with the standing requirement to be able to execute a warrant) to be agreed between the agencies (through the Agency Co-ordinator in consultation with the ACA) and individual C/CSPs. If such alternative arrangements have not been made the standing requirement to be able to execute a warrant would remain.

Recommendation 2b: the Attorney-General make a determination under s.322 of the Telecommunications Act to specify a technical standard or standards based on the International User Requirement which C/CSPs must meet in providing an interception capability. This technical standard should be based on a recognised international standard.

Recommendation 2c: the Telecommunications Act be amended to require C/CSPs to provide call associated data as well as call content when executing a TI warrant.

The ACA observes that despite the efforts of agencies and C/CSPs to conclude arrangements, contractual-type negotiations on issues such as charges, conditions, delivery points and other administrative arrangements are frustrating the policy intent of the law. Negotiations are taking too much time and TI is not being delivered while these secondary matters are being settled.

Considerable and unreasonable variation also exists in relation to charges for other reasonable assistance ancillary to the provision of TI. This is unsatisfactory. Consideration should be given to addressing these ancillary issues by conferring appropriate powers on the ACA. These powers would need to be exercised by the ACA in accordance with principles developed in consultation with the Agency Co-ordinator and the Australian Competition and Consumer Commission (ACCC), agencies and industry.

Recommendation 3: that the ACA be given discretionary power to determine charges, terms and conditions for execution of a TI warrant, and any other reasonable assistance under Part 14 of the Telecommunications Act. In exercising these powers the ACA should consult with the Agency Co-ordinator, the ACCC and other relevant agencies and industry. Any ACA determination on these matters should occur as soon as possible after the passage of the legislation and should be revised at regular intervals or as otherwise required.

The exemption process relating to TI capability for new telecommunications services should be streamlined. The current exemption arrangements do not provide adequate transparency, timeliness or certainty for business needs of C/CSPs. There should be suitable and sufficient recognition of these needs of industry within the exemption process to promote co-operation and compliance with the TI regime throughout industry and to improve the efficiency of the process. This would also balance the measures recommended elsewhere in this review which establish greater responsibilities on industry for compliance.

Elements of the streamlining of the exemption process recommended could include:

• establishing criteria for exemptions and refusal of exemptions, including consideration of the market for the service;
• setting time limits for settling exemption applications; and
• recognition of the availability of TI elsewhere in a network.

Recommendation 4a: that the process for exemption from interception capability in Part 15 of the Telecommunications Act be amended to require the Agency Co-ordinator, in consultation with the ACA, to establish broad criteria for exemptions and refusal of exemptions from the obligation to provide a TI capability for a specific service. The criteria so established should be available to industry on a confidential basis, subject to the reasonable operational requirements of law enforcement and national security agencies.

Recommendation 4b: that the process of s.326 of the Telecommunications Act for exemption from interception capability be amended to impose a 30 day time limit on the Agency Co-ordinator for the consideration of applications for exemption from the obligation to provide TI where the exemption application meets established criteria (as notified to the C/CSP by the Agency Co-ordinator). This could be extended to 60 days where the Agency Co-ordinator advises the applicant in writing that such extension is necessary.

The Interception Capability Plan (IC Plan) process is valuable and needs to be retained, but supplemented by measures to be taken by the ACA to promote greater compliance with TI obligations. This should be done by borrowing from the existing technical compliance regime for customer equipment to establish a self managed but auditable TI capability compliance declaration scheme. The scheme should be administered by the ACA using its existing powers to the extent these are adequate, supplemented by enhanced powers to the extent they are not.

This scheme could include tiered levels of proof for interceptibility of services, such as laboratory certification of compliance for most sensitive services, through to affirmation based on provider knowledge. Elements could also include relevant technical standards contained in a determination made by the Attorney-General under s.332. The regime would include an audit process to be exercised where the ACA reasonably believes this to be necessary. Compliance with the enhanced IC Plan scheme could ultimately be assured through the provisions for remedial action contained in Parts 3 and 4 of the Act.

Recommendation 5a: that the IC Plan process in Part 15 of the Telecommunications Act be maintained.

Recommendation 5b: that the IC Plan process be supplemented with an interception capability compliance scheme to be developed by the ACA, in consultation with the Agency Co-ordinator and the telecommunications industry, and drawing on the concepts contained in the current regime for technical regulation developed under Part 21 of the Telecommunications Act. In determining the extent of compliance testing under such scheme, the cost to industry must be taken into consideration.

Recommendation 5c: if necessary, additional legislative powers be conferred on the ACA to perform this compliance role.

In a multi-C/CSP environment where a single end-user service may involve multiple CSPs, the need for co-operation between C/CSPs to give effect to TI requirements should be recognised formally. C/CSPs already co-operate within the telecommunications industry to give effect to telecommunications services. Although the proliferation of C/CSPs within Australia (28 carriers and about 795 CSPs in May 1999) makes this co-operation more complex within the industry, it already occurs for the delivery of services.

To provide appropriate signals to C/CSPs about the need for them to work harmoniously together and to underpin their TI obligations, a new mutual assistance obligation is recommended. This would focus on C/CSPs whose contribution is necessary but ancillary to the primary obligation on the C/CSP which has a direct customer relationship with the target.

The mutual assistance obligation would require co-operation and assistance in the execution of a warrant upon notification of its existence. It would also operate notwithstanding the absence of any agreed terms and conditions between the relevant C/CSPs and be separate from any contractual arrangements for the execution of warrants. In practice it could be expected that C/CSPs would deal with terms and conditions for this mutual assistance as part of interconnect agreements.

This new obligation would build on s.63B(4) of the Telecommunications (Interception) Act 1979 (the TI Act) which contemplates that C/CSPs need to communicate with each other to enable the interception of communications under warrant. The obligation to keep the existence of the warrant confidential would remain subject to this provision.

Recommendation 6: that Part 14 of the Telecommunications Act be amended to require a C/CSP to give reasonable assistance to a C/CSP which has been served with a TI warrant for the purpose of giving effect to the warrant and where the C/CSP served with the warrant has been given notice of the warrant. A C/CSP would still be required to give reasonable assistance even where no terms and conditions had been agreed.

There is rapid growth in the complexity of the TI task for law enforcement agencies (LEAs) and the telecommunications industry is burgeoning and becoming much more complex. Agencies need to keep up with these developments and maximise the advantages which technology can bring, to improve the cost-effectiveness of TI. A lead house role for LEAs is becoming increasingly important. With the increasingly complex environment ahead, a lead house role to address developments in technology, improve practices and procedures for TI should be established or designated.

The costs of setting up or operating a lead house role for LEAs, and to the extent necessary for security agencies, should not necessarily be significant. Costs and placement of the function should be further investigated. It may be possible for agencies to fund this function from within existing resources. Conversely, if a more significant function were established, separate and additional resources may be necessary.

Recommendation 10that the Attorney-General assign a lead house technology and practices role for LEAs to provide a centre of knowledge and advice to assist LEAs to keep up with changes in technology and in the telecommunications industry.

Inter-agency co-operation in regard to standardisation of facilities, techniques and equipment should be encouraged and fostered. There is an issue about the capacity of agencies to deal with the telecommunications industry as a whole for the purposes of TI. One group comprises organisations which are performing essential and difficult tasks to investigate and prosecute crime and promote order and security in society. This group is not necessarily geared to the complexities of the telecommunications industry and its related technologies. The other is carrying out an essential role in providing for telecommunication services for society and is characterised by significant financial resources and greater knowledge and sophistication in the use of technology. Although the telecommunications industry will endeavour to assist agencies to carry out their responsibilities it has no natural commercial reason to do so.

If agencies were able to work together more in their use of facilities, equipment and know how, it is highly likely that the overall costs of TI could be reduced and the process overall made more efficient. National management arrangements for many aspects of TI technical, operational and commercial activities should be considered to improve overall cost-effectiveness of TI activities at Commonwealth/State levels.

Recommendation 8: that the Attorney-General strengthen the Agency Co-ordinator role to address issues such as:

An individual agency may not have the facilities appropriate to intercept particular complex services. Such facilities may be available to another agency. It is appropriate that agencies at Commonwealth and State level be able to assist each other, subject to any accountability safeguards that may be necessary. The possibility of assistance of this kind being given to agencies should be accommodated by legislation.

Recommendation 9: that the Attorney-General consider amending the TI Act to allow one agency to conduct TI on behalf of another or otherwise to assist.

The significant number of C/CSPs and the requirement that there be a delivery point for each carriage service and each agency means that there is potentially a great number of delivery points for TI product. This increases overall costs and complexity. Options to rationalise the number of delivery points need to be investigated.

A clear option would be to establish Australian Federal Police (AFP) headquarters in each State or Territory as the default delivery point for LEAs in the absence of other satisfactory alternative arrangements. This option is consistent with existing provisions in the TI Act which require the AFP to take action to enable warrants issued to other LEAs to be executed. It may be necessary for legislation to be amended to make this possible and this should be investigated. However C/CSPs should not bear an unreasonable burden in this. C/CSPs should not be required to provide for the delivery of TI to a State or Territory outside of their network operations. In the event of roaming mobile services, appropriate arrangements are to be part of the roaming agreement.

Recommendation 10: relevant legislation should be amended to provide for the delivery point for TI product from any C/CSP to any LEA to be defined as the AFP headquarters of the State in which the TI warrant is raised or, if agreed between the AFP and the C/CSP, another appropriate place. If a C/CSP does not operate in the jurisdiction in which the warrant was raised the delivery point should be the AFP headquarters in a State in which the C/CSP does operate. Delivery to the intercepting agency may need to be subject to contract between the AFP and the intercepting agency.

The TI Act should reflect changes in industry arrangements. The TI Act sets out the framework which allows agencies to conduct authorised interception of communications. The TI Act was originally drafted when Telecom was the monopoly telecommunications carrier and service provider in Australia and no longer reflects the Australian telecommunications industry or regulatory structure. The fact that under the TI Act a TI warrant can currently only be raised in respect of a telecommunications service, rather than an identified person, does not reflect contemporary patterns of usage of telecommunications services. It also has the potential to compromise the ability of agencies to conduct cost-effective TI. This matter has been addressed by a review conducted by the Attorney-General's Department into the TI Act.

It should also be recognised that the broad policy intent of the Telecommunications Act is that each carriage service should be capable of interception. As a matter of strict interpretation, however, and as noted above in relation to Recommendation 1 this intention is not reflected in the Telecommunications Act. Under the Telecommunications Act, C/CSPs are not required to be able to intercept each communication that passes over their network, rather, they are required to ensure that each facility or network that they own or operate is capable of executing an interception warrant.

The practical reality is that agencies, industry, the Department of Communications, Information Technology and the Arts (DoCITA) and the ACA have accepted that it is services that are intercepted, not facilities. This is understandable in view of the fact that the TI Act permits warrants to be issued in respect of services. This mismatch between the Telecommunications Act and the TI Act should be corrected and aligned with practice.

Recommendation 11a: the TI Act should be amended to better reflect the telecommunications regulatory and industry structure and the patterns of service usage available to end-users. In line with a recommendation of the review conducted by the Attorney General's Department into the TI Act, the ACA supports the allowing for warrants to be issued in respect of persons as well as services.

Recommendation 11b: the TI Act should be amended as necessary to reflect the concepts, definitions and phraseology used in the Telecommunications Act and the Telecommunications Act should be amended to align with practice.

The complexity and size of the telecommunications industry make it appropriate to recognise that a particular C/CSP may need to rely on others within the industry to give effect to their TI obligations. This need should be recognised by legislation.

Recommendation 12: to recognise the fact that there are CSPs that can offer telecommunications services without having any facilities and that there may be circumstances in which TI can be more cost-effectively provided at different points, the Telecommunications Act should be amended to allow CSPs to fulfil their TI function in respect of the carriage services they are supplying by means of a contract with another entity. Any such contractual arrangement should not relieve the relevant CSP from the TI obligation but could be expected to permit those obligations to be more efficiently performed.

International liaison is key to Australia's ability to influence the equipment manufacturers which our market cannot do alone. Such liaison will also provide insights into emerging services and technologies relevant to TI and assist alignment of Australian agency capabilities with best practice overseas. Australia should continue and extend its active participation, including through involvement in evolving TI capability standards initiatives internationally. Performance of this role requires input from industry including manufacturers and this should continue. Examples of current and possible future participation include:

• co-operation between Australian agencies and other overseas agencies in relevant international fora;
• contribute to an Australian perspective on the development of technical standards on TI in the US TIA/ T1 Committees, ETSI and the ITU; and
• work with relevant legal fora to enhance the mutual legal assistance arrangements to accommodate the exigencies of globalisation of telecommunications.

Recommendation 13a: that the Attorney-General's Department formally assume the co-ordination of LEA perspectives for international liaison on TI.

Recommendation 13b: that Australian participation in international fora relevant to TI be maintained and where appropriate, strengthened.

The ACA observes that the Attorney-General's Department has been contributing to the role of the Agency Co-ordinator from within its existing resources in addition to other core activities.

The ACA also observes that funding of $30m was provided in FY 1994-95 for Commonwealth agencies to acquire interception capabilities for emerging services. At the time the funding was provided, agencies were responsible for meeting all the costs associated with development, installation and maintenance of interception capabilities. The 1997 amendments to the Act placed the capital and ongoing costs of interception capabilities on carriers or providers but left agencies responsible for the substantial costs of developing, installing and maintaining 'agency specific delivery capabilities' including their own TI processing and monitoring systems.

Agencies will have to address more sophisticated technology, a greater range of telecommunications services, and a greater diversity of organisations delivering them. This will require greater resource commitment and better co-ordination between the agencies. The funding provided in FY 1994-95 has been drawn down progressively and is expected to be exhausted during FY 1999-2000. Further supplementation will be required if national security and law enforcement agencies are to maintain interception capability against emerging services.

Giving effect to the recommendations made in this report is likely to have further resource impacts on a number of other agencies.

Recommendation 14a: that appropriate resources be made available to the Attorney-General's Department to allow it to carry out the Agency Co-ordinator role without detriment to other core activities.

Recommendation 14b: that Government note the requirement for Commonwealth law enforcement and national security agencies to seek further supplementation in FY 1999-2000 through the budgetary process to ensure a continuing capability to intercept new telecommunications services of importance to their work.

Recommendation 14c: that appropriate resources be made available to relevant departments and agencies to give effect to these recommendations.

Inter-agency co-ordination should be strengthened. The Agency Co-ordinator function within the Attorney-General's Department has been found to be an important one, valued by agencies and industry alike. The ACA has also been playing a valuable role in managing the TI regime interface to industry through its Law Enforcement Advisory Committee (LEAC). Given the rapid expansion and complexity of the industry, performance of both of these functions needs to be continued and enhanced.

A small, high level but ad hoc and limited life Inter Departmental Committee (IDC) should be established. This would oversee the making of the necessary changes to the regulatory regime recommended by this review. The IDC should be chaired jointly by the Attorney-General's Department and DoCITA and actively supported by the ACA. Other members would be operational agencies or their representatives, as required. The IDC should also consult with industry as necessary.

Subject to experience with the implementation of the arrangements proposed by this review it may be necessary to consider continuing measures for co-ordination on regulatory and policy issues in the future. This possibility should be left open.

Recommendation 15a: that the Attorney-General's Department and the Department of Communications, Information Technology and the Arts jointly establish a Inter Departmental Committee on TI with a charter to ensure that the recommendations of this review, if accepted by the Government, are given effect.

Recommendation 15b: that consideration be given to the need for continuing measures for co-ordination on regulatory and policy issues in relation to TI following the introduction of these changes.

On 17 November 1998, in accordance with section 332R of the Telecommunications Act 1997 (the Act), the Minister for Communications, Information Technology and the Arts, Senator the Hon. Richard Alston, directed the ACA to conduct a review to assess the longer term cost-effectiveness of the arrangements provided for in Parts 14 and 15 of the Act that relate to the funding of telecommunications interception (TI).

This review was undertaken by the ACA between 17 November 1998 and 26 May 1999. Details of the process adopted by the ACA to conduct the review are set out below.

The Terms of Reference given by the Minister are at Appendix 1.

Section 332R of the Act requires the Minister, in consultation with the Attorney-General, to cause a review and the Minister's letter to the ACA requested that the ACA work with a separate Attorney-General's Department review. The ACA review team has discussed common issues between the reviews with officers of the Attorney-General's Department and the Department of Communications, Information Technology and the Arts (DoCITA), as well as consulting with other agencies and organisations.

The Attorney-General's Department review into aspects of the Telecommunications (Interception) Act 1979 (TI Act) began in November 1998. The Attorney-General's Department review was required as a result of amendments to the TI Act in late 1997 which provided for nominated Administrative Appeals Tribunal (AAT) members to issue TI warrants. The Attorney-General's Department review also looked at other operational aspects of the TI Act.

A review into the longer term cost-effectiveness of telecommunications interception was conducted in 1994 by a then Deputy Secretary of the Department of Finance (and now Commonwealth Auditor-General), Mr Pat Barrett. The recommendations made by Mr Barrett in his report (referred to in this review as the Barrett Review) formed the basis for new telecommunications funding arrangements introduced in 1995. These arrangements were continued under the Act until the introduction of the new arrangements in December 1997. Mr Barrett also recommended that another review take place after full deregulation of the Australian telecommunications market in 1997.

Amendments to the Telecommunications Act in December 1997 provided a new framework for the accomplishment of a cost-effective and relevant interception capability within Australia. However, in making these changes the Government recognised that technologies, the communications market and the needs of agencies are evolving rapidly. While telecommunications interception remains a cost-effective tool for agencies, it was considered important to keep the framework for interception under review. The 1997 amendments therefore required the Minister, in consultation with the Attorney-General, to cause this review to be conducted before 1 July 1999.

Following the Minister's request for the ACA to proceed, a project team was established in the ACA on 18 November 1998. Consultants KPMG/Gibson Quai were engaged on 18 December 1998. Mr Dale Boucher, formerly the Chief Executive Officer of the Australian Government Solicitor, commenced in the capacity of an Associate Member of the ACA on 18 January 1999, to lead the review.

An ACA Discussion Paper released on 22 December 1998 sought input to the review. Over 100 copies of the paper were distributed to industry, agencies and regulatory bodies. The paper was also available from the ACA website (http://www.aca.gov.au). Requests for Information (RFI) were also sent to agencies, carriers and carriage service providers (C/CSPs) and equipment suppliers to obtain specific cost information.

The Discussion Paper set out the context of the review and identified a number of central issues. It sought to stimulate consideration of these issues and encourage written submissions by 26 February 1999. The ACA received 21 submissions to the Discussion Paper.

Consultants KPMG/Gibson Quai provided additional expert technical and financial advice during the course of the review and analysed information relevant to the RFIs.

The Minister requested that, in the conduct of its inquiry, the ACA consult with relevant government agencies and industry players to canvass their views. In conducting the review, the ACA also consulted with law enforcement and national security agencies, carriers, carriage service providers (including Internet service providers), industry associations, equipment suppliers and other government bodies. Although there was a limited overall response, responses were considered to be sufficiently representative to enable valid conclusions to be reached.

The review also considered views from overseas sources and conducted enquiries with agencies and industry in the USA, Canada, the UK, the Netherlands, the European Union and Germany. These enquiries demonstrated that the Australian approach is broadly in line with current or emerging overseas practice. Chapter 7 discusses overseas arrangements and opportunities for further co-operation.

The review is structured as follows:

Chapter 1 gives an overview of the background and context to the review.

Chapter 2 gives an overview of the changes in the regulatory and industry structure and the pattern of usage of telecommunications services since the completion of the Barrett Review.

Chapter 3 addresses the first Term of Reference of the review and discusses progress in implementing the changes to Parts 14 and 15 as well as the costs, public interest benefits and other effects of the new arrangements.

Chapter 4 identifies regulatory factors likely to have an impact on the cost-effectiveness of Parts 14 and 15.

Chapter 5 identifies other factors likely to have an impact on the costs and effectiveness of TI in the longer term.

Chapter 6 sets out the ACA's conclusions on an analytical framework to assess the costs and benefits of regulatory intervention associated with TI.

Chapter 7 describes the current state of international co-operation with regard to TI between agencies and within the telecommunications industry.

Chapter 8 discusses the appropriateness of the current longer term Australian strategy and sets out the ACA's recommendations for improvement in the cost-effectiveness of current interception arrangements.

The Appendices are structured in the following way:

• The telecommunications industry is characterised by rapid expansion by way of participants and usage by consumers, high turnovers and technological change.
• The deregulation of the Australian telecommunications market from July 1997 has resulted in an increase in the number of licensed carriers from two fixed and three mobile carriers to 28 by May 1999.
• Since the completion of the Barrett Review the highest rates of growth have been in the mobile and Internet markets, with some 687 Internet service providers operating at as at the end of May 1999.
• The level of data traffic carried on telecommunications networks is now at least about equal to voice traffic. This includes Internet telephony and similar data based voice communications services.

This chapter sets out the major changes in the telecommunications industry since the completion of the Barrett Review. It is intended to provide the broad regulatory, industry and technical context in which the review has taken place.

Appendix 2 describes the history of TI funding arrangements until the current arrangements in December 1997.

A tabulation of major changes in usage of telecommunications services since the completion of the Barrett Review is at Table 2.1. Table 2.2 (located at the end of this chapter) contains a summary of major changes to the regulatory and industry context since the Barrett Review.

Chapter 5 includes a discussion of longer term trends in technological developments, industry structure and other factors and the likely effect of those factors on the costs and effectiveness of TI.

The telecommunications regulatory environment has evolved from a partially deregulated market at the time of the Barrett Review to the current situation of a fully deregulated telecommunications industry.

At the time the Barrett Review was undertaken the Australian telecommunications industry was regulated under the Telecommunications Act 1991 (the 1991 Act). The discussion below sets out the key features of that regulatory regime.

The 1991 Act allowed the Minister for Communications to issue general (fixed network) or mobile carrier licences. Carrier licences granted the holders of the licence certain 'reserved rights', namely, the right to install and maintain telecommunications infrastructure.

Government policy restricted the number of licences which would be issued in order to foster the growth of two competitors to Telstra, prior to full deregulation which was legislated to occur after 1 July 1997. Under the 1991 Act, general carrier licences were issued to Telstra and Optus (now known as Cable and Wireless (C&W) Optus), while mobile carrier licences were issued to Telstra, C&W Optus and Vodafone.

The 1991 Act also provided for a 'class licensing regime' for service providers. An 'eligible service provider' was defined as a person supplying eligible telecommunications services using a carrier's network. Any person supplying eligible services was subject to the generic conditions set out in the class licence which applied to the supply of those services. Subject to an obligation on service providers supplying international telephony services to register with AUSTEL for competition purposes, there was no other formal registration procedure for service providers.

A key feature of the 1991 Act was that it imposed conditions (by primary and subordinate legislation) on Telstra to facilitate competition in the telecommunications industry. This included a requirement to supply originating and terminating access services necessary for competing service providers to deliver long distance telephony services. Licensed carriers were required to interconnect their networks and facilities to allow for any-to-any connectivity for end-users of fixed and mobile telephony services.

The structure of the telecommunications industry at the time of the Barrett Review in 1994 reflected the underlying regulatory regime under the 1991 Act.

The Australian telecommunications industry was largely dominated at this time by Telstra. At that time Telstra was the only company offering a full range of telecommunications services, including local and long distance telephony, analogue (AMPS) mobile services and digital (GSM) mobile services. Telstra and C&W Optus also offered some trunk carriage services to other service providers, although this was not a large part of their respective businesses.

C&W Optus was the main competitor to Telstra and at that stage was rolling out its own fixed hybrid fibre coaxial (HFC) network with a view to offering a full range of services in direct competition to Telstra. C&W Optus also resold Telstra's AMPS service as well as offering its own GSM service. Vodafone had also begun offering a GSM service using a fleet of service providers.

A number of service providers/resellers were offering national and international long distance telephony services. The major players (in addition to Telstra and C&W Optus) were AAPT, WorldXChange, Sprint, BT Australasia, Singapore Telecom, Telecom Italia, Axicorp and Pacific Star. Telstra, Link and Hutchison were the main paging service providers operating in Australia. Telstra has since sold its paging operations to Link Communications.

The Internet service provider (ISP) market was in its infancy. Some smaller companies were offering Internet access services. The Internet backbone network in Australia was run under the auspices of the Australian Vice Chancellor's Committee, before being transferred to Telstra in 1995.

At the time of the Barrett Review most voice communications were made over the public switched telecommunications network (PSTN) via circuit switched connections (both analogue and digital circuits). C&W Optus was in the initial stages of offering long distance and pay TV services using its HFC network. It had not begun offering local telephony services. The available switching systems were less sophisticated than the switches of today. Telstra's network digitalisation program (later called Future Mode of Operations (FMO)) was less than 60 per cent complete.

Telstra was offering its Integrated Services Digital Network (ISDN) data communications services while corporate networks tended to rely on X.25 and X.400 based transmissions. Modem tie lines and dial-up modem links were also available. Transmission Control Protocol/Internet Protocol (TCP/IP) was used for Internet communications but was not in widespread usage outside of the narrow Internet and computer/software markets.

Mobile telephony comprised analogue (AMPS) and digital (GSM) services. Telstra had begun operating the first Australian cellular mobile network in 1987. C&W Optus and Vodafone were in the process of rolling out their GSM networks and had begun offering services to customers.

The focus of telecommunications technology in 1994 had begun to move toward the development of full service networks (FSNs) with the rolling out of the C&W Optus HFC network complementing Telstra's own deployment of data networks to match its existing voice networks.

At the time of the Barrett Review, fixed line telephony constituted the majority of telecommunications services supplied in Australia. The local telephony market was dominated by Telstra while a range of national and international service providers offered long distance telephony services. While there were some data services (including Internet based services) supplied by Telstra and smaller service providers over Telstra's customer access network (CAN), most communications made over the CAN were voice.

The mobile telephony market was significantly smaller than today, and was concentrated in the corporate and small business markets. The majority of services were AMPS services supplied by Telstra.

Paging remained a significant form of communication for corporate and other non-residential markets (eg. hospitals).

Internet usage was concentrated in the academic arena and some areas of the government and corporate markets. There was minimal penetration into households.

The contemporary telecommunications industry is a very competitive one and is one of the most dynamic in the global economy, characterised by:

• decreasing product development cycles;
• highly innovative products and services;
• an increasing focus on customer empowerment;
• convergence with other media, such as broadcasting and information technology;
• globalisation of products and services; and
• alliances between large telecommunications companies and software developers.

The importance of the telecommunications industry can be seen in revenue figures and share market values. Employment in the telecommunications and information technology sectors is continually growing. The total Australian telecommunications industry is estimated to have an annual turnover in excess of $25 billion. The Australian mobile telephone industry alone has revenues exceeding $5 billion. In 1998 the International Telecommunications Union (ITU) predicted that the global telecommunications market would exceed $US1 trillion by the beginning of 1999.

Companies are deploying competing products at a rapid rate to satisfy consumer demand for faster, cheaper and more functional telecommunications products and services. Wider bandwidths are being offered to meet the demand for high data rate transfer of images and video. Bundled product offerings that link fixed line, mobile and data services to the one account are seen as a means of establishing a secure customer base. The use of smart card technology in telecommunications services (eg. SIM (subscriber identification module) cards) has also increased the flexibility and functionality of telecommunications services.

Telecommunications services are increasingly regarded as a ubiquitous part of any business. For example, the number of businesses with a presence on the Internet is increasing daily.

Full deregulation of the Australian telecommunications market began on 1 July 1997. The current telecommunications regulatory regime is made up of a number of pieces of primary and subordinate legislation. The most important parts of this legislative package are the Telecommunications Act 1997 (the Act) and Parts XIB and XIC of the Trade Practices Act 1974 (the TPA).

A carrier licence allows the licensee to use network units (eg. line links, fixed radiocommunications facilities) owned by them (or in respect of which the person has a nominated carrier licence declaration) to supply carriage services to the public.

Carrier licences are subject to standard carrier licence conditions and any other conditions specified in the licence. Compliance with carrier licence conditions is achieved through mechanisms in Part 3 of the Act. There are no legislative or other government policy restrictions on the number of carrier licences which may be issued by the ACA. As at May 1999, 28 carrier licences had been issued by the ACA.

It is important to note that is possible for a person to offer telecommunications services to the public without owning any network units. A person may supply telecommunications services using another carrier's network units and their own switches or routers (and one or more servers). That is, a person does not require a carrier licence to offer telecommunications services to end-users. Alternatively, a person (being a reseller or rebiller) may resell a C/CSP service without owning any network units or other facilities of its own. Carrier licensing obligations apply to the person who owns network units (or the person who has undertaken to meet those obligations by means of a nominated carrier declaration).

This reflects a departure from the past where 'carriers' supplied telecommunications services to customers, and were consequently the entity responsible for the execution of TI warrants. The point here, and a key theme of this review, is that in practice a 'carrier' is not necessarily the most appropriate focus for conducting TI.

The Act also provides that persons supplying carriage services by means of a carrier's network must comply with the 'service provider rules' applicable to the supply of the particular type of carriage service. Service provider rules are set out in Schedule 2 to the Act. CSPs include fixed and mobile telephony service providers, paging companies (where those companies are using network units) and ISPs. In most situations a licensed carrier will also be a CSP.

CSPs supplying standard telephony services must comply with additional obligations including a requirement to offer itemised billing to customers and to offer end-users access to an emergency call service.

CSPs are not required to obtain a licence to offer carriage services, or to register with a regulator. However 'eligible service providers', which comprises CSPs supplying standard fixed line telephony services, public mobile telecommunications services and Internet access services (ie. ISPs), are required to register with the Telecommunications Industry Ombudsman (TIO) and to participate in the TIO scheme.

The absence of a registration scheme for CSPs reflects the Government's policy intention that there be a minimum of barriers to entry into the Australian telecommunications market. Government policy is to encourage competition in the telecommunications market by allowing persons to offer carriage services using existing infrastructure with a minimum of regulatory barriers. The effect of this policy can be seen in the number of CSPs currently in the market.

The Act also states that it is the intention of Parliament that telecommunications be regulated in a manner that:

This intention is highlighted by an emphasis on industry co-operation and self-regulation in meeting legislative requirements. For example, Part 6 of the Act provides for the development of codes by 'sections of the telecommunications industry'. These codes may be registered by the ACA.

Consistent with this framework, the Australian Communications Industry Forum (ACIF) has been established by participants in the Australian telecommunications industry. ACIF aims to provide a forum for the telecommunications industry to develop and administer industry technical and operating arrangements that meet the primary objectives of the Act. This includes the development of industry codes, guidelines and technical standards.

The Australian Communications Access Forum (ACAF) has also been set up by the telecommunications industry to address issues concerning access and interconnection arrangements between C/CSPs.

The regulatory framework includes a range of regulatory requirements consistent with these objectives. The regulatory framework promotes the long term interests of end-users by:

• requiring C/CSPs to configure their networks and facilities to ensure end-users are able to move between competing CSPs (eg. pre-selection and, where justified, number portability); and
• encouraging the sharing of infrastructure to allow new players to use existing infrastructure to offer new and innovative services (eg. through the telecommunications access regime).

These provisions are described in greater detail in Chapter 4 in the context of considering their likely impact on the cost-effectiveness of Parts 14 and 15 of the Act.

The Act and the TPA also give the ACA and the ACCC power to make instruments and ensure compliance in relation to particular regulatory requirements. In general, the ACCC is responsible for the administration of Parts XIB and XIC of the TPA. It has some additional arbitration powers relating to the provision of various services or access to C/CSP network information. The ACCC also has specific regulatory powers relating to anti-competitive conduct (Part XIB) and the telecommunications access regime (Part XIC).

The ACA is responsible for the administration of the Act, as well as ensuring compliance with particular regulatory objectives under the Act. In particular, the ACA is responsible for the administration of, and for ensuring compliance with, Parts 14 and 15 of the Act. It also has powers in relation to a range of regulatory issues including pre-selection, number portability and emergency call services, universal service obligation and technical regulatory matters.

The ACA has a statutory duty to give officers and authorities of the Commonwealth, States and Territories such help as is reasonably necessary to:

• enforce the criminal law and laws imposing pecuniary penalties;
• protect the public revenue; and
• safeguard national security.

The ACA must do its best to prevent telecommunications networks and facilities being used in the commission of offences against Commonwealth, State and Territory laws.

Deregulation of the telecommunications market has resulted in the entry of a number of new entities. Telstra remains the major market player but now faces significant competition in the long distance telephony and mobile markets. C&W Optus remains the major competitor to Telstra in offering a range of fixed and mobile, and retail and wholesale, telecommunications services.

There has been a dramatic growth in the number of CSPs and considerable growth in the number of carriers offering a range of fixed line, wireless and mobile telecommunications services. Most new carriers are concentrating on the business telecommunications market. A number of overseas players now have an established presence in the Australian market.

Some companies have begun deploying networks to offer 'niche' services to particular markets. Examples are telemedicine and e-commerce services. Recent consolidation of the number of C/CSPs through takeovers has been seen (eg. MCI WorldCom takeover of Ozemail, AAPT purchase of Connect.com).

The long distance telephony market is made up of licensed carriers including Telstra, C&W Optus, AAPT and Primus, and service providers including GlobalOne (a partnership between Sprint, Deutsche Telekom and France Telecom), One.Tel and WorldXChange.

Long distance telephony services are also offered via calling card services from companies such as One.Tel, Total.Tel and Unidial. Some companies have also begun offering Internet Protocol (IP) based telephony services. The most notable of these are Ozemail, RSL Com and Telstra.

The mobile market is still dominated by Telstra, C&W Optus and Vodafone. Telstra and C&W Optus offer mobile services directly to end-users while Vodafone uses resellers to offer end-user services. Telstra's AMPS service is being gradually phased out in accordance with a legislative timetable which requires the AMPS network to be fully closed by 1 January 2000.

Telstra intends to offer a Code Division Multiple Access (CDMA) service to replace its analogue service in the latter part of 1999. A number of organisations have purchased spectrum and been granted carrier licences to enter this market.

A significant development in the last couple of years has been the advent of pre-paid Subscriber Identification Module (SIM) cards for mobile phones. These are fixed value SIM cards which may be purchased from dealers or general retail outlets and allow the user to insert the pre-paid SIM card into an existing handset and make mobile calls to the value of the card.

The first of the non-geostationary global satellite consortia, Iridium, has begun offering services using its global satellite network. Other companies, including Globalstar, Teledesic and ICO will start offering services over the next two years.

Based on information provided by the TIO in May 1999 there are 687 ISPs, made up of wholesale Internet access (backbone) providers and retail ISPs. Only a small number of these ISPs have over 20,000 customers, including BigPond, Ozemail and One.Net.

Since the Barrett Review there has been rapid development in telecommunications and information technologies and services. The focus of suppliers is on developing faster, more efficient means of transmission to accommodate the wide variety of services now available.

Telecommunications technology at the present time is characterised by more bandwidth intensive capability (ie. higher data rates), greater customer empowerment in the functionality of services and an increasing reliance on data protocols (eg. TCP/IP) for the carriage of data and voice communications.

Telstra has substantially completed its fixed network digitalisation program. The Telstra twisted copper pair customer access network (CAN) is now used for voice and data communications (particularly TCP/IP) by residential and business users. Internet telephony services are also being offered between personal computers (using end-user software packages), and between handsets (ISP based). A number of companies have also begun rolling out optical fibre networks in major central business districts.

Data traffic now represents about half of all telecommunications traffic carried in Australia. A significant change since the Barrett Review is that voice communications are now also being carried in packet data form. Internet telephony is one such example of a voice communications service that uses data protocols. Switched data communications are now carried using frame-relay, ATM (asynchronous transfer mode) and TCP/IP, with the clear trend toward TCP/IP. Some companies have begun offering high data rate wireless services to business in major cities.

Existing CAN circuits are also being used for a variety of digital subscriber loop (xDSL) links to provide high data rates between nearby centres.

The impending closure of the AMPS network by the beginning of 2000 has meant that most mobile communications are now made using GSM networks. One.Tel has recently been granted a carrier licence and intends to offer a GSM service in Sydney, Melbourne, Brisbane, Adelaide and Perth. Telstra has begun testing a CDMA network and intends offering full services to customers before the end of 1999. Hutchison Telecommunications has been granted a carrier licence and intends to offer a CDMA mobile service in some capital cities in the near future. OzPhone/LEAP also intends offering a CDMA service.

The ACA has now completed auctions in the 28-31 GHz portion of the radiofrequency spectrum. This portion of the spectrum is suited to high capacity wireless local loop (WLL) services based on local microwave distribution system (LMDS) technology.

AAPT was the successful bidder in each of the 29 geographical lots on offer in the auction. This will enable it to offer LMDS services in all areas of Australia. It has recently announced plans to begin offering local services to business customers by 2000.

The pattern of usage of telecommunications services by end-users has altered significantly since the Barrett Review. There are more fixed and mobile services available now, with more players offering services to end-users.

Table 2.1 gives a summary of the changes in usage of telecommunications services by subscriber numbers since the Barrett Review.

There has also been an increase in the number of residential subscribers installing a second line for Internet communications.

Long distance telephony services are offered by licensed carriers (eg. Telstra, C&W Optus, AAPT, Primus, One.Tel), and by some CSPs (eg. GlobalOne, WorldXChange).

The dramatic increase in the number of mobile subscribers has been driven to a large extent by a fall in the price of handsets and the increased features offered on mobile phones. The impending closure of Telstra's AMPS service has resulted in a gradual migration of analogue subscribers to GSM services. Increasingly users are relying on mobile services as a surrogate fixed line service. Figures for mobile telephony subscribers at the time of the Barrett Review and now are set out in Table 2.1 above.

The growth in the mobile market has contributed to a fall in the number of paging subscribers. Increasingly the features provided by a paging service are able to be provided as part of a mobile telephony service (eg. short messaging services).

There has been a very rapid increase in Internet usage since the Barrett Review. This has been due to a number of factors, including the increase in the availability of bandwidth between Australia and the US, as well as the development of user-friendly browsing software. Internet-based services such as email are now used widely in not only corporate and government markets, but also small business, charity and residential markets.

The growth in Internet usage has also led to the development of an electronic commerce market. Many large businesses now offer on-line commerce services, using strong encryption packages to ensure security of transactions. Most businesses have a presence on the World Wide Web. Governments across the world, including Australia, are endeavouring to foster the growth of electronic commerce.

Australian Government policy in respect of electronic commerce is set out in the Strategic Framework for the Information Economy which provides that:

Increases in bandwidth availability have also resulted in moderate growth in the supply and usage of broadband services (eg. videoconferencing). At this stage these services are restricted (for reasons of cost and bandwidth availability) to the corporate and government market.

• Difficulties with negotiation aspects which are frustrating TI availability eg. settlement of costs and other terms and conditions for TI delivery. A circuit breaker system, with the ACA being able to determine these matters, is required.
• Indicative costs of establishing TI capability are relatively small compared to total regulatory costs.
• Extrapolated data on consumer impacts show costs for TI as part of call charges are very low.
• Cost savings and public interest benefits of TI are substantial ($ return on investment is multiples of costs) and include quantitative elements (court time, police time, etc) and qualitative elements (national security, safety for police/community, prevention of crime).

This Chapter addresses Term of Reference 1, which requires the ACA to report on:

Term of Reference 1(a) requires the ACA to report on progress in implementing the new arrangements. ACA conclusions regarding the cost-effectiveness of the arrangements in Part 14 and 15 are:

• The broad policy framework, and in particular the fundamental legislative policy which requires that all carriage services supplied by C/CSPs be capable of interception unless exempted, is appropriate, likely to lead to cost-effective TI and should be maintained and reinforced.
• The current standard of interception capability, which C/CSPs must meet in order to comply with Part 15:

• The requirement that each C/CSP ensure interception capability over its controlled networks, facilities and carriage services:

• The current arrangements for exemption from interception capability obligations do not provide sufficient certainty and transparency. Consequently they do not provide optimal assurances of a balanced and fair approach to regulation so as to encourage compliance with the TI regime.
• Success with delivery point negotiations has been limited.
• Interception Capability Plans (IC Plans) do not guarantee compliance with interception obligations under the Act which is crucial to its effectiveness.
• The Agency Co-ordinator has provided an effective focus for agency concerns in negotiations and liaison with C/CSPs but fulfils this role as an add on to existing policy responsibilities and would benefit from access to skills in the ACA and additional resources.
• The concept of special assistance capability, although not used so far in practice, remains a useful concept in delineating the different levels of interception assistance which a C/CSP can provide to agencies. In an increasingly complex industry environment it should be retained.

The text below discusses progress in implementing the new arrangements and discusses the above issues in greater detail. It also forms the basis for the recommendations for improving the current arrangements contained in Chapter 8.

A key plank of the new arrangements is that all carriage services should include an interception capability unless an exemption has been granted. This policy is referred to in this review as '100per cent coverage'. Under the previous arrangements only carriers (and members of a class of CSPs specified by the Minister for Communications) were required to have an interception capability.

Section 324 provides that a carriage service which involves, or will involve, the use of a controlled network or facility of a C/CSP must be capable of interception. Specifically, a C/CSP must ensure that its controlled networks and facilities over which a communication is passing have the interception capability to enable a communication to be intercepted in accordance with a TI warrant. This obligation applies, without qualification, to the controlled networks or facilities of all C/CSPs which are involved in the provision of the carriage service.

The new arrangements also allow the Attorney-General to make a determination detailing the capability required based on an international standard or guideline. Under circumstances to date the Attorney-General has not made such a determination and the interception capability remains defined as the ability to execute a TI warrant.

The other fundamental change introduced by the new arrangements is that C/CSPs must meet the capital and ongoing costs of developing, installing and maintaining an interception capability without recovery of those costs from agencies. This aspect of the new arrangements is discussed below under 3.1.3 and 3.2.

Submissions generally noted that the new provisions had only been in place for a relatively short time, although some comment could be made on experience to date. Most agencies submitted that it was essential to maintain the requirement that services be interceptible at time of introduction to commercial service or in some cases trial service.

Carriers were generally aware of their responsibility to provide an interception capability and argued that the interception obligation should apply equally to all C/CSPs with controlled networks or facilities. C/CSPs suggested that the policy of 100 per cent coverage was not realistic as a number of services were either exempt from interception requirements or were not a high priority for agencies.

A number of submissions noted that communication between agencies and C/CSPs is a critical success factor in making the new arrangements work well but the difficulty of dealing with a multitude of C/CSPs was acknowledged, particularly the need to establish channels of communication with the smaller C/CSPs.

The ACA notes that there has been only limited experience with the new arrangements. However it appears that experience with the new arrangements have, with the co-operation of major industry players and agencies, justified the change in the Government's TI regulatory policy encompassed by the new arrangements. Major industry players have continued to work constructively with agencies and regulators through the ACA's Law Enforcement Advisory Committee (LEAC).

However the ACA notes that there are some issues regarding the extent or standard of the interception obligation imposed on C/CSPs under the new arrangements. These issues are:

• the current standard of capability required and agencies' requirements;
• duplication of interception facilities and application of the obligation to wholesale carriage services; and
• compliance by C/CSPs with the obligation to ensure interception capability.

The IUR states that agencies require simultaneously both the call content and the call associated data which precedes and accompanies the call content (eg. call set-up, A and B party information). Agencies are clear on the view that call associated data needs, for practical enforcement purposes, to be seen as an inextricable part of the execution of a warrant.

The current obligation requires that a C/CSP be able to intercept a communication in accordance with a TI warrant. However the capture of call associated data, call set-up or other signalling information does not constitute an 'interception' for the purposes of the TI Act. As a TI warrant only authorises the interception of communications passing over a telecommunication system, the execution of a TI warrant does not necessarily require the C/CSP to capture the call associated data and deliver that information to the agency.

The current standard of interception capability does not provide adequate certainty for C/CSPs in meeting their interception obligations. Network solutions, including interception solutions, are developed by equipment manufacturers usually on the basis of recognised technical standards. Neither the current interception capability obligation nor the IUR is a technical standard which can be provided by a C/CSP to an equipment vendor. This leads to uncertainty on the part of both the C/CSP and the vendor in terms of timing and pricing. It is not sufficient to tell them, in accordance with the current base requirement, simply that a TI warrant must be able to be executed in respect of services or communications.

The policy intent of the new arrangements is that all services used for the carrying of communications and introduced to market after December 1997 should be interceptible, unless given an exemption. However the current arrangements require each C/CSP to have an interception capability in respect of any communication which passes over its controlled networks and facilities. This requirement is independent of:

Figure 3a shows how a single communication may pass over a series of C/CSP networks and facilities. A long distance telephone call originated by the A party will travel from the customer's premises to the local exchange switch (LES). At this point (or immediately after at the point of interconnect (POI) between the local and long distance C/CSPs) it will be switched to a separate long distance telephony carrier's network before being switched at the B party's LES for delivery to the B party. The long distance component of this call could be an aggregated traffic stream where the C/CSP may not technically be able to identify individual target communications.

The interception capability installed by the long distance C/CSP will involve some duplication of the interception capability in the originating and terminating access provider's network. The point to be made here is that an interception capability provided at the local exchange level (the LES closest to the A party) should be able to capture the content of all of the target's local and long distance communications. This makes a separate capability to intercept the content of long distance communications redundant. The interception capability provided at the long distance C/CSP's (transit or trunk) switch will be duplicating the functionality provided by the capability at the local exchange level, without necessarily enhancing the effectiveness of the TI product provided to agencies.

The situation with respect to call associated data is slightly different. Both the C/CSP providing originating and terminating access for the call and the long distance CSP may not be able to supply all of the relevant call associated data which agencies will require for effective TI. Both parties will need to work together to ensure all of the relevant call associated data is passed to the intercepting agency.

The ACA ensures that all new licensed carriers are reminded of their interception obligations upon being granted a carrier licence including the obligation to submit an IC Plan. Smaller CSPs have been advised through mailouts and attendance by Government officers at industry fora.

There is also a practical issue of compliance. Although compliance with the interception obligation is subject to the sanctions regime in Parts 3 and 4 of the Act, the form of the interception capability obligation means that a C/CSP must be served with, and be unable to execute, a TI warrant before it can be found non-compliant. Agencies are unlikely to serve a warrant on a C/CSP unless they are confident that the C/CSP can indeed execute the warrant.

Therefore the ACA, as regulator, is limited in practice to an 'educational' role and cannot activate the range of sanctions already contained in the Act for non-compliance (which is a licence condition for carriers and a service provider rule for CSPs).

The ACA's conclusions with regard to the standard of interception capability current required are set out below. Chapter 8 sets out the ACA's recommendations for improvement.

Chapter 8 of this review discusses and recommends new arrangements which could be introduced to provide for greater certainty for C/CSPs in meeting their interception capability obligations, as well as enhancing the IC Plan process to focus on compliance with the interception obligation.

The fundamental legislative policy that all services have an interception capability is complemented by a regime for exemptions from this requirement. Exemptions can be given by the Agency Co-ordinator, or the Minister for Communications, Information Technology and the Arts (the Minister) with the agreement of the Attorney-General.

The ACA may exempt trial services from the requirement to have an interception capability, but only where it is satisfied, after consulting agencies, that the exemption is unlikely to create a risk to national security or law enforcement.

Submission argued strongly that exemption for particular types of service should not be legislated but left to be made on a case by case basis. Submitters generally supported the view that in the dynamic market of service delivery, the flexibility of the current arrangements should be retained.

Carriers noted that some services are embedded deeply in the network and offer inappropriate places to effect interception and the intercepted product would be beyond practical use for most LEAs. They argued the emphasis should be on specifying the services where an interception capability is required. Major carriers considered time limits should be imposed on the exemption process.

The legislation does not provide for a time limit for the assessment of exemption applications. In assessing an application for exemption, the Agency Co-ordinator must consult agencies to determine whether or not they support the application but this takes time. It could also unwittingly unreasonably delay the introduction of a new product to market.

The exemption process, if streamlined, could provide the necessary flexibility, certainty and transparency to address different types of services. In the ACA's view, C/CSPs are more likely to actively comply with the overall TI regime if applications for exemption are assessed within a specified timeframe within clear policy parameters.

An effective exemption regime is also necessary to complement the basic legislative policy of '100 per cent coverage'. It is clear that there are already a number of telecommunications services being offered by C/CSPs which are not of interest to agencies (eg. telemedicine services between hospitals). The administration of Parts 14 and 15 should ensure that these and similar services not of interest to agencies can be exempted from interception obligations in as effective and transparent manner as practicable.

Subsection 314 (3A) provides that C/CSPs are responsible for meeting the costs of:

• developing, installing and maintaining an interception capability;
• transmitting the intercepted product from the point of interception to the delivery point ; and
• special assistance capability where specified by the Attorney-General.

The fundamental difference from previous cost-allocation arrangements is that C/CSPs can no longer directly recover the costs of developing, installing and maintaining an interception capability (or special assistance capability).

Agencies are required to meet the costs of:

• transmitting the intercepted product from the delivery point to the agency;
• agency monitoring centre costs (including formatting of intercepted product); and
• any agency specific delivery requirements notified by the agency to the C/CSP.

Section 3.2 provides a quantitative and qualitative assessment of the costs incurred by the telecommunications industry, agencies and consumers under the new arrangements.

Agencies were in general agreement that the new arrangements including the new funding arrangements were an improvement on past processes.

Some C/CSPs expressed the view that the level of capital expenditure involved in providing an interception capability would have the effect of taking scarce capital away from their primary goal of building business and connecting customers. It was also suggested that total TI costs incurred by C/CSPs in meeting their interception obligations should be allocated on an industry-wide basis to reduce costs incurred by individual C/CSPs.

A number of C/CSPs and equipment vendors also suggested that the current arrangements did not provide adequate cost disciplines for agencies as C/CSPs were required under the legislation to include an interception capability without any guarantee from agencies that the capability would be used.

The ACA is of the opinion that costs will be minimised if responsibility for them is given to that entity which has the means and motivation to contain those costs. Where costs can be passed on readily, there is no motivation to contain them and indeed this could result in implementation or maintenance decisions being based on other criteria such as convenience to the C/CSP or integration with mainstream activity.

Requiring the capability to be available from the commencement of commercial service:

• compels negotiation prior to contracts being signed; and
• compels installation and hence avoids later retrofit which can be very expensive.

During the Barrett Review there was concern that if TI was without charge there would be overuse by agencies. Requiring a payment both provides for a control (albeit weak as the need for TI is driven by operational needs) and compels a record keeping mechanism for management and later review.

Section 330 requires each carrier to lodge an IC Plan within 90 days of becoming a carrier and each 1 January after that time. Section 329 sets out the matters which should be included in an IC Plan. These include a statement of the policies of the carrier (or provider) in relation to interception generally and of its strategies for compliance with its legal obligation to provide interception capabilities. IC Plans were intended to be a high level strategic document to encourage consideration of the obligation to ensure that services were interceptible. Also they were to give agencies the opportunity to consider the approaches set out in the plans, and to request amendments.

Agencies noted that although there had been only one complete cycle for IC Plans since the introduction of the new arrangements there had been significant benefit in obtaining a strategic view of the directions of the telecommunications industry. It was suggested that some administrative refinement to the process could improve efficiency.

Further comment was made on the efficacy of a five year outlook, given the rapid development and introduction of new services. Plans were considered to be an effective conceptual tool for industry to reinforce their current and future interception obligation.

Some noted that, as major providers of services, some IC Plans imposed significant burden on their organisations. Others did not consider the requirement onerous.

The experience with IC Plans in 1999 has been a considerable improvement on the 1998 plans. Agencies have indicated that they believe IC Plans to be valuable as a lead-in for direct discussions with carriers.

The legislation currently requires a carrier to respond to each individual agency's comments. The Attorney-General's Department suggested that the statutory role of the Agency Co-ordinator should be amended to give the Agency Co-ordinator greater discretion in determining whether or not an IC Plan is satisfactory.

It appears that agencies having been using IC Plans to gain an appreciation of new technology without necessarily having any basis for knowledge themselves. To some extent this is understandable and reasonable. However, if the arrangements are to operate fully cost-effectively, agencies should at least have or have access to some technical capacity of their own. IC Plans were not originally introduced to be a substitute for this.

IC Plans provide no surety of TI capability. The ACA is of the opinion that the IC Plan concept needs to be retained, clarified and strengthened. This could be achieved by amending the IC Plan process to have a greater focus on compliance with interception obligations. The ACA plan for a compliance regime is set out in Chapter 8 of the review.

While it is difficult to expect any C/CSP to accurately predict products which may be developed or markets which may emerge, IC Plans are fundamentally a statement of intent and carriers are not required to demonstrate the accuracy of statements made in them.

The role of the Agency Co-ordinator is to provide a central point of contact for C/CSPs, in addition to acting as a formal decision maker in relation to 'agency' decisions under Part 15 of the Act. The underlying idea is to simplify the C/CSP's task of consulting agencies and to ensure that agency comment has been collated.

Agencies strongly supported the role of the Agency Co-ordinator as an effective and valuable addition to the interception process. Agencies submitted that the Co-ordinator has assisted in their dealings with C/CSPs and enhanced the dialogue between them.

All carriers were supportive of the role of the Agency Co-ordinator, noting the improvement in arrangements through having a single point of contact to resolve issues. Others noted it was a positive step to overcoming many of the delays that associated with earlier regimes, particularly in relation to the exemption process. Both major carriers considered the role should be enhanced.

While the Agency Co-ordinator has performed a valuable role since the introduction of the new arrangements, officers in the Attorney-General's Department have had to supplement the legal expertise of the Department with agencies' technical understanding.

The ACA concludes that there is ample opportunity for more effective co-operation between agencies on TI matters, including via the Agency Co-ordinator concept. Proposals for more effective inter-agency co-operation are set out in Chapter 8.

Division 4 of Part 15 of the Telecommunications Act requires carriers and nominated carriage service providers to give notice of the particulars of any new technology, or change to existing technology, whose implementation may affect their capacity to provide help to agencies in relation to interception obligations. The Division also gives agencies a reasonable opportunity to:

• consult those carriers (or nominated CSPs) concerning the likely effect of new technology or changes on the C/CSP's ability to meet its TI obligation; and
• through the Agency Co-ordinator, specify delivery requirements suitable to those individual agencies that are required if that new technology or that change is implemented.

The notification of new technology is made to the ACA, which makes that information available to the agencies and the Agency Co-ordinator. The ACA must specify a consultation period which is reasonable in the circumstances. Agencies must consider the likely effect of the proposed new technology on the carrier's ability to meet its interception obligations.

The notification arrangements under the current provisions do not give the agencies the power to require a carrier to alter its substantive plans to deploy or offer the new service. The carrier however must not implement the new technology until the completion of the consultation period specified by the ACA.

Agencies generally supported the view that CSPs be required to give notification of new technology and/or services in the same way as carriers. Attempts by agencies and C/CSPs to formulate a concise and unambiguous description of 'service' and 'technology' have not been successful.

Some submitters suggested that the focus of early consultation with agencies should be on technology developments and indicated that they would have no objection to consultation on a product basis where the introduction of a new product had a significant impact on network interception capability. Others considered the requirement should be applied to products or services rather than to technology per se.

Despite the genuine concerns of agencies regarding the speed at which new telecommunications products are introduced to the market, it is neither feasible nor practical that agencies be consulted on each individual product proposed to be delivered to market. A policy which gave agencies an effective 'veto' role would not accord with Government policy on industry development. Conversely, agencies do require notification of developments in telecommunications technology and services which may have an impact on their ability to conduct lawful TI.

The focus should also be on services which are to be introduced into the market, rather than on technologies. This is not to suggest that a continued focus on new technologies is inappropriate. The shift toward voice communications services using data protocols (eg. Internet telephony) illustrates the need to retain a focus on technological developments. However it is a key theme of this review that services are intercepted, not technology. 'Notification' arrangements should be consistent with this focus.

Consultation on new services could be facilitated by a streamlined compliance regime and clear statement of TI requirements by reference to internationally recognised standards, policies and practices developed by agencies, the ACA and the Agency Co-ordinator.

The new arrangements provide for agencies to meet the cost of the transmission of intercepted product from an agreed delivery point (to which the C/CSP delivers it) to an agency's monitoring centre.

A delivery point is defined in section 314A as the location of a point from which interception related information can most conveniently be transmitted to an agency. Establishment of a delivery point is by agreement between an agency and the relevant C/CSP. Subsection 314A(1) requires that each C/CSP provide at least one delivery point in Australia for each agency. The number of nominated delivery points may, however, vary with the carrier and agency concerned.

The ACA has an arbitration role in relation to the nomination of delivery points. Section 314A allows for the Agency Co-ordinator to refer a disagreement over delivery points to the ACA for arbitration.

The previous arrangements did not contain any specific provisions in relation to delivery arrangements, including the nomination of delivery points.

Agencies were generally aware of the difficulties that would be encountered through multiple delivery arrangements and to date no agency has sought anything other than a commonly agreed requirement. Some saw merit in requiring agencies to agree on a single delivery requirement for each service to be intercepted arguing this would remove some uncertainty and assist C/CSP forward planning and resourcing.

Agencies noted the slow progress in finalising these matters as both C/CSPs and agencies sought to minimise their own costs. Only one carrier has nominated delivery points although arrangements have been made in respect of particular interception solutions. Agencies also noted the concept of a fixed delivery point has little meaning for some services.

Carriers noted the concept of delivery points was useful in determining the demarcation between carrier costs and agency costs but with changing technologies it may become problematic. They could foresee administrative and cost difficulties and considered this reinforced their view that there was benefit in a centralised approach to the management of interception in Australia.

Carriers also noted agencies might lack the ability to deal with product that produced large data flows and considered this an area where economies of scale could be achieved through the use of shared facilities. They also noted the likely trend of regionality of service provision with the result that C/CSPs are likely to have service nodes at fewer locations in their networks.

The delivery point concept is fundamentally a mechanism for determining funding responsibilities. For this reason it is in the interests of both agencies and C/CSPs to negotiate for a delivery point closest to their respective premises. In the case of the C/CSP, this would be the switch or router at which the interception occurred. For agencies it would be the monitoring centre. This conflict of objectives is not conducive to a rapid resolution of efficient delivery points. A mechanism for determining delivery points which eliminated the possibility of delay through protracted negotiations while promoting cost-effective provision of TI is required.

The requirement for C/CSPs to nominate delivery points in respect of each service and each agency has not proved to be workable. Experience with the delivery point arrangements since the introduction of new services demonstrates that amendment to delivery arrangements is required.

C/CSPs and agencies would still be free to negotiate alternative delivery points for specific services. However in the absence of agreement between the parties, the C/CSP executing the warrant would have to transmit TI product (and meet the costs of that transmission) to the default delivery point. The default delivery points could also possibly include signal and data reformatting at that point (at C/CSP cost).

The new arrangements introduced the concept of 'special assistance capability'. This is defined in subsection 320(3) of the Act as the capability of the network or facility to render certain assistance to agencies which must:

This provision only has effect where the Attorney-General has made a determination under section 322 specifying an interception capability standard. No determination under subsection 322(1) has been made. Consequently this provision has had no practical impact to date but can reasonably be anticipated to be required in future.

There were limited comments on special assistance capability, probably because no determination had been made by the Attorney-General. Agencies were generally satisfied with these provisions as demonstrating the Government's commitment to the provision of interception capabilities which comply with the IUR.

The concept of special assistance capability is available only where the Attorney-General has made a determination under section 322. The concept has not been tested in practice. The discussion below considers how the concept could be used to improve the cost-effectiveness of the current arrangements.

Submissions indicate that agencies and C/CSPs do not agree on what would constitute special assistance capability. The term itself implies that a special assistance capability would be a capability of a technical standard greater than a standard switch or router-based interception facility.

There will be circumstances in which agencies may seek a capability or a service from a C/CSP on the basis of agency preference rather than use of an existing, more efficient, interception point. In such circumstances agencies should be able to obtain assistance from another C/CSP, but the C/CSP providing the special assistance should not be disadvantaged by this requirement. The law should nevertheless cater for this situation.

Agency specific delivery capability is defined in subsection 320(4) of the Act as the capability of the C/CSP supplying a carriage service, for the purpose of providing help to the agency under Part 14, to meet specific delivery requirements notified by the agency under section 332J. This provision is related to an agency being notified by a C/CSP of proposed new technology. The cost of any such agency specific delivery capability is to be borne by the agency concerned.

A dispute over the terms and conditions under which agency specific delivery requirements are provided by a C/CSP may be referred to the ACA for arbitration, and the ACA may direct a C/CSP to seek a lower cost option, as well as requiring an independent audit of costs.

There were few submissions on this issue. This perhaps reflects a limited understanding of the concept of agency specific delivery requirements. The potential breadth of interpretation of these provisions mean that specific delivery capability could become a mechanism for agencies to add requirements onto C/CSPs.

The legislation indicates that agency specific delivery requirements relate to the special requirements of an individual agency, rather than all agencies. Section 332J states that agency specific delivery requirements can only arise where, in the course of consultation between a carrier or nominated CSP and agencies over the proposed implementation of new technologies, an agency has decided that the C/CSP should meet specific delivery requirements.

Term of Reference 1(b) requires that the ACA report on the costs borne to date by agencies, the telecommunications industry, telecommunications consumers and regulators, associated with Parts 14 and 15 of the Telecommunications Act 1997.

A number of submissions to the review pointed out that separate figures for costs incurred under the new arrangements were not available. Negotiations between C/CSPs and agencies have begun under the new arrangements for interception capability solutions in respect of some new services.

C/CSPs are required to meet the capital and ongoing costs of installing, developing and maintaining an interception capability. The Discussion Paper issued by the ACA as part of the review discussed the different types of costs which arise in the TI context.

Responses to the RFI distributed to C/CSPs showed that the total annualised cost across the telecommunications industry of developing, installing and maintaining a TI capability was estimated to be in the order of $21.5m ($9.6m of this is paid by LEAs).

The major costs incurred in providing a TI capability are in the purchase and licensing of software. This accounts for an average of 77 per cent of TI capability costs (across all services). The remaining costs are made up of hardware (average 13 per cent) and personnel and other costs (10 per cent). For universal personal telecommunications (UPT) and intelligent network (IN) services the software costs represent almost all of the interception capability costs. Most C/CSP costs (56 per cent of total annualised costs) are incurred in interception capability for fixed network telephony services. Mobile services (predominantly GSM) make up 40 per cent of annualised costs.

C/CSPs' TI costs arise principally as a direct consequence of the requirement to provide a TI capability, and that without this requirement the costs to industry would essentially disappear. That is, TI costs to C/CSPs are not likely to be shared across different regulatory or other internal operational areas.

Some C/CSPs highlighted the size of ongoing costs for an interception capability, including additional maintenance costs to cover upgrades and licences. Such costs can be upwards of $5m per annum. C/CSPs commented that these costs are likely to have a measurable longer term impact on C/CSPs.

Delivery costs involve the costs incurred in preparing and transmitting (ie. carrying) the intercepted product from the point of interception to the agreed agency delivery point. Delivery costs may include the costs of ensuring the security and integrity of the delivery of the intercepted product to the intercepting agency (eg. through encryption).

Responses to the RFI indicate annualised delivery costs of approximately $1.6m across the telecommunications industry.

Administrative costs incurred by larger carriers were of the order of 10 per cent of total interception costs. One CSP estimated that it would need to incur significant costs (estimated to be 84 per cent of its TI costs) in training its personnel to manage TI warrants.

The new arrangements require agencies to meet the costs of carrying the intercepted product from the delivery point to the agency monitoring centre (or other point specified by the agency), as well as any agency specific formatting and delivery requirements.

The total annualised cost for law enforcement agencies of developing, installing, maintaining and managing a TI monitoring facility was estimated to be approximately $17.2m. Three agencies reported annualised TI costs in excess of $2m. Four agencies reported annualised TI costs of less than $1m.

Approximately 24 per cent of agency costs are estimated relate to technology and other capital items required to provide the capability while other capability sustaining costs (ie. staff, property operating expenses) are estimated to make up a further 24 per cent of total annualised agency TI costs. The remaining 52 per cent is made up of TI variable costs.

Figures prepared by the consultants also indicates that TI costs represent about 1 per cent of policing (law enforcement) expenditure.

In their submissions to the ACA a number of agencies complained that they were being charged commercial rates for delivery of TI product from the delivery point to agency monitoring centres. Total annualised costs across agencies for delivery and transmission of TI product were estimated to be in the order of $1.6m.

Just over half of agencies' TI costs were 'TI variable costs', that is costs which varying according to the number of interceptions undertaken by an agency.

The Terms of Reference also require the ACA to report on the costs borne to date by consumers as a result of the new arrangements. "Consumers" has been interpreted to refer to consumers of telecommunications services and the question here is what level of costs are being passed on to consumers by C/CSPs as a result of TI costs incurred (and not-recoverable) under the new arrangements. It should also be noted that agency costs are also, in effect, borne ultimately by the public as taxpayers.

Based on figures provided to the review, the conclusion is that TI costs should not have a noticeable effect on the prices paid by consumers for telecommunications services.

Costs are also incurred by regulators as a result of the operation of Parts 14 and 15 of the Act. These costs will be predominantly those incurred by the ACA and the Attorney-General's Department in the course of discharging their respective regulatory obligations under Parts 14 and 15.

The ACA noted that legal costs have increased through the increased role of formal instruments and written notices, with additional costs when notices require amendment following original parameter changes (eg. a trial service is delayed). Processes require more time for senior levels but there has been a decrease in time and costs at middle levels. There has been a substantial effort in publicising information regarding the TI obligations of C/CSPs.

Term of Reference 1(c) requires the ACA to report on the public interest benefits arising out of the new legislation.

Communities expect good governance from regulatory and law enforcement and security agencies to protect them from crimes, and more broadly from threats to national security. The authority of the criminal justice system rests on people's acceptance that the State has a legitimate right to use force and coercive power when necessary. Probity of the TI regime is strengthened through judicial supervision of the warrant process.

The capacity to intercept and analyse the communications of individuals and groups acting against the interests of the community or the State has been a key contributor to the security of bodies politic for centuries. Interception of telecommunications services has been of particular importance for decades because of their ubiquity and dominance as communications channels. TI is recognised and regarded both internationally and nationally by law enforcement and security agencies as an important and integral investigative tool.

In submissions to the ACA, agencies provided considerable evidence which supports the premise that TI is a highly cost-effective investigative and prosecutorial tool for law enforcement and national security agencies. For example:

• TI results in cost savings to the community by reducing court costs (in some cases in excess of $60,000 per day) through more effective prosecution evidence and promotion of guilty pleas;
• TI is a less intrusive than other forms of surveillance and investigation and the nature of the process minimises intrusions into the privacy of innocent parties;
• TI does not require physical entry to premises which results in less risk to law enforcement and security agency personnel and a reduced risk of compromise of investigations;
• TI is less expensive than equivalent alternative surveillance techniques such as physical surveillance; and
• TI allows the gathering of intelligence which can be used to guide the direction and focus of investigators which will in turn promote the efficient use of agency (ie. taxpayer) resources.

Agencies commented that the new arrangements were likely to have the effect of increasing the benefits of TI to the community at large. This was because:

• the legislative policy that 100 per cent of services be capable of interception was likely to facilitate a wide coverage of TI; and
• requiring C/CSPs to bear the costs of developing, installing and maintaining a TI capability would force C/CSPs to seek low cost solutions which would in turn ensure that the overall costs of TI were minimised.

Submissions to the ACA from C/CSPs on this topic were limited. C/CSPs did not disagree with the community benefits provided by effective TI but suggested that the new arrangements were not necessarily likely to lead to wider public benefits. This was because:

• a number of services currently available were not capable of interception; and
• future technological developments were likely to lead to a diminution in the effectiveness of TI independent of the legislative policy of 100 per cent coverage.

In contrast to these public interest benefits cited by agencies, the Privacy Commissioner's office questioned whether the cost of providing TI capability could result in telecommunications services or products, which may have enhanced privacy protection for users, not being developed.

Submissions provide a convincing case for encouraging the development of a TI regulatory regime which promotes a maximised TI coverage over the range of telecommunications services offered in the community. The breadth of coverage will reduce the opportunities which a target may have to avoid lawful surveillance.

However the new arrangements have also had the effect of imposing obligations on a range of persons who have not previously been served a warrant. A regulatory regime which requires persons to ensure a capability to deal with a thing or event which is extremely unlikely to occur (eg. serving of a TI warrant) will not be cost-effective. The regulatory regime should also not require industry to incur redundant costs in developing an interception capability for a service which agencies do not consider a high priority.

The ACA's recommendations in respect of the points above are set out in Chapter 8.

Term of Reference 1(d) requires the ACA to identify and report on any other effects of the new arrangements on:

The ACA has interpreted this Term of Reference to require a consideration of 'non-cost effects' of the new arrangements. That is, what positive or negative effects have the new arrangements had on the operations of agencies, the telecommunications and associated industries and telecommunications consumers. These effects are in addition to the 'public interest benefits' which are discussed immediately above under Term of Reference 1(c). The cost effects of the new arrangements were considered above in section 3.2 of this Chapter.

CSPs have not reported any significant effects from the new arrangements. This may be because the majority of CSPs are unaware of the new arrangements or the application of those arrangements to them. It appears that knowledge and understanding of the new arrangements remains concentrated in the larger, established industry players and to a lesser extent 'new' carriers with a prior understanding of the general regulatory environment. In 1998 the ACA sent each ISP on the TIO's list a copy of the updated "Telecommunications and Law Enforcement" manual, as well as developing law enforcement and interception fact sheets for carriers, CSPs and ISPs which were placed on the ACA's website. The Department of Communications and the Arts (as it then was) and the ACA made presentations to industry fora in late 1997 and 1998 to publicise the new arrangements.

The ACA is aware that some CSPs, including ISPs, believe that the new arrangements impose unnecessary burdens on their operations. However the ACA has not received any direct evidence that the new arrangements have had such an effect in practice. This may possibly be because some C/CSPs have taken a 'risk management' approach to the requirement, or because no warrant has been served on them to date. Nevertheless LEAs argued strongly that CSPs should continue to be required to ensure interception capability over their networks and facilities.

It appears that a large amount of CSPs' concerns relate to the potential costs and problems which may occur. The ACA is of the opinion that the new arrangements demonstrate that early, proactive negotiation between C/CSPs, agencies and regulators will lead to a minimisation of any negative effects (including costs) of the new arrangements. The Agency Co-ordinator strongly supports such early negotiation.

The ACA is aware that some larger industry players believe that smaller CSPs are benefiting from not providing an interception capability, despite the clear requirement in the legislation that each C/CSP ensure interception capability over the networks and facilities employed. It should also be noted that the larger the customer base, the more likely the CSP is to receive a TI warrant. Equally the larger the customer base, the greater the revenues the CSP is likely to be generating.

Prior to the introduction of the new arrangements, agencies dealt primarily with licensed carriers under the 1991 Act, as only these persons were subject to TI obligations. The fact that deregulation of the market, in accordance with Government policy imposes TI obligations on all C/CSPs means that agencies must engage in more research, discussion and negotiation in relation to TI matters.

The ACA believes that this issue can be addressed in the context of more effective co-ordination and co-operation by agencies. This is addressed in greater detail in Chapter 8.

Some concern was expressed in industry submissions that the requirement that each C/CSP have an interception capability may have the effect of becoming a barrier to entry for new entrants to the telecommunications market, as well as leading to delays in marketing of new and innovative products and services. Some C/CSPs also considered that the requirement to have an interception capability was a barrier to entry, would have an impact of adding costs to customers and, in their experience, would delay the introduction of some services.

Some expressed the view that new technologies and services should not be withheld on account of a lack of interception capability. One carrier claimed that the new arrangements had led to new products and services not being introduced. It was argued that the requirement that each new product to be introduced to the market meet interception obligations was likely to add to the cost base for the product and could delay a timely release to market.

The Australian Telecommunications Users Group (ATUG) submitted that while it appreciated the interest of agencies in emerging telecommunications services, interception capability should not become an inhibitor to innovation and the introduction of new services, nor a barrier to entry of new entrants.

Agencies generally did not have the same belief that the new arrangements could act as a barrier to market entry. The common agency view was that, as the requirement to ensure interception capability applied to each C/CSP equally, it could not be said that any one C/CSP was necessarily disadvantaged by the requirement. It was recognised that it was not possible or appropriate to legislate in relation to the commercial imperative to be the first to market, but it was suggested that the matter be dealt with by means of an ACIF code.

Most agencies did not specifically address the interception capability as being a barrier to entry other than noting it is a known requirement which should be met by industry as an 'up front' cost.

Submissions to the review show that the 100 per cent TI capability requirement has not been universally accepted by C/CSPs. For example, it was argued that the obligation to ensure interception capability is likely to significantly erode the C/CSP's profit margins. The ACA believes that further steps are required to promote an operating culture/environment in which, most desirably, TI is built in.

Summary OF CHAPTER

• There is some impact of non-TI regulatory requirements on TI effectiveness (eg. the ACCC declaration of CAN interconnect service, number portability, etc.).
• The cost impacts on C/CSPs of complying with TI obligations are comparable to the total cost of other regulatory obligations imposed under the telecommunications regulatory regime (eg. number portability, pre-selection).
• There is scope for co-operation in the telecommunications industry to address the impact on TI which arises as a result of the operation of the telecommunications regulatory regime.
• Key definitions, phraseology and concepts used in the Telecommunications (Interception) Act 1979 and the Telecommunications Act 1997 should be harmonised and aligned in order to provide simplicity and certainty for industry and agencies and to reflect the current industry and regulatory structure.
• Although the statutory involvement of the AFP in the TI warrant process does result in additional costs to agencies, the continued involvement of the AFP should be considered in the context of Commonwealth law enforcement policy.

Term of Reference 2 requires the ACA to:

The Discussion Paper set out the preliminary issues identified by the ACA for the purposes of this Term of Reference. This Chapter builds on that preliminary discussion and takes into account the responses of submissions to the Discussion Paper and the RFI from agencies and the telecommunications industry, as well as discussions between the ACA and other interested parties (including the ACCC) conducted as part of the review.

The first part (4.2) of this Chapter discusses the interaction between the telecommunications regulatory regime and the Part 14 and 15 arrangements, including cost allocation issues which arise as a result of the interaction between TI obligations and other regulatory imposts.

The second part (4.3) of the Chapter discusses issues which arise as a result of the operation of the Telecommunications (Interception) Act 1979 and which have, or are likely to have, implications for the cost-effectiveness of the arrangements under Parts 14 and 15.

The regulatory factors identified in this section derive from the operation of the Australian telecommunications regulatory regime discussed in Chapter 2.

The telecommunications regulatory regime contains a number of provisions which are intended to facilitate competition in the telecommunications market by providing flexibility and mobility in the use of telecommunications services by end-users. The text under 4.2.3 describes the impact of increased mobility of end-users on the cost-effectiveness of Parts 14 and 15.

Customer churn refers to the movement of customers between competing CSPs. Customer churn may occur by means of:

• transfer of a customer account from one CSP to another CSP (eg. change between fixed, mobile, or ISPs);
• call-by-call code over-ride of a long distance or intelligent network call with over-ride becoming available for fixed to mobile calls in the near future; or
• porting of a public number to a competing CSP.

The most frequent examples of customer churn are in the movement between long distance C/CSPs, ISPs and mobile C/CSPs. Deregulation of the telecommunications market has also led to greater opportunities for local access churn in the business user market.

Number portability is a subset of customer churn. In the case of number portability, customers retain (port) their service number after moving to a different C/CSP. In the case of local number portability (LNP) customers will port their number from one local access provider (eg. Telstra) to a second local access provider (eg. C&W Optus) while retaining the same telephone number.

The ACCC has directed the ACA to require CSPs to provide LNP to their customers within a specified timeframe (although exemptions to this requirement have been given). Number portability does not currently apply in respect of mobile telephony services (mobile number portability or MNP) but may apply in the future.

The impact on agencies of customer churn which does not involve porting of a number, or the change of service identifier (eg. telephone number or email address) is likely to be of less significance than number portability and roaming. Customer churn which does not involve porting of a number is unlikely to have a significant on the cost-effectiveness of TI. It may, however, result in agencies incurring additional costs in meeting their operational requirements. For example, an agency which wishes to obtain reasonable assistance in the form of call charge records for a target may need to make separate requests a number of C/CSPs.

Roaming refers to the situation where a customer of one mobile carrier moves out of the network coverage area of the customer's mobile carrier and into the coverage area of another mobile carrier with which the customer's mobile carrier has a roaming agreement. At present roaming between mobile carriers is addressed under commercial agreements between incumbent carriers.

With the advent of new mobile services, such as CDMA and satellite-based mobile services, national roaming may have implications for agencies, particularly in terms of requiring the serving of multiple warrants on CSPs with roaming agreements.

The impact of roaming on TI is similar to that with number portability. When an end-user who is subject to a warrant roams from his/her home mobile carrier's network onto another mobile carrier's network, the first mobile carrier will no longer be able to intercept the end-user's communications. The second mobile carrier will need to be aware that a warrant is in place to ensure that interception continues to take place.

The telecommunications access regime is contained in Part XIC of the Trade Practices Act 1974. The telecommunications access regime requires a C/CSP supplying an eligible declared service (access provider) to give access to that service to another C/CSP (access seeker) upon request.

A service can be declared either on the recommendation of the ACAF, or through the ACCC's public inquiry process. The ACCC's inquiry process allows for the ACCC to hold a public inquiry to determine whether or not certain services should be declared for the purposes of the access regime. In deciding whether or not to make a declaration, the ACCC must be satisfied that the proposed declaration would promote the long-term interests of end-users of carriage services, or services provided by means of carriage services.

The ACCC has declared a number of services under the telecommunications access regime. These include:

• domestic PSTN originating and terminating access;
• originating and terminating GSM access;
• inter-capital bulk transmission;
• ISDN services;
• long distance mobile telecommunications services; and
• digital data access services.

The ACCC has released a draft declaration in relation to local telecommunications services. The draft declaration provides for interconnection both before and after the first local exchange switch in the customer access network.

It should also be recognised that not all services supplied by a C/CSP to another C/CSP are supplied under the telecommunications access regime. Some C/CSPs have entered into commercial arrangements with other C/CSPs for the supply of wholesale or other underlying services.

A practical example of the impact of the telecommunications access regime on the cost-effectiveness of Parts 14 and 15 can be seen in the case of local telecommunications services described below.

Where the point of interconnect between the Telstra CAN and another C/CSP is before the first point of interception in the Telstra CAN, the target traffic is likely to bypass the Telstra interception facilities. The interconnecting C/CSP (access seeker) will need to install and maintain separate interception facilities to meet its interception obligations.

In this situation the interconnecting C/CSP would have to meet the costs of ensuring interception capability over its networks and facilities where it intends to offer local telecommunications services.

The C/CSP will also need to meet the costs of complying with other regulatory obligations (eg. local number portability, pre-selection) subject to the cost-allocation arrangements which apply to a C/CSP supplying local telecommunications services. The point here is that 'interception costs' are but one of a number of regulatory costs which a C/CSP must meet to enter the local telecommunications market.

If some situations it will still be technically possible for the access provider to intercept communications made to and from an end-user connected to the other C/CSP's network without a second C/CSP having to install separate interception facilities. However, the second provider will need to have arrangements with the access provider to ensure a warrant served on the second C/CSP can be executed.

In other situations where there may be multiple CSPs using a single access line (ie. copper pair) to supply separate telecommunications services each with separate service designators to a single end-user, or to multiple end-users at the one physical location, or several nearby locations, each C/CSP will need to ensure its carriage services are able to be intercepted. This could be done, subject to agreement between the parties, by means of shared interception infrastructure.

The issues arising out of the above discussion and submissions to the review can be summarised as follows:

• whether TI should be taken into account generally in the context of other regulatory factors (eg. as a matter for the ACCC to take into account in deciding whether or not to declare a service);
• allocation of TI costs incurred by C/CSPs and/or agencies which arise as a consequence of a non-TI regulatory factor; and
• interaction between the TI warrant regime and the telecommunications regulatory regime.

These issues are discussed further below.

A number of submissions to the ACA, particularly from C/CSPs, highlighted the need to consider the interaction between TI and other regulatory objectives. C/CSPs claimed that they were often required to comply with other regulatory obligations (eg. requirement to ensure local number portability within a specified timeframe) and that meeting these other regulatory obligations could have an adverse impact on the C/CSP's ability to meet its TI obligations.

Alternatively, the requirement to ensure TI over networks and facilities could have the effect of impeding the C/CSP's ability to meet another regulatory obligation within the specified timeframe. Some C/CSPs suggested that interception obligations were generally not consistent with the implementation of competition policy.

Some agencies queried whether law enforcement and national security concerns could be taken into account when a regulator was deciding whether or not to take particular regulatory action (eg. in the form of a declaration or determination).

Issues arising from the sharing of infrastructure by C/CSPs were also highlighted. The interception obligation is expressed to apply to the infrastructure over which the communication passes, whereas in reality it is the service by which the communication is made that will be intercepted. Where infrastructure is shared by multiple C/CSPs to supply a range of carriage services, the extent of each C/CSP's interception obligation may be unclear. A useful example of this can be seen with access to local telecommunications services which is described above.

Some submissions raised the issues of the extent of the obligation on a C/CSP served with a warrant where the target specified in the warrant ports his/her number, roams to another carrier network or uses a 'declared local loop service' but where the target was not a direct customer of the carrier supplying the service.

Submissions demonstrated that there is a clear opportunity for the ACA to work with agencies to assist them to understand how the current regulatory framework operates. This is something that could be taken up under the revised arrangements recommended by this review.

Section 3 of the Telecommunications Act specifies that one of the main objects of the Act is to provide a regulatory framework which promotes the long-term interests of end-users of carriage services or of services provided by means of carriage services. The provisions in the telecommunications access regime are intended to promote the supply of carriage and content services to end-users by competing C/CSPs. Regulatory factors such as number portability, customer churn and pre-selection fall within this objective by facilitating mobility by end-users between competing C/CSPs, and thereby allowing end-users to experience the benefits of competition.

The ACA is under a general obligation to give reasonable help to agencies in performing its telecommunications functions or exercising its telecommunications powers. However, specific provisions of the legislation (eg. number portability, pre-selection) do not necessarily allow the ACA to take law enforcement and national security matters into account in taking particular regulatory action.

The Telecommunications Act and the TPA also do not provide for the ACCC to take TI into account expressly when exercising its regulatory powers, for example when deciding whether or not to declare a service, except where TI could affect the long-term interests of end-users. It is also possible that the ACCC could consider TI issues if it was called upon to arbitrate a dispute between C/CSPs and where the dispute related to the costs charged by one C/CSP for

• executing a TI warrant on behalf of a second C/CSP; or
• giving access for the second C/CSP to use the first C/CSP's interception facilities.

The issue of TI and shared infrastructure demonstrates another problem which arises as a consequence of the current TI focus on networks and facilities, rather than services. Given that a single facility may be used as part of the supply of a number of different services, there is a compelling argument for clarifying the TI obligations of C/CSPs who use, or own those networks and facilities. Recasting the TI obligation to focus on services should promote greater certainty amongst C/CSPs, as well as ensuring that TI concerns do not unnecessarily impede the competition objectives of the telecommunications regulatory regime.

The ACA believes it is incumbent on each C/CSP which is supplying, or proposes to supply, a carriage service to ensure that it is in a position to comply with the regulatory obligations which apply to the supply of the relevant carriage service. This includes TI obligations.

The ACA believes that recasting the TI obligation in terms of services supplied by a C/CSP is likely to clarify the obligations of C/CSPs supplying carriage services by means of shared network units or facilities.

The ACA believes that information relating to interception obligations could be included in draft and final declarations issued by the ACCC, as well as re-iterating that it is each C/CSP's statutory obligation to ensure interception capability in relation to the services they are supplying. This may include, where appropriate, entering into arrangements with interconnecting C/CSPs for the supply of interception services.

This role could be in the form of inclusion of TI issues in relevant ACIF codes (eg. customer churn and number portability) or the expansion of current draft law enforcement codes to set out guidelines for C/CSPs where a target ports from one CSP to a competing CSP.

The discussions earlier in this Chapter highlight that some TI related costs are likely to be incurred as a result of the interaction between TI obligations and other (non TI) regulatory obligations. For C/CSPs, these costs may be in the form of:

• technical solutions;
• administrative costs associated with the movement of a (target) customer between competing C/CSPs; or
• security issues (which arise as a consequence of the transfer of a customer who is subject of a warrant).

For agencies, these costs are most likely to be in the form of administrative costs which arise as a consequence of:

• additional investigatory costs (eg. querying IPND-e, to see which CSP is supplying carriage services to the end-user); or
• raising a new warrant where a target has changed C/CSPs.

Agencies were of the view that it is incumbent on C/CSPs to address any technical issues which arose out of meeting other regulatory factors, and to meet any costs which arose as a consequence of addressing those technical issues.

The point was made to the ACA that the TI associated costs incurred by C/CSPs are relatively minimal compared to the total costs incurred by C/CSPs in meeting the range of regulatory obligations which apply to the particular C/CSP.

Most submissions referred to the likely positive impact of the IPND-e particularly once all CSPs have entered customer data and regular updates are being made by CSPs. Some agencies expressed some concerns regarding mechanisms for ensuring all CSPs place up to date, and accurate, information into the IPND-e.

C/CSPs are subject to a range of regulatory requirements and meeting many of these will require a C/CSP to incur additional costs. TI costs are merely one part of this bundle of regulatory costs. The ACA agrees that the TI associated costs incurred by C/CSPs as a result of meeting regulatory objectives does not necessarily constitute a significant proportion of total C/CSP costs of complying with the regulatory regime.

The obligation to meet the costs associated with compliance with a particular regulatory obligation is subject to relevant pricing principles issued by the Minister, pricing principles included in relevant subordinate instruments or cost allocation principles adopted by the ACCC. In the case of number portability, the legislation makes it plain that number portability is a service which a CSP provides to its customers, not to competing CSPs per se.

It is also worth noting that not all (non-TI) regulatory obligations are able to be considered independently. For example, the ACCC's proposed declaration in relation to local telecommunications services is likely to have ramifications for pre-selection and local number portability as well as for TI. The point is that each C/CSP is subject to a variety of regulatory requirements and must meet those requirements (including costs) on an individual basis.

As noted above, the Telecommunications Act places considerable emphasis on self-regulation and co-operation of the industry in meeting the regulatory requirements under the Act. There has been some success in this regard with the development of ACIF codes on pre-selection and customer churn, as well as number portability network plans.

The ACA notes that the cost impact of customer churn to C/CSPs or agencies in relation to TI is not likely to be as significant where the target does not change their local or mobile access provider, as would be the case with number portability (see below). The ACA also notes that the obligation to provide information for the IPND (and therefore the IPND-e) is a condition of the Act and is enforceable as such.

As noted above, the telecommunications industry should be encouraged to seek industry-wide solutions to the cost allocation issues which arise where a customer changes CSPs. This is consistent with the approach of the Act in relation to other regulatory requirements.

The application of the current TI warrant regime to the contemporary telecommunications regulatory structure is discussed below under 4.3.2.

Term of Reference 2 requires the ACA to identify issues arising out of the TI Act which are likely to have an impact on the cost-effectiveness of the arrangements under Parts 14 and 15.

In identifying these issues the ACA has focussed on those aspects of the TI Act which have had the effect of increasing agency, and C/CSP, costs and which costs could be potentially minimised by streamlining the operation of the TI Act without adverse effect on the privacy and accountability mechanisms provided for in the legislation.

The section below describes the operation of the TI Act and the warrant regime created by the TI Act.

The warrant regime provided for in the TI Act is underpinned by the concept of a 'telecommunications service'. That is, a warrant can only be issued "in respect of a 'telecommunications service'. The person issuing the warrant must be satisfied that a person is likely to use the telecommunications service identified in the warrant for the purposes listed in respect of the particular warrant.

The TI Act defines a 'telecommunications service' as:

A 'telecommunications system' is defined as a telecommunications network which is either in Australia, or to the extent that the telecommunications network is partly within Australia. A 'telecommunications network' is defined in substantially similar terms to the definition of a 'carriage service' in the Telecommunications Act.

In contrast to the use of the term 'telecommunications service' in the TI Act, the Telecommunications Act uses the concept of a "carriage service". A 'carriage service' is a service for the carriage of communications. As noted previously in this review, regulatory obligations (in the form of carrier licence conditions and service provider rules) only apply to persons who are using network units to supply carriage services to the public or the CSPs using these services.

The Attorney-General has made regulations which set out the standard form which a TI warrant (for law enforcement agencies) must take. The warrant requires the intercepting agency to 'identify' the service to which the warrant applies. This is usually done by means of the service number (ie. telephone number) associated with the service or other unique identifier.

Intercepting agencies are required to comply with record keeping and accountability requirements set out in Parts VII, VIII and IX of the TI Act.

The text immediately below highlights cost-effectiveness issues which arise as a result of the following factors:

• the application of the TI warrant regime to the contemporary regulatory environment;
• the involvement of the AFP in the TI warrant regime; and
• storage and accountability issues.

As noted above, warrants can only be raised in relation to identified telecommunications services. This occurs by limiting the extent of authority conferred on an agency by a TI warrant through:

• requiring agencies to identify each service which it proposes to intercept;
• determining whether or not an agency must raise a new TI warrant where a target changes some aspect of the service identified in the warrant; and
• restricting the types of warrant which an agency can raise.

A number of submissions referred to the application of the TI warrant regime to situations where a target changed CSP or changed some aspect of their service.

Submissions highlighted agencies' concerns that the current operation of the TI warrant regime would require an agency to serve warrants on multiple CSPs where a target either ported to another CSP, or where the target's mobile service allowed for the target to roam into another CSP's network.

It was claimed that this would lead to increased costs to agencies and would potentially delay progress in investigations. In contrast, one agency submitted that the costs incurred in servicing multiple warrants is marginal provided it can be done by facsimile.

The practical effect of customer churn, number portability and roaming on TI, and the cost-effectiveness of Parts 14 and 15, is set out earlier in this Chapter.

The definition of a telecommunications service in the TI Act implies a service operated by a single C/CSP. This is an historical legacy of the Telecom monopoly environment. In reality a single communication is likely to pass over networks and facilities operated by a number of different C/CSPs. For example, a telecommunications service such as an Internet access service supplied by a facilities-based CSP will use the carriage services of a number of different C/CSPs.

In other situations, a CSP supplying, for example, a long distance telephony service may have arrangements with a range of different C/CSPs for the carriage of long distance communications. The customer of the first CSP will dial a number provided by the CSP to establish a connection with the first CSP's switch which will be in turn connected to a series of carrier networks. The customer's communication will travel on the least cost route at the time the call is made.

A practical solution to the problem of serving multiple warrants highlighted above would be to allow for warrants to be issued in respect of persons as well as services. In the case of a warrant on an individual, the intercepting agency would be authorised to intercept the services supplied (or used) by the person named in the warrant. The effect of this could be to reduce the costs incurred by agencies in conducting effective TI.

A number of submissions to the review suggested that enabling warrants to be placed on persons as well as services would assist in reducing potential additional costs associated with raising of a new warrant.

Such an approach would also reflect two circumstances of the current TI environment:

• individual persons are the subject of an investigation, not individual services; and
• a person today may be associated with many telecommunications services (primary residence, holiday house, office, mobile telephone, Internet provider(s), pager).

However, any change to the TI warrant regime would also need to take into account the existing privacy and accountability measures which apply under the TI Act.

The discussion above suggests that the TI warrant regime, including the definition of a telecommunications service in the TI Act, does not:

• differentiate between carriage services supplied by a C/CSP to end-users/customers and 'underlying' carriage services supplied by C/CSPs to a second C/CSP (and which are necessary for the second C/CSP to offer 'retail' carriage services);
• accord with the definitions and concepts used in the Telecommunications Act;
• take into account the fact that a communication may pass over telecommunications networks and facilities operated by a number of different carriers and CSPs; and
• take into account that a single person may use a range of local, long distance, mobile and Internet telecommunications services with separate:
• service identifiers (eg. two public numbers for a single local access line); or
• service providers.

The ACA believes that this harmonisation would be in the best interests of agencies and the telecommunications industry. Harmonisation between the two Acts is addressed further in Chapter 8 of the review.

The ACA suggests that, to the extent that agencies' costs can be reduced without diminishing the privacy and accountability measures provided for in the TI Act, the TI Act could be amended to clarify the obligations of agencies in relation to the serving of warrants on more than one C/CSP.

The AFP was the first law enforcement agency authorised to intercept telecommunications in Australia. Although a number of State law enforcement agencies are now authorised to conduct interceptions, the AFP retains a central role in the execution of TI warrants. This section sets out the role of the AFP under the TI Act, and highlights cost-effectiveness issues which arise as a result of this involvement.

Section 33 of the TI Act requires the AFP to constitute a Division known as the Telecommunications Interception Division (TID) to "take action" to enable warrants issued to agencies other than the AFP to be executed.

The TI Act also provides for a specific type of warrant where an intercepting agency is required to enter onto private premises to execute a TI warrant. Section 55 requires that the authority conferred by a warrant in relation to entry onto premises may only be exercised by a member of the AFP.

A number of law enforcement agencies suggested in submissions that the section 48 warrant process (ie. warrants authorising entry onto premises to execute a warrant) be amended so that it no longer be mandatory that the AFP be involved in the execution of the warrant.

The ACA does not express an opinion on the Commonwealth law enforcement policy rationale for the continuing role of the AFP in the warrant process generally and notes that this would need to be considered by the Attorney-General's Department. The ACA notes that State law enforcement agencies continue to incur costs associated with the AFP's general involvement in the warrant process.

Parts VII, VIII and IX of the TI Act require agencies to keep certain records relating to interceptions conducted under warrants for accountability purposes. Agencies will incur administrative and storage costs in meeting these requirements. It is not the intention of the ACA to question whether these accountability obligations should be imposed on agencies. Rather the focus is on reducing the costs to agencies of compliance with the requirements without disturbing the privacy and accountability mechanisms in the TI Act.

Some submissions to the Discussion Paper highlighted cost issues which have arisen as a result of the provisions in the TI Act which require agencies to keep copies of TI records for a specified period of time. There is some doubt about the extent of this obligation, including whether it applies to back up records. Concern was also expressed about the cost of storing intercepted product, particularly in relation to interception of higher volume traffic.

The ACA notes that agencies' storage costs are likely to significantly increase as bandwidths increase and the range of services which can be intercepted increases. This is an issue which agencies will need to consider in their own individual budgetary context.

Term of Reference 3 requires the review to:

This part of the review considers those factors that could affect the costs and/or effectiveness of TI into the future.

Operating environments of agencies in regard to TI are bounded by:

• trends in agency methods to address criminal activity;
• sophistication of criminals;
• diversity of services available to support criminal activity; and
• resources (including information and technology familiarity) imbalance between agencies and the telecommunications industry.

Whilst law enforcement agencies continue to address the more traditional forms of crime, more recently sophisticated forms of activity have become of considerable concerns to agencies. This includes crimes such as corruption, conspiracy, drug trafficking and complex fraud and requires commensurately sophisticated responses from law enforcement agencies.

The challenges presented by these more recently prominent forms of activity are evidenced by the formation of specialist units with specific charters (eg. NSW Crime Commission, National Crime Authority, Independent Commission Against Corruption, etc.). TI in the context of these and like forms of criminality either enables agencies to address otherwise unassailable activities, or significantly enhances the effectiveness and efficiency of agency efforts.

The report of the Attorney-General on operation in 1997-98 of the TI Act gives quantitative information on one aspect of the value of TI. It shows that TI was responsible for AFP seizure of:

• $97m worth of illicit drugs;
• $14m worth of criminal assets.

Submissions from agencies to the review provided additional qualitative evidence of the reliance on TI for efficiency and effectiveness of operations.

Encouragement of growth in diversity of services is a key aspect of Government policy in regard to telecommunications. Such diversity enhances competition and choice for all users.

While the sophistication in selection and use of telecommunications services varies widely, it is likely to be greatest in relation to those activities (corruption, conspiracy, drug trafficking and complex fraud) for which TI is the only, or most effective, tool. Greater sophistication of choice and use of telecommunications is most relevant to activities that require considerable planning and organisation.

The ACA believes that awareness, co-ordination and technical currency will be the cornerstones of maintaining the value of TI in this operating environment. The co-ordination suggested is not only between agencies, but also in relation to methods used by the agencies in the performance of their functions.

Agency submissions indicated that agencies were unable to service all the requests for TI that they were receiving from operational parts of their organisation. It was also apparent that agencies would utilise TI to an increased extent if greater capacity was available.

There is a need for more effective use of resources and (probably) greater levels of resource commitment within agencies if the value of TI is to be preserved. Strengthened co-operation and co-ordination between agencies would extend TI capability and capacity available to all agencies.

These are primarily resource allocation issues for agencies to resolve. However, information regarding the effectiveness of TI indicates that an increase in allocation of resources to TI should result in increased effectiveness of agencies.

Technology can be either an ally or adversary in the context of TI. That is, developments in technology present both new challenges and the means to address those challenges. There is no doubt that industry relies on the progressive development of technology to provide the platform from which to launch new products and services.

Additionally, industry may use an existing technology in innovative ways to improve competitive advantage. For agencies these technologies (and innovations in regard to existing technology) can either enhance TI capability or diminish it, or both, depending on the extent to which an agency embraces and capitalises on the technology.

The issue for agencies is how they can most effectively deal with the inevitable continuing arrival of new technologies and their application to new telecommunications services and products.

The following technology trends were identified in submissions as either having an impact on the effectiveness of TI or as trends with which agencies must deal in the near future:

• transition to packet switched/routed technology;
• increased bandwidth of services and commensurate data volume;
• migration from voice dominated to data dominated network traffic; and
• increased end-user control over network functionality.

Telecommunications networks have traditionally comprised fixed paths over which communications passed with complete certainty. This is the circuit switched network solution. However, this network model means that complete (both directions) end-to-end paths are reserved for a particular communicating pair of end-users when at any point in time only one will be speaking. Networks optimised for data will have quite different characteristics to those optimised for voice.

New services to consumers in the telecommunications market in Australia are increasingly bandwidth intensive. Internet services, the use of which routinely involves the movement of large data files or images, are largely predicated for success on the ready availability and wide use of high bandwidth services. The imminent third generation mobile specification, which will provide for 2Mbit/s services to end-users, provides another example of the data volume issue.

In 1993 data traffic represented about 5 per cent of the total telecommunications traffic on the public network. Presently the comparative level of voice and data traffic are about equal. It is estimated that by 2003 voice will only represent about 5 per cent of total traffic. Across this time interval the volume of voice traffic has continued to grow but data has grown at a rate vastly in excess of it. Clearly a significant part of this 'traffic' relates to services based on higher data rates for the same period of time, but it still points to a significant growth of a variety of traffic not yet fully addressed by the agencies.

For the agencies this change means that their focus of attention must now include data in its various forms. It will also requires that agencies invest to keep pace with this trend.

Agency success in dealing with this change will require agencies to address this technology shift, including appropriate investment in skills and facilities.

The ACA notes that the focus of agencies is law enforcement and national security, with interest in technology confined to use of it in the execution of their charters. A particular focus on technology trends and evolving services requires a level of specialisation and study generally outside the scope of mainstream agency activity.

As the technology permits, CSPs are, in the interests of attracting customers, providing them with the means to customise the services delivered to them by the network. A typical example is the suite of Telstra's Easycall™ services. This emphasises the need to consider and accommodate TI at the product concept and development phases, rather than attempt to deal with the issues after the product is released to the market.

Information intended for application to electronic media is usually manipulated to present the intelligence to the media in a form that the media can handle. This is referred to as encoding and is usually applied by the entity responsible for proper functioning of the media. Typical examples of this are the conversion of acoustic (air pressure) voice signals to electrical variations which represent the voice so that the now electrical representation can be passed to electronic media such as a communications network or tape recorder. In a digital network the electrical variations which represent the voice may be further encoded to digitise the electrical signal so that it may be used with a digital network or digital storage device such as a CD, computer hard disk drive or floppy disk.

A signal passing over a telecommunications network may be encrypted by a number of parties including:

• the C/CSP operating the network as a part of the carriage service;
• a service provider using the network to provide service to other users of the network eg. a bank's secure transaction service to its customers via a telecommunications network; or
• an end-user (seeking to protect their communications to another end-user).

The Australian telecommunications regulatory environment requires that where the electronic communications of a particular end-user are subject to an interception warrant and the encryption or encoding is provided by the C/CSP as part of the service, then the C/CSP is responsible for removing such encryption or encoding before passing the warranted communication to the relevant agency.

Where the encryption is used in legitimate commerce, its purpose is the prevention of fraud and the protection of privacy at least commensurate with equivalent non-electronic practices. In such circumstances the encryption key (or keys) used for the provision of such encryption would be retained by either the organisation providing the encrypted service, a key provisioning service or a trusted third party.

The ACA agrees that encryption has a valid and valuable place in Australia as an enabler of electronic commerce and in relation to the legitimate protection of privacy of end-user communications. It is likely that in the future use of encryption for many applications will expand and agencies could have to turn to alternative methods for the progress of investigations.

Growth in the numbers of both carriers and carriage service providers is the intended outcome of the Government's policy on telecommunications deregulation. The success of the policy is manifest in the numbers that now compete in the Australian marketplace. There are 28 licensed carriers and 795 carriage service providers (of which about 690 are Internet service providers). The Government's policy expectation is that consumers should have more choice in telecommunications service providers and that competition should drive the provision of that choice.

Participants in the telecommunications market are seeking to gain a competitive advantage over rivals and are therefore seeking to introduce new services to attract customers. These new services are based on newly introduced and existing technology. A key theme of this review is that it is services which should be the most appropriate focus for the execution of any TI warrant, rather than the underlying technology platform.

Telecommunications is not likely to be immune from the business forces relevant to other sectors of the Australian or global scene. These provide an indication of the Australian telecommunications environment of the future. On the basis of experience from overseas telecommunications markets and other business sectors, the current trends suggest that telecommunications businesses will go in one of three possible directions:

• target niche markets or otherwise focus their businesses to develop efficiencies linked to that specialisation;
• become large enough to offer a wide enough range of end-to-end services to achieve economies of scale; or
• become take-over targets.

The common theme in submissions on this topic was that the interception would be most efficient if it were associated with the C/CSP that had a direct customer relationship with the target. Additional comment emphasised the need to conduct the TI at the edge of the network closest to the target.

Some C/CSPs emphasised the difficulty or unworkability of expecting the wholesaler to be able to identify and deal with traffic of individuals who are customers of other C/CSPs. They pointed out that the wholesaler may be providing only part of the transmission capability which is supporting a particular customer of the second C/CSP. It was suggested that interconnect pricing could allow provision of TI.

This competition issue relates to the potential for a C/CSP to seek to gain a cost containing commercial advantage by taking a risk management based decision not to install a TI capability in the anticipation that they are unlikely to be served with a warrant.

In discussions with industry participants, the ACA has encountered some instances where this approach may apply to some C/CSPs. The opportunity for such an approach is intended to be addressed though the IC Plan process. The ACA proposes that the IC Plan process be supplemented by a scheme for declaration of compliance - along the lines of that used for the technical regulation of customer equipment. This is discussed in Chapter 8.

Agency submissions emphasised that the number of entities they had to deal with was imposing a demand on resources that detracted from their core agency activity. They noted the exclusion of CSPs from the obligation to consult about new technology and submit IC Plans and suggested that this could be addressed through the existing nomination process. Linked to this comment some also looked to the IPND as a source of information about customers of C/CSPs.

Modern telecommunications is intrinsically a global activity. Suppliers of products used in Australian networks include overseas manufacturers. Service providers can also be overseas based, customers of Australian service providers can be overseas, and Australian or overseas users can be attached to Australian or overseas networks at different times.

Equipment available to Australian C/CSPs is dependant on the global marketplace. The products that are presented to the Australian service providers as a platform for their delivery of services are increasingly developed with the global market in mind. Even if Australian specific products are developed and sold to an Australian service provider the on going support cost of those products will be high. This leads to pressure for any supplier of such services to prefer the global (and hence globally supported and priced) product, rather than any Australia specific version.

Key issues for law enforcement and national security, in regard to globalisation, include:

• availability in Australia of services originating outside this country (satellite mobile, Internet services, calling card and callback services, and anonymiser services);
• international roaming (eg. by means of international prepaid SIM cards, roaming onto an international compatible network or global satellite services);
• alignment of Australian agency needs with those of other overseas agencies;
• providing for Australian agency needs in the international equipment and software supplier environment; and
• co-ordinated agency dealings with international suppliers of TI capability.

Submissions from manufacturers, C/CSPs and agencies raised similar issues. Manufacturers submitted that:

• the costs associated with requiring a TI solution unique to Australia would be expensive both initially and as an ongoing expense; and
• unique solutions for Australia would make hardware or software version different from the global version and likely to be incompatible with new services and capabilities developed for the global market (hence depriving Australians of those services).

The preferred approach was to align with global versions of the hardware or software to preserve the globally standardised TI capability and maintain the customer functionality of the global release of associated software. Recent industry standards (European Telecommunications Standards Institute (ETSI) Standard 003003 and American National Standards Institute (ANSI)-J-STD 25) provide for such global standardisation.

The International User Requirement (IUR) was developed between 1993 and 1996. It focuses on the outcomes which agencies require from an interception capability (ie. the 'user requirements' of agencies), rather than on how network operators should go about developing an interception capability.

Since finalisation of the IUR, ETSI standards and reports have been prepared which recast this user specification into the more precise phraseology necessary for the development of a technical standard. ETSI has now prepared a draft standard for TI capability in network equipment. The draft standard has now been released for comment by the ETSI membership and ETSI members are expected to ratify this standard around September 1999.

In the United States ANSI-J-STD 25 was prepared in response to the 1994 Communications Assistance to Law Enforcement Act (CALEA) and provides a basis for testing a C/CSP compliance with the CALEA legislation (referred to in CALEA discussions as the 'safe harbour' provision).

The difference between the ETSI and ANSI-J-STD 25 reflects the differences between the CALEA legislation and the IUR. The CALEA legislation relates to circuit switched fixed and mobile voice or similar services and provides for negotiated delivery arrangements and other arrangements between C/CSPs and agencies. The ETSI standard covers all services (although version 1 applies to those up to 64Kbit/s) and provides clear delineation between the C/CSP and agency responsibilities for TI.

The IUR was developed in the context of circuit switched telephony. It needs, and is undergoing, development to address the newer services including Internet and high data rate services. Australia should continue to be an active part of this work.

Other factors relevant to cost-effectiveness of TI are, or derive from:

• features of the current regime;
• increasing transparency about TI; and
• co-ordination among agencies.

These are discussed in greater detail below.

There are features of the current regime which are likely to effect the costs and effectiveness of TI in the longer term. These may be summarised as the placement of the responsibility with the power of influence, requirement ab initio and costs of cost tracking.

The costs of TI are borne in the first instance either by the agencies or C/CSPs. Without considering the relative split of these costs they will in the long run be borne by the community in toto as the community is taxpayer, customer and shareholder. There is no other possible placement of the costs. Accordingly, setting aside the creation of appropriate incentives for efficiency, the relative apportionment of costs between agencies and C/CSPs is of little import itself in the long term to the cost of TI.

The basis for apportionment must then be settled on the principle that there must be a clear cost driver to minimise the costs while preserving the capability. It is then appropriate to place responsibility for particular costs with the entity with the power and motivation to minimise them.

On this basis there is no advantage in providing for the C/CSPs to install and maintain the capacity at agency expense, as there is then no driver for the C/CSP to contain the costs, the quanta of which it is within the C/CSP's control to minimise. This clearly reinforces the current regime premise that the C/CSPs should make the TI capability available at their own expense as it provides a clear motivator to minimise costs.

This theme is discussed in greater depth in Chapter 8 in the context of the appropriateness of the current arrangements.

There are two other factors relevant to the regulation of the regime that are relevant to the costs of TI. These factors are the opening up of the process of TI requirement and the opportunities that flow from some national co-ordination/specialist centre.

The reduction of secrecy about the requirement for a TI capability occurs through:

• publication of the requirement in the legislation;
• guidelines to the industry; and
• production of standards both for specification of the requirement and standardisation of agency approaches, technology and techniques.

While there is some appropriate sensitivity about the public knowledge of the use of TI, the increasing awareness of it can have some positive effects, especially in relation to costs. The cost impact comes from the otherwise confidential approach to TI under which agencies would have imposed a confidentiality obligation on any supplier of the capability for any equipment relevant TI. This would have meant that a supplier to a C/CSP in one country would be required to set up internal information barriers about the supply of the same or near equivalent capability to another C/CSP.

The consequences of this may be that either the supplier has an opportunity to charge each C/CSP for the development of the same capability, or that internal barriers require the charging of each C/CSP for the development as if it were an initial development for each C/CSP. The outcome is the same in either case, that is, a higher price to each C/CSP for the TI capability. Recognition that TI capability is a general requirement eliminates the need or opportunity for internal information barriers and competitive pricing based on the open knowledge that the same requirement exists for many customers.

The concept of some national lead or co-ordination centre arises from a recognition of many of the tasks facing agencies seeking to preserve the value of TI in the multiple provider and rapidly advancing technological environment in Australia. Submissions from a number of agencies pointed to some perceived impracticalities of a single national interception centre.

A single central agency conducting all interceptions need not be the model introduced. Rather the review separates the issue into physical and technological co-ordination and invites the agencies to consider the most appropriate structure that flows from consideration of relative advantages and costs.

Physical co-ordination refers to opportunities for co-locating of agency interception facilities, including delivery points. In Chapter 8 the ACA sets out its recommendations in relation to the rationalisation of delivery points. It is sufficient for present purposes to note that the current arrangements for delivery points do not encourage agencies to co-operate in the settlement of delivery points or encourage the sharing of agency interception facilities.

The ACA believes that cost savings to agencies could be achieved if agencies are able to share TI skills, resources and facilities, particularly with regard to interception of emerging services. The TI Act could be amended to allow a law enforcement agency to conduct TI on behalf of another agency. This would, it is suggested, reduce the possibility for duplication of expensive interception facilities by agencies which will be required by agencies to ensure new services can be intercepted.

Separate from physical arrangement of delivery points and associated capability at each delivery point, technological and commercial co-ordination would assist agencies in dealing with the technology and the industry. The ACA proposes that a national capability which agencies could use at their discretion, would be a significant boon to preserving or building on the current value of TI. Such a facility could be established within an agency, or a regulator (or a new entity), and have the following characteristics:

• development of TI expertise relevant to the expanding range of services in the Australian marketplace;
• purchasing practices (perhaps co-ordinating with peer agencies) to contain equipment and services costs;
• standardisation of agency practices and equipment interfaces to maximise advantage from C/CSP standardised equipment interfaces;
• equipment selection (or special manufacture) to align with standardised practices and interfaces;
• co-ordination with peer agencies to set up mutual support arrangements (eg. equipment, skills or facilities sharing) to deal with special circumstances or service demand peaks;
• promotion of standardisation of needs, practices, interfaces in national and international fora;
• co-ordination of dealings with the C/CSPs (eg. in relation to delivery points, establishment of TI capability and service level agreements);
• establishment of mechanisms for dealing with interception of more demanding and/or less frequently used communications products and higher data rates;
• assisting C/CSPs in meeting their TI obligations including provision of a TI validation laboratory; and
• administration of an audit process associated with an industry self-regulation approach to TI.

The expectation of a single delivery interface in the medium term is questionable while proprietary standards are offered by vendors. In the longer term delivery interfaces should progressively migrate to a globally standardised interfaces. This is discussed below.

One C/CSP suggested that the default format for the delivery of TI product should be the format provided by the C/CSP's equipment supplier and any variation from that be at the agencies' expense. This approach would simplify the efforts of the C/CSPs. However it would also complicate the necessary arrangements of the agencies. If the delivery format were adjusted at the C/CSP end, there would be potentially one reformatting (or one reformatting per C/CSP facility). If done within each of the agencies there would need to be as many items of equivalent equipment as there are agencies. The C/CSP complemented its comment with the proposal that a single delivery point for TI product would permit only one item (or a few items) of conversion equipment (depending on approach the range of cost per equipment could be from $20 000 to $200 000).

The ACA does not agree that acceptance by the agencies of the TI product in a format determined by the C/CSP's equipment vendor would of itself reduce the overall costs of providing a TI capability. All that would be achieved is the shifting of the cost to the agencies without reduction of the total costs. However, consideration of the arrangements of delivery and the possible reduction in the number of mediation (signal/data translation) devices could reduce overall costs. This is particularly relevant to the possible national co-ordination of agencies' physical facilities/delivery points from which reduced numbers of mediation devices could be achieved.

Linked to this is a clarification of responsibility for mediation devices. The Australian TI regime provides that a requirement specific to an agency must be funded by that agency. In the event that there is a standard signal and data format required by all agencies, delivery in that format is the responsibility of the C/CSP. In such a case the C/CSP and agencies may be able to agree on a placement of the mediation device(s) to minimise the costs to the C/CSP and overall costs.

The ACA believes that the standards for delivery of TI will harmonise as technical standards for the provision of the capability mature and become a feature of vendor products. Similarly, technical standards for delivery of any particular product will reflect the state of the art at the time the product or its underlying technology platform is developed. As these changes occur, it is reasonable that agency interface equipment reflect such developments.

• The ACA does not believe it to be possible to develop a useful quantitative analytical framework to assess costs and benefits of regulatory intervention in a general sense. Regulatory interventions will need to be considered according to the needs and circumstances of the particular times.
• This review is appropriate as a means of considering the impact of the new regulatory arrangements introduced in December 1997. This is a review of those arrangements, not a review to establish a permanent framework for the future.
• While it is not possible to establish a hard and fast framework to assess the costs and benefits of regulatory intervention for all time it is nevertheless possible to identify a number of factors that will usually need to be taken into account and balanced according to specific circumstances, over time.
• The benefits of TI are readily expressed in qualitative terms and include:

• Regulatory interventions will need to be assessed according to the legislative context in which the intervention is being considered.
• While TI is important for law enforcement and national security it is but one of a number of regulatory requirements within the objectives of the Act. Specific issues for consideration include:

• Within the context of the Act and current industry structure cost-effectiveness of TI can be improved through regulatory intervention to:

Term of Reference 4 requires the ACA to:

Considerations about TI involve assessing the value that comes from its use. This is itself a complex matter with some quantitative aspects (investigation and court time saved, proceeds of crime confiscated etc.) and qualitative aspects (crime prevented, a safer society etc). These are matters which arise in the administration of the TI Act, which is administered by the Attorney-General and through him by the Attorney-General's Department.

Separately the ACA is responsible for the administration of the Act. Accordingly it must have regard to the need for arrangements for the provision of TI to not compromise the objectives of the Act overall. Thus the objectives of regulatory intervention should be to minimise the financial and administrative burdens so as to promote the objects of the Act.

Additionally, the ACA recognises that at different times and under different circumstances the relative weightings to be applied to meet the policy and administrative needs faced by one agency or another need to vary. Other factors not related to TI may need to be considered and given weight. This Chapter discusses the factors related to TI and suggests the nature of their impact but cannot provide a relative importance scale as this will vary with time and circumstance.

A necessarily qualitative approach is followed below. Quantitative factors and the particular circumstances calling for intervention and the use of such factors also require close consideration. A balance is required between:

• the objectives of law enforcement and national security;
• the long term interests of end-users of carriage services or of services provided by means of carriage services; and
• the efficiency and international competitiveness of the Australian telecommunications industry.

Dealing with the issues will also involve a range of public interests both associated with and outside of the telecommunications regime. All of these would need to be considered.

Pursuing a universal quantitative formula approach would assume that it is possible to apply to the different public interests, weightings and balances without the application of human judgement that would incorporate the circumstances of the time. This is clearly not possible for the complex process of weighing public interest needs and benefits according to the circumstances of particular times.

Whether any regulatory intervention is required for the provision of TI capability requires consideration of the following factors that could be influenced by circumstances. These are:

• Government's perceived value of TI capability and its use;
• the likelihood that this could be provided without regulatory intervention; and
• the impact of regulatory intervention on the other objects of the Act.

Having a TI capability is intended to serve the social good and has already been adjudged, by legislative action being taken by the Parliament, to be in the public interest. The benefits to law enforcement and national security processes from the availability of TI are discussed in detail in Chapter 3 of this review and these involve both quantitative as well as qualitative assessments.

In quantitative terms there are statistics about TI contribution to proceeds of crime confiscated ($13.6m in 1997-98 through one agency alone), value of illegal drugs captured ($97m in 1997-98 by the same agency) and value of court time for hearing a case ($50,000-60,000 per day saved by accused persons deciding to plead guilty rather than contest charges). Of a less tangible, but equally valuable, nature is the contributions of TI to things such as a safe and just society in which commerce can prosper and citizens can live in safety, in a community free of crime which can enrich their lives.

Other nearly quantitative aspects of TI may be summarised as:

• assisting investigation, prosecution and court processes (and through these arrangements providing benefits to the community);
• increasing safety and security of agency officers and the public;
• better comparative costs and/or benefits of using TI compared to other investigative measures; and
• less comparative intrusiveness than with other investigation methods.

There is already a strong reporting and accountability regime addressing the use of TI which is probably more stringent than comparable mechanisms applying to other forms of surveillance. This provides a mechanism to ensure that its use is properly guided and the rights of citizens, who may be unaware of intrusions into their lives, are protected. However the costs of establishing such accountability measures is a factor to be considered in assessing the desirability of regulatory interventions.

The benefits of TI to law enforcement and national security and the community at large are a complex mixture of non-measurable and measurable and quantifiable but difficult to quantify elements. Valuation is necessarily subjective and will need to be settled by community processes described above. Finally it is noted that Governments have long accepted that TI is of sufficient import to justify its provision at cost to either the agencies/taxpayers or the industry/consumers.

In the time that there has been for agency and industry to negotiate agreements which are part of the current framework there have been huge opportunity costs both direct and indirect. These costs include salary, travel, administrative, property and legal and other costs of seeking to agree the ancillary matters related to TI. While this activity, which should have been an administrative detail, has been progressing, crime was not being adequately addressed for the lack of TI.

This can be contrasted with an alternative vision under which administrative matters are set down fairly as an outcome of consultation toward obviating extended negotiations. There was no substantial disagreement about this approach in submissions.

If addressed though regulatory intervention the resultant benefits subject to the safeguards described above would be delivered in a much more timely fashion. Additionally the overall costs of TI would be contained by the elimination of the elements described above and the public interest benefits maximised.

The Australian telecommunications regulatory regime already imposes requirements that have cost impacts on the industry. These involve the two main streams of competition development and community safeguards:

• provision of number portability;
• provision of pre-selection and pre-selection over-ride codes;
• carrier contribution to the costs of the Universal Service Obligation;
• Customer Service Guarantees and itemised billing;
• membership of the TIO scheme;
• provision of operator and directory assistance services;
• supply of data to the IPND;
• provision and maintenance of a TI capability;
• provision of an emergency call service.

TI therefore represents only one requirement (albeit an important one) among many regulatory requirements, each serving a particular social purpose. Additionally, as discussed below, the provision of TI must be consistent with the objects of the Act. TI should not be a barrier to, or impede the development of, an efficient, innovative and internationally competitive supply of telecommunications services within Australia.

The intention of the Act (as expressed in section 4) is that telecommunications be regulated in a manner that promotes the greatest practicable use of industry self-regulation. It follows that there should be commercial freedom to agree on the prices, and other terms and conditions on which they are provided. The Act further provides that this should not compromise the effectiveness of regulation in achieving the objects outlined in section 3 of the Act.

Therefore, in the event of market failure or circumstances where a market outcome would not align with social or other objectives, regulatory intervention could be used as a surrogate for absent market forces or competition, or to achieve outcomes not likely to be achieved through competition or self-regulation.

Telecommunications interception is not a natural or commercially attractive business for C/CSPs. This theme is presented in the submissions of a number of C/CSPs, as well as being recognised in some agency submissions. In addition to this there is an expectation on the part of end-users that their communications will be private. Indeed, networks are structured to ensure, and legislation provides that, telecommunications in Australia are to be private except in exceptional circumstances.

The circumstances in which TI is called for through lawful processes are so exceptional that a market for TI services will not necessarily arise naturally. TI exists as a result of a legislative requirement and even if it were to be provided on a for-profit basis, it is still unlikely that it would be provided through market forces alone. The relative scale of the general consumer market compared to that for TI services also makes the general consumer market the primary focus of available resources. TI cannot be other than a specialised service that operates within the overall telecommunications market.

Against this background it can be seen that the existing arrangements for C/CSPs to provide a TI capability at their own expense also represents a policy compromise. Market forces will not operate to assure its provision and therefore in this context, other measures for both industry and agencies are necessary. This compromise arrangement suggests that regulatory mechanisms might operate in respect of charges and delivery arrangements, the delivery arrangements or other aspects of TI where the market alone will not produce a suitable outcome.

Current arrangements are intended to encourage agencies and C/CSPs to seek solutions without formal regulation to the greatest extent practicable. The extent to which this is practicable is determined by the parties having a clear understanding of what is to be provided, the commercial advantages gained through cost-effective provision and the availability of a forum within which to manage the process. A key advantage of a self-regulatory approach is that through discussion there would, ideally, emerge a balancing of demands and a mutually accepted reasonable approach.

In the Australian context, there is no declared technical standard for TI that can be used as a basis for developing TI solutions. This is discussed in more detail in Chapter 3 of this review. Thus the following would need to be clarified before self-regulation could be relevant:

• specification of precise requirements for TI so that compliance with a technical standard acquits the TI obligation; and
• a basis for exemptions and compliance, in terms of surety that TI is available, where warranted.

With adequate certainty on these topics, self-regulation could reasonably address the following:

• clarification of product delivery issues (hand-over interface standardisation and location, clarification of the division of costs);
• standardisation of service level agreements (including prices and other terms and conditions for the supply of the TI service, and liability);
• mutual assistance between C/CSPs to give effect to a TI warrant; and
• clarification of cost distribution between agencies and C/CSPs regarding network upgrades or software updates.

In regard to these points of possible self-regulation, the ACA notes that the provision of TI product is a, or a series of, unidirectional transactions (ie. from each C/CSP to each agency). Thus it is not clear that there is a strong driver for a successful and early outcome to such transactions. The ACA also observes that developing agreements under the previous arrangements has been on the basis of multi agency – single C/CSP negotiation. The results that have been obtained have required considerable resources and usually have taken very long periods of negotiation.

The ACA also observes that agencies have developed the existing agreements about these points with C/CSPs in the Special Networks Committee, a forum that meets in conjunction with the LEAC, and separately as required.

An alternative industry forum for settlement of any C/CSP and agency codes or standards about these points could be the ACIF. Indeed some law enforcement issues are presently being addressed within its Working Committees. The ACIF would be a particularly relevant forum for development of codes that could address issues appropriate for ACA registration. It would be especially relevant in conjunction with the Service Provider Action Network that it has worked with in the past on specific topics. Security aspects would need to be considered as ACIF processes are necessarily public.

Current experience with self-regulation on law enforcement matters shows that if the lack of a code or standard permits non-performance of an obligation which is commercially unattractive, then the code development will be lengthy.

Competition aspects are also relevant to the consideration of regulatory intervention. As the market provision discussion above points out, there is no natural market attraction to the provision of TI. On the contrary, competition in the market is a clear disincentive to the provision of TI because C/CSPs are trying to minimise costs. While the ACA has found that the established members of the industry are clearly complying with the obligation and indeed co-operate with and assist agencies, it is unlikely that given choice, C/CSPs would provide a TI capability under the existing cost allocation arrangements.

Provision of TI capability at C/CSP cost by some C/CSPs and exemption of other C/CSPs also has competition impacts. The exemption process could have the side effect of producing an imbalance in competitiveness by virtue of costs avoided. Such a side effect could be used to establish or adjust the extent of natural imbalances in the industry for example in respect of new entrants with small market shares. Exemption from the obligation for a particular C/CSP would have to be linked to a compliance process to ensure that intended boundaries of both the competition imbalance and TI obligation were not exceeded.

In the case of new entrants, exemption from an obligation in the early stages of business development or resulting from a low risk assessment by LEAs may help the further development of competition. However unless there is a clear plan for the introduction of a TI capability from the beginning, its imposition at a later time could be expensive and disruptive to the business and to its service to customers.

C/CSP submitters also stated that a TI requirement on Australian C/CSPs would disadvantage them in relation to international C/CSPs that did not have this obligation. The ACA observes that among comparable jurisdictions the obligations in regard to TI are at least similar. The observations made elsewhere about the emerging need for mutual legal assistance arrangements in respect of TI are also relevant.

Costs for the provision of TI are significant (albeit relatively small in relation to other regulatory requirements). Also, as discussed above, this provision is not a natural or attractive business for the C/CSPs and agencies usually have no choice of the C/CSP to access the traffic of a particular target. Thus the agency usually has no choice but to procure TI and other services in relation to a particular target from the C/CSP providing service to that target and the C/CSP has no option but to provide for a TI capacity and supply the TI service. This places the C/CSP in the position of a monopoly provider with no market constraint on price charged for or conditions attached to providing that service. There is a risk that, in the absence of any legislated or regulated intervention, the C/CSP may exercise a monopoly power in negotiations about such services.

Legislative or regulatory intervention provides a means to arrive at an outcome that contains costs while ensuring that they are ultimately borne by the appropriate party. Depending on objectives, regulatory intervention could also be used to overcome or minimise administrative delays in providing the TI service once the capability is available and TI is technically possible.

A framework for considering regulatory intervention must consider the issues which might be addressed by such intervention, and the purposes of the intervention in relation to the issue. Both submissions to and observations of the review indicate that regulatory intervention could be considered in relation to the following:

• extent of coverage of services;
• placement of costs;
• measurement and management of demand for TI;
• certainty and clarity of requirement;
• terms and conditions of provision of TI;
• exemption from TI obligation;
• compliance arrangements;
• agency co-operation and TI capability development;
• international interactions; and
• ongoing review and adjustment.

The current regulatory regime provides that communications passing over a network or facility are to be interceptible unless an exemption has been given to permit a specified carriage service without a TI capability. It can be noted that the products which have a TI capability represent the majority of services currently in use.

Elsewhere in this review the point is made that for TI to be effective the coverage must be comprehensive. There are two objectives in this regard:

• denial of communications to enable criminal organisation and planning; and
• gaining of information to assist in investigation and prosecution.

A further consideration is that while criminal activity that lacks sophistication and/or planning may not involve seeking out gaps in TI coverage, crimes involving planning and organisation are more likely to do so. Thus gaps in TI coverage will be particularly relevant to the effectiveness of TI.

It seems reasonable to conclude that to be effective and cost-effective, TI should to the maximum practicable extent, encompass all widely available telecommunications services. If not, sophisticated criminals or targets – the ones most difficult to address by alternative investigatory means – can be reasonably expected to seek to identify and substitute the telecommunications channels not subject to effective TI, for those that are. As noted elsewhere any gaps in the availability of TI for services could extensively degrade the cost-effectiveness of the TI that is in place, which could then become partially, or potentially even wholly, redundant.

In the Australian environment there is emphasis on competitiveness and innovation toward lowest prices to customers and innovation in services and a complementary emphasis on the value, and preserving the value, of TI toward a social good. On this premise, reasonable objectives of any intervention would be the overall minimisation of costs rather than minimising costs to any one party or group. The distribution of these costs should be a secondary consideration.

Placement of costs should be driven by the policy objective of minimising costs overall. Consequently it raises the issue of equity in the TI context in that the costs are not being borne directly by the seeker of the service. This must be accepted as an imperfection in the current arrangement but one that is acceptable toward the objective of minimisation of costs to society overall.

Responsibility for costs of providing TI capability have been assigned on the basis of minimising costs overall rather than on equity related to use by agencies. However, acceptable measures toward equity are maintained in requiring agencies to fund some component in the current regime – the direct usage costs of the capability. This provides some influence over any possible overuse of TI because of the now skewed pricing of the service based on the capability.

Some further useful realignment could be achieved through regulatory intervention. Such intervention could be a requirement that regulated prices for TI and related services be set (by the ACA in consultation with the ACCC) and that the contribution of the C/CSP to the establishment and maintenance of the capability be recognised in the prices so regulated.

As discussed previously, there is inadequate clarity of the nature and extent of the TI obligation. In addition, the developing industry structure and patterns of use by customers make the current definition less workable and further cloud the obligation. Either adjustment of the legislated requirement, or provision that the requirement be clarified via subordinate legislation could resolve these matters.

Clarity of requirement would be most valuable for C/CSPs and such clarification could address:

• relating of the obligation to a technical standard or accepted demonstration of capability (resulting in a 'safe harbour' effect similar to that used within the US regime);
• relating the obligation to services being supplied by a C/CSP (rather than those being supplied by another C/CSP (which is a customer of the first C/CSP)); and
• relating the obligation in respect of a target to the provider of service to the target possibly supplemented by an 'at cost' reserve TI capability (based on best efforts) associated with another C/CSP related to the target.

As discussed in Chapter 3 and other parts of this review, commercial and administrative negotiations are delaying the delivery of TI capability well beyond the time of technical availability. These delays and impediments are compounded by the perceived general imbalance in negotiating position and strengths of the industry compared with that of the agencies (although at times agency influence on selected issues is very great). Regulatory intervention could obviate or minimise these non technical delays and impediments, given the circumstances described below.

Pricing and other terms and conditions for a service would derive from competition-based commercial provision when:

• the transaction takes place between a willing supplier and a willing customer; and
• the customer can exercise a choice of supplier in a competitive market.

Where these conditions exist, the competitive market price will be the predominant influence over the price and other terms and conditions negotiated between the parties to the transaction.

However, these conditions do not exist for the provision of TI and other services, under Part 14 of the Act, to an agency as discussed in 6.2.4 above and there is a risk that the C/CSP may exercise a monopoly power in negotiations about such services.

The absence of competitive choice for the agency does not preclude the negotiation of a fair price for service, if both the agency and C/CSP have equal access to information that may be utilised to set such a price and both parties are amenable to a fair outcome. However, in practice the C/CSP inevitably has more knowledge of its own costs than the purchaser (the agency) and it is not in the commercial interests of the former to provide this information to the latter.

Costs definitions can be ambiguous and costs can be subjective in their determination. For example, opinions may differ about the costing method that may be appropriate or about measurement of the appropriate cost of capital, or about methods of overhead cost allocation. Unless an agency has access to specialist expertise as well as information about the underlying basis of costing, it will be difficult for agencies to gain comfort that costs are appropriately stated.

It is difficult to see how cost-based pricing for TI services can ever, in practice, be fairly negotiated on a commercial basis between agencies and industry. Regulatory intervention would have benefit when it restores balance to the relative negotiating strengths of the parties and assists in enabling an essential investigatory tool for modern society to be preserved.

TI capability should not be sought or provided if it would not be a cost-effective and material contribution to the agencies fulfilling their charters. To do so would be wasteful and would divert resources away from more productive aspects of telecommunications service provision.

A requirement that is perceived as excessive may possibly lead to non-compliance with that obligation. This may both bring the law into 'disrepute' and mean that TI may not be available for those C/CSP's products where TI is important. There is thus a nexus between ensuring that TI is deliverable on those products for which a TI capability is important (and defensible) and at the same time not sought (ie. exempted) in relation to products that would represent an inefficient contribution to the charter of agencies.

From the perspective of the C/CSPs an exemption regime would have to recognise their need for certainty for business planning in terms of:

• criteria under which an exemption may be granted;
• criteria under which an exemption would be refused;
• the time to grant or refuse an exemption request; and
• whether a similar product in similar circumstances is already exempted.

The needs of agencies and C/CSPs in relation to any telecommunications product can change over time and with circumstances. Flexibility and responsiveness would have to be built into the any exemption regime.

Thus any regulatory intervention could be considered on the basis of subordinate legislation. This could include broad criteria (that are justified through a consultation process and may be varied from time to time) which are to be considered in granting or refusing exemptions; setting time limits for decisions about an exemption; and, within the bounds of necessary confidentiality, making available to relevant staff within C/CSP's information about exemptions already granted.

Compliance arrangements should complement the exemption regime and the two should be considered together. Through the exemption regime, products for which TI is an efficient contributor to agency needs and are required to have a TI capability are identified and specified. That is, the value of a TI capability for these products has been scrutinised and affirmed. In such circumstances it is important that the agencies and the regulators be confident that the required capability is available. This could also be achieved by a self-managed compliance regime overseen by a regulator, with additional audit or information powers in special cases if existing powers are considered deficient.

The current TI regime, while imposing the requirement that all services which are not subject to an exemption be interceptible, has no low cost mechanism for ensuring that there is compliance with that requirement. Under the current regime an annual IC Plan is to be submitted by each carrier or nominated CSP. At present no CSPs are nominated. The IC Plan is a non-binding statement of intent, at a particular time, about the product range of a particular carrier or nominated CSP and is not an affirmation or any proof that the TI capability exists. The focus on carriers (and nominated CSPs) of the IC Plan process currently delivers acceptable outcomes as the carriers which presently receive the majority of TI warrants are also CSPs. However, the technical reality is that TI is implemented in CSP facilities rather than carrier network units.

Regulatory intervention could be considered to engender that surety in relation not only to the products of carriers and nominated CSPs but all CSPs. Thus any such regime should accommodate a large number of CSPs with varying styles, locations and markets and:

• align with general industry familiarities;
• maximise opportunities for self regulation;
• be industry based; and
• involve the regulator only in exceptional instances.

No regulatory intervention is envisaged in relation to the agencies' technical co-ordination and capability development measures. The regime envisaged is also expected to permit and be structured to encourage some form of central capability development and standardisation. The nature of and benefits from such a capability are discussed at Chapter 5 and are particularly relevant to addressing TI for low volume and/or high complexity services, occasional peak demands for TI and fruitful international interaction.

Development of a nationally managed co-operation and assistance capability would provide a level of independence for agencies. At present, and simply reflecting the history of the provision of TI in Australia, most agency solutions for TI derive from one C/CSP. This dependency presumes that the assistance will continue and from a competition context is an alignment that is unlikely to continue in the future.

Chapter 7 of this review discusses the international alignment of TI requirement and interchange of information. Although no regulatory intervention is proposed toward enhancing that interaction, a key feature of its ongoing success is the continuing alignment of regimes.

Benefits from any international standards about C/CSP equipment and developments through inter-agency fora will only be relevant to Australia if the Australian TI regime is similar to that for which the standards were developed. Chapter 7 shows that there is, or is developing, satisfactory alignment on significant issues relevant to TI in Australia. Australian policy formation should be mindful of the need to maintain (or improve) this alignment in the interests of ensuring that capability developed for other, larger regimes is immediately useable in Australia. This would be a significant aid in maximising benefits and minimising costs associated with TI.

This review of TI arrangements has taken place relatively soon after the introduction of those arrangements. This reflects in part concerns of the Barrett Review that change could be appropriate to reflect the dynamics of the Australian telecommunications environment. That same concern is shared by the ACA which also recognises that policy settings may need to be adjusted or tuned regularly in response to or in anticipation of developments. Regular or ongoing policy and regulatory adjustment could be addressed either by conducting a further review at some appropriate point in the future, or by providing a mechanism or structure for progressive review.

Within the current regime the LEAC provides a forum to address implementation and emerging possible policy issues in concert with industry participants. This important function could provide timely and valuable input to a standing policy forum that could ensure that the observed outcomes from policy settings and regulatory interventions match the intent. However LEAC is of itself an unsatisfactory forum for policy decision making. This function is more appropriately conducted separately in a small and focussed forum tied to the responsible policy departments and which can operate at a high level.

The ACA has recommended that an Inter-Departmental Committee be established to give effect to the recommendations in this review. Whether such a forum needs to continue into the future should be left open for later consideration.

• Australia's policy settings and practices for TI are in general alignment with those of comparable countries. This means that standards, and ultimately equipment, developed for those countries would readily meet Australian requirements. Continuing alignment of policy settings appears to be mutually beneficial.
• Other countries (the USA, Canada, the UK, the Netherlands, Germany and other EU countries) are facing similar issues about TI in the context of deregulated and rapidly changing national environments for telecommunications and appear willing to cooperate with Australia.
• International equipment and network standards relevant to TI are being developed (TIA/T1, ETSI, ITU) but need to be supported by enhanced Australian participation and preparedness to act to maximise value to Australia.
• International equipment and network standards relevant to TI will in time provide a readily available TI capability, reduced costs and ensure greater compliance with the TI obligation by C/CSPs in Australia.
• The Internet, although tightly specified from a technical perspective, raises particular issues as it is standardised outside of orthodox telecommunications standard making regimes.

Term of Reference 5 requires the review to:

In addressing this element the review considered the following aspects in its discussion paper:

• overseas legislation, practices and technology;
• the development of international technical standards about TI;
• co-operation fora of the agencies;
• mutual assistance on legal matters; and
• benefits for Australia from international co-operation.

As a part of the review, ACA representatives visited comparable overseas countries (the USA, Canada, the UK, the Netherlands and Germany as well as the European Council). Comparisons of approach on key issues for Australia are tabulated below. The tables below show a significant alignment either of current practice or intent (that is likely to become practice in that country in the near future) with the Australian approach.

The tables also show that the Australian approach in relation to TI is in line with global trends, and in some cases is slightly ahead of comparable nations. There is considerable interest in the Australian regulatory regime and its possible development paths among overseas countries.

The basic premises that apply widely, or constitute the model to which most nations are migrating, are:

• applying the interceptibility requirement to all services;
• provision of the capability at C/CSP's own expense; and
• agency funding of usage and any special requirements.

This alignment of approach means that global manufacturers that supply to the markets of these countries will be required to supply similar or the same equipment capability in each market. The aggregate market of the countries visited is about 25 times that of Australia's. Consequently Australia's alignment with this group will ensure availability of relevant products for TI at very much lower prices than would be the case for a smaller group or single Australian market.

From this survey the ACA makes the following observations.

Australia has always been a nation of 'early adopters' in most forms of technology and in telecommunications technology in particular. This 'customer pull' coupled with Australia's high technological capability over its history have placed this country at the forefront of network capability and services offered by it. The Australian telecommunications industry capability and its offerings to the Australian community reasonably match those available in any other nation.

In terms of technology for TI this country is similarly equivalent in capability. However different legal structures and society expectations do reflect in different approaches to some aspects of TI and variations in implementation. Australia is at the same level of technological development as most other developed countries. There are however, issues of co-ordination between agencies.

The influence that this country can have on equipment suppliers and manufacturers is limited because of the size of our market in relation to the global market. As discussed below, Australian C/CSPs are generally constrained to product offerings that were built for the global market with little influence by this country over the construction or capability at the time of purchase. If Australian C/CSPs are to have access at reasonable prices to suitable equipment for the provision of TI there are only two possible approaches. Australia must either strictly align itself to a larger market and accept product only from that market or influence the standards which are the basis of the features of the equipment offered to markets.

Influencing standards is the better approach, as it provides flexibility not available via the other path. The influencing of standards is best addressed by continued participation in the fora which set the standards for manufacturing the equipment that will in turn be offered to the global marketplace.

Australia, initially through Telstra (when it was Telecom Australia), had a reputation for disproportionate effectiveness in telecommunications standards fora such as the International Telecommunications Union (ITU). In recent years Telstra's involvement has diminished in line with its commercial imperatives. This has left a gap in coverage, especially on topics of national rather than commercial interest. This should be addressed, possibly by Australian agencies in the context of international inter-agency fora which have emerged in recent years.

The development of standards for TI is a recent phenomenon and presently limited to two streams of activity, one in the USA the other in Europe. Both streams have their origin in regulated requirements and relate to the IUR. The work in the USA, which initiated the IUR, also led to the requirements of CALEA although the IUR is not cited by the CALEA. The European work is directly linked to the IUR through a European Council Resolution adopting the IUR.

In the USA the Telecommunications Industry Association (TIA) and the Alliance for Telecommunications Industry Solutions (ATIS) – more commonly known as the US T1 Committee – have produced Interim Joint Standard J-STD-025 for the US environment. In Europe, the European Telecommunications Standards Institute (ETSI) has prepared a technical report, a standard and a draft Handover Interface Standard (DES/SEC 003003) for the European environment.

Both standards address the more traditional forms of telecommunications such as voice over fixed or mobile networks. The ETSI draft standard, however deals with more varieties of telecommunications services and has fewer aspects to be resolved at a later time through negotiation between C/CSP and agencies.

The Internet industry has developed with an ethos of rapid and unconstrained development without regulatory intervention. The standardisation process under the Internet Engineering Task Force (IETF), is outside the conventional framework and highly devolved. This, coupled with the culture of unimpeded development means that the process of settling a global approach to TI for the Internet in line with the IUR is still in its infancy.

Nonetheless, manufacturers of Internet equipment (servers, routers and packet switches) are likely to be aware of the requirement to provide for TI. The TI capability is linked to the commercial need to control fraud and inappropriate use of the facilities which is a significant concern for ISPs.

While it may be that there is variability among both manufacturers and ISPs there is no doubt that there is awareness and capability with at least some. Standardised capability may be a different matter.

In the USA the introduction of the CALEA legislation of 1994 was the prompt for the development of a standard to address the TI needs of that legislation. The CALEA includes a 'safe harbour' provision which means that if a service provider uses network equipment that complies with an industry standard which addresses CALEA then that provider is deemed to have complied with the CALEA obligations.

Development of this interim standard was under the leadership of the TIA as the primary forum of electronic equipment manufacturers. The Alliance for Telecommunications Industry Solutions (ATIS) is the major forum for network operators and service providers. Development commenced in 1995 and was approved by the industry in December 1997. The agencies, while participating in the formative discussions, were not part of the final vote for approval.

This standard addresses fixed and mobile telephony only. In line with the CALEA itself, it is intended to restore and preserve the TI capability which has been eroded in recent years by the introduction of digital communication systems and attendant user functionality.

In January 1995 the European Union issued a Council Resolution on Lawful Interception of Telecommunications. This Resolution, which is not binding on Member States, settled the IUR as the recommended basis for European requirements for TI. The European Telecommunications Standards Institute (ETSI) responded to this Resolution by a multi-stage process that involved:

• re-casting of the IUR into a technical format as an ETSI Report (ETR 331 of December 1996 by the Security Techniques Advisory Group; definition of user requirements for lawful interception of telecommunications; requirements of the law enforcement agencies);
• production of an ETSI Standard ES 201 158 of May 1998 telecommunications Security; Lawful Interception (LI); requirements for network functions;
• production of a further standard (at this stage in final draft and now offered to members for acceptance) to specify in detail the handover interface DES/SEC 003003 of February 1999 telecommunications Security; handover Interface for the lawful interception of telecommunications traffic.

The handover interface addresses speech, circuit and packet switched data, Universal Mobile Telecommunications Service (UMTS) and like services up to 64kbit/s. Future developments will address Internet services and the high data rate services envisaged for later versions of the UMTS service. The approach of this development is to include the requirements of all participants in regard to the IUR into the draft standard making it a superset of all requirements. As the equipment constructed to this standard is commissioned in each nation, only those features required for that nation are activated.

Co-operation among agencies has the objectives of alignment of requirements, exchange of technology and mutual learning. In relation to Australia there are two significant fora.

In the early 1990s there began debate in a number of countries about the erosion of TI capability and escalating costs as a consequence of the introduction of modern communications networks of various types. The prompt for global collaboration came from the USA (FBI) and was an outcome of the debate in that country about the legislation which later became the CALEA legislation. Similar pressures however, were evident in many western countries.

The key driver for this pressure was that until the wide deployment of digital technology (with many of the capabilities and features that are now passe), TI did not require any special capability to be incorporated into the equipment of the service provider's network. Agencies were able to work with the service providers and attach equipment that the agency had developed and made available to service providers. With the deployment of digital, computer-based communications equipment into service provider's networks, and especially the CAN, TI required specific functionality within the C/CSP equipment for proper function.

One of the first issues to be recognised was that a statement of agency requirements in relation to TI was a prerequisite to any incorporation of the required capability into equipment. At that time the solutions offered by vendors in relation to TI were proprietary, and led to compatibility difficulties for C/CSPs seeking to introduce later versions of switch software even from the same vendor. The result was a significant escalation in costs, delays in setting up a TI and restrictions on the effectiveness of TI.

The agency expectation was that if they could, as a significant sector of the global market, agree on a common set of requirements then the manufacturers would be likely to address that need with mainstream products. This common statement of requirement is the IUR.

The IUR is a description of the needs of agencies for TI in relation to voice/circuit switched services and has been stabilised. It has been used as the basis of ETSI standards work as described above. The US equipment interface standard (J-STD-025) as discussed above has been developed to address CALEA requirements and hence indirectly also derives from the IUR.

Global standards are developed under the ITU. After some initial negotiations the IUR has been accepted by the ITU as a document to be considered by its standards-developing Study Groups as they develop new standards or modify existing ones. At this stage there is no direct outcome from the ITU deliberations. Consideration by the ITU of the IUR in its development of standards about network equipment is more likely to result in easier separate implementation of a TI capability that can be attached to the equipment of another vendor. The ETSI and USA standards will further influence the ITU response to the IUR.

The key Australian work toward development of the IUR to include supplementary explanatory memoranda about specialist services is particularly relevant to addressing the gap between the current version of the IUR and other telecommunications services not covered by the IUR. Such Australian efforts should be continued and well supported. An important reason for this is that the next likely embellishment of the ETSI standard 003003 is inclusion of other telecommunications services. For this the Australian interest would be enhanced by participation in the standards making process, supported by Government where appropriate.

Globalisation in telecommunications is bringing with it a need to address TI in that context. International service provision is already achieved across a wide range of telecommunications services with satellite services probably the most prominent. However, the provision of services in one country from another encompasses particular issues for TI such as:

• privacy of personal communications and data;
• security of the administration of the TI;
• TI on a citizen of the ground station host nation by another country;
• validity of an Australian warrant in the country of the ground station;
• resolution of the location at which the TI is deemed to occur; and
• roaming of Australian customers of an international provider based in one foreign country onto the network of another international provider in a different country.

• Current arrangements, based on interceptibility of all user services, C/CSP funding for the installation and maintenance of TI capability and agencies paying usage costs are broadly appropriate.
• Some change to legislation and integration of a range of legislative and administrative underpinnings is called for.
• The Intercept Capability Plan (IC Plan) concept should be maintained but supplemented to address compliance.
• There should be a focus on CSPs and an involvement of vendors and manufacturers through a supplemented IC Plan process.
• The exemption process should be streamlined to make it quicker, more transparent, consistent and less costly.
• The costs of executing TI warrants and other reasonable help chargeable to LEAs should be regulated, perhaps through a determination by the ACA.
• Drawing on the existing co-operative arrangements within industry to give effect to telecommunications interception, a new 'mutual assistance' legislative requirement should be imposed on C/CSPs to streamline and require co-operation in the execution of TI warrants.
• Agencies will, in the near future, have to address more sophisticated technology, greater diversity of organisations with which they must deal, and greater number and diversity of services offered by C/CSPs and used by targets. This will require a greater level of resource commitment and better co-ordination to improve the level of utility from TI.
• Better national TI management, possibly including sharing of technical skills and facilities, could effectively and efficiently provide for more effective use of resources.
• The benefits of some form of enhanced co-operation between LEAs are placed squarely in the court of such agencies to realise. The ACA cannot mandate for what should be done and its recommendations could only be made effective if there is a will in LEAs to realise the benefits of co-operation that are set out in this review.
• Efforts to improve standardisation at national and international levels need to be addressed, including within the national and international telecommunications standards processes.

Term of Reference 6 requires the ACA to:

Chapter 3 contains a discussion of the progress with implementing the current arrangements as well as the ACA's conclusions in respect of the operation of those arrangements. This Chapter contains the ACA's recommendations in relation to the Government's current longer-term strategy and proposals for improvement.

The general policy framework provided for under Parts 14 and 15 is appropriate. In particular, the major planks of the framework, ie:

• that all services supplied by a C/CSP be interceptible;
• that C/CSP meet capital and maintenance costs of the TI capability as part of their commercial provisioning activity for their business arrangements;
• that agencies pay for usage and individual specific requirements toward recognising the financial impacts of their need for TI; and
• a focus on international standardisation of TI;

are consistent with a cost-effective regulatory regime for telecommunications interception and the current or proposed arrangements in comparable jurisdictions.

The basis of the ACA conclusions on this are discussed in detail at Chapter 5.

The ACA believes that legislative intent for cost-effective telecommunications interception could be enhanced in three primary areas. They are:

• practical problems with the current arrangements;
• systemic problems; and
• international standardisation.

These areas are discussed below.

Chapter 3 of this review sets out the ACA's conclusions on the operation of the current arrangements. Briefly, the ACA concluded that there were a number of practical problems with the current arrangements which needed to be addressed to promote certainty on the part of agencies and the telecommunications industry in the provision of TI. The changes proposed in this Chapter will, in the ACA's opinion, improve cost-effectiveness of TI if supported and driven by determined regulatory action.

The areas where practical problems are impeding the current arrangements and which the ACA believes should be addressed are as follows:

• improve the cost-effectiveness through a technical standard or standards for interception capability;
• limit administrative impediments.
• streamline the exemption process;
• assure interception capability;
• require co-operation within industry; and
• rationalise delivery points;

In Chapter 3 the ACA concluded that the current standard of interception capability required of C/CSPs did not provide sufficient business or technical certainty for C/CSPs in meeting their TI obligations, as well as not ensuring that agency requirements (as expressed in the IUR) were met.

The current level of interception capability required under law is the ability to intercept a communication in accordance with a TI warrant. Chapter 3 highlighted that both the Telecommunications Act and the TI Act are silent on whether the C/CSP's capability should include the ability to transmit call associated data in real time as part of the interception.

The obligation on C/CSPs also does not properly reflect the practical reality, flowing from the obligation to execute warrants in respect of services. Under the TI Act, it is services that are intercepted, and warrants are issued in respect of services. The current focus on networks and facilities is not only out of step with this practical reality but also does not adequately address the sharing of facilities by C/CSPs, either as a consequence of the operation of the telecommunications access regime or under other commercial arrangements.

The standard for interception capability should be altered by law to promote:

• certainty on the part of C/CSPs in relation to the extent of their interception obligation; and
• certainty on the part of agencies in the level of interception service which they are to receive from C/CSPs.

Some agencies believe that the current standard of interception capability is satisfactory. Although it is useful to some extent as a base level obligation, the ACA disagrees with this view for the reasons outlined above and in Chapter 3. The base level standard should be kept but should be supplemented by a technical standard, with the ability to alter this standard in particular situations.

There is another option, which is to amend the current legislative standard for TI capability. However the ACA believes that legislation is not the appropriate place to include a detailed technical standard as is required to provide the certainty and clarity which the current standard lacks.

When introduced in December 1997 the legislation contemplated that a determination would be made by the Attorney-General under section 322. However this provision has not been used and although it is only a relatively short period of time since it came into operation, there are clear enough pointers to its need.

The ACA recommends that the Attorney-General make a determination in relation to interception capability under section 322 of the Telecommunications Act. A determination would build on the base level obligation of providing interception capability to execute a TI warrant, but also:

• specify an internationally recognised technical standard for the standard of interception capability required;
• apply to specified types of carriage services (eg. up to 64 kbs voice and data services);
• impose interception capability obligations on C/CSPs in relation to the services they provide; and
• permit alternative and ad hoc solutions in particular situations.

These elements are discussed in greater detail below.

The Explanatory Memorandum to the Telecommunications Amendment Act 1997 states that it is intended that the IUR would be the international standard used as basis for a determination under section 322. However the IUR is an agency user requirement, and not a technical standard appropriate for equipment design and manufacture. For this reason it is difficult for C/CSPs to use the IUR as a basis for commercial negotiations with equipment manufacturers.

Technical standards are, however, being developed on the basis of the IUR. Chapter 7 described the work which has been undertaken in ETSI to develop ETSI standard DES/SEC 003003 Mar 1999. The US J-STD-025 developed to address the CALEA 'safe harbour' provision is also linked to the IUR. Both of these standards could qualify as international standards for the purpose of section 322.

A determination by the Attorney-General which specifies a particular standard should not have the effect of preventing C/CSPs using alternative interception capability standards which also meet agencies' requirements. However, section 322 would not appear currently to allow a determination which is based on more than one technical standard. Therefore amendment to section 322 may be required to allow this to happen.

A determination under section 322 would only apply to those services which are specified in the determination. Section 324 provides that a service which is not covered by a determination under section 322 must still be capable of interception in accordance with a TI warrant.

The ETSI standard, DES/SEC 003003, covers all services (voice or data) up to 64 kbs. This would cover the most important services such as fixed and mobile (GSM, CDMA) telephony. A standard covering 2Mbit/s services is about to be developed by ETSI. Other services would still be required to have an interception capability necessary to execute a TI warrant.

The determination could also, in the absence of an international standard, include special provisions which apply to interception of specific applications such as email.

In making a determination, the issue of the extent of the obligation on CSPs would need to be considered. For example, it could be made clear that each C/CSP is required to intercept a service that the C/CSP itself is supplying. A wholesale C/CSP would be required to be able to intercept the service it supplies, and not the services that its customer (another C/CSP) supplies to other customers.

This would mean that interception capability was in each case assured and it would provide a more realistic basis for the interface between agencies and industry. This would reinforce the practical reality that TI for an individual end-user's service is most cost-effectively undertaken at the edges of the network.

A determination made under section 322 should not have the effect of disturbing agreements for provision of interception capability made under previous arrangements and thereby making C/CSPs non-compliant with the legislation.

The legislation should therefore 'grandfather' any previous arrangements for provision of interception capability. The legislation should ensure that the technical standard determined by the Attorney-General in consultation with the Minister for Communications, Information Technology and the Arts, does not apply to interception capability which has been developed and installed prior to the determination taking effect.

Consideration may need to be given to the effect of the determination on interception solutions which are currently being negotiated between C/CSPs and agencies. The ACA is of the view that the determination should not have the effect of delaying the introduction of interception solutions which have been the subject of considerable negotiation.

A key theme of this review is the delays in the provision of TI which are being incurred as a result of negotiations over matters ancillary to TI. The ACA believes that further regulatory intervention is necessary to address:

• delays in the negotiation of service level agreements between agencies and C/CSPs; and
• variation in fees charged by C/CSPs to agencies for reasonable help under Part 14 (including charges for the execution of warrants by C/CSPs).

In work done as part of the review, consultants engaged by the ACA (KPMG) outlined a range of options for improving the cost-effectiveness of TI. In this work it was pointed out that agencies have no choice but to use the services of the C/CSP servicing the target, and agencies do not have access to the costing information which underlies C/CSP charges. The ACA agrees with this assessment.

This means that the negotiations will favour the C/CSP and there is not any possible natural rebalancing mechanism.

The ACA is also of the opinion that some form of standard agreement could be developed which specified a range of matters relating to TI including:

• fees charged for reasonable assistance;
• quality of service (including response times);
• procedural matters (eg. where a target moves from one CSP to another);
• product delivery issues;
• technical standards;
• security and warrant handling procedures;
• apportionment of costs; and
• liability for damages.

The ACA does not believe it is necessary to set out the content of a standard service level agreement in this review. The points listed above are intended to be illustrative only of the matters that a standard SLA could cover.

There are a number of options that could be used to set the amount which a C/CSP could charge:

• a list of fixed fees which C/CSPs could charge for specified services;
• an agreed accounting formula for the calculation of fees which may be charged (eg. total service long run incremental cost); and
• commercially negotiated arrangements either 'en bloc' or on a single agency basis.

The ACA is concerned that a fixed schedule of fees may not be appropriate as it does not provide a sufficient level of transparency or flexibility for the relevant parties. The ACA is inclined towards using an agreed accounting formula that is consistent with the approach of the ACCC to pricing matters. The ACA also believes that it would be preferable for the standard fees to apply equally to all agencies.

Options for the regulation of SLAs and reasonable help charges include:

• incorporate the standard level agreement into the primary legislation;
• Ministerial regulations; or
• determination by the ACA in consultation with the Attorney-General's Department.

The ACA believes that a determination by a regulator would provide adequate certainty while also ensuring flexibility should the need arise to change the determination.

The current exemption process allows either the Agency Co-ordinator, or the Minister for Communications, Information technology and the Arts (the Minister) with the consent of the Attorney-General, to exempt a C/CSP from its obligation to provide interception capability. There is no time limit specified in the legislation for the consideration of exemptions by the Agency Co-ordinator or the Minister. The legislation also does not provide any guidance on what matters will be taken into account in the consideration of an application for exemption.

In Chapter 3 the ACA set out its conclusions in relation to the current exemption process. The ACA believes that there is a number of aspects of the exemption process which should be changed to address these problems. These are:

• increased transparency, including like treatment for like services in like circumstances through the establishment of broad criteria; and
• a statutory time limit for the consideration of applications for exemption.

A recognition of the availability of interception capability at other points in the network would reduce the possibility of duplication of interception capability. It would also help to improve co-operation and make the TI task more straightforward. Coincidentally, this would also assist in avoiding the waste in terms of costs and opportunity cost through delays that are part of the present approach.

The ACA believes that amendments to the exemption process which meet the policy objectives set out above will result in greater incentives for industry to co-operate with the overall TI regime.

The ACA believes that where a C/CSP has been granted an exemption in respect of a particular service, a C/CSP supplying a like service in like circumstances (eg. same intended market, equivalent geographical coverage) should also be exempt from the obligation to provide interception capability. This would also promote competitive neutrality in the supply of carriage services. The ACA also believes that making established criteria available to C/CSPs would also encourage C/CSPs to comply with the interception capability obligation.

Where criteria are established, the process of deciding on exemption applications should be more straightforward and timely in most instances. Accordingly it is appropriate to require timely responses whereever possible but recognise that in some cases considerations may take longer. This timeliness would assist industry planning and give certainty to the introduction of services.

It was noted earlier in this review that there is a number of limitations relating to the IC Plan process, including:

• the IC Plan is fundamentally a statement of intent, and does not require a carrier to demonstrate compliance with its TI obligations;
• the quality of IC Plans varies between carriers; and
• assessment of IC Plans places significant resource demands on agencies.

The IC Plan process could be supplemented to address compliance with the interception capability obligation. This would include a discretionary audit procedure modelled on the existing procedures for compliance with technical regulation standards which have been developed by the ACA under the Act.

In developing this proposal, the ACA suggests a regime which:

• aligns with general industry familiarities;
• maximises opportunity for self-regulation by industry;
• enhances the overall effectiveness of TI; and
• involves the regulator only in exceptional instances.

The existing customer equipment technical regulation scheme was developed by the ACA to encourage industry self-regulation in ensuring compliance. Under the scheme, manufacturers or importers are required to assure compliance for each item manufactured or imported and retain records that substantiate that belief. The basis for substantiation will vary according to the nature of the item and its approval status overseas, if any. These records are subject to random audits and audits arising from complaints. Non-compliance with technical regulation requirements (ie. unapproved equipment) is subject to penalties under the Act.

The key elements of the proposal for TI compliance are:

• a formal declaration of compliance with TI obligations which is capable of audit;
• a test service for sensitive types of services (possibly industry-based) which confirms compliance with relevant standards; and
• available relevant standard(s).

Consistent with the technical equipment regime, under a TI compliance regime a C/CSP would be required to maintain documentation for each product it offers in the marketplace. This could be a product description, a substantiation of compliance and a declaration of compliance signed by an officer of the C/CSP capable of binding the provider.

As with the technical regime, the substantiation of compliance could be multilevel. For example compliance could be demonstrated by:

• test report via an appropriately accredited Laboratory (eg. NATA accredited);
• in-house test; or
• design intent.

The regulator (ACA) could, in consultation with the Agency Co-ordinator, determine the level of proof of compliance required for different classes of product or service. This level of compliance would be determined on the basis of the type of service which was being supplied by the C/CSP, while also taking into account the likely cost impact on the C/CSP of the level of compliance.

The ACA could undertake random audits, or act on the basis of a complaint. If a C/CSP was not complying with its interception obligations the ACA could invoke its remedial powers under the Act. These range from the initiation of a written direction requiring the C/CSP to take specified action to ensure compliance, a formal warning or civil penalty action in the Federal Court.

The current legislation also enables action to be taken in the Federal Court where a C/CSP makes a false or misleading statement to a regulator, or omits information which makes a statement misleading. This provision could be used where a C/CSP's compliance folder contains false or misleading information.

It is a feature of the current regulatory regime that C/CSPs must share networks and facilities for the purpose of supplying carriage services to end-users. The ACA believes that this existing co-operation should form the basis of a 'mutual assistance obligation' which would apply to CSPs involved in the supply of carriage services the subject of a TI warrant.

As noted elsewhere in this review, the ACA is of the opinion that the primary interception obligation should be placed on the CSP with whom the target has a direct customer relationship. However this emphasis on the C/CSP owning the customer/target should not mean that C/CSPs who are involved in the supply of underlying or higher level telecommunications services are not required to give reasonable assistance to the C/CSP served with the warrant.

The ACA is of the opinion that Part 15 of the Act should be amended. This should make it clear that where a C/CSP is served with a warrant in respect of a customer, and another C/CSP is part of delivering that service, that other C/CSP must assist to the extent relevant for the execution of that warrant.

This mutual assistance obligation would require the 'secondary C/CSP' to give such assistance to the C/CSP served with the warrant as is reasonably necessary in the circumstances to give effect to the warrant. The reasonable assistance would be given on negotiated terms, with provision for arbitration to the ACCC if required and a default set of charges and other terms and conditions in the event of no agreement. These provisions could be triggered by the C/CSP that is served with the warrant notifying the second C/CSP of the existence of a warrant and the need for assistance.

Examples of where such a mutual assistance obligation would be relevant would include:

• national roaming agreements (eg. the carrier served with the warrant would notify its roaming partners who would then undertake to ensure the target's traffic continued to be intercepted where they roamed into networks);
• number portability (eg. the losing CSP would notify the gaining CSP as soon as possibly that the porting customer was subject of a TI warrant); and
• access regime (eg. the carrier supplying declared local access services would provide all relevant network information to C/CSP served with the warrant necessary for agency purposes).

There is a number of options for how a mutual assistance obligation could operate in practice:

• amendment to the Act to include a standing legislative obligation on all C/CSPs to give another C/CSP such help as is reasonably necessary to ensure an interception takes place;
• creation of a new 'interception notice' provision in the TI Act or Telecommunications Act (the notice would be given to a C/CSP by the C/CSP served with the original TI warrant and would require the C/CSP issued with the notice to give the first C/CSP such help as is reasonably necessary to ensure the interception takes place.); or
• amendment to the Act, or Part XIC of the TPA, to require interconnecting C/CSPs to include interception arrangements in interconnect agreements.

The obligation on C/CSPs to provide mutual assistance to ensure an interception takes place should build on existing arrangements for co-operation in interception matters. In some situations a C/CSP may (for security reasons) require written notice to be provided from the C/CSP served with the warrant before taking action. However requiring a formal 'interception notice' to be received by a C/CSP before assistance is given is unlikely to improve the cost-effectiveness of TI.

Interconnection agreements can, and in some situations should, cover TI matters. However the ACA does not believe that mandating the inclusion of TI matters in interconnect agreements is the most appropriate way to ensure C/CSPs co-operate in the provision of TI.

The ACA notes that subsection 63B(4) of the TI Act already allows for C/CSPs to disclose designated warrant information to other C/CSPs for the purpose of enabling a warrant to be executed.

The ACA has noted earlier in this review that there has been limited progress made in determining delivery points under section 314. A significant failing of the new arrangements is that there is no "default" delivery point where an agency and a C/CSP cannot agree on a delivery point for intercepted product in relation to a particular service.

The ACA believes that it would be beneficial to C/CSPs and agencies if the legislation provided for a 'default' delivery point.

Figures 8a and 8b show two possibilities for rationalisation of delivery points. Figure 8a shows a central delivery point to which all TI product would be delivered by C/CSPs. The TI product would then be distributed to the relevant intercepting agency's TI monitoring centre for receipt and analysis. The attraction of this option is primarily its simplicity. However there is a number of problems with such a proposal, including:

• determining the most appropriate location of the central delivery point;
• administration of the delivery point interface (including security); and
• establishment of links to the delivery point by C/CSPs and agencies.

Figure 8b presents a discrete number of default delivery points to which TI product could be distributed.

The ACA believes that the option presented in Figure 8b is the more attractive option for rationalising delivery points as it readily provides for regional nature of operations of LEAs and C/CSPs. This would also promote standardisation of TI practices among LEAs.

The ACA notes that the AFP has a presence in each State and Territory in Australia and has an existing secure private network connecting its premises. This network could provide a cost-effective means of delivering product between States and Territories when required eg. for a roaming target.

A rationalised number of delivery points could lead in the longer term to standardisation of agency interfaces or arrangements to accommodate a small number of agency or C/CSP delivery interfaces. The ACA believes this will be highly desirable in terms of reducing costs and receiving better co-operation from C/CSPs.

The most appropriate point for delivery of TI product would, in the absence of other arrangements, be the AFP headquarters in the State or Territory in which the warrant is raised. Delivery from the AFP State headquarters to the relevant agency would be via arrangements between the AFP and that agency.

The default delivery point concept should not compromise the opportunity for agencies and C/CSPs to agree on alternative delivery points for particular carriage services.

The default delivery point would operate as an automated switching point for TI product, and would not compromise an agency's ability to receive TI product in real-time at its own monitoring centre. The automated switching arrangements would also not limit the number of simultaneous interceptions that agencies may wish to conduct.

The default delivery point concept should not compromise the opportunity for agencies and C/CSPs to agree on alternative delivery points for particular carriage services. The ACA also notes that these default delivery arrangements would only apply in respect of TI product for LEAs. ASIO would continue to require specific arrangements for delivery of its TI product to ensure its security requirements were met.

The ACA's proposals for default delivery points would remove the current requirement that each C/CSP nominate a delivery point for each agency, even where the C/CSP was not offering services to the jurisdiction for which the agency is responsible.

The ACA recommends that relevant legislation should be amended to provide for the delivery point for TI product from any C/CSP to any LEA to be defined as the AFP headquarters of the State in which the TI warrant is raised or, if agreed between the AFP and the C/CSP, another appropriate place. If a C/CSP does not operate in the jurisdiction in which the warrant was raised the delivery point should be the AFP headquarters in a State in which the C/CSP does operate. Delivery to the intercepting agency may need to be subject to contract between the AFP and the intercepting agency.

The text below considers systemic problems with the new arrangements. That is, problems which are not necessarily related to the mechanics or practical application of particular provision or obligation, but that relate to underlying dysfunctional arrangements and which are having an adverse effect on the provision of cost-effective TI.

The matters considered under the heading of systemic problems are:

• strengthening of law enforcement agency co-ordination;
• promoting industry co-operation; and
• harmonisation between the TI Act and the Telecommunications Act;

An important theme of this review has been the absence of effective co-operation by LEAs in addressing the problems presented to LEAs by developments in technology.

The ACA believes that it is in the best interests of agencies to co-operate to ensure that agencies are able to:

• present uniform positions and requests to the telecommunications industry (particularly in light of developments in technology and service provision);
• keep up with developments in technology and maximise the possible benefits those developments to agencies; and
• provide for more efficient use of available agency skills bases.

The new arrangements have created substantial additional work for the Attorney-General's Department by conferring a range of decision making roles on the Agency Co-ordinator in addition to a range of existing policy responsibilities. Despite this, it is clear that the creation of the role of the Agency Co-ordinator has had significant benefits for agencies and C/CSPs.

The ACA believes that the cost-effectiveness of TI could be improved by greater co-ordination by agencies, particularly law enforcement agencies.

The ACA notes that ACIF has made measurable progress in developing industry codes, standards and guidelines in relation to a number of regulatory issues, including number portability, customer churn and technical standards. The ACA believes that ACIF could provide a leadership role for the telecommunications industry in developing industry-wide TI solutions that reduce the overall costs of TI without reducing the effectiveness of TI product.

The ACA is aware of industry concerns, particularly on the part of smaller CSPs, of the costs of implementing interception solutions and the consequential effect of those costs on CSPs' operating expenses. The ACA is of the opinion that opportunities also exist for sharing technical solutions for interception capability between CSPs, subject to appropriate security arrangements.

Chapter 4 of this review highlights the current disharmony between the terms and concepts used in the Telecommunications Act and those used in the TI Act.

The ACA believes that, as a general principle, there should be greater harmonisation between the two Acts. The TI warrant regime should be amended to better reflect:

• the definitions, phraseology and concepts used in the Telecommunications Act 1997;
• the structure of the telecommunications industry (including the different responsibilities of carriers and CSPs); and
• the changes to the types of services currently available and the ways in which those services can be used by end-users.

The ACA recommends that to recognise the fact that there are CSPs that can offer telecommunications services without having any facilities and that there may be circumstances in which TI can be more cost-effectively provided at different points, the Telecommunications Act should be amended to allow CSPs to fulfil their TI function in respect of the carriage services they are supplying by means of a contract with another entity. Any such contractual arrangement should not relieve the relevant CSP from the TI obligation but could be expected to permit those obligations to be more efficiently performed.

The ACA has noted through its LEAC that the new arrangements have had the effect of diminishing the roles and responsibilities of some of the LEAC subcommittees including Subcommittee A (New Technology Subcommittee). The new arrangements have resulted in some LEAC and associated subcommittee functions being transferred to other committees including the Interception Consultative Committee (ICC) and the Special Networks Committee (SNC).

In light of the experience with the new arrangements, and the increasing administrative difficulties in scheduling times for the committees to meet, the ACA believes that LEAC should review its current subcommittee structure.

Another key theme of this review is international co-operation, both from a technical standpoint as well in the context of agency requirements. The topic is addressed in depth in Chapter 7 of this review. The themes that derive from that discussion are presented in this Chapter.

There are three key aspects appropriate for consideration of international co-operation: international equipment standards; international consistency of agency requirements for that coverage; and internationally accepted legal arrangements for co-operation about TI.

The conclusions from this work are consistent with the recommendations of the Barrett Review in 1994. In particular this review emphasises that the most appropriate strategy for Australia, as a relatively small market for telecommunications products, is to work through standards fora to achieve the leverage over the delivery of equipment features that is otherwise only possible through much larger markets.

The three primary aspects of international co-operation identified above are areas that the ACA believes Australia should maintain active participation in the interests of more cost-effective provision of TI. They are:

• co-operation between agencies in international fora;
• international technical standards bodies (eg. ETSI, ITU and Committee T1); and
• international mutual assistance in legal matters under treaty.

Additionally the review suggests that reasonable alignment of strategy between legislative regimes does add further benefits. Such alignments do not need to be perfect to be useful. However such alignment would ensure that the capabilities delivered from work of the fora cited can be more fully used for the benefits intended.

Chapter 7 discusses the benefits of Australian access to and participation in international agency fora. Continuation of these benefits especially from the perspective of LEAs requires coordination within Australia so that a clear and unambiguous perspective is developed and then participation to represent it to the fora. Thus there are two key deliverables for success – a local forum for LEAs to develop perspective on issues and then participation to represent them.

Settlement of a lead house role for the LEAs will address the first, and assured and ongoing participation will address the other.

The great leverage that comes from participation in the formation of equipment standards is discussed above and in more detail at Chapter 7. Conveniently, Australia already has access to the standards organisations that have or could develop equipment standards relevant to TI. The mechanisms to develop local positions on either modification of developed outputs or contribution to the formation of new ones are also in place under the stewardship of the ACA and in concert with ACIF.

Draft or Interim Standards from two organisations are available and these should be reviewed for alignment with local needs and circumstances. Both organisations have signalled that their outputs are for further development, thus the time is right for Australia to represent its position for best effect.

Thus the local and international modalities are in place, and work is at a stage where involvement will make a difference. It follows that there is now good opportunity to gain from participation in these activities and fora.

International service provision is already achieved across a wide range of telecommunications services with satellite services probably the most prominent. As the technological approach to TI in an international context is little different than from a national one however, legal issues are a significant challenge. There is a need to address these legal challenges that include:

• privacy of personal communications and data;
• security and acceptability of executing a TI warrant on a citizen of the ground station host nation by another country;
• dealing with other nations warrants for TI; and
• roaming of Australian customers of an international provider based in one foreign country onto the network of another international provider in a different country.

The ACA observes that the Attorney General's Department has been contributing to the role of the Agency Co-ordinator from within its existing resources in addition to other core activities.

The ACA also observes that funding of $30m was provided in FY 1994-95 for Commonwealth agencies to acquire interception capabilities for emerging services. At the time the funding was provided, agencies were responsible for meeting all the costs associated with development, installation and maintenance of interception capabilities. The 1997 amendments to the Act placed the capital and ongoing costs of interception capabilities on carriers or providers but left agencies responsible for the substantial costs of developing, installing and maintaining 'agency specific delivery capabilities' including their own TI processing and monitoring systems.

Agencies will have to address more sophisticated technology, a greater range of telecommunications services, and a greater diversity of organisations delivering them. This will require greater resource commitment and better co-ordination between the agencies. The funding provided in FY 1994-95 has been drawn down progressively and is expected to be exhausted during FY 1999-2000. Further supplementation will be required if national security and law enforcement agencies are to maintain interception capability against emerging services.

Giving effect to the recommendations made in this report is likely to have further resource impacts on a number of other agencies.

To oversee the implementation of the changes proposed in this Review, the ACA proposes that a small high level, but ad hoc and limited life Inter-Departmental Committee (IDC) be established. The IDC would be jointly chaired by DoCITA and the Attorney-General's Department and actively supported by the ACA. The IDC would also include operational agencies or their representatives as required and would consult with industry as necessary.

The Australian Communications Authority (ACA) has been requested to conduct a review of the longer term cost-effectiveness of telecommunications interception arrangements pursuant to section 332R of the Telecommunications Act 1997 with the following terms of reference:

1. To report on the following matters:

2. To identify any other regulatory issues, including issues arising from the Telecommunications Interception Act 1979, which are affecting, or are likely to affect, the cost-effective operation of the arrangements for Parts 14 and 15 of the Telecommunications Act 1997.

3. To identify the factors likely to affect the costs and effectiveness of TI in the longer term including, but not limited to:

4. To develop an analytical framework which can be used to assess the costs and the benefits of any regulatory interventions associated with TI, including as these change over time.

5. To report on the current and likely future state of international co-operation on interception and related issues.

6. To assess the continued appropriateness of the current arrangements for maintaining a telecommunications interception capability in the longer term and if the current arrangements are not appropriate, recommend alternative options.

This appendix describes the history of the regulatory arrangements applying to interception until the enactment of the current arrangements.

The Telecommunications Act 1975 (1975 Act) and the Telecommunications Act 1989 (1989 Act) did not impose express obligations on the monopoly carrier, Telecom (or AUSSAT and OTC under the 1989 Act) in respect of interception. Interception, up until the enactment of the Telecommunications Act 1991 (1991 Act), was still addressed primarily by less formal arrangements between Telecom and law enforcement and national security agencies.

The Australian Telecommunications Authority (AUSTEL) created the Law Enforcement Advisory Committee (LEAC) in early 1990 following representations from law enforcement and national security agencies and correspondence between the Minister for Telecommunications and Aviation Support and the Attorney-General.

Interception arrangements under the 1991 Act were dealt with initially by carrier licence conditions and subsequently (post Barrett Review) by the insertion of a new provision.

The 1991 Act allowed for the imposition of carrier licence conditions which addressed interception capability, notification of new technologies and co-operation with agencies.

Clause 3.1 of the Telecommunications (General Carrier Licences) Declaration (No 2) of 1991 and clause 8.1 of the Telecommunications (Public Mobile Licences) Declaration (No 2) of 1991 prohibited a licensee to operate a telecommunications network unless it was possible to execute a TI warrant in relation to a telecommunications service provided by means of that network. The Minister for Communications, after consultation with the Attorney-General, could authorise a service to operate without interception capability, subject to conditions specified in the authorisation.

Licensees were also required to comply with any directions issued by AUSTEL to consult with law enforcement agencies about new technologies which a licensee proposed to introduce. AUSTEL issued directions to Telstra and Optus requiring them to consult with the New Technology Subcommittee of the LEAC. Other directions were issued in respect of the giving of help to law enforcement and national security agencies.

Since 1990 it has been government policy that all public telecommunications services should be capable of interception by agencies, unless an authorisation (and later an exemption) has been given to the contrary. Prior to 1988 the costs of providing interception capability were met by Telecom as the monopoly carrier. From 1988 to 1994 the costs of interception were met by agencies obtaining funding under the New Policy Proposal (NPP) process.

In 1994 the Government, concerned about the escalating costs of telecommunications interception, commissioned a review (the Barrett Review) into the cost-effectiveness of interception and the options for meeting the costs of interception.

The Barrett Review recommended that carriers should be required to meet the initial capital cost of developing or acquiring interception solutions for telecommunications services, and that these costs be recovered from agencies over the life of the capability. In line with this recommendation, the provision of the interception capability for some services has been pursued through the negotiation of contracts. Both carriers and agencies have found this time and resource consuming. Furthermore, the Barrett Review recommended that there be a further review in 1997, to evaluate how well any agreed arrangements met policy objectives, as well as the efficiency of the process.

The arrangements for interception set out in carrier licence conditions were amended in 1995 to give effect to recommendations made in the Barrett Review. Section 73A of the 1991 Act, inserted by the Telecommunications (Interception) Amendment Act 1995, empowered the Minister for Communications to issue a written notice to the holder of a general or mobile carrier licence (the licensee) requiring that a telecommunications system operated, or proposed to be operated, by the licensee to have a specified kind of interception capability. Compliance with the notice was then a condition of the carrier licence. Interception capability was defined as the ability of the licensee to execute a TI warrant.

The interception capability was to be provided as agreed between the holder of the carrier licence and the agency or agencies specified by the Minister in the notice, subject to the principles that:

The amending legislation included a number of additional amendments to the Telecommunications Act 1991 which gave effect to recommendations made in the Barrett Review. A key aspect of the post-Barrett arrangements was that not every new telecommunications system will necessarily be required to be interceptible.

The class licensing regime under the 1991 Act did not impose interception obligations on service providers. Service providers were required under relevant class licences to give reasonable help to agencies.

The arrangements under the 1991 Act were carried over in substance in Part 15 of the Telecommunications Act 1997 (1997 Act). A major departure from the arrangements under the previous legislation was to impose interception obligations on carriage service providers as well as carriers.

Under these arrangements:

• carriers, and members of a class of CSPs specified in a written determination made by the Minister for Communications, were required to be able to execute a TI warrant;
• the Minister could give a C/CSP a notice requiring that the C/CSP have a specified kind of interception capability in relation to a controlled network, facility or carriage service of the C/CSP;
• C/CSPs were responsible for the initial costs of installing, developing and installing the interception capability specified by the Minister in the notice; and
• C/CSPs could recover these costs from agencies over the life of the capability.

These arrangements were in effect from 1 July 1997 until December 1997 when the new arrangements became law.

3Com

Agile

Alcatel

Australian Telecommunications Users Group

Australian Federal Police

Australian Privacy Charter Council

Australian Security Intelligence Organization

BigPond

Bramex (for Iridium)

C & W Optus

Criminal Justice Commission

Ericsson

Geoff Marshall

Horizon Telecommunications

Hutchison Telecommunications

Independent Commission Against Corruption

Iridium South Pacific

Link

Macquarie Corporate

National Crime Authority

New South Wales Crime Commission

New South Wales Police Service

Nokia Australia

Nortel

Ozemail

Police Integrity Commission

Primus

Privacy Commissioner

Seimens

South Australia Police

Telstra

Victoria Police

Vodafone

Western Australian Police Service

Worldcom Australia

WORLDxCHANGE

Xinhua News Telecommunications