New guidelines for how public servants should go about having websites blocked under section 313 of the Telecommunications Act 1997 only apply to Commonwealth public servants, but state and territory agencies are encouraged to follow them as well.
The Department of Communications and the Arts published the “good practice” guidelines yesterday, which are summarised in six points:
- Obtain authority from the agency head as a minimum to be able to make use of section 313(3) to disrupt access to online services. Ensure each request to an internet service provider is approved by an Senior Executive Service officer or equivalent
- Develop, maintain and publish internal policies and procedures for disruption requests. Specify how long a disruption is to remain in place. Monitor and evaluate disruptions.
- Limit disruptions to serious criminal or civil offences, or threats to national security. Make requests as targeted as possible. Consult internet service providers prior to making a request.
- Provide information to the public through media releases, online posts, ‘stop pages’ and annual reporting.
- Have procedures in place to support complaints and reviews.
- Have access to the appropriate technical expertise.
Each of the six points is of course fleshed out in more detail in the document. For example, it suggests “serious criminal offences” could be defined as any that can attract a maximum jail sentence of at least two years or a fine of at least 120 penalty units (currently well over $20,000).
Any agencies that use the 20-year-old legislative instrument or “foresee” using it in future for the specific purpose of getting sites blocked are advised to develop and maintain policies and procedures for how they go about it.
Going forward, along with their own new reporting requirements, any such blocking or disruption requests have to be reported to the Australian Communications and Media Authority — a reporting template was released in late June — and will be published in the ACMA annual report. The guidelines include a diagram of the new framework:
It is more than a year after consultation on the draft version ended, two years after a set of clear ground rules was recommended by a House of Representatives committee, and well over four years after a blunder by the Australian Securities and Investments Commission led to hundreds of thousands of sites being unfairly blocked and brought the issue to public attention.
The committee heard arguments supporting the use of website blocking by law enforcement and other regulatory agencies as one of many weapons against child pornographers, financial fraudsters and terrorist propagandists, but also of the implications for personal online freedom and the ease with which the blocking could be circumvented through anonymity tools like virtual private networks.
The Australian Federal Police agreed the specific piece of legislation in question would be “somewhat limited” in relation to VPNs and the like. “But that is not to say that the AFP and other agencies around the world do not have the ability to monitor and disrupt and prosecute people who are utilising such capabilities,” the AFP submission said.