Review of Security and Counter Terrorism Legislation

The Border Security Legislation Amendment Act 2002 (BSLA) amended the Customs Act 1901 (Customs Act) and four other Acts.¹ Among other things the BSLA:

• increased the role of Customs enabling customs officer to patrol airports, expanded the areas under restriction and conferred powers to remove a person from a restricted area;
• expanded provisions relating to the authorisation of the carriage of firearms and personal defence equipment by Customs officers;
• required employers of staff in restricted areas and issuers of security identification cards to provide information to Customs on people who work in restricted areas;
• increased reporting of goods in transit through Australia and powers of inspection and search and seizure of goods in transit;
• required certain airlines and shipping operations to report passenger and crew information to Customs and Department of Immigration and Multicultural Affairs (DIMA) electronically and certain airlines to provide Customs with access to their computer reservation systems (advance checking).

The key issues raised during the Sheller Inquiry and considered during this review include:

• regulation of issuing and use of firearms;
• privacy issues – access to passenger information from Europe;
• expansion of search and seizure powers.

Firearms

Firearms have been available for use since 1999 by Customs marine crews when operating far from shore and away from the support of armed Defence or police personnel. The BSLA introduced a system of ‘arms issuing officers’, which are regulated through CEO Directions and Orders. The section 189A of the Customs Act provides that, subject to directions from the CEO, firearms may be issued and used for purposes, including the safe exercise of powers conferred on an officer (authorised to carry arms) under the Customs Act or any other Act. The type of firearms are specified in Customs Regulation 168 and include: Colt M16 automatic rifle; Glock 9 mm semi-automatic pistol; Remington 870 Marine Magnum shotgun; CZ.22 Bolt Action Rifle; Browning 0.50 Calibre Infantry Machinegun; FN Herstal General Support Machine Gun (GSMG) MAG 58 (7.62mm).

The Sheller Report canvasses the objections to extending the use of firearms by Customs. Submissions argued that carrying firearms significantly increases risk of injury and death to Customs staff, the public and others working where firearms are being carried. Earlier practice was to rely on AFP for armed support if necessary. It was said that the use of firearms should be, reserved to the police who are subject to a police integrity and accountability framework and who are specifically trained in the use of firearms. ² There was also concern that expanding the number of agencies allowed to use firearms fetters and disperses the powers of the AFP.³

The Sheller Committee concluded that it was satisfied that the training of Customs officers and the protocols for the use of force and rules of engagement have been developed in consultation with the AFP. The AFP gave evidence that it believes that Customs has established the accountability requirements equivalent to the AFP for the issue, use and handling of incidents involving the use of force in a Customs environment.⁴

As noted, under the Act the use of firearms must be dealt with by CEO directions, which in turn rely on CEO orders. CEO orders on the use of force and rules of engagement are not publicly available and are classified Protected. The Committee has seen these documents and is satisfied that they are both comprehensive and appropriate.

Privacy and Passenger Name Records

Customs has operated a voluntary scheme to access passenger information on the basis of a series of Memorandum of Understanding (MOU) with various airlines for some time. The introduction of section 64AF of the BSLA, made it mandatory for an operator of an international passenger air service to Australia to provide on-going access to its passenger information on request from the CEO of Customs.⁵

During the Sheller Inquiry, it was reported that the CEO had written to forty-seven airlines operating international flights into Australia; that the Passenger Analysis Unit (PAU) is connected to twenty-eight airlines with full analytical capability for nineteen and limited analytical capability for nine airlines. This gives Customs 92.5% of total passenger movements into and out of Australia.⁶ During the Committee’s hearings, this number had increased to thirty-two airlines covering approximately 95% coverage. Connections with Jetstar, Virgin Atlantic, Royal Tongan Airlines and Milne Bay Airlines are yet to be established.⁷

Under subsection 64AF(6) ‘passenger information’ means ‘any information’ the operator keeps electronically in relation to:

• operator scheduled flights (inc. departures, arrivals and routes);
• payments by people of fees relating to scheduled flights; and
• people taking, or proposing to take, flights scheduled by the operator;
• passenger check in and seating;
• baggage, cargo or anything else carried or proposed to be carried and the tracking and handling of those things; and
• itineraries (including any information about things other than flights scheduled by the operator) for people taking, or proposing to take operator scheduled flights.

The Committee asked for clarification about the precise nature of the information obtained. Customs advised that the following information is obtained through the reservation system:

• name, title;
• date and place of ticket purchase;
• ticket details such as number, fare class, travel itinerary, payment mode;
• flight book date;
• whether the passenger is a member of a tour group;
• check in details such as number of hold baggage items and weight, whether bags are pooled, bag tag numbers, allocated seating, check in time; and
• reservation/check in agency remarks such as contact details, seating preferences, whether passenger is a frequent ‘no show’ for booked flights, travel agency details and any other information relevant to a passengers travel.⁸

Scope of Passenger Name Records

The compulsory acquisition of passenger information is broader than terrorism, and extends to import or export of prohibited goods or other offences against Commonwealth law.⁹ An authorised officer may only access passenger information for the purpose of:

• performing his or her function under the Custom’s Act or
• another law of the Commonwealth prescribed by regulation.¹⁰

The Committee notes that the regulations now prescribe thirty-four different Commonwealth Acts for the purpose of access to the passenger information.¹¹ Although the policy rationale for access relates to possible offences under other Commonwealth Acts, this is not specified in the provisions of the Customs Act itself.

European Union Privacy Directive

The Committee is aware that the question of Passenger Name Records (PNR) is highly sensitive in the European context. European airlines, or airlines with their head office based in a Member State of the European Union (EU), have obligations under the European Privacy Directive 95/46/EC.¹² The European Parliament has given the European Commission the power to determine,¹³ whether a third country ensures an adequate level of protection by reason of its domestic law or of the international commitments it has entered into. The Sheller Committee notes that Australia’s privacy laws and PNR transfers have not been deemed ‘adequate’ and negotiations are ongoing.

Since the Sheller Committee reported in April 2006, the European Court of Justice (ECJ) has also ruled that the EU agreement with the US and Canada is defective. On 30 May 2006, the ECJ issued a ruling, annulling the decisions of the European Commission and European Council on which the agreement was based.¹⁴ The European Parliament argued that the legal basis of the decisions were flawed and infringed fundamental rights.¹⁵ Although the decision turned on the question of the lawfulness, it illustrates the extent to which the issue of privacy protection is a very live one in Europe. The ECJ imposed a deadline of 30 September 2006 for the annulment to come into effect.

From an Australian perspective, this creates a further complication in the negotiation of clear and binding agreement between European states and Australia. The European Parliament has agreed that it would authorise access by public authorities to passengers personal data for security purposes when necessary for identification purposes and for the purposes of cross checking them against a ‘watch list’ of dangerous persons or known criminals or terrorists.¹⁶ But expressed its concern about the systematic access by public authorities of data linked to the behaviour of ‘normal’ passengers to check against a theoretical pattern whether such a passenger might constitute a ‘potential’ threat to the flight, his or her country of destination or a country through which he or she will transit.¹⁷

The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs has raised concerns that sharing passenger data is developing into a blanket security screening and ‘catching a plane will license the screening of passengers for any sort of crime, for instance, tax offences or detention for the personal use of drug..’.¹⁸

The Committee sought some clarifying information about the extent of the PNR system under Australian law. Customs reported that:

Customs does not conduct predictive profiling on passenger information. The analysis software used by Customs automatically profiles against PNR date elements to identify passengers who travel or other information indicates one or more factors that indicate risk.¹⁹

The Committee also notes that the BSLA does not impose any time period restrictions on the retention of personal information. Customs advised that:

Customs does not retain or store any passenger information unless the passenger has been identified undertaking an illegal activity or the information is needed as intelligence to assist in investigation of a suspected offence.²⁰

During the Sheller Inquiry, Customs recommended that section 64 AF be amended to permit retention of passenger information and during hearings it was said that section 64 AF should be amended to permit the retention of passenger information for a limited time in order to conduct analysis if the European Commission does not accept the adequacy of the Australian PNR access system.²¹ On 6 October 2006, the President of the EU and USA concluded an interim agreement on PNR, which, among other things, includes a time limit of three and a half years on retention of data.²²

Office of Privacy Commissioner Audits

The Office of Privacy Commissioner has conducted two audits of PAU of the Customs Service to ensure that new powers to access advance airline passenger information is done consistently with Privacy Act 1988 (Cth) (the Privacy Act). However, while handling practices comply, because they are ‘required by law’ the Privacy Commissioner said such powers detract from the spirit of the Privacy Act and should remain subject to ongoing oversight and accountability.

Suggestions have been made that:

• passengers should be provided with more information about access by agencies to their personal information;
• an industry code should be developed; and
• Customs should have a ‘read only’ access to passenger and crew information.²³

The Sheller Committee noted that this is one of the few areas of operation where the law is actively monitored and recommended that it remain subject to bi-annual audit. The Committee agrees that the Privacy Commissioner should have an ongoing oversight role, which includes regular monitoring.

Customs seizure warrants

Finally, in relation to new seizure warrants, the Law Council of Australia suggest that the subject of a seizure warrant involving entry to premises should be provided with a statement of rights and obligation.²⁴ Also, the onus of proof should be on Customs to prove the basis of the seizure ratherthan on an owner during application for return of the goods.

We note that there was no discussion of this issue in the Sheller Report. However, these are relatively minor and practical changes that ensure that Customs operates under an appropriate level of accountability.

Sheller Report, p.174-176. Back

Sheller Report, p. 175. Back

Customs, SLR Submission, p.14. Back

Customs, Transcript, 1 August, 2006, p.42. Back

Customs, Response to Question on Notice, Supplementary Submission 21, p.2. Back

Explanatory Memorandum, p. 45. Back

Customs Regulation 31 AAA Back

Article 25(6) of the Privacy Directive. Back

Customs, Response to Question on Notice, Supplementary Submission 21, p.2. Back

Customs, Response to Question on Notice, Supplementary Submission 21, p.2. Back

Transcript of Public Hearings, Canberra, 3 February 2006, as cited Sheller Report, p.178. Back

Law Institute of Victoria, Submission 23, p.9. Back