Under Part 14 of the Telecommunications Act 1997, carriers, carriage service providers (CSPs) and carriage service intermediaries are under an obligation to:
prevent telecommunications network and facilities from being used in, or in relation to, the commission of offences against the laws of the Commonwealth or of the states and territories
give officers and authorities of the Commonwealth, states and territories such help as is reasonably necessary for the enforcement of the criminal law (as well as for the enforcement of laws imposing pecuniary penalties and the protection of the public revenue).
The provision of assistance is to be on the basis that the person providing the help neither profits from, nor bears the cost of, giving that help.
Resellers who arrange for carriage services to be supplied are carriage service intermediaries. Internet Service Providers (ISPs) are CSPs.
In addition to the basic obligations set out above, there are also obligations under the Telecommunications (Interception and Access) Act 1979 (TIA Act), which is administered by the Attorney-General's Department:
Ensure that a network or a facility (used in the supply of a carriage service) has the interception capability to enable a communication passing over that network or facility to be intercepted in accordance with a warrant issued under the TIA Act.
Pay for that interception capability up to the point of interception. (Delivery and formatting are agency responsibilities.)
Lodge an annual Interception Capability Plan with the Communications Access Coordinator (CAC—see below).
Carriers and nominated CSPs are required to submit annual interception capability plans. These plans are to be lodged annually on 1 July each year unless an alternative date has been agreed to by the Communications Access Coordinator. Further information about Interception capability plans can be found here and any queries on this should be directed to the Attorney-General’s Department.
The CAC is an officer of the Attorney-General’s Department, as outlined in section 6R of the TIA Act. The CAC acts on behalf of all the national security and enforcement agencies.
Another relevant requirement is the service provider rule (Part 4 of Schedule 2 to the Telecommunications Act 1997) that states: where a CSP supplies a carriage service to an end-user and the end-user has a public number, the provider must provide the information that Telstra requires in order to maintain and provide the Integrated Public Number Database (IPND).
The information required will be, for example, end-user's name, address and telephone number, telephone's location where practicable, the name of the service provider providing the carriage service and whether the telephone is for government, private or public use.
These information requirements are set out in Clause 10 of Carrier Licence Conditions (Telstra Corporation Limited) Declaration 1997.
Register with the TIO
CSPs (including ISPs) are also obliged to register with the Telecommunications Industry Ombudsman.
Prepaid mobile identity checks
Identity-checking requirements for customers of prepaid mobile services were first introduced in 1997 to prevent the anonymous use of these services, and to allow law enforcement and national security agencies to obtain information about the identity of customers, where needed, for their investigations.
Under the Telecommunications (Service Provider – Identity Checks for Prepaid Mobile Carriage Services) Determination 2017 (Prepaid Determination), mobile providers that supply prepaid mobile carriage services (prepaid mobile services) must obtain information from customers and verify their identity before activating a prepaid mobile service, unless an exemption under Part 3 applies.
What information is required to verify identity?
The information that must be obtained and the way identity is verified depends on whether the customer is the purchaser or the service activator.
Customers who are purchasers
If the customer is the purchaser of the prepaid mobile service, the mobile provider must obtain:
- the customer’s name
- their residential address (or business name and address if purchased on behalf of an entity)
- the number of other prepaid mobile services supplied to the purchaser.
If the purchaser pays for the prepaid mobile service using a credit or debit card and has fewer than five prepaid mobile services activated, then no further verification is required.
When do purchasers need to provide additional documents?
If the prepaid service is not paid for using a credit or debit card, or the purchaser has more than five prepaid service activated, then mobile providers will need to sight Category A and/or B identification documents, which are set out in section 1.8 of the Prepaid Determination, and are also listed below. The number and type of documents that need to be sighted will depend on the number of activated prepaid mobile carriage services. CSPs must also be satisfied that a document that includes an expiry date, has not expired.
Customers who are service activators
If the customer is the service activator, the mobile provider must obtain:
- the customer’s name
- their date of birth
- their residential address (or business name and address if activating on behalf of an entity).
Mobile providers must also verify the identity of a service activator using one of the approved methods in Schedule 1 of the Prepaid Determination, which include:
- a government online verifications service (for example the Document Verification Service)
- an existing post-paid account
- a financial transaction
- an existing prepaid account (subject to certain arrangements)
- a ‘white-listed’ email address (for example, ending in ‘xx.edu.au’ or ‘xx.gov.au’)
- a visual document check.
The Determination sets out the rules for each of these methods.
Part 5 of the Prepaid Determination also sets out requirements for the approval of a compliance plan that would allow alternative methods for providers to obtain information and verify identity.
Part 6 of the Prepaid Determination requires providers to keep records for each prepaid service supplied. Providers must keep records for as long as the service is active, in a manner that demonstrates compliance with the Prepaid Determination.
Providers must also keep a written description of the arrangements it has in place to comply with the Prepaid Determination.
What does the Prepaid Determination do?
The objects of the Prepaid Determination are to:
- Assist law enforcement agencies to identify customers of prepaid mobile carriage services by ensuring that CSPs obtain and record specified information about those persons; and, if necessary, verify the identity of those persons.
- Protect the privacy of individuals by ensuring that CSPs obtain, record and keep only the minimum amount of information that is reasonably necessary to achieve the object described above. For example, prepaid providers are not permitted to copy or reproduce the identifying number of a government document unless it is authorised to do so under law.
- Provide CSPs with a range of methods that can be used to verify the identity of customers.