Compulsory evidence gathering powers and relevance - how far must regulators go to establish relevance
We recently addressed the need for regulators to correctly handle the issue of legal professional privilege when exercising compulsory information-gathering powers. A related issue for regulators exercising compulsory information-gathering powers is the need to exercise those powers reasonably in order to ensure the validity of the search and seizure.
Issues arising from exercise of compulsory information-gathering powers
When regulators seek to exercise their compulsory information-gathering powers in the context of an investigation, they frequently encounter problems, including:
- evidence might be destroyed if documents are not seized or copied during the initial attendance at a premises
- there may be a large volume of documents at a premises and it may be difficult to identify and isolate documents that are relevant; the same problem frequently arises in relation to electronically stored information
- in some cases, it may be impossible to access the contents of an electronic data source in order to establish relevance, for example where a party has installed erasure or encryption software, which prevents inspection of the contents of the data source during a search of the premises.
In the following cases, the Federal Court considered whether or not the regulator had made sufficient attempt to establish the relevance of documents stored on an electronic data source before copying the entire contents of the data source.
JMA Accounting Pty Ltd v Carmody
In JMA Accounting Pty Ltd v Carmody1, the Full Federal Court considered the lawfulness of a search and seizure carried out by the ATO pursuant to section 263 of the Income Tax Assessment Act 1936 (Cth) (ITAA). During the search and seizure the ATO had copied much of the contents of the hard drives of JMA's computers and computer servers. The Court set out three broad propositions for the conduct of a search and seizure, which had been established by previous case law:
- that a person is only entitled to seize those documents which he is authorised to seize by the relevant power
- both the search and seizure must be reasonably carried out
- the officer must do no more than is reasonably necessary to satisfy himself or herself that he/ she has the documents which he/she is entitled to seize.
Situation under the Regulatory Powers (Standard Provisions) Act 2014
In our June 2014 Quarterly Update, we noted that standard powers for Commonwealth regulators are on the way, with the Regulatory Powers (Standard Provisions) Bill 2014 then before Parliament. Since then, the Regulatory Powers (Standard Provisions) Act 2014 received assent on 21 July 2014.
As explained in our June 2014 Quarterly Update, the standard regulatory powers in the Regulatory Powers Act will only apply to Commonwealth regulators when the governing legislation 'triggers' the powers through amendments. Where the monitoring and/or investigation powers in the Regulatory Powers Act are triggered in relation to the regulator, there are specific provisions dealing with operating electronic equipment (see especially sections 20 and 50). The drafting of these provisions indicates that regulators will be required to operate electronic equipment and use discs, tapes or other storage devices on the premises in order to find any 'relevant data' (at the monitoring stage) or 'evidential material' (at the investigation stage). The regulator will only be permitted to seize or copy electronic equipment or data sources if such 'relevant data' or 'evidential material' is found. However, in order to deal with situations such as that encountered in the Prescience case, under sections 21 and 51 the regulator is given the power to secure electronic equipment found on the premises for up to 24 hours (with the possibility of seeking extensions of this period) where:
- the officer suspects on reasonable grounds that there is 'relevant data' (at monitoring stage) or 'evidential material' (at investigation stage) on the premises which may be accessible by operating the equipment
- expert assistance is required to operate the equipment
- the relevant data or evidential material may be destroyed, altered or otherwise interfered with, if the authorised person does not take action to secure the equipment.
'One problem which confronted the officers when conducting the search is that they were faced with a vast number of documents to go through. If the officers had looked at each document carefully they would be there for days. In our opinion, such a search is not required by s 263. At the end of the day the only obligation imposed upon the officers was to conduct the search in a reasonable fashion.'
The Court said that whether or not the search was conducted in a reasonable fashion depended upon the circumstances of the case. Those circumstances included, among other things, the nature and volume of documents to be examined and their location.
The Court found that in one of the locations the copying of emails in bulk by the officer in question was not reasonable, because the officer had no idea whether the information was relevant or not. However, in the other location, where the officer identified potentially relevant documents by searching for key words, the Court found that, although this was done only cursorily, it was a sufficient examination in the circumstances to determine possible relevance.
Kennedy v Baker
In Kennedy v Baker2, the Federal Court considered the extent of the power given to an officer executing a search warrant by section 3l(1a) of the Crimes Act 1914 (Cth) (Crimes Act) to copy data accessed on a computer hard drive.
AFP officers executing a warrant made pursuant to the Crimes Act, searched Mr Kennedy’s premises. During the search, officers imaged the hard drive of a computer used by Mr Kennedy’s personal assistant. Mr Kennedy sought an order for delivery of the image data. Under section 3l of the Crimes Act, the officer is only allowed to copy data if he/she believes on reasonable grounds that any data accessed by operating the electronic equipment might constitute evidential material.
The officer who made the image of the computer’s hard drive initially conducted a search of specific key words in files on the computer. This search took approximately an hour and a half. He then showed a single document to his superior, Mr Baker. On the basis of viewing the document, Mr Baker asked his junior to image the hard drive. Mr Kennedy argued that the officers should have copied only the single document which was identified.
The Court held that if the executing officer believes on reasonable grounds that data from a particular source accessed by operating a computer might constitute evidential material, they may copy the data from that source to a disk, tape or other associated device brought to the premises. A hard drive was interpreted to represent a single data source. The evidence did not have to be sufficient to ensure conviction but did have to have probative value or relevance to the alleged offence. The Court had regard to extracts from the Explanatory Memorandum and Second Reading Speech for the Cybercrime Bill 2001 which addressed the intended meaning of section 3l(1a) of the Crimes Act. These extracts supported the view that officers can image entire data sources in situations where an initial search of the data uncovers some evidential material, or where the officer believes on reasonable grounds that the data source might contain evidential material.
In addition, the Court said that the onus was on Mr Kennedy to show that it was not reasonably open to Mr Baker to form the belief that the data in question contained evidential material, rather than vice-versa. Mr Kennedy failed to discharge this requirement, and accordingly Mr Baker was entitled to create the imaged hard drive.
Prescience Communications Ltd v Commissioner of Taxation Office
In Prescience Communications Ltd v Commissioner of Taxation Office3, Prescience sought an injunction to prevent the ATO from imaging several computer hard drives which had been seized under s 263 of the ITAA.
Prescience relied on JMA Accounting v Carmody to contend that officers failed to carry out the search and seizure reasonably because they decided to image every electronic document contained on the hard drives and computer and they had made no prior effort to distinguish between relevant and irrelevant material.
The Court agreed with JMA Accounting that the exercise of power under s 263 must be conducted in a reasonable fashion having regard to the circumstances of the case. One relevant circumstance in this case was the need to preserve the integrity of the electronic information, having regard to the constraints imposed by encryption software and the risk of loss of information by erasure software. Other evidence of attempts by Prescience to destroy evidence and engage in obstructive behaviour, such as refusal to supply a password for the encryption software, was also relevant. Unfortunately, the case was abandoned before the Court made a final decision, but the commentary in the reported case suggests that a Court may be willing to take into account factors such as the presence of encryption and erasure software when deciding whether the power under section 263 of the ITAA was exercised in a reasonable fashion.
Key lessons for regulators
Some key points for regulators are:
- Regulators must exercise their search and seizure powers in a reasonable fashion.
- What is reasonable will be judged contextually considering all circumstances of the case.
- Officers should use techniques such as key word searches, or browsing titles of files or directories, to establish that relevant documents are included within a data source. Even brief use of such techniques by officers before copies or images are made will greatly increase the likelihood of a Court finding that the search and seizure power was used in a reasonable fashion.
- Wholesale imaging or copying without making any attempt to establish whether relevant documents are contained within the data source is likely to be found to be unreasonable. However, in some circumstances imaging or copying of a data source without first using such techniques might be found by a Court to have been reasonable when judged contextually in all circumstances of the case. The terms of the relevant search and seizure provision and the warrant in question will be relevant to determining whether officers can copy and image data sources in such circumstances.
- Where the monitoring and investigation powers in the Regulatory Powers Act have been triggered in relation to the regulator, the regulator will need to operate the electronic equipment at the premises in order to find relevant data/evidential material before any imaging or copying is done. However, where the regulator encounters problems such as encryption or erasure software, the regulator can use the powers in the Regulator Powers Act to secure the electronic equipment in order to obtain expert assistance to operate the equipment.
1 JMA Accounting v Carmody  FCAFC 274
2 Kennedy v Baker  FCA 562
3 (2006) 64 ATR 664
Why do contracts include provision for financial and performance guarantees? What are they and what benefits do they offer?
Have you ever felt confused about the financial and performance guarantee clauses in Commonwealth contracts? You are...
Changes to COVID-19 vaccine recording and reporting requirements in aged care – new reporting starts 27 July 2021
By Lucille Scomazzon & Sophie Vo
New reporting starts 27 July 2021
Restrictive practices – Recommendations of the Royal Commission into Aged Care Quality and Safety
By Angela Wood
We consider the reforms for restrictive practices in aged care recommended by the Royal Commission into Aged Care.
Privacy Perspectives: Review of Data-Matching Program Guidelines and National Health (Privacy) Rules, and privacy impacts of proposed legislation
The Office of the Australian Information Commissioner is undertaking a number of interesting review and reform projects