R v TB

SUPREME COURT OF SOUTH AUSTRALIA

(Criminal: Application)

R v TB & ANOR

[2023] SASC 45

Judgment of the Honourable Justice Kimber  

5 April 2023

COMMUNICATIONS LAW - SURVEILLANCE AND INTERCEPTION OF COMMUNICATIONS - INTERCEPTION AND PROHIBITION THEREOF

COMMUNICATIONS LAW - SURVEILLANCE AND INTERCEPTION OF COMMUNICATIONS - WARRANTS AND AUTHORISATIONS

COMMUNICATIONS LAW - SURVEILLANCE AND INTERCEPTION OF COMMUNICATIONS - LISTENING DEVICES AND SURVEILLANCE DEVICES

The defendants are alleged to have committed various offences.  Part of the evidence the prosecution seeks to adduce in the trial are communications sent using an encrypted communication application called ANOM.  The defendants seek an order that evidence not be admitted. The defendants contend the evidence was obtained in breach of the Telecommunications (Interception and Access) Act1979 (Cth) (TIAA). No warrants pursuant to the TIAA were obtained. The defendants contend the communications were recorded (i.e. – copied) while passing over the telecommunication system.

The ANOM application was an application (i.e. – software) installed by users on mobile phones which used the Android Operating System.  The mobile phones which enabled the ANOM application to be installed by users were distributed during controlled operations pursuant to Part IAB of the Crimes Act1914 (Cth). The ANOM application was programmed to function in the following way. When user A prepared a message in the application and pressed the send button with the intention of sending the message to user B, A’s message would be sent to B using the telecommunications system. However, when A pressed the send button and before A’s message left the application, a separate copy message was created within the application. The copy message was a copy of A’s message to B but with additional data added. The creation and existence of the copy message was unknown to A and B. The copy message having been created, that copy was sent using the telecommunications system to a server in New South Wales (NSW). The AFP then obtained the copy messages from that server. It is the copy messages that the prosecution seeks to adduce.

Whether the ANOM application, including, but not limited to, the processes by which that application created the copy message and caused that message to be sent to the server in NSW was an intercept in breach of s 7(1) of the TIAA.

Held, dismissing the application: 

1.The way the ANOM application functioned did not amount to an interception in breach of s 7(1) of the TIAA. The prohibition in s 7(1) of the TIAA is upon recording (i.e. – copying) a communication in its passage over the telecommunications system. That prohibition was not breached. While the ANOM application caused A’s message to B to be copied, A’s message was copied in the application and before that message commenced its passage over the telecommunications system. There was also no breach of s 7(1) of the TIAA by anything which occurred after the copy message arrived at the server in NSW. Once the copy message arrived there, it was no longer passing over the telecommunications system.

2.The application to exclude the communications on the ground that s 7(1) of the TIAA was breached is dismissed.

Telecommunications (Interception and Access) Act 1979 (Cth) ss 5, 5F, 5G, 5H, 6, 7, 63; Surveillance Devices Act 2004 (Cth); Crimes Act 1914 (Cth) ss 3E, 15GD; Mutual Assistance in Criminal Matters Act 1987 (Cth); Acts Interpretation Act 1901 (Cth) ss 15AA, 15AB; Telecommunications Act 1997 (Cth) ss 7, 16, 25, 87, referred to.

Project Blue Sky Inc v Australian Broadcast Authority (1998) 194 CLR 355; Australian Education Union v Department of Education and Children's Services (2012) 248 CLR 1; Alcan (NT) Aluminium Pty Ltd v Commissioner of Territory Revenue (2009) 239 CLR 27; Voxson Pty Ltd v Telstra Corporation Limited (No 10) [2018] FCA 376, applied.

Taciak v Commissioner of Australian Federal Police (1995) 59 FCR 285; Edelsten v Investigating Committee of New South Wales (1986) 7 NSWLR 222; R v Edelsten (1990) 21 NSWLR 542; R v Metcalfe (2018) 338 FLR 357; R v Giaccio (1997) 68 SASR 484, considered.

R v TB & ANOR
[2023] SASC 45

Criminal: Application – Chapter 1

KIMBER J: 

Introduction

1. TB and CD (the defendants) are jointly charged with participating in a criminal organisation and offences involving firearms. 

2. Pursuant to rule 39.1(d) of the Joint Criminal Rules 2022 (SA) (the Rules) the defendants seek the exclusion of certain evidence on the grounds it was obtained in breach of the Telecommunications (Interception and Access) Act 1979 (Cth) (TIAA).  There are many interlocutory applications in this matter.  This interlocutory application is referred to as Chapter 1. 

3. The evidence the subject of this interlocutory application is evidence obtained pursuant to warrants issued under the Surveillance Devices Act 2004 (Cth) (SDA) from servers operated by Google in New South Wales (NSW).  That evidence is one of three discrete sets of electronic data (communications) which is generally, but not exclusively, in the form of text messages written or received by the defendants and others using mobile phones which utilised what may be described as the ANOM application installed on those phones. The second set of data was obtained pursuant to warrants under s 3E of the Crimes Act 1914 (Cth) (CA) from the same servers operated by Google in NSW.  The third set was obtained pursuant to a request under the Mutual Assistance in Criminal Matters Act 1987 (Cth) from the Government of the United States of America (USA).  The evidence the subject of the second and third sets of data is not the subject of this interlocutory application.[1] 

   [1] The interlocutory application filed by the defendants refers to the third category of data at [7.5], however the defendants did not make any written or oral submissions about that data and/or why it may have been obtained in breach of the TIAA. If exclusion of that data is sought, it will need to be the subject of a separate application and submissions.

   Background

4. For the purpose of this interlocutory application, the following matters may be taken as not being in dispute. 

5. In approximately March 2018, officers within the Organised Crime section of the Australian Federal Police (AFP), in concert with the Federal Bureau of Investigation (FBI) in the USA, took overt action in respect of a joint investigation called Operation Safecracking.  Operation Safecracking was aimed at a dedicated encrypted communications provider known as Phantom Secure.  Phantom Secure was a Canadian company which provided a dedicated encrypted communications platform which enabled secure communications.  Platforms which provide secure communications were trusted by those involved in criminal activity.[2]  As a result of action being taken in respect of Phantom Secure (effectively shutting it down and arresting its owner), the AFP became aware that another application called ANOM, which also intended to provide end to end encryption, was being developed by a person associated with Phantom Secure.  That person may be referred to as a confidential human source (CHS). 

   [2]    DS Mansfield T497.

6. The AFP, having become aware of the ANOM application, recognised it presented an opportunity.  In the view of at least the AFP and the FBI, that opportunity was the possibility of attempting to lawfully obtain communications between users of the ANOM platform.[3]  The AFP sought to establish whether a capability could be injected into the ANOM application to enable law enforcement monitoring of communications using the application.[4]  It was that capability which ultimately resulted in the AFP obtaining the evidence the subject of this interlocutory application. 

   [3]    DS Mansfield T502-503.

   [4]    DS Mansfield T502.   

7. The capability sought by the AFP was developed in liaison with CHS and with the assistance of a person within the AFP referred to in these proceedings as CIN 325.[5]  An officer within the Organised Crime section of the AFP was Detective Superintendent Mansfield (DS Mansfield).  DS Mansfield led the initial stages of what became Operation Ironside and, with CIN 325 and others, ensured that the ANOM application was modified to suit the capability requirements of the AFP, which were to be able to obtain a copy of all the communications passing between users of the ANOM application.[6] 

   [5]    See DS Mansfield T502; T506. 

   [6]    DS Mansfield T508. 

8. CIN 325 is a special member of the AFP.[7]  CIN 325 was asked by DS Mansfield to ascertain the veracity of claims made by CHS with respect to the ANOM application.[8]  CIN 325 communicated with CHS and other developers working with CHS from April 2018 through to June 2021.  CIN 325’s role was, among other things, to ensure that the AFP’s desire to collect and retain communications was built into the functionality of the ANOM application.[9]  

   [7]    Affidavit of CIN 325 dated 23 May 2022, [1] – VD P46.

   [8]    Affidavit of CIN 325 dated 23 May 2022, [6] – VD P46; see also Affidavit of CIN 325 dated 1 July 2022, [14] – VD P46.

   [9]    Affidavit of CIN 325 dated 23 May 2022, [8] – VD P46.

9. CIN 325 met with CHS more than once between April 2018 and April 2019.  He did so in company with DS Mansfield and other AFP officers.[10]  CIN 325 and CHS also communicated online.  In May 2018, CIN 325 commenced testing a ‘proof of concept’ provided by CHS for access, collection and decryption of messages which had been sent using the ANOM application.  The proof of concept demonstrated the ability for handsets with the ANOM application to covertly send communication content to a party other than the person(s) to whom the user thought a communication was being sent.[11]  CIN 325 has described that realisation as a ‘pivotal moment in the progress of Operation Ironside’.[12]  Between June and September 2018, CIN 325 had ‘almost daily communications’ with CHS. [13] 

   [10] See Affidavit of CIN 325 dated 1 July 2022 [17], [20], [22], [24] – VD P46.

   [11] Affidavit of CIN 325 dated 1 July 2022, [29] – VD P46.

   [12] Affidavit of CIN 325 dated 1 July 2022, [29] – VD P46.

   [13] Affidavit of CIN 325 dated 1 July 2022, [21] – VD P46.

10. As the ANOM application was being further developed toward the goal of covertly sending communication content to a party in addition to the person(s) to whom the user thought the communication was being sent, steps were taken to enable devices to be distributed once the ANOM application was developed to a point where it could be deployed.  In order to permit the ANOM enabled devices to be distributed to potential users when the expectation was the devices distributed would be used by people engaged in criminal activity, the AFP sought and obtained an authorisation for a major controlled operation (MCO) within the meaning of s 15GD of the CA. The first MCO was authorised by Deputy Commissioner Gaughan of the AFP on 25 October 2018. The second MCO was authorised by Deputy Commissioner McCartney of the AFP on 25 October 2020. The operation was named Operation Ironside.  The legality of the two MCO’s and other issues relating to those MCO’s are the subject of other interlocutory applications. 

11. The phones provisioned and distributed were mobile phones which ran on the Android Operation System (AOS).  Disabled from those phones were the usual features of a mobile phone such as the ability to make standard telephone calls, send standard messages and access the internet via standard applications.  The phones were readied for the installation of the ANOM application by the end user by installing Mobile Data Management (MDM) software (FieldX or MobileIron).  That software enabled the ANOM application to be administered and managed as selected by the administrator.  It also included the capacity to delete the data on the phone by an external administrator. 

12. Provisioned phones were distributed in Australia from about 16 October 2018.  CIN 325 has deposed that he/she organised for the distribution of Android mobile devices to be provided to named people identified by CHS between January and May 2021.  CIN 325 has deposed to having distributed 921 provisioned mobile devices to 21 named persons and/or entities in different States in Australia.[14] 

    [14] See Affidavit of CIN 325 dated 23 September 2022, [27]-[131].

13. The development of the ANOM application enabled the AFP to receive data from ANOM.  That data included a record of text messages, photos and voice memos sent between users, as well as additional data retrieved from the ANOM‑provisioned phone such as username, a unique message ID, the International Mobile Equipment Identity (IMEI) attached to the telecommunications device, the Mobile Country Code (if the device was using a SIM card), location data (from about April 2020),[15] audio pitch adjustment, and quoted or forwarded messages, all of which was transmitted over a telecommunications system to the user(s) selected by the sender of the message.  The IMEI is a unique 15-digit number assigned to phones when they are manufactured.[16]

    [15] Affidavit of Matthew Lindsay Smith dated 22 July 2021, [69(d)]. 

    [16] Ibid, p 43.

14. The operation of the ANOM application may be described in the following way.  An ANOM user (A) would prepare a message for another ANOM user(s) (B).  The message A intended to send to B would be sent, but after A had typed a message (or attached a photo or voice memo) and pressed the ‘send’ button intending to send the message to B, the data in A’s message was copied (i.e. – recorded) to create a separate message before the message to B was encrypted and sent.  That is, as a result of pressing the send button, the message created by A, as well as the additional data including A and B’s usernames, location data and so on, was re-packaged (as packets of information) and, as with A’s message to B, transmitted as a separate message over a telecommunication system via an Extensible Messaging and Presence Protocol (XMPP) server.  An XMPP server is a server functioning as an instant messaging protocol.  XMPP is an ‘open source’[17] instant messaging protocol.  The XMPP server used the same Transport Layer Security (TLS) channel that was used to send the message A intended to send to B.  As A intended, the message created by A would be sent to B.  However, without the knowledge of A or B, a separate message (a copy of A’s message to B with some additional data) would be sent to the servers in NSW which were able to be accessed by the AFP. 

    [17]  ‘Source code’ is software code available to all developers – Professor Seneviratne T698.

15. What the ANOM application enabled was a means of recording and retrieving encrypted messages (and additional data) that were able to be decrypted by the AFP because it had the relevant ‘key’ for decrypting the data which had been encrypted by the ANOM application and which remained encrypted until its receipt at the servers in NSW.  The AFP’s capacity to receive the copy of A’s message (with additional data) and unlock the encryption so it could read and interpret the message the application had copied was the product of the programming of the ANOM application. 

    The issue – interceptions or not

16. The TIAA provides for warrants to be obtained to permit communications to be intercepted in their passage over the telecommunications system. No TIAA warrant was obtained. That was a considered decision. The AFP reached the view the TIAA did not apply.

17. The issue in this application is whether the conduct of the AFP was in breach of s 7(1) of the TIAA as the ‘record’ made of A’s message to B which was sent to the servers in NSW amounted to an ‘intercept’ of a ‘communication passing over a telecommunications system’. If that ‘record’ constituted a breach of s 7(1) of the TIAA, it is common ground that s 63 of the TIAA is enlivened and provides the evidence cannot be admitted. There is no discretion.[18] 

    [18] Telecommunications (Interception and Access) Act 1979 (Cth) s 63 (TIAA).

    The statutory scheme

18. It is necessary to set out the statutory scheme in some detail. 

19. Section 7(1) of the TIAA provides:

    (1)A person shall not:

    (a)     intercept;

    (b)     authorize, suffer or permit another person to intercept; or

    (c)     do any act or thing that will enable him or her or another person to intercept;

    a communication passing over a telecommunications system.

20. The word ‘intercept’ is not defined in the TIAA, but s 6(1) provides when a ‘communication’ will be the subject of ‘interception’. Sub-section 6(1) provides:

    (1)For the purposes of this Act (other than Schedule 1), but subject to this section, interception of a communication passing over a telecommunications system consists of listening to or recording, by any means, such a communication in its passage over that telecommunications system without the knowledge of the person making the communication.

21. Schedule 1 which also appears in other sections to be mentioned has no application to this matter. 

22. As can be seen, for there to be an ‘interception’, there must be a ‘communication’ which is listened to or recorded by any means ‘in its passage over the telecommunications system’ and ‘without the knowledge of the person making the communication’. 

23. Section 5(1) of the TIAA defines several relevant terms. ‘Communication’ is defined as:

    communication includes conversation and a message, and any part of a conversation or message, whether:

    (a)     in the form of:

    (i)speech, music or other sounds;

    (ii)data;

    (iii)text;

    (iv)visual images, whether or not animated; or

    (v)signals; or

    (b)     in any other form or in any combination of forms.

24. The noun ‘recording’ is not defined but ‘record’ is relevantly defined as follows: 

    record (except when used in Schedule 1) means:

    …

    (b)     in relation to an interception, whether or not in contravention of subsection 7(1), of a communication:

    (i)a record or copy, whether in writing or otherwise, of the whole or a part of the communication, being a record or copy made by means of the interception; or

    (ii)a record or copy, whether in writing or otherwise, of the whole or a part of a record or copy that is, by virtue of any other application or applications of this definition, a record obtained by the interception.

25. I pause to observe there is no dispute the evidential material the subject of this interlocutory application was a ‘communication’ which was recorded (or copied) without the knowledge of the person making the communication.  As I have said, the issue is whether the operation of the ANOM application was such that the recording (or copying) of the communication occurred ‘in its passage over the telecommunications system’. 

26. ‘Passing over’ is defined as ‘includes being carried’ and ‘carry’ is defined as ‘includes transmit, switch and receive’. 

27. Sections 5F-5H inclusive determine when a communication starts passing over the telecommunications system and when it is no longer doing so.

28. Section 5F of the TIAA deems a communication:

    (a)     is taken to start passing over a telecommunications system when it is sent or transmitted by the person sending the communication; and

    (b)     is taken to continue to pass over the system until it becomes accessible to the intended recipient of the communication.

29. The ‘intended recipient’ of a communication is defined in s 5G as follows:

    (a)     if the communication is addressed to an individual (either in the individual’s own capacity or in the capacity of an employee or agent of another person)—the individual; or

    (b)     if the communication is addressed to a person who is not an individual—the person; or

    (c)     if the communication is not addressed to a person—the person who has, or whose employee or agent has, control over the telecommunications service to which the communication is sent.

1. Section 5H deems a communication to be accessible to the ‘intended recipient’ if it:  

   (a)     has been received by the telecommunications service provided to the intended recipient; or

   (b)     is under the control of the intended recipient; or

   (c)     has been delivered to the telecommunications service provided to the intended recipient.

2. The terms ‘telecommunications device’, ‘telecommunications network’, ‘telecommunications service’ and ‘telecommunications system’ are defined in s 5(1) of the TIAA as follows:

   telecommunications device means a terminal device that is capable of being used for transmitting or receiving a communication over a telecommunications system.

   telecommunications network means a system, or series of systems, for carrying communications by means of guided or unguided electromagnetic energy or both, but does not include a system, or series of systems, for carrying communications solely by means of radiocommunication. This definition does not apply to Schedule 1.[19]

   …

   telecommunications service means a service for carrying communications by means of guided or unguided electromagnetic energy or both, being a service the use of which enables communications to be carried over a telecommunications system operated by a carrier but not being a service for carrying communications solely by means of radiocommunication.

   …

   telecommunications system means:

   (a)     a telecommunications network that is within Australia; or

   (b)     a telecommunications network that is partly within Australia, but only to the extent that the network is within Australia;

   And includes equipment, a line or other facility that is connected to such a network and is in Australia. 

   [19] Schedule 1 has no relevance to this interlocutory application. 

3. ‘Equipment’ is defined in s 5(1) to mean:

   … any apparatus or equipment used, or intended for use, in or in connection with a telecommunications network, and includes a telecommunications service but does not include a line.

4. The terms ‘terminal device’, ‘transmit’ and ‘receive’ are not defined. 

   The purpose of the TIAA

5. The fundamental objective of the TIAA ‘is to protect the privacy of communications passing between users of the telecommunications system’.[20] It has been held the TIAA:[21] 

   … is concerned with ‘carriers’, ‘carriage services providers’ and unlawful interferences with the ‘passing over’ of a telecommunication, or more generally with the security of the relevant telecommunication system or network, not what may occur after a telecommunication has passed.  

   [20] Taciak v Commissioner of Australian Federal Police (1995) 59 FCR 285, 297-298 citing Edelsten v Investigating Committee of New South Wales (1986) 7 NSWLR 222, 229 and R v Edelsten (1990) 21 NSWLR 542, 549.

   [21] R v Metcalfe (2018) 338 FLR 357, [12].

6. Courts have considered whether certain communications were recorded in their passage over the telecommunications system. Other judgments provide examples of when a communication is passing over the telecommunications system, but none are perfectly analogous to this case. The functionality of the ANOM application was unique. It is that functionality which must be applied to the TIAA. Nonetheless, the judgments provide illustrations of the importance of identifying whether a communication is passing over the telecommunications system when it is recorded. I will give just three examples.

7. In Edelsten v Investigating Committee of NSW (Edelsten),[22] decided before ss 5F-5H were inserted into the TIAA, Lee J held that a scanner, used to pick up mobile phone communications, was an interception as there was intrusion into the frequency used to convey that communication.

   [22] (1986) 7 NSWLR 222.

8. In R v Giaccio (Giaccio), [23] also decided before the insertion of ss 5F-5H, at the instigation of the police, callers held a microcassette recorder close to the telephone handpiece in order to pick up the voices of the appellants on the other end. It was held that such a recording was not an ‘intercept’. Cox J (with whom Millhouse and Perry JJ agreed) said:[24] 

   The connotation of the s 6 terminology is not as clear as it might be, which explains why different judges have interpreted the section differently, but I would see the telephone system as (to put it symbolically) starting with a handset microphone and ending with a handset loudspeaker.  It may well have intangible components or features in between those points but its outer boundaries, as it were, will consist typically of telephones — a myriad of them, as it happens. It is true that the system will not operate unless sound is fed into it at one end and out of it at the other, but it does not follow from this that the sound waves that are external to the equipment at these two points are part of the telecommunications system itself.  On that view of the matter, for a person to record a telephone user's voice by standing alongside him with a tape recorder is to record his communication while it is still outside the telecommunications system, not while it is passing over it.  I would interpret a recording of the other person's words, ‘uttered’ by the loudspeaker in the same handset, in a similar way.  The communication from the other end has completed its passage over the telecommunications system before the microphone of the tape recorder picks it up.  Thus, in my opinion, a recording made of a telephone conversation in this fashion, externally to the equipment in the sense I have described, is not an interception of the telephone conversation within the meaning of the Interception Act. 

   [23] (1997) 68 SASR 484.

   [24] Ibid, 491.

9. In R v Metcalfe (Metcalfe),[25] decided after the insertion of ss 5F-5H, the complainant had installed on her iPhone an application which recorded telephone conversations. The application then recorded calls by the defendant made to the complainant’s iPhone. It was held the application which recorded the communication was not an intercept in breach of the TIAA as the communication had completed its passage over the telecommunications system at the time it was recorded.

   [25] (2018) 338 FLR 357, [12].

   The operation of the ANOM application – further detail

10. The ANOM source code (i.e. – programming language) has been reviewed by two independent experts, Mr Yogeshkumar Khatri (Mr Khatri) and Mr Brett Jenkins (Mr Jenkins).  Both Mr Khatri and Mr Jenkins gave evidence on the interlocutory application.  The affidavits each prepared also form part of the evidence.  Mr Khatri is a senior manager of Technical Capability at a company called CyberCX.  He has tertiary qualifications in computer engineering and extensive experience in software programming.  Mr Jenkins is a lecturer in the STEM Division at the University of South Australia.  Mr Jenkins lectures in computing.  Mr Jenkins also has extensive experience in software. The expertise of Mr Khatri and Mr Jenkins was not challenged.  

11. The source code governed how the ANOM application functioned. That functionality is central to whether the evidence the subject of this interlocutory application was obtained in contravention of the TIAA.

12. As set out above, the mobile devices distributed during Operation Ironside were mobile phones which operated on the AOS. 

13. The ANOM application operated using the AOS.  I will say something more about the AOS later.  For present purposes, Mr Khatri said the AOS provided the ‘doorway’ to the telecommunications network and that the ANOM application had an Application Programming Interface (API)[26] which allowed it to access the functionality of the AOS.[27]  Mr Khatri said an API is a software package that allows two software packages to speak to one another.[28]  Mr Jenkins described an API as a ‘set of rules’ by which you can request something.[29] 

    [26] Mr Khatri T888. 

    [27] Mr Khatri T897-898. 

    [28] Mr Khatri T888-889. 

    [29] Mr Jenkins T1077. 

    The unlocking and authentication process

14. The ANOM application was hidden on the phone disguised as a calculator.  It was unlocked by a user by entering a unique ID number into what appeared to be a standard calculator on the device.[30]  Once the user ID was authenticated, it opened the ANOM application.  In order to connect to the XMPP server, the ANOM application needed to authenticate with a username and password.  That is, the XMPP server was used to authenticate the unique user ID and to permit the ANOM application to ‘run’ (i.e. – to be used).[31]  Once the ANOM application was unlocked, it was designed to automatically connect to the XMPP server.  An internet connection was required for that to occur, which could either be wi-fi or using the cellular network’s mobile data.[32]  The application was authenticated by the XMPP server identifying the username and password which were derived from the device’s IMEI number and a fixed string of numbers and letters.  The IMEI and fixed string were combined and passed through a cryptographic algorithm known as MD5.  Once authenticated by the XMPP server, the application was available for use. 

    [30] Affidavit of Mr Khatri dated 30 September 2022, [88]-[89] – VD P16. 

    [31] Ibid, [78]. 

    [32] Ibid, [90]. 

15. Mr Jenkins said the ANOM application could launch and run on the device without being connected to the internet.[33]  He gave evidence that should a message be sent in this state it would not go anywhere until a connection was established.[34] 

    The process of the user typing and sending a communication – including the creation of the separate copy sent to the servers in NSW

    [33] Mr Jenkins T1144. 

    [34] Mr Jenkins T1144; T1148. 

16. User A prepared a communication using the ANOM application in a way familiar to any user of a mobile phone.  User A typed a message (or recorded a voice message or attached a photo or perhaps all three) and addressed it to B (i.e. – one or more persons whom A wished to receive the communication).  Without the knowledge of A or B, when A pressed the send button in order to send the message to B, an entirely separate copy of the communication was made.[35]  User A’s message and the separate copy were then sent as separate packets of data. 

    [35] Mr Khatri T905 and T963-965. 

17. As I understand Mr Khatri’s evidence, he drew a distinction between the pressing of the send button and the ‘send message function’ being activated,[36] albeit that the pressing of the button plainly caused that activation. Putting that aside, the copy of A’s message ultimately sent to the servers in NSW was made within the application itself.[37]  For reasons to be given, where A’s message to B was when it was copied assumes some importance. 

    [36] Mr Khatri T908. 

    [37] Mr Khatri T905.

18. Mr Khatri said that to the extent that data was added to the copy of the message the user had created (e.g. – location data), such data was obtained from outside of the application itself, taken back into the application and then added to the copy of the message whilst that copy was within the application and before the copy of the message left the application.[38]  The copy message was sent to what was described as a ‘bot user’.  The bot user (username ‘[email protected]’) was installed in the contacts list of the device of A.  That user and its presence in the contacts list was unknown to the users of ANOM provisioned devices.[39] 

    [38] Mr Khatri T906-909. 

    [39] Mr Khatri T943-945. 

19. Mr Khatri described what happened on the pressing of the send button as being: the performance of checks to determine whether the XMPP server was online; the encryption of the communication; the formatting of the communication in accordance with the XMPP and the sending of the resulting encrypted message string to the AOS[40] for transmission to the XMPP server.  An aspect of this evidence was about the passing of the encrypted message from the application to the AOS:[41] 

    QWhat is the sequence of operations with respect to the message itself. So you type in your message and you hit send. Now what occurs.

    ASo it takes that message and it will then determine which encryption protocol it needs to use. It will basically make the calls to those libraries, get that message encrypted in that format. Those libraries will also ensure - I'm skipping a lot of processes along the way. It will ensure that the encrypted envelope that we talked about, the end-to-end encryption, all of that is established. It will go ahead, encrypt that message based upon the public key of the recipient. Once all that is done it will eventually then hand that packet over - well, it will basically format it in the XMPP protocol manner, the way the XMPP protocol needs that to be formatted, and eventually that message packet will be sent out to the server and in order to do that it will make a call to the android operating system and say 'Hey, take this. Send it out to the server at this point'. And the server will then handle you know forwarding that packet to the intended recipient.

    (Emphasis added)

    [40] Mr Khatri gave evidence that the ANOM application was compatible only with the AOS: Mr Khatri T894. 

    [41] Mr Khatri T903.

20. Mr Khatri described a ‘library’ in the following way:[42] 

    A library is just a collection of various source code files that help enable or implement a particular functionality. So for example there is an OMEMO library, there is an open PGP library and we just start using those within this application directly. So when I say 'we', the application creators, they just import those libraries and start using those functions. That makes our code modular and easy to - what is the best word here - easy to maintain in the future because we have various functionality locked away in various functional units. So each functional unit is often referred to as a library. So you can say this is an encryption library, this is a communication library, this is a GOOEY library it handles the updates of the user interface.

    [42] Mr Khatri T906.

21. Mr Khatri also gave evidence about the creation of copies of communications, within the ANOM application, to be sent in this same way, via the AOS and XMPP server, to the bot user ([email protected]).[43] 

    [43] Mr Khatri T901-907; Affidavit of Mr Khatri dated 30 September 2022, [19]-[24] – VD P16.  Mr Khatri confirmed that any server with the username and password credentials for [email protected] would have been able to receive the duplicate communications sent to that user: Khatri T902. 

22. It is the separate copy of the message sent to ‘[email protected]’ which is the evidence the subject of this interlocutory application.  That copy was sent to servers in NSW (the iBot or iBot server) which were computers running the ANOM application. 

23. Mr Jenkins described what occurred on A pressing the send button in terms consistent with the evidence of Mr Khatri.  Mr Jenkins said that when A pressed the send button, the following occurred: (1) a second message (the bot user copy) was composed from the same content as A’s message to B; (2) additional information was obtained from sensors on the device via the AOS to add to the bot user copy; (3) the bot user copy content was encrypted; and (4) the message was sent as a unique second message to the bot user.[44] 

    [44] Mr Jenkins T1081-1083. 

24. Consistent with the above, Mr Jenkins confirmed that the copy of the message created upon A’s pressing of the send button and subsequently sent to the bot user was a separate message to the one created by A and sent to B.  Mr Jenkins said the two separate messages were sent from the ANOM phone (one to B as intended by A and the separate copy to the bot user).[45]  Also consistent with the above, Mr Jenkins confirmed the additional data added to the bot user copy was obtained by the application from the AOS outside the application.  Like Mr Khatri, Mr Jenkins said the additional data was added within the application and encryption also occurred before that message left the application.[46]  An aspect of his evidence about the copying process was the following:[47] 

    [45] Mr Jenkins T1107-1108. 

    [46] Mr Jenkins T1083. 

    [47] Mr Jenkins T1082-1083. 

    ASo the text of the original message before it's encrypted is plain text. It takes the original text. It doesn't modify that as far as I could tell in anything like the manner. [sic] It then goes off and generates the GPS data and collects that from the phone. It collects the other data that it was looking for from the phone, the MMC and similar, and then it attaches that to the message when it sends it.

    QSo the additional data comes from the phone.

    AYes, it all comes from the phone.

    QAt what point in those four steps. You said starts as plain text. It takes that text, generates the GPS data from the phone, generates the other data from the phone. At what point does the encryption occur.

    AJust as it's being sent.

    QSo we take the plain text -

    AOnce you collect the data you add it to the file, you encrypt it and then it sends the encrypted version.

    QThat is done by the application software.

    AYes.

    QWhen you say it gets the GPS data and the other data from the phone, is that from the android operating system.

    AYes.

25. Mr Jenkins confirmed the application on the device did not send any message directly to the XMPP server.  He said messages went from the application to the AOS.  Mr Jenkins explained:[48] 

    When you look at only [sic] application running on a network it goes - when the message is sent across the network it goes through various layers which we refer to as different transport layers on the phone. So the phone, you have the - I'm trying to explain it carefully. So you have the ANOM app and it's sending a message to the XMPP server but it doesn't do it directly. It passes it down to another layer in the operating system, which then passes it down to another layer in the operating system, which passes it down to a layer which puts it in a packet and sends that packet across the network to the service at the other end. So we always picture networking as being through these transport layers. And at the bottom is a physical layer of wires that you pass through.

    [48] Mr Jenkins T1144. 

26. Mr Jenkins said that once the send button was pressed, the user could not stop what occurred, including not being able to stop the sending of any message.  He said:[49] 

    [49] Mr Jenkins T1090. 

    QActivating the send function on the ANOM phone then initiates the process of sending the message, correct.

    AYes, that's correct.

    QThat process has commenced on pressing the send button, the process, correct.

    AYes, that would be correct.

    QAnd the process that has commenced, albeit things have been done on the phone, is an inexorable process, in other words the user can't stop it.

    ANo, there would be no way of stopping it and no time to stop it.

    QSo it's an inexorable process which ends up as you've told us with the copy message being received on the iBot server.

    AYes.

    QAnd passing through the XMPP server as well.

    AYes, that's correct.

    QI know you've referred to parts of this process, but it's all instantaneous, isn't it.

    ALargely. Instantaneous is a funny thing in computing, but yes.

    QIt comes down to this, doesn't it, that pressing the send button means the original message is sent.

    A.Yes.

27. Consistent with his evidence that ‘instantaneous is a funny thing in computing’, Mr Jenkins said the message created in the application by A sat in ‘temporary memory’ before it was passed to the AOS to then be sent from the device.[50] 

    [50] Mr Jenkins T1148. 

    The iBot and its ‘listening’ activity

28. As set out above, utilising the XMPP server, the bot user message went to the iBot.  The iBot was a ‘software tool’.[51]  More specifically, a ‘Java based application’ which could run on a computer.[52]  Mr Khatri said that the purpose of the iBot application was to connect to the XMPP server as the bot user and retrieve messages sent to it.  He said that as soon as it logged onto the XMPP server, the iBot would receive the messages sent to it and put them into the database.[53] Mr Khatri explained:[54] 

    … iBot is the, it's a Java based application that was, that you could run on a standalone computer - not on a phone, on a computer - and it was basically an ANOM client, just like you have an ANOM client which is the app, except this is not an in an app form, this is running on a computer and it would login as the bot user and it would retrieve messages. As soon as it logged in it would get all of the messages addressed to bot, it would take those messages and then put them in the database.

    [51] Mr Khatri T884. 

    [52] Mr Khatri T945. 

    [53] Mr Khatri T945. 

    [54] Mr Khatri T945. 

1. Mr Jenkins gave further detail of the function of the iBot and what the defendants refer to as its ‘listening activity’.  Mr Jenkins said the iBot was designed to maintain a connection with the XMPP (described as a presence stanza)[55] and to receive messages in the XMPP format addressed to the bot user.[56]  The ‘push’ functionality of the iBot program worked by the iBot announcing itself as online to the XMPP server and thereafter listening for messages addressed to it from the XMPP server.[57]  To launch iBot and authenticate (login) as the bot user, a configuration file was required which would include information for the software about where to connect – such as the IP address of the XMPP, details about encryption including the key, a black or white list and also a username and password.[58] 

   [55] Mr Jenkins T1072. 

   [56] Mr Jenkins T1066. 

   [57] Mr Jenkins T1067. 

   [58] Mr Jenkins T1071. 

   What happened on receipt at the iBot

2. As the separate copy message was encrypted in the ANOM application installed on A’s phone, and during its passage to the iBot, it was only once the message arrived at the iBot server that it was able to be read. 

3. Mr Jenkins said that upon receipt of an encrypted message, the iBot application would decrypt the message; check to see whether it required further content to be downloaded, and if so, download that content and save it to a database.[59]  In the opinion of Mr Jenkins, in later builds of the iBot application,[60] a process of re-encrypting the content and saving it to a database was observed in the code.[61] 

   [59] Mr Jenkins T1066. 

   [60] Mr Jenkins T1112. 

   [61] Mr Jenkins T1067-1068. 

4. The data was then accessed by warrants issued pursuant to the SDA.

   Encryption – both ‘ends’

5. The ANOM application used ‘end to end’ encryption protocols known as OMEMO and Open PGP.[62]  Those protocols use Public Key Cryptography (PKC) to achieve end to end encryption.[63]  Key pairs are generated using algorithms.  One key is used to encrypt data, the other to decrypt the data.  The same key cannot be used both to encrypt and decrypt.  This ensures that only the sender and the recipient(s) can encrypt or decrypt data sent between them.  It is common for these keys to be referred to as public and private keys.  The public key is distributed, the private key is not. 

   [62] Mr Khatri T897-898. 

   [63] Mr Khatri T895-896; T898-900; Affidavit of Mr Khatri dated 30 September 2022, pp 15-17 – VD P16. 

6. Mr Khatri explained that the ANOM application utilised PKC to facilitate end to end encrypted messaging,[64] with the result that communications exchanged between users (and the separate copy of the message created) could not ‘be read in transit’.[65]  Mr Khatri explained this aspect of what occurred in the following way:[66] 

   The ANOM Android app is from the end user's perspective just like any other popular known messenger, for example, WhatsApp, Signal, any of the ones that are in use today.  It operates very similar to those.  It offers encrypted end to end communications.  That means that your messages are secure.  It cannot be read in transit when you send a message from one device to the other, it is going to be sent over an encrypted envelope.  Basically the message is going to be encrypted and sent over and when the other person receives it, only they are going to be able to decrypt it, that is why we refer to it as end to end encrypted and that is what the ANOM app was doing as well. 

   (Emphasis added)

   [64] Mr Khatri T895-896; T898-900; Affidavit of Mr Khatri dated 30 September 2022, pp 15-17 – VD P16. 

   [65] Mr Khatri T895. 

   [66] Mr Khatri T895-896. 

7. Mr Khatri provided a detailed explanation of PKC.[67]  As set out earlier, Mr Khatri said it was only after the data was encrypted within the ANOM application that it passed through the AOS where it was then transmitted.[68]  He described ‘encryption and decryption’ as occurring ‘at the two ends’.[69]  He also gave evidence about a processes of re-encryption which occurred following the decryption of communications by the iBot server software only.[70] 

   [67] Mr Khatri T899-900.  See also Affidavit of Mr Khatri dated 30 September 2022, [67]-[69] – VD P16. 

   [68] Mr Khatri T897-898. 

   [69] Mr Khatri T900. 

   [70] Mr Khatri T910. 

   Professor Seneviratne – modern application-based communications systems

8. Professor Seneviratne gave evidence about communications systems.  There is no dispute that he is an expert in modern communication systems.[71] 

   [71] Professor Seneviratne T692-696; Affidavit of Professor Seneviratne dated 30 June 2022 – VD P12. 

9. While it is for me to determine whether there was any interception in breach of the TIAA, the evidence of Professor Seneviratne is relevant to understanding how encrypted communication applications work and the identification of the points at which the bot user copy of the message was made and was then received at the iBot server. More particularly, the evidence of Professor Seneviratne is relevant to whether a copy of the communication created in a messaging application operating on an AOS and/or a copy received by the iBot should be regarded as passing over the telecommunications system at the time of creation and/or receipt.

   Communication applications running on Android Operating Systems

10. Consistent with the evidence of Mr Khatri and Mr Jenkins, Professor Seneviratne said that the ANOM application was designed to be installed on a mobile phone using the AOS.[72]  Professor Seneviratne described the AOS as a valid, ‘open source’ operating system meaning its source code is accessible to developers.[73]  He described the operating system as managing the hardware resources and software components of an Android device while allowing additional functionality to be developed.[74]  

    [72] At T704‑705 Professor Seneviratne described the three ways to generally install an application on an AOS mobile phone – from the Google sanctioned store, from a temporary server, or by dealing with the application yourself. 

    [73] Professor Seneviratne T698; T699. See Affidavit of Professor Seneviratne dated 30 June 2022, pp 18‑20 – VD P12. 

    [74] Professor Seneviratne T697. 

11. Professor Seneviratne explained that applications, including dedicated encrypted communications applications, are pieces of software that are not part of the operating system of a phone.  Professor Seneviratne said that applications are designed to run on top of the operating system.  He said:[75] 

    The way I describe to the students is you have a Lego base plate, which you build things on.  So you can add – the base plate is the operating system and the Lego blocks are apps which are of different colour, they can – one can build on another app or it could be apps that just plug onto the base plate.[76]

    [75] Professor Seneviratne T704. 

    [76] Professor Seneviratne T705. See Affidavit of Professor Seneviratne dated 30 June 2022, pp 8‑10 – VD P12. 

12. In the opinion of Professor Seneviratne, the AOS provides an ‘end system’ with supportive functionality to communicate with other end systems using the same software by connecting to the ‘underlay network’.[77]  Professor Seneviratne described the ‘underlay network’ (or physical network) as the transport network provided by an operator or carrier like Telstra or Optus.  He said it consists of software and hardware for connecting to end systems and transferring data.  The software and hardware are generally provided by a special equipment broker.[78] 

    [77] Professor Seneviratne T704. 

    [78] Professor Seneviratne T702-703. 

    The ‘connection phase’ and the ‘data transfer phase’

13. Professor Seneviratne explained that a ‘communications system’ involves two phases, the establishment of the connection phase and the data transfer phase.[79]  He further described that in his field of expertise, the communications system is referred to in ‘terms of layers’, defined by an international standard called the ‘International Standard for Interconnections’ (ISO) reference model.[80]  He explained those layers by reference to a diagram.[81]  The bottom ‘physical layer’ is where a communication is transmitted from one piece of hardware to another.[82]  The top ‘application layer’ includes a dedicated encrypted communication application[83] like ANOM.  A dedicated encrypted communications application may not include all seven layers in the ISO reference model.  However, it would include the application layer and the physical layer, along with a data link, network and transport layers.[84]  

    [79] Professor Seneviratne T707. 

    [80] Professor Seneviratne T715.  The ISO is depicted at Figure 1 of VD P13.  See Affidavit of Professor Seneviratne dated 30 June 2022, pp 4‑7 – VD P12. 

    [81] VD P13, Figure 1. 

    [82] Professor Seneviratne T715. 

    [83] Professor Seneviratne T716. 

    [84] Professor Seneviratne T716. 

14. Professor Seneviratne said the application layer is where the connection establishment phase commences.  He described this as a ‘handshake that initially happens’ to establish the connection between two end systems and to authenticate the receiver and transmitter.[85]  The data to establish the connection travels through the layers, to the physical layer of the device and through the network to the recipient.  

    [85] Professor Seneviratne T725. 

15. As I have said, whether the ANOM application functioned in a way which was in breach of s 7(1) of the TIAA is a matter for me. Care must be taken with the evidence of experts who may use terms without reference to the TIAA and/or terms which do not appear in the TIAA. With those qualifications in mind, in the opinion of Professor Seneviratne, a messaging application is not part of the physical layer and is not part of the telecommunications network. He said that at the physical layer, it is necessary to ‘have the appropriate signalling’ on a device to connect to the network.[86]  Professor Seneviratne said the signalling then travels back through the layers to the application layer on the operating system of the transmitter to signal the connection has been made, before the data transfer phase can commence.[87] 

    [86] Professor Seneviratne T1020. 

    [87] Professor Seneviratne T722; T733.  See Affidavit of Professor Seneviratne dated 30 June 2022, pp 12‑17 – VD P12, for an explanation of data transfer in mobile messaging applications. 

16. Professor Seneviratne described the transfer of data using a dedicated encrypted communications application as a different phase than the connection phase.  He described the data transfer phase in the following way: [88] 

    So what will happen is there will be a bit of code or, as they would call, a library which will allow the data that you type on your device to be collected and encrypted.  ‘Encrypted’ means you scramble it in a way that nobody else can understand and the way you scramble it is by using a key, as they say, so you use a key to scramble the data in a specific way so that the only other person who can understand the data is a person who can get the data, put it through this process of unscrambling using the same key.  So it will get the data, encrypt it or scramble it and give it to the operating system and the way you give it to the operating system is through a specific interface, which is, in computing jargon it’s called a socket, so you actually get the data into that socket and the operating system takes over and adds some information to that data, encrypted data, that it was given and that additional information is the information that is used by the telecommunications network to route the packet to the destination. 

    [88] Professor Seneviratne T707‑708.  With respect to re-encryption, see also Affidavit of Professor Seneviratne dated 30 June 2022, pp 20‑24 VD P12. 

    TLS

17. Professor Seneviratne said that when utilising a dedicated encrypted communication application, a Transport Layer System (TLS) provides a secure ‘pipe’[89] from one end system to another that prevents interference in the middle of the data transfer.  Professor Seneviratne said:[90]  

    So think of it as messages being encrypted like what you write is scrambled and the pipe as being hard and so that nobody can look into it, because if you just don’t harden the pipe, people can just see what is going on. So what TLS does is hardens the pipe so that nobody can look in.

    [89] Professor Seneviratne T720‑721. 

    [90] Professor Seneviratne T799. 

18. The TLS is used at both the connection establishment phase and the data transfer phase.  The type of encryption to be used in the data transfer phase is negotiated or agreed upon between the parties at the connection establishment phase, before the data can be transferred.  The sequence was summarised by Professor Seneviratne in the following way:[91]  

    TLS has two components to it.  We talked about a handshake which establishes the secure channel to the server, XMPP server, and then actually transfer of data from the ANOM application to the XMPP, from the XMPP server to the destination.  So I'm assuming that when we run - when you say that you have started the ANOM application, the handshake process has happened and there is a TLS connection between the ANOM application and the XMPP server.  Assume that TLS connection is there, now we are entering data and whatever Alice types will be essentially packaged into a packet and will be transferred to the TLS.  TLS happens to be within the operating system, so think of the application as running in the application layer.  TLS is the transport layer and then there is the network layer which is IP and then there is immediate access control layer and a physical layer.  So what happens is the data is given to the transport layer, the transport layer adds all the necessary control to make sure that it is secure.  It goes through the pipe and the network layer routes the data to the destination and gives it to the physical layer.  The physical layer converts it into whatever signal that it wants to and sends it through the telecommunications network. 

    [91] Professor Seneviratne T1030‑1031. 

    Boundaries

19. Professor Seneviratne said that there was a ‘boundary’ between ‘end system’ devices and the ‘transport network’.  As to the determination of that boundary, he said: [92] 

    It’s - so it is the boundary at which your device has some control of what is happening in that cloud.  So your mobile device cannot control what is happening inside the network, it can just give your information to the operating system and it goes through the interface into the network.  So if you look at a desktop computer, that boundary would be where your desktop computer connects the internet cable, you can’t control what's beyond that, whatever is in your machine you can control.  If it’s your mobile device, once you send it to either the cellular network or wi-fi network, your device cannot control what is happening.  So the network boundary is where, once it - something leaves your network and you cannot control what is there.  What’s outside the network boundary is where you have full control, so you can - I can essentially manipulate the data as I see fit. 

    [92] Professor Seneviratne T731‑732. 

20. As for there being boundaries between both the application and the operating system and the operating system and the network, Professor Seneviratne rejected the proposition that the pressing of the send button rendered such boundaries meaningless.  Using the example of a message sent by ‘Alice’ (whom I have otherwise referred to as user A), he said:[93] 

    The reason is Alice may have pressed the send button but it has even not left Alice’s application, whatever application that may be.  The application has full control of the data that Alice has sent.  It can send to another application which is running.  It has nothing to do with the telecommunications network. In that application I can do whatever I want and I can send it to a third application, fourth application, whatever number of applications that I want.  And then I give it to the operating system.  Right.  The operating system in itself has full control of what you do to the network.  Only when it leaves the operating system and goes into the telecommunications network do I or the person who owns the device have no control. 

    (Emphasis added)

    [93] Professor Seneviratne T1022. 

21. It is necessary to consider the evidence of Professor Seneviratne about control immediately above and compare it to the evidence of Mr Jenkins set out earlier at [55]. The defendants placed reliance upon the evidence of Mr Jenkins in support of the submission that A’s message to B was intercepted in breach of the TIAA. I do not regard the evidence of Mr Jenkins and Professor Seneviratne as inconsistent. I understand the evidence of Mr Jenkins about the user not being able to stop the processes commenced by the pressing of the send button to relate to what an individual user is unable to do once the send button has been pressed. In contrast, I understand the evidence of Professor Seneviratne to relate to how the application may be programmed. That is, the programming of the application determines what occurs and, in that sense, the application has ‘full control’ of the data and there is a ‘boundary’ between it and the operating system. The AOS also has control of the data passed to it by the application as it may also be programmed to deal with that data in a particular way. The AOS only loses ‘control’ when the data is passed to the network.

22. Professor Seneviratne also said that the network was no longer involved once a communication arrived at the device of a recipient.  He said that at that point, it was no longer passing over the telecommunications system.[94] 

    [94] Professor Seneviratne T734. 

    The alleged interceptions

23. The defendants submit the copy of the message created and then sent to the bot user was intercepted in breach of the TIAA in more than one way:

    1.By the user’s device communicating its identification with the XMPP server (the first alleged interception);

    2.By the creation within the application on the ANOM user’s phone of the copy of the message sent to the bot user (the second alleged interception);

    3.By the iBot communicating with the XMPP server in order that it could receive the communications in [2] above (the third alleged interception); and 

    4.By making a record of the communication once received at the iBot server (the fourth alleged interception). 

    Principles of Statutory Construction

24. Determining whether there was an interception in breach of the TIAA makes it necessary to construe the TIAA.

25. In Project Blue Sky Inc v Australian Broadcast Authority, McHugh, Gummow, Kirby and Hayne JJ stated that:[95] 

    … the duty of a Court is to give the words of a statutory provision the meaning that the legislature is taken to have intended them to have. Ordinarily, that meaning (the legal meaning) will correspond with the grammatical meaning of the provision.

    [95] Project Blue Sky Inc v Australian Broadcast Authority (1998) 194 CLR 355, [78].

26. In Australian Education Union v Department of Education and Children's Services, French CJ, Heydon, Kiefel and Bell JJ said:[96]

    The process of construction begins with a consideration of the ordinary and grammatical meaning of the words of the provision having regard to their context and legislative purpose.

    [96] Australian Education Union v Department of Education and Children's Services (2012) 248 CLR 1, [26].

27. Section 15AA of the Acts Interpretation Act 1901 (Cth) (AIA) provides that an interpretation of legislation that would best achieve its purpose or object is to be preferred. Section 15AB(1)(a) and (b) of the AIA permits consideration of material not forming part of the legislation for the purpose of confirming the ordinary meaning of the text or where the meaning is ambiguous or obscure. Under s 15AB(2)(a)-(h) the material that may be considered includes, but is not limited to, reports of a Law Reform Commission and similar bodies, reports of committees of the Parliament and the explanatory memoranda and parliamentary speeches relating to the legislation. The High Court has warned against undue regard to historical considerations and extrinsic materials. For example, in Alcan (NT) Aluminium Pty Ltd v Commissioner of Territory Revenue, Hayne, Heydon, Crennan and Kiefel JJ stated:[97]  

    This Court has stated on many occasions that the task of statutory construction must begin with a consideration of the text itself.  Historical considerations and extrinsic materials cannot be relied on to displace the clear meaning of the text.  The language which has actually been employed in the text of legislation is the surest guide to legislative intention.  The meaning of the text may require consideration of the context, which includes the general purpose and policy of a provision, in particular the mischief it is seeking to remedy.  

    (Footnotes omitted)

    [97] Alcan (NT) Aluminium Pty Ltd v Commissioner of Territory Revenue (2009) 239 CLR 27, [47].

1. I have applied the above principles. 

   The first alleged interception

2. The defendants submit the first interception occurred when the bot user ID was authenticated by the XMPP server. I have summarised at [42]-[43] above the evidence of Mr Khatri with respect to the unlocking of the ANOM application and the authentication of the user ID.

3. Relevant to the first alleged interception, the application required the XMPP server to authenticate the user and that occurred using the telecommunications system.  It must be accepted that until that occurred, the ANOM application could not be used.  Until the authentication, no message was able to be sent by a user and no copy would be sent to the iBot.  The defendants submit the act of authentication was an interception because it was, at least, one ‘in relation to an interception’.[98]  It was submitted every ‘step taken commencing upon communication with the XMPP server was, by design, enabling the covert recording of communications data once [A] pressed send’.[99] 

   [98] TIAA s 6(1).

   [99] Submissions of the defendants. 

4. In my view, more is required for there to be a breach of s 7(1) of the TIAA than the process of authentication described in the evidence. My reasons follow.

5. The prohibition set out in s 7(1) of the TIAA must be construed in the context of s 6(1) which provides what an ‘interception’ is.

6. Section 6(1) provides a communication is only intercepted if what is done amounts to ‘listening to or recording’. I am not satisfied that any ‘communication’ which might have been part of any process of authentication should be characterised as ‘listening to or recording’. I do not understand any record was made of what occurred during the authentication process. As I understand the evidence, the only data recorded was a copy of the message prepared and sent by A to B to which additional data was added before the copy of the message was sent.

7. I doubt the authentication process involved a communication as defined in s 5(1). As I understand it, there is no evidence, for example, of what data, if any, was involved. Nonetheless, assuming the authentication process involved a ‘communication’ as defined in s 5(1), as set out above, it was not listened to or recorded. It is also not a ‘communication’ the prosecution seeks to adduce.

8. In so far as the defendants direct attention to the words ‘by any means’ within s 6(1) and may be understood as submitting that the relationship between the authentication process and the later copying of a message is such that s 6(1) is satisfied, I do not construe the words ‘by any means’ in that way. In my view, the words ‘by any means’ are intended to ensure the ways in which the ‘listening to or recording’ of a communication may occur are not limited. [100] The words ‘by any means’ do not capture any step which might precede a record of a communication being made provided they are connected in some way to the making of that record. As set out above, assuming the authentication involved a ‘communication’ as defined in s 5(1) of the TIAA, there was no ‘listening to or recording’ of that communication. There is no suggestion that any data involved in any process of authentication was captured in any way.

   [100] TIAA s 6(1).

9. In so far as the defendants direct attention to the prohibitions in s 7(1)(c) of the TIAA against the doing of ‘any act or thing’ that will enable a person to intercept a communication, when read in the context of s 6(1), the conduct set out in s 7(1) is only prohibited if the interception occurs as the communication is ‘passing over the telecommunications system’.[101]  That requires that the copying take place when the communication is ‘in its passage over the telecommunications system’.[102]  In this case, the relevant communication is A’s message to B.  I will consider whether A’s message to B was recorded in its passage over the telecommunications system when discussing the second alleged interception. 

   [101] TIAA s 7(1).

   [102] TIAA s 6(1).

   The second alleged interception

10. The defendants submit a second interception occurred upon the pressing of the send button as it was that act which caused the copy of A’s message to B to be created and then sent to the iBot. The defendants direct attention to s 5F(a) of the TIAA and submit a communication is ‘sent or transmitted’ when the send button is pressed by A to send the message to B. The defendants submit if that is so, then the copy made of A’s message is, from that moment, ‘passing over the telecommunications system’ as the copying only occurs after send is pressed. Put another way, the defendants submit the communication is intercepted from the moment the send button is pressed and it does not matter that the copy of the message was created in the application.

11. As set out above, the evidence of Mr Khatri and Mr Jenkins establishes that a series of processes occurred following the pressing of the send button resulting in a copy of A’s message (with additional data) being created.  I will not repeat the evidence of what occurred; it is not in dispute.  In my view, what is important for present purposes is the undisputed evidence that the separate copy was created within the application itself before being sent to the AOS for transmission to the network.  As it is not disputed that the separate message was created in that location before being passed to the AOS, the issue is whether A’s message was passing over the telecommunications system when the separate message was created within the application. 

    When a communication starts passing over a ‘telecommunications system’

12. Determination of whether the copy created in the application was one made while it was ‘in its passage over the telecommunications system’[103] requires attention to ss 5F-5H of the TIAA.

    [103] TIAA s 6(1).

    Sections 5F-5H of the TIAA – some history

13. Before turning to consider ss 5F-5H inclusive I will provide some history with respect to those sections. Sections 5F-5H inclusive were inserted into the TIAA by the Telecommunications (Interception) Amendment Act 2006 (Cth) (the amending Act).  The amending Act was introduced following a report by Mr A S Blunn AO presented to Parliament on 14 September 2005.  That report was titled Report of the Review of the Regulation of Access to Communications (the Blunn Report). On my reading, a primary focus of the Blunn Report was ‘stored communications’ as currently defined in s 5(1) of the TIAA. Nonetheless, there was reference to encrypted communications as an ‘emerging problem’.[104] The Bill that became the amending Act was the Telecommunications (Interception) Amendment Bill 2006 (Cth). That Bill contained more than one draft of ss 5F-5H. In the first draft of s 5F, there was no reference to when a communication was taken to commence passing over a telecommunications system. With respect to s 5F, the first draft in the Bill of what was then s 5F(1) provided:

    For the purposes of this Act, a communication that is passing over a telecommunications system is taken to continue to pass over the system until it becomes accessible to the intended recipient of the communication.

    [104] AS Blunn AO, Report of the Review of the Regulation of Access to Communications (Report, August 2005). 

14. Before the TIAA was amended, the Bill was referred to the Senate Legal and Constitutional Legislation Committee for inquiry and report. On my reading, that report did not make any recommendation with respect to ss 5F-5H inclusive. Nonetheless, after that report, in the Supplementary Explanatory Memorandum in the Senate, it was said the further amendment to s 5F in the amendment Bill ‘addresses concerns about draft emails and sent items during the Senate Committee process’.[105] The Supplementary Explanatory Memorandum further set out that s 5F was to give:[106] 

    … express recognition to the fact that a communication is not in its passage over the telecommunications system (and therefore not subject to the telecommunications interception regime) until it is sent or transmitted. 

    This means that a communications [sic] does not commence passing over the telecommunications system until it has been sent or transmitted by the sender and continues to pass over the telecommunications system until it becomes accessible to the intended recipient. 

    …

    This definition ensures that communications, prior to being sent or transmitted … are not passing over a telecommunications system and are not subject to the general prohibition on interception. 

    [105] Supplementary Explanatory Memorandum, Telecommunications (Interception) Amendment Bill 2006 (Cth), 3. 

    [106] Ibid. 

    Was the copy created in the application an ‘interception’?

15. Section 5F(a) of the TIAA provides ‘a communication is taken to start passing over a telecommunications system when it is sent or transmitted by the person sending the communication’. The relevant ‘communication’ in application of s 5F(a) is the communication prepared and sent by A. The question is whether that communication was copied ‘in its passage over [the] telecommunications system’.[107] That question must be answered bearing in mind the evidence with respect to the location of A’s message when it was copied and the terms of s 5F(a). As to the location where the copy was made, as I have said, there is no dispute that A’s message was copied within the application.[108]  Once that message was no longer in the application it was encrypted, and any attempt at copying would have been pointless. 

    [107] TIAA s 6(1).

    [108] See for example the evidence of Mr Khatri at T903 with respect to encryption occurring within the application and Mr Jenkins at T1082 with respect to the application taking the ‘plain’ or ‘original’ text before it is encrypted. 

16. Were it not for s 5F(a), there would be little doubt that the copy of A’s message was not made when A’s message was in its passage over the telecommunications system. At that time, A’s message was still in the application. Given the definition of ‘telecommunications system’ in s 5 of the TIAA and other relevant defined terms, in my view, a messaging application is not part of the telecommunications system. That being so, a message still in such an application is not passing over the telecommunications system. Any message in an application is yet to reach that system.

17. A ‘telecommunications system’ is defined as meaning any part of a ‘telecommunications network’ that is within Australia and ‘includes equipment, a line or other facility that is connected to such a network’.[109]  The meaning of ‘equipment’ is ‘any apparatus or equipment used, or intended for use, in or in connection with a telecommunications network, and includes a telecommunications device but does not include a line’.[110]  A ‘telecommunications device’ means ‘a terminal device that is capable of being used for transmitting or receiving a communication over a telecommunications system’.[111]  While it was not disputed that a ‘terminal device’ may include a mobile phone and so such a phone forms part of the ‘telecommunications network’, the evidence is not consistent with a messaging application being a ‘terminal device’.  The application is separate to the phone, albeit utilising the AOS on that phone.  The application must pass the data to that AOS before the message can be sent from the mobile device. 

    [109] TIAA, s 5(1).

    [110] Ibid.

    [111] Ibid.

18. It also may be observed that to find that a messaging application on a mobile phone was part of the telecommunications system would be inconsistent with the evidence of Professor Seneviratne. His evidence made plain that there was a relevant ‘boundary’ between an application and the AOS[112] and a further boundary between the AOS and infrastructure comprising the telecommunications network between, and connecting, terminal devices.[113] In my view, the evidence, applied to the relevant definitions in the TIAA, is only consistent with the ANOM application not being part of the telecommunications system.

    [112] Professor Seneviratne T702‑703; Affidavit of Professor Seneviratne dated 30 June 2022, pp 10‑12 – VD P12. 

    [113] Professor Seneviratne T736. 

19. Nonetheless, determination of whether the copy of A’s message was made ‘in its passage over the telecommunications system’ requires consideration of more than the evidence about the functionality of the ANOM source code, the evidence of Professor Seneviratne and the relevant defined terms in s 5(1) of the TIAA mentioned in [101] above. This is because ss 5F-5H define when a communication commences passing over a telecommunications system and when that passage ceases.

20. I return to s 5F(a) of the TIAA. The submissions of the defendants attach particular significance to the word ‘sent’ in s 5F(a). The defendants submit that, in this case, A’s message to B started passing over the telecommunications system at the moment A pressed the send button.

21. The words ‘sent’ and ‘transmitted’ are not defined in the TIAA. Given that ‘sent’ is not defined, its meaning must be determined from the text, context and purpose of the TIAA. In my view, both the text and context in which ‘sent’ appears are strongly suggestive of meaning more than the action of a person pressing a button on a phone.

22. Section 5F(a) must be read as a whole. Section 5F(a) is directed to when a communication commences ‘passing over’. Within s 5(1) of the TIAA ‘passing over’ is defined to include ‘being carried’ and ‘carry’ is defined to include ‘transmit, switch and receive’. In my view, ‘passing over’, ‘being carried’ and ‘carry’ are consistent with the transport of a communication. Put another way, they are consistent with the movement of a communication over the ‘telecommunications system’. On my reading, ‘passing over’ is not consistent with it being enough for there to have been an act (the pressing of a send button) which, however essential to later movement, precedes any movement over a telecommunications system. Further, the pressing of the button is an act which may or may not result in that movement. As Mr Jenkins explained, a message sent without there being a connection to a carrier would not be transmitted.[114] 

    [114] Mr Jenkins T1144. 

23. Another aspect of what must be considered in properly construing s 5F(a) is that ‘sent’ appears with the word ‘transmitted’ (i.e. – ‘sent or transmitted’). While ‘transmitted’ is not defined, as set out above, ‘carry’ is defined to include ‘transmit’. In my view, ‘transmitted’ is only consistent with the communication needing to be in its passage and the legislative intention of not capturing the copying of a communication before the communication commences that passage.

24. Further, the meaning of ‘sent’ in s 5F(a) must be construed in the context of s 5F(b). Section 5F(b) provides that a communication is ‘taken to continue to pass over the [telecommunications] system until it becomes available to the intended recipient’. Read as a whole, s 5F is directed towards the carrying of the communication over the ‘telecommunications system’ and is not directed towards an act, however essential, which precedes any movement of the message on to the telecommunications system and which may, or may not, result in such movement occurring. In my view, that is also consistent with s 5H which provides that a communication ‘received by’, or ‘delivered to’ the ‘telecommunications service’ provided to the intended recipient or ‘under the control of’ the intended recipient is no longer passing over the telecommunications system. That is also suggestive of ‘sent’ in s 5F being properly construed as requiring some movement of the communication as opposed to the commission of an act (pressing send) which occurs before that movement and which may, or may not, cause the ‘passing over’ of the message to occur.

25. For the above reasons and bearing in mind that the copies of the communications sought to be adduced in evidence were created while A’s message was in the application, before A’s message was encrypted and before it was passed to the AOS installed on the mobile phone, the creation of a copy of A’s message to B within the application as a result of the pressing of the send button was not an ‘interception’ in breach of the TIAA.

26. As a matter of completeness, I mention further matters which, in my view, are consistent with the view I have already reached for the reasons above. 

27. First, on my reading, the Supplementary Explanatory Memorandum set out at [98] above, is consistent with the construction of s 5F which I prefer. In my view, that memorandum emphasises that a communication is not subject to the prohibition upon interception unless it is ‘in its passage’ on the telecommunications system or ‘passing over’ that system. In my view, the memorandum is consistent with ‘sent’ requiring a communication to be ‘in its passage’ or ‘passing over’ to be subject to the prohibition. It is not consistent with an action which precedes a communication being carried by the telecommunications system.

28. Second, it has been held the TIAA does not protect the privacy of a communication once it has been delivered and received.[115] Put another way, once a message is in the control of the recipient, the prohibition on interception does not apply. As set out above, the question of when an ANOM communication commenced passing over the telecommunications system is governed by ss 5F-5H and the evidence about how that application worked, not by the outcomes in other cases. Nonetheless, it can be observed the construction of the relevant sections of the TIAA which I have preferred places a message yet to leave an application installed on the phone of a sender (i.e. – a message within the control of the sender) beyond the prohibition, just as a message in the control of the recipient is also beyond the prohibition.

    [115] E.g. – Metcalfe; Giaccio.  

29. It is the case that an individual user of the ANOM application could not stop the steps which occurred when send was pressed, but bearing in mind the evidence of Professor Seneviratne, the application had control over A’s message and that control exists for so long as the application operates in such a way that A’s message remains within the application. If the construction urged by the defendants was preferred, then a message typed on a phone (or an email typed on a computer) would be ‘intercepted’ if retrieved from that phone (or computer) even if the pressing of the send button had failed to send or transmit the message. For example, the message (or email) would be intercepted in breach of the TIAA even if the phone or computer was not connected to a telecommunications system when the send button was pressed and so no message could be sent until that connection was established. In my view, the prohibition in the TIAA is not intended to capture a message which has not left the application in which it was created, just as it does not seek to govern what can happen to a message once that same message has arrived at its destination.

    The third alleged interception

30. The defendants submit an interception occurred as a result of the iBot’s ‘listening activity’ which enabled it to retrieve messages from the XMPP server. 

31. The defendants describe the above activity occurring while the iBot application ‘was constantly pushing messages to the XMPP server and then retrieving those messages from the server’.  It may be accepted the iBot application communicated with the XMPP server, that the ‘pushing’ and ‘receiving’ occurred over a telecommunications system and that the copy message passed over the telecommunication system. 

32. Nonetheless, in my view, that the telecommunications system was used to transport the copy of the message and that the iBot requested messages addressed to it, does not lead to the conclusion the copy of the message received by the iBot was a record made of the original communication when it was passing over the telecommunications system. 

1. On the evidence before me, it may be doubted it is appropriate to find that the ‘listening activity’ is a ‘communication’ within the meaning of that term in s 5(1) of the TIAA, but that is unnecessary to decide. Assuming the ‘listening activity’ to be a ‘communication’, the prohibition in the TIAA is on recording such a communication. Just as any ‘communication’ involved in the authentication process the subject of the first alleged interception was not a communication which was recorded in its passage (or otherwise), this ‘listening activity’ is not something which was recorded. It is also not a communication sought to be led in evidence.

   The fourth alleged interception

2. The defendants submit that the communication sent to the bot user was intercepted as the iBot server ‘re‑transmitted the recorded communications it had received from the XMPP server to the AFP servers in Sydney’.  This directs attention to whether the copy of the message was ‘in its passage over [the] telecommunications system’ once it arrived at the iBot server.[116] It is necessary to return to ss 5F-5H.

   [116] TIAA s 6(1).

   When a communication is no longer in its passage over the telecommunications system

3. Section 5F(b) of the TIAA provides a communication continues to pass over the system until it becomes ‘accessible’ to the ‘intended recipient’. It is necessary to consider the meanings of ‘intended recipient’ and ‘accessible’. Section 5G defines ‘intended recipient’. Section 5H defines when a communication is accessible to an intended recipient.

   Intended recipient

4. The defendants submit the copy message had not passed over the telecommunications system when it was at the iBot server as the bot user (or iBot server) was not an ‘intended recipient’. 

5. It must be accepted that the bot user and iBot server were unknown to A and that A did not know the copy of the message was being made or sent. In my view, those things are irrelevant. I do not construe s 5G as making the subjective belief of the person sending a communication relevant to the identification of ‘intended recipient’. To the contrary, s 5G identifies the intended recipient by the address. In this case, the communication was addressed to the bot user ([email protected]) (the iBot server). The issue is whether the bot user was an ‘intended recipient’ within any limb of s 5G of the TIAA.

6. It has been held that a server can be an ‘intended recipient’.  In Voxson, it was held that mobile phone handsets used to capture messaging data sent from the server to the handsets was not an interception within the meaning of s 6. In that case the messaging data passing to and from the server and the handset was encrypted. Perram J found the routing of messages between servers and handsets was not an interception within the meaning of s 7(1):[117] 

   [117] Voxson, [26]‑[32].

   So far as the SUPL server was concerned it simply replied to a request from an IP address by sending data back to that IP address.  The IP address in this case was the IP address provided by the operator of the proxy server which, in Mr Lopez’s case, was Amazon Web Services.   

   I do not think that any breach of s 7(1) can have happened as a result of such an arrangement. The short reason for this is that operator of the SUPL server intended to send the message data to the IP address to which it in fact sent the message data. Consequently, upon the message data’s arrival at the proxy server the communication was complete. After that time, it was not possible to intercept the communication consisting of the message data because it was no longer travelling across a telecommunications system.

   That short reason may be expressed more technically as follows: s 7(1) prohibits the interception of a ‘communication passing over a telecommunications system’. A communication includes data (s 5) so the message data was a communication to which s 7(1) applied. A communication ‘passes over a telecommunications system’ from the time it is sent by the person sending the communication (here the operator of the SUPL server) to the time it ‘becomes accessible to the intended recipient of the communication’ (s 5F).

   There are two relevant concepts here: ‘intended recipient’ and ‘accessible’.  As to the former, if a communication is addressed to a person who is not an individual then the intended recipient of the communication is that person (s 5G(b)).  In this case, the communication was addressed by means of an IP address to the operator of the proxy server.  Consequently, the intended recipient was that operator.   

   When did the communication become ‘accessible’ to the operator of the proxy server?  The answer is provided by s 5H:  

   ‘5H When a communication is accessible to the intended recipient

   (1)For the purposes of this Act, a communication is accessible to its intended recipient if it:

   (a)     has been received by the telecommunications service provided to the intended recipient; or

   (b)     is under the control of the intended recipient; or

   (c)     has been delivered to the telecommunications service provided to the intended recipient.

   (2)Subsection (1) does not limit the circumstances in which a communication may be taken to be accessible to its intended recipient for the purposes of this Act.’

   Satisfaction of any of these subparagraphs causes the communication to be accessible to the intended recipient. In this case, there may be some nice questions about (b) and whether the operator of the proxy server has control of the communications it receives on behalf of the person hiring the server. However, these are of no moment because (a) and (c) are both satisfied. It is inevitable that the proxy server was connected to the internet by means of a carriage service provided by someone. Consequently, when the communication was delivered to that carriage service provider (as it inevitably must have been) subparagraph (a) was satisfied (as must also have been (c)). From that moment the communication was accessible by the intended recipient, the operator of the proxy server. It follows that from that time the communication was no longer passing over a telecommunications system. What Mr Lopez and Mr Hendriks did with the proxy server (or in Mr Lopez’s case the second proxy server) might, I suppose, have been an interception within the meaning of 7(1) (as defined in s 6) (although I have my doubts about that too) but this does not matter. Even assuming it was, s 7(1) only applies to interceptions which occur whilst the communication is passing across a telecommunications system which the communications coming from the SUPL server could not be once they were received by the proxy server.

   Accordingly, s 63(1) does not prevent the receipt of Mr Lopez and Mr Hendrik’s evidence.

7. As can be seen, Perram J found that a communication addressed by means of an IP address to the operator of a proxy server satisfied s 5F(b). Namely, that it was a communication addressed to a person who is not an individual. In my view, that is the appropriate conclusion in this case. The evidence is the username was ‘[email protected]’ and the iBot was a server running the ANOM application. The server was the device on which the communication was received. I do not understand it to be in dispute that server was controlled by a person. In my view, an ‘intended recipient’ was the server running the iBot application, that server being controlled by a person.

   Accessible

8. I turn to when the communication became accessible to the operator of iBot server.  Section 5H(1) provides: 

   (1)For the purposes of this Act, a communication is accessible to its intended recipient if it:

   (a)     has been received by the telecommunications service provided to the intended recipient; or

   (b)     is under the control of the intended recipient; or

   (c)     has been delivered to the telecommunications service provided to the intended recipient.

9. As set out above, ‘telecommunication service’ is defined in s 5(1). In my view, it includes a device on which a communication is received.[118]  In this case, the server running the iBot application.  In my view, given the iBot server was an ‘intended recipient’, all three limbs of s 5H(1) are satisfied.  Once the communication arrived at the iBot server: it had been received by the telecommunications service provided to the intended recipient; was under the control of the intended recipient (e.g. – it was able to be decrypted and saved)[119] and had been delivered to the telecommunications service provided to the intended recipient. 

   [118] R v Healey [2016] QCA 334; Metcalfe. 

   [119] E.g. – Mr Jenkins T1112; T1067. 

10. For the above reasons, once the communication addressed to the bot user arrived at the iBot server, it was no longer passing over the telecommunications system. Anything done with respect to that communication from the moment it arrived was not an interception in breach of s 7(1) of the Act.

11. The defendants accept that if none of the four alleged interceptions occurred, any further recording of any relevant communication was not a breach of the TIAA.

    Conclusion

12. For the above reasons, none of the four ‘interceptions’ alleged by the defendants involved a breach of the TIAA. The communications sought to be adduced were not obtained in breach of s 7(1) of the TIAA.

13. The application for exclusion of the evidence on the grounds set out in the interlocutory application referred to as Chapter 1 is dismissed.