I have received two questions about this issue, both from Victoria. My first correspondent wrote:
Recently my Fire Brigade in Victoria has opted to implement an emergency response system. The system basically takes the emergency information which is sent to the brigade via pager, and from this creates a map of the shortest route, nearby hydrants, weather etc. There are a number of these types of programs around and many of them are already in use in other Brigades and emergency services.
It’s all automatic. One system uses existing off air decoder infrastructure which is already installed at each fire station and generates the response information automatically using software designed by the owner of the company. Another system “taps into” the network using its own radio receivers and again generates the information automatically using software designed by the owner.
There has been much discussion regarding the legality of such a program and whether or not we are committing an offence by using them. I have tried to research the law which governs the use of this information however have been unsuccessful in finding the relevant legislation. Are you able to point me in the right direction and/or provide your advice on the subject?
I declined to address that as it was just too far outside my area of expertise and I didn’t have sufficient detail to understand the issue. I have now received a second question from another correspondent who included a memo from Victoria SES dated 6 March 2016 headed ‘Enhanced Messaging Systems for Member Availability and Operational Response’. My (second) correspondent wrote:
Currently, a major issue (perhaps across emergency services across the nation) is the use of scanning to view emergency alerting messages on different devices. Of particular note is the current problem facing VICSES and CFA members in regards to the large user base of the mobile application BART (http://www.bart.emerg.com.au/).
A number of users had been running scanners to receive EAS paging messages on their computers or brigade PC’s to supplement the pagers commonly used for alerting. The organisation behind BART took that a step further and integrated a paging feed (I’m assuming captured via a radio scanner) into their mobile application.
My understanding of the law up until now was that radio frequency scanning is perfectly legal as long as the user does not act on information they were not initially authorised to receive. If that is indeed the case, then by being SES or CFA members that are authorised to act on the information (given that we are all issued pagers which receive the same information) how can the service send an email to all members with a blanket statement claiming it is illegal? Over the past 5+ years I understand that telecommunications legislation has undergone some major changes and my lack of legal knowledge has made it rather difficult to understand. Perhaps it has changed, and I am unaware.
I did phone the ACMA information line to ask about this and was advised that there were no issues with scanning. After all, the CFA even sells Uniden scanners to their members. Uniden themselves sell pre-programmed scanners for ESO frequencies to the general public.
I suspected VICSES may consider the BART application to be illegal as they are running a commercial service with information captured using a scanner, however the actual statement from the service seems to imply that no feeds of any sort may be captured in any way which I believe to be incorrect. Being of an IT technical background, I have been keen to set up my own feed at the brigade headquarters to display on an information panel in our operations room, however according to the service this is illegal too.
I guess the question in summary is: “Is radio frequency scanning illegal, and if not what can and can’t be done?”
I also note that there are websites that rebroadcast live streaming emergency service radio communications.
Let me return to my response to my first correspondent (where I declined to answer the question). I claim some expertise in the law of emergency response, but not in telecommunications law, but I am indeed a lawyer so I should be able to find something. To repeat what I say on the page ‘about’ this blog ‘This is not a place for providing specific legal advice, so I won’t be able to answer questions that are based on actual events…’ That has to be particularly true here and what follow has to be read with a greater than normal degree of caution.
To clarify my understanding as this is what I’ll explore. What I understand is happening is that the SES and CFA send out a message via pager. I assume that works by sending some sort of data package that is transmitted from various base stations, the signal is received by the pager that can convert the data to text which is displayed on the screen. Because these transmissions are out there a person with an appropriate receiver and decoder can also ‘catch’ the transmission and that is what BART (http://www.bart.emerg.com.au/) and others are doing. They are then taking that data and providing enhanced mapping and other information that assists responders to get to the job.
With that understanding I’ll now begin an exploration of telecommunications law.
The advice issued by Victoria SES says:
The Executive wishes to reiterate the advice we have received, is that applications that illegally intercept the paging data feeds like BART and BART-like applications are not just technically illegal, they are actually illegal and VICSES cannot and does not endorse any activity that is in breach of the law.
Unfortunately it gives no reference to where the relevant law can be found. The regulation of telecommunications is a Commonwealth, not a state matter, so we need to look at various items of Commonwealth legislation.
The Telecommunications Act 1997 (Cth) Part 13 provides for the Protection of Communications. That part seems to govern various providers of telecommunication services and creates offences if they release information about their subscribers or the information that they communicate via their service. In short your mobile phone service provider and its employees cannot disclose the contents of your text messages.
An ‘emergency call person’ (that is someone whose job it is to receive an emergency call) is not to release information that they receive in the course of their work as an emergency call person (Telecommunications Act 1997 (Cth) s 278). Of course there is no offence if the disclosure is made ‘in the performance of the person’s duties’ so there is no offence for an ‘emergency call person’ to use the information they receive to dispatch the emergency services (s 279(5)). Section 286 ‘Calls to emergency service number’ also allows the release of information that is given to an emergency call taker to the relevant emergency service. We can infer that a person who receives a call for the CFA or the SES and then sends that information via the pager system to alert the brigade or unit commits no offence.
None of that prohibits interception of this data but it must impose some obligation upon the emergency services to act reasonably. Consider an emergency call taker who is required to keep confidential the information received when a person makes an emergency call. The call taker can of course record that data and then use it to despatch the emergency services, but they couldn’t do that by going to the window and yelling out to the crew in the fire station across the road. That would be disclosing the information to anyone else who is walking along the street (and see the discussion on the Privacy Act, below). So a confidential system is used, either radio, telephone, or walking down with the call out information on a piece of paper. We know that radio and telephone communications’ can be intercepted and there are limits to what a service can do to encrypt that data but they have to take some care not to disclose the information.
The Radiocommunications Act 1992 (Cth) provides that it is an offence to have or operate a radiocommunications device (which includes a receiver (s 7) unless there is an appropriate licence. There are an infinite number of standards and licenses listed on the Federal Register of Legislation which allow us to have things like mobile phones, hands free phones, remote control devices etc. I can’t determine whether or not the receivers that the various services that are providing enhanced response information are covered by those licences, but one would have to infer that if the emergency services can broadcast their message on a particular channel, a device that receives that message must be covered by a relevant licence.
It is an offence to use a transmitter that may interfere with emergency service telecommunications (s 196) but I don’t understand that what these services are doing is interfering with the ESO telecommunications.
The Telecommunications (Interception and Access) Act 1979 (Cth) s 7 says:
A person shall not:
(b) authorize, suffer or permit another person to intercept; or
(c) do any act or thing that will enable him or her or another person to intercept;
a communication passing over a telecommunications system.
Interception means ‘listening to or recording, by any means, such a communication in its passage over that telecommunications system without the knowledge of the person making the communication’ (s 6). A telecommunications system is a telecommunications network that is wholly or in part in Australia ‘and includes equipment, a line or other facility that is connected to such a network and is within Australia’ (s 5). A telecommunications network is ‘a system, or series of systems, for carrying communications by means of guided or unguided electromagnetic energy or both, but does not include a system, or series of systems, for carrying communications solely by means of radiocommunication’ (s 5; emphasis added).
(a) radio emission; or
(b) reception of radio emission;
for the purpose of communicating information between persons and persons, persons and things or things and things (Radiocommunications Act 1992 (Cth) s 6).
A ‘radio emission’ is ‘is any emission of electromagnetic energy of frequencies less than 420 terahertz without continuous artificial guide, whether or not any person intended the emission to occur’ (s 8). I have no idea what that means. The maximum penalty for an offence contrary to s 7 is 2 years imprisonment (s 105).
Finally there is the Privacy Act 1988 (Cth) and the Privacy and Data Protection Act 2014 (Vic). Both these Acts give effect to the agreed Privacy Principles which provide, in short, that a public service agency can only use information that it receives for the purposes for which it was received and must take steps to ensure that the information is not disclosed to inappropriate persons. In Victoria the Commissioner for Privacy and Data Protection ‘must develop the Victorian protective data security framework for monitoring and assuring the security of public sector data’ (Privacy and Data Protection Act 2014 (Vic) s 85). Let us assume, without checking, that there is a framework and that it applies to both the CFA and the SES.
Having set out some relevant law we can now try to apply it to the situation at hand even without proper technological understanding. First my (second) correspondent says:
My understanding of the law up until now was that radio frequency scanning is perfectly legal as long as the user does not act on information they were not initially authorised to receive…I did phone the ACMA information line to ask about this and was advised that there were no issues with scanning. After all, the CFA even sells Uniden scanners to their members. Uniden themselves sell pre-programmed scanners for ESO frequencies to the general public.
The issue is that there is a Radiocommunications Act and a Telecommunications Act. Section 7 of the Telecommunications (Interception and Access) Act 1979 (Cth) makes it an offence to intercept a Telecommunication but there is no equivalent for radiocommunications. Put simply it’s an offence to intercept Telecommunications but not Radiocommunications, but what’s the difference?
Since making the original post contributors have made comments (see the ‘Responses’ button, below). I’m grateful for the comments by David Fitch, for helping my thinking here. (See also https://www.quora.com/Whats-the-difference-between-telecommunication-and-radio-communication). David, in a comment says ‘I guess to me at least it comes down to whether a transmission is intended to be private or not’. That’s not the legal test but it may still be helpful. Anyone who has used a two way radio, whether it’s on a private radio network, UHF CB or the Government Radio Network knows that other people with a radio on the same frequency or in the talkgroup can hear the conversation. When you pick up a phone, even a mobile phone, you expect that the only person who can hear the conversation is the person on the other phone. The phone does not depend solely on radio communication as there has to be other features such as a SIM card, a telephone number and account etc and the phone is connected to the network. If there’s no mobile tower nearby my ‘phone won’t work even to call the person next to me. A radio will transmit to the world from it’s own aerial and I can communicate with anyone in range without the need for those extra features. That may be a useful way to imagine the difference. David’s comment below, suggests that a pager is just another radio receiver and if that’s right that would mean the pager message is radiocommunication. If on the other hand, it needs to be ‘connected to’ a network then it would appear it’s a telecommunication’s device.
As noted by my correspondent, you can easily buy a scanner and there are websites that stream emergency services communications (see for example http://nswscan.blogspot.com.au/p/live-streams.html). On the assumption that action would have been taken if this was illegal I would infer this is not an offence under the Telecommunications (Interception and Access) Act 1979 (Cth) s 7 because this is intercepting ‘radiocommunication’ not ‘telecommunication’.
If a pager is a ‘radiocommunication’ then the Telecommunications (Interception and Access) Act 1979 (Cth) doesn’t apply in which case someone who ‘harvests’ the pager data is not committing any offence. If the ESO facilitates that, however, the ESO may still be committing offences under the Telecommunications and Privacy laws unless they have taken the appropriate steps to bind the third party service provider to ensure that they do protect the data.
There are then a number of scenarios.
- If a pager is telecommunications and the third party is intercepting the CFA/SES communication that is not intended for them, then that would be an offence contrary to s 7 of the Telecommunications (Interception and Access) Act 1979 (Cth). A pager message is an example of telecommunication if the pager message is delivered via ‘a system, or series of systems, for carrying communications by means of guided or unguided electromagnetic energy or both, but [is not] … a system, or series of systems, for carrying communications solely by means of’ ‘any emission of electromagnetic energy of frequencies less than 420 terahertz without continuous artificial guide’.
- If the pager message is delivered via radiocommunication that is ‘a system, or series of systems, for carrying communications … solely by means’ of ’emission of electromagnetic energy of frequencies less than 420 terahertz without continuous artificial guide’ then there is no offence in monitoring the transmission.
- If the SES/CFA facilitate the service by providing the feed – so if for example a local unit contracts with the service provider and allows them to access their feed there are a number of other issues. First that may be an offence under s 7(1)(b) (‘authorising’) or (c) (‘enabling’) of the Telecommunications (Interception and Access) Act 1979 (Cth). Second, sharing the confidential information that the caller has provided with the service provider, without ensuring that the service provider is also bound by the relevant privacy principles, could be an offence contrary to the Privacy Act 1988 (Cth) and the Privacy and Data Protection Act 2014 (Vic). If the service is knowingly sharing the information with the service provider that might also be an offence under the Telecommunications Act 1997 (Cth) s 278.
It follows that the SES is correct, there are ‘legal issues such as accessing the data, and addressing information privacy requirements’ at least where the data is provided by the agency. Equally if the third party provider is harvesting data from a telecommunication (but not radiocommunication) system then intercepting ‘the paging data feeds’ is illegal.
That does not mean that setting ‘up my own feed at the brigade headquarters to display on an information panel in our operations room … is illegal too’ because that is using the information for the purpose for which it was intended and is keeping the information within the agency. It is not disclosing the information to some third party without ensuring that they too will honour the agencies obligations. I can’t comment on that in detail but it does appear to be quite different.
As noted at the start this is my first foray into telecommunications law (and I thank my correspondents for opening a new area for me) so my conclusion has to be read with more caution than normal. A particular problem is that I don’t know or understand the technical details of what the service is providing, how the pager system works and how the message is being obtained by the enhanced service provider.
With those limitations however, it is clear that indeed there could be many issues. The critical issue is that by getting the data from the pager/call out feed the third party provider is getting access to private information without the consent of the person who gave the information and either without the consent of the CFA/SES or without contractual guarantees to ensure that the service provider is committed to protecting the data as if they were the CFA/SES. To return to the SES memo it says:
VICSES has had discussions with EMV who have undertaken to conduct some further research, including what other interstate jurisdictions are doing about BART and similar applications, seeking advice from ACMA as to what options are available to address legal issues such as accessing the data, and addressing information privacy requirements.
That seems eminently sensible. If ‘Units have gained some advantages through enhanced capability to manage member availability and in some cases supplement the primary alerting system’ then the commitment from VICSES to look at options will, hopefully and in due course, find a way to secure those advantages. In the meantime the direction that ‘Units are not to seek extensions, renewals or variations to such contracts or to enter into any new contracts following this advice’ also seems entirely sensible.