Data retention reforms pushed through by Government committee

Australian legislation mandating data retention is one step closer, with the Federal Government's National Security Committee quietly signing off on proposed legislation requiring telcos to retain users' metadata for two years.

Chaired by Prime Minister Tony Abbott and made up of members of the Coalition including Attorney-General George Brandis and Foreign Minister Julie Bishop, the NSC was established to address "major international security issues" and its decisions do not require the endorsement of the larger Cabinet.

The new data retention legislation was announced in a joint press conference by Prime Minister Abbott, Brandis and Bishop as part of a suite of reforms including changes to definitions of terrorism and criteria for the detention of suspected terrorists.

Debates on data retention have divided the industry, with law enforcement agencies and ASIO citing growing security concerns that necessitate the practice, ISPs arguing that data collection is onerous and expensive, and civil libertarians putting forward a case that mandatory collection of metadata is an invasion of privacy.

But the push towards legislating for retention has stepped up a notch with the NSC providing "in principle" support for a bill to be introduced to Parliament "later in the year" according to Brandis.

A response to growing security threats?

Brandis has previously couched justifications of data retention in terms of "real and undiminished" national security risks and the need to keep legislation in step with the terrorist groups' "sophisticated" use of technology.

However, Shadow Attorney-General Mark Dreyfuss (who declined to introduce a data retention scheme while in office as AG) said the push for access to metadata was not necessarily a response to current security concerns.

"Mandatory data retention is a long standing suggestion of the intelligence agencies and Australian police forces," he told CNET. "It's not something which is directly prompted by any particular immediate threat.

"What the intelligence agencies and police have said repeatedly [is] that they're concerned that in future data will not be available when they go to seek it from telecommunications companies. At the moment we've got a system where law enforcement agencies and telecommunications agencies can go and seek data from the companies which hold it.

"The concern is if they cease to hold it, then law enforcement agencies won't be able to get it when they go to look for it."

Privacy concerns

While various groups have downplayed the significance of metadata as it relates to privacy and just how extensive the cache of retained data will be, Dreyfuss said "it's clearly not anonymous" data.

The privacy implications of collecting the digital breadcrumbs of Australian phone and internet users have been highlighted by aspiring Senate microparty, the Pirate Party. In response to the NSC's actions, the Pirate Party said: "It is wholly inappropriate for a digitally illiterate cabal of politicians to determine what is appropriate policy in this area at all."

"This is a grotesque attack on every Australian's right to privacy and the legal principle of being treated as innocent until proven guilty, as a blanket Internet surveillance regime treats us all as suspects, sucking up a wealth of data that goes significantly beyond the pre-digital era definition of metadata," said Pirate Party President, Brendan Molloy.

These sentiments were echoed by Chris Berg, policy director of the Institute of Public Affairs, who described the NSC's push to bring in a data retention scheme as "repressive and expensive".

"Mandatory data retention treats all Australians as suspected criminals, storing away records of their internet activities just in case, in the future, they are accused of criminal activity," he said. "Far from a targeted anti-terrorism measure, data retained under the government's policy will be available for any law enforcement agency [to] pry into."

Warranted access?

The question of access is a valid one -- while police can currently access telecommunications metadata, they require a warrant for the privilege. The Pirate Party believes this kind of safeguard should be retained.

"Metadata is personally identifiable information; it is private, and it should require a warrant for collection and access," he said. "The potential for abuse is greatly outweighed by any positives there may be."

According to the most recent statistics [PDF] from the Attorney-General's Department (for the 2012-2013 financial year) more than 300,000 authorisations were made for law enforcement agencies (such as police) for access to metadata to enforce a criminal law. In addition, Commonwealth Enforcement Agencies such as Customs and the ACCC granted authorisations for access, while the number of authorisations made by a State or Territory Enforcement Agency (including local councils and the RSPCA) exceeded 600.

Speaking about access, deputy Greens leader Adam Bandt told the ABC that the NSC's push for legislation was "massive overkill and overreach" and "a plan to spy on every Australian", and that there should be limitations to access.

"If the government is concerned about illegal activity, then it should do what it does elsewhere and get a warrant," he said.

iiNet's Steve Dalby also weighed in on the debate at the Senate's Legal and Constitutional Affairs References Committee hearing into Telecommunications Interception and Access.

When asked about how law enforcement agencies could adequately do their job without accessing metadata, Dalby replied: "How have they got it for the last 100 years?"

Updated August 6, 2014, at 9:30 a.m. AEST to include links to the joint press conference announcing data retention.