Proposed legislation requiring ISPs to retain metadata for two years could have implications beyond criminal investigations, with the Attorney-General's department advising that data could be used to pursue piracy.
In a wide-ranging hearing that covered topics as broad as warrants, terrorism and torrents, the Parliamentary Joint Committee on Intelligence and Security heard from representatives of ASIO, the Attorney-General's Department, the AFP and the Australian Crime Commission, each outlining their case for requiring telcos and ISPs to retain metadata for two years under proposed legislation.
While the Attorney-General's department said data would be made available to government agencies involved in enforcing criminal law, Shadow Communications Minister Jason Clare questioned whether there might be implications for "civil litigation, and particularly the sticky issue of piracy".
While recognising that Attorney-General George Brandis has previously discounted using metadata to pursue individual pirates, Minister Clare said there were persistent concerns that the government could be "creating a honeypot that people can use for the purposes of discovery or...for civil litigation to pursue people that are pirating material".
In response, representative of the Attorney-General's department Anna Harmer said there were frameworks in place governing how carriers disclose that information, and that metadata is already "available and amenable" for court proceedings, including discovery processes for rights holders to identify potential pirates.
Citing theand the speculative invoicing used by some rights holders to pursue pirates, Minister Clare pressed further, saying a mandatory data retention scheme could leave a greater cache of information for rights holders' to draw on in litigation.
"You've now got all of this data available that a content producer can use in order to try to dig a bit deeper and find out who's downloading this material," the Minister said.
"Under the existing law, they would have the right and ability to pursue that in court, so this additional data that is being preserved, that might otherwise disappear over the course of the next five years or so, would available to pursue through those court orders."
Minister Clare was not alone in raising the spectre of piracy at the Committee hearing. Communications Alliance CEO John Stanton warned that the public awareness surrounding the data retention debate could lead to more parties wanting a piece of the metadata pie.
"This is a high profile exercise and will put it very clearly in the public consciousness that a defined set of data is available from every service provider," Stanton said.
"We may generate a tsunami of action in commercial pursuits and marital disputes and many other cases where the data is being mined...for all sorts of purposes which the data retention bill was not meant to facilitate."
Also following the line on piracy, Shadow Attorney-General Mark Dreyfus questioned those appearing before the committee why proposed data retention laws included the volume of data uploads and downloads of all Australian internet users.
Minister Dreyfus said the proposed data set included in the draft bill was largely the same as overseas regions such as the EU, "except for the addition of volumes of uploads and downloads". In questioning the need to track uploads and downloads, he proposed that "volume data could be especially useful in targeting torrenting activity" and that could explain its inclusion in the bill.
However, AFP Deputy Commissioner for National Security Michael Phelan contested that the information would be used to "work out whether or not the line is active" and what resources would be required to conduct an intercept on a particular internet service.
The so-called 'draft data set' and details around exactly what telcos and ISPs would be required to retain was also a major sticking point in the hearing.
Despite lengthy discussion, the Attorney General's Department would not clarify the finalised definition of metadata to be included in the bill, beyond the six broad classes of data outlined in the draft legislation. However, the Department confirmed that the classes of metadata were kept relatively broad in the bill, meaning that further detail would be outlined through regulation, rather than legislation passed by Parliament.
In addition, Department representatives would not be pressed on how much mandatory data retention would cost telcos and ISPs, saying that further consultation with industry was required.
However, on the point of cost, the AFP warned that requiring warrants for all metadata access requests would be a significant imposition for authorities, saying that each warrant requires 8 hours' work and the whole scheme could cost as much as AU$25 million a year.
Updated at 5.15 p.m. AEDT to include comments from Communications Alliance.