The Attorney-General announced this year that the Federal Government would like to keep tabs on its citizens’ internet usage for purposes of national security. Will the data retention laws really be as innocent as the government claim? Stella Gray investigates
The federal government’s plan to keep logs of every Australian internet and phone user’s activity for two years, to be made accessible without a warrant, has drawn criticism from experts and industry over privacy and legal concerns.
The data retention bill proposes that communication service providers retain what is referred to as ‘metadata’, which includes: device locations, phone numbers called, the time and duration of each phone call, the e-mail address from which a message was sent and the time the message was sent, and bandwidth, upload and/or download volumes.
The data retention bill has been strongly criticised for both its potential impact on the privacy of Australian citizens, its technical weaknesses and confusion about its actual scope.
Dr Adam Molnar, a criminologist at Deakin University, says it is important to highlight that similar legislation has been considered a violation of human rights in other developed nations, including Europe.
“Not only is it a violation of Australian’s right to unwarranted intrusion from authorities into the intimate activities of their private lives, there is recent evidence that shows that mass surveillance fails drastically when trying to strike a balance between security and liberty in society,” he said.
Australia’s Human Rights Commissioner Tim Wilson says he is wary of the legislative requirement to store metadata, but companies “are already free to do so”.
“My main concern is who has access to it, whether those that are allowed to access it have proper protocols, whether there is proper oversight, and whether there is punishment for those that inappropriately access it or use it for nefarious purposes.”
A report by the Parliamentary Joint Committee on Human Rights released in November stated: “Communications data can reveal quite personal information about an individual, even without the content of the data being made available, revealing who a person is in contact with, how often and where. This in turn may reveal the person’s political opinions, sexual habits, religion or medical concerns”.
The bill states that the contents of phone calls, emails and web browser histories are not to be stored. However, a problematic issue for the Government is the current confusion surrounding its own definition of ‘metadata’.
A detailed explanation of what constitutes metadata is not included in the current bill. Instead, the Government has deferred any definition to regulations, which do not yet exist.
This lack of definition, says Steve Dalby, chief regulatory officer at iiNet, is “the government signalling that they don’t actually have a documented plan. That’s clear. This results in a low level of trust”.
Also unanswered is the question of who will shoulder the costs for obliging telcos to store vast amounts of customer data for two years.
Dalby says there is no doubt about who will be paying for data retention.
“Any new obligations will create costs. Consumers will pay. Either as customers of ISPs or as taxpayers. It’s the only possible source of funding.”
“We already carry the cost for other law enforcement systems, so there is nothing inherently unique about carrying a cost for such an activity either by taxpayers or customers,” Wilson said.
“Whether it is justified and proportionate depends on the figure. I don’t have that figure so I cannot really comment.”
The data retention bill indicates that fewer agencies will have access to metadata under the new legislation. Only law enforcement, security and intelligence agencies will have access to metadata without a warrant, but the final discretion over who has the same access will lie with the Attorney-General of the day.
This suggests the scope of the data retention regime can expand much wider than the current proposals before parliament.
Some critics of the bill have pointed out that there will be a free-for-all with access to private data in civil matters, such as copyright infringement and divorce cases.
Both Wilson and Dalby said it would be difficult to police exactly who has access to such metadata, especially when it is within their concession to provide and approve it.
“I don’t have a fundamental problem with accessing any data if it is available for a civil proceeding so long as approval is given by a court,” Wilson said.
“Despite the government’s rhetoric, once we have data in our possession, any interested party can apply for ‘preliminary discovery’ for any civil or criminal prosecutions,” Dalby said.
Adam Molnar says that, while the government is expanding powers in a “breathtaking way” for law enforcement and national security intelligence agencies, “it has made a conscious effort to restrict access to Telecom data by ASIC, the lead agency that is responsible for investigating corporate white-collar crime. The government needs to respond to the public on why they have made this decision”.