Flagpost is a blog on current issues of interest to members of the Australian Parliament

Parliamentary Library Logo showing Information Analysis & Advice

Filter by



Tag cloud

Law enforcement access to telecommunications data: neither secret nor new

In the wake of the furore over the leaking of details of the US Government’s electronic surveillance program, PRISM, reports emerged in the Australian media ‘revealing’ that the Australian Federal Police (AFP) are accessing phone and Internet records without a warrant. In response, the Australian Greens announced on 11 June their intention to introduce a Bill to ‘strengthen the regulation of data collection on Australians’ by requiring law enforcement agencies to obtain a warrant to access such information. However, warrantless access by police to communications data has been in place for over 15 years and reported in detail annually since 2008, meaning such access is neither secret nor new.

Communications data is information about an electronic communication, that does not include the communication’s content. It was deliberately never defined in legislation to allow for developments in technology, but in September 2012, the then Attorney-General described it as:

… information about the identity of the sending and receiving parties and related subscriber details, account identifying information collected by the telecommunications carrier or internet service provider to establish the account, and information such as the time and date of the communication, its duration, location and type of communication.
Under the Telecommunications (Interception and Access) Act 1979 [TIA Act], police are able to access communications data without a warrant. This has been the case since late 2007, when amendments to implement the recommendations of the 2005 (Blunn) Report of the Review of the Regulation of Access to Communications took effect. Prior to this, police had been able to access basic call data without a warrant since at least 1997, under the Telecommunications Act.

In contrast, to access the content of a communication, police must obtain a warrant.
Access to ‘non-content’ communications data is available only for specific purposes and approved by an authorised officer within the relevant enforcement agency (defined in the TIA Act). As explained in the Parliamentary Library publication Telecommunications data retention—an overview:

Law enforcement agencies are able to access historical/existing telecommunications data … by authorisation under the TIA Act 1979, in cases where the information is considered reasonably necessary for the enforcement of the criminal law or a law imposing a pecuniary penalty, or the protection of public revenue. Disclosures of prospective data (that which comes into existence after an authorisation is received and during the period it remains in force) can only be made in cases where it is considered reasonably necessary for the investigation of an offence that is punishable by imprisonment for at least three years.
The TIA Act 1979 report for the year ending 30 June 2011 states that communications data includes ‘Internet Protocol (IP) addresses and Uniform Resource Locators (URLs) to the extent that they do not identify the content of a communication’ (p. 10), which reflects the Explanatory Memorandum for the TIA Amendment Bill 2007. However, in September 2012 the Attorney-General specifically excluded websites, as did the Attorney-General’s Department (AGD) in October 2012 Senate Estimates, which confirmed that all URLs are regarded as content (p. 90).

The AFP recently outlined the importance of communications data to its investigations (submission 163, p. 15):

Non-content telecommunications data is an important investigative tool for the AFP. It can provide important leads for agencies, including evidence of connections and relationships within larger associations over time, evidence of targets’ movements and habits, a snapshot of events immediately before and after a crime, evidence to exclude people from suspicion, and evidence needed to obtain warrants for the more intrusive investigative techniques such as interception or access to content. Disclosure of non-content telecommunications data is one of the most efficient and cost effective investigative tools available to law enforcement.
Due to the high volume of requests and the routine uses to which the information is put, the AFP has previously rejected any suggestion that access to communications data be regulated by warrant (pp. 86–87):
So if you were wanting to grind the AFP to a halt, then you should implement a warrant scheme to actually do non-content data application—because 23,000 of these would require 23,000 judges to consider affidavits for those to be prepared and for those to be granted. It is an unrealistic expectation.
The warrantless system operates on the basis that accessing the details of a communication is less intrusive than accessing its content. Whether or not one agrees with this presumption, the bigger issue might be the lack of an agreed standard definition of communications data. This leaves open to question, for example, the extent to which agencies are/have been recording URLs under the warrantless regime in the belief that it constitutes non-content communications data, when recent Estimates evidence from AGD states that URLs amount to content, access to which, by definition, would require a warrant.