Access to and retention of internet 'metadata'

Parliament house flag post

Access to and retention of internet 'metadata'

Posted 18/08/2014 by Jaan Murphy


Access to and retention of internet ‘metadata’

On 5 August 2014, the Government announced its intention to update Australia’s telecommunication interception laws. This is part of broader efforts to enhance powers available to security agencies ‘to combat home-grown terrorism and Australians who participate in terrorist activities overseas’. This includes developing a mandatory ‘metadata’ retention system.

Whilst having a period of mandatory metadata retention would be new, the collection of metadata by telecommunications companies and government access to it is not new and is governed by the Telecommunications (Interception and Access) Act 1979 (TIA).  Whilst the need for such a scheme was linked to combating terrorism, it is worth noting that Australian and European experience suggests that the most common law enforcement use of metadata will be in non-terrorism criminal cases.

How does Australian law define metadata?​

The TIA does not contain a specific, positive definition of metadata (referred to as ‘telecommunications data’). Instead, metadata is negatively defined in section 172 as excluding any:

  • information that is the contents or substance of a communication, or
  • documents (to the extent they contain the contents or substance of a communication).

Put simply, metadata (in the context of web browsing) is what remains of a communication or document after its contents and substance is excluded. As a result, the legal definition of metadata is ambiguous; an oversight commentators suggest is surprising.

In part, the ambiguity arises from conflicting views on what constitutes ‘the content’ of a communication. For example, one of the most contentious issues of the current Australian regime is whether Uniform Resource Locators (URLs) are metadata. If they are, then warrantless governmental access to individuals’ web browsing history is possible.

One view is that as URLs are user-generated, they are content. Another view – expressed by the Attorney-General’s Department - is that metadata is ‘information that allows a communication to occur’. As that is what URLs do, consequently they are not content. The issue is that that some URLs can identify the substance of a communication.

For example, the URL of the FlagPost article on oversight of the Australian Intelligence Community includes the text ‘Maintaining_oversight_of_the_AIC’ which arguably identifies the ‘substance’ of the communication. Other URLs however, do not allow the substance of a communication to be identified.

The Communications Minister indicated that the Government was developing a definition of metadata in consultation with telecommunications providers, which may remove the ambiguity.

Disclosure of metadata

While sections 276-278 of the Telecommunications Act 1997 prohibit the disclosure or use of information or documents, Chapter 4 of the TIA outlines two circumstances where metadata (as negatively defined by s 172 of the TIA) can be lawfully disclosed to ASIO and enforcement agencies. Voluntary disclosure is permitted where an employee of a telecommunications provider encounters information they regard as being 'in connection with' ASIO's functions or 'reasonably necessary' for enforcing criminal law. Alternatively, ASIO and enforcement agencies can themselves authorise disclosure of metadata from telecommunications service providers, without a warrant.

Differing views

The current access scheme hinges on the meaning of ‘metadata’. Some submissions to the Senate Committee on the Bill that created the current scheme expressed concern at the lack of a definition of metadata and suggested there was 'unacceptable ambiguity and uncertainty about the "reach" of the various powers' it confers on national security and law enforcement agencies.

Similar observations were made in submissions to the Australian Law Reform Commission review of privacy laws. However, the ALRC expressed the view that definitions should remain ‘technology neutral’, and hence metadata should not be defined. Likewise, the Attorney-General's Department considered that attempts to define metadata risked redundancy.

Since then, conflicting views of what constitutes metadata have emerged. For example, the Replacement Explanatory Memorandum to the 2007 Bill states that metadata:

does not include content such as the subject line of an email, the message sent by email or instant message or the details of Internet sessions, such as the Uniform Resource Locator/Identifier  (URL/URI).

This interpretation was reiterated by the Attorney-General’s Department in evidence to Senate Estimates hearings, where it was stated that a warrant would be required to obtain a URL from a person’s Internet records.

However, it would appear that as a matter of statutory interpretation, the URLs of websites visited by Internet users may be considered metadata if they do not identify the substance or content of a communication. This view is supported by current industry practice.

Industry practice

During the 2012 PJCIS inquiry into potential reforms of national security legislation, Telstra indicated the type of data it is prepared to disclose to law enforcement and national security agencies included ‘…(URLs) to the extent they do not identify the content of the communication’.

Industry practice therefore illustrates that URLs may be provided to law enforcement and national security agencies without a warrant.

Other jurisdictions

US legislation allows government access to metadata with or without a warrant, depending, in part, on the type of service provider holding the information.  The circumstances in which metadata can be disclosed to various government agencies is linked to highly technical definitions of ‘electronic communications service’ (ECS) and ‘remote computing service’ (RCS) providers. This complex, technically driven regime has been the subject of substantial criticism.

In contrast to the US and Australia, Canada has adopted a technology neutral approach to defining metadata. Under the Canadian Criminal Code unauthorised access to ‘private communications’ is prohibited. The Canadian Supreme Court has ruled that certain types of metadata are ‘private communications’, stating that:

It is not just the communication itself that is protected, but any derivative of that communication that would convey its substance or meaning.

Conclusion

The current regime for access to metadata arguably allows law enforcement and intelligence agencies to access URLs under the umbrella of ‘metadata’ (provided the URL does not identify the content of the communication) despite stakeholders holding contradictory perspectives. This ambiguity indicates that the proposed mandatory metadata retention scheme, if modelled on existing laws, may exacerbate the confusion surrounding the definition of metadata.

Note: the 'Industry Practice' section of this Flagpost was updated on 19 August 2014, to reflect the use of the word 'may' in Telstra's submission to the PJCIS.

 


Thank you for your comment. If it does not require moderation, it will appear shortly.

Add your comment

[Click to expand]

We welcome your comments, or additional information which is relevant to a post. These can be added by clicking on the ‘Add your comment’ option above. Please note that the Parliamentary Library will moderate comments, and reserves the right not to publish comments that are inconsistent with the objectives of FlagPost. This includes spam, profanity and personal abuse, as well as comments that are factually incorrect or politically partisan. We will close comments after three months.




Captcha
Generate a new image
Type characters from the image:

Facebook LinkedIn Twitter Add | Email Print

FlagPost

Flagpost is a blog on current issues of interest to members of the Australian Parliament


Parliamentary Library Logo showing Information Analysis & Advice

Archive

Syndication

Tagcloud

Refugees asylum climate change immigration Australian foreign policy parliament social security welfare policy elections welfare reform school education health financing higher education Australian Defence Force emissions trading indigenous Australians women private health insurance people trafficking illicit drugs gambling health reform federal election 2010 United Nations Employment Asia disability income management Middle East Medicare Australian Bureau of Statistics statistics sport health forced labour federal budget Afghanistan Industrial Relations Carbon Pricing Mechanism politics dental health United States aid child protection environment poker machines Australia in the Asian Century Australian Sports Anti-Doping Agency steroids World Anti-Doping Agency National Disability Insurance Scheme detention aged care 43rd Parliament slavery health system Law Enforcement Australian Federal Police Criminal Law Fair Work Act Australian Public Service governance labour force people smuggling transport debt taxation international relations constitution New Zealand food WADA Australian Crime Commission pharmaceutical benefits scheme pensions public service reform children's health Aviation foreign debt gross debt net debt defence capability parliamentary procedure Senate Senators and Members ALP ASADA Newstart Parenting Payment multiculturalism Youth Allowance sea farers Higher Education Loan Program HECS federal state relations accountability Papua New Guinea youth paid parental leave same sex relationships corruption coal seam gas customs planning federal election 2013 Australian Electoral Commission doping OECD crime health risks International Women's Day Gonski Review of Funding for Schooling sex slavery Special Rapporteur Northern Territory Emergency Response social policy welfare ASIO intelligence community terrorist groups Australian Security Intelligence Organisation carbon tax mining High Court military history electoral reform employer employee renewable energy regional unemployment fishing European Union Federal Court family assistance skilled migration banking United Nations Security Council Australian economy forestry food labelling vocational education and training Drugs UK Parliament welfare systems Indonesia social media children Constitutional reform local government codes of conduct terrorist financing homelessness Parliamentary remuneration money laundering Trafficking in Persons Report energy science social inclusion human rights paternalism Australian Secret Intelligence Service sexual abuse terrorism World Trade Organization Australia public health China housing affordability bulk billing political parties water productivity health policy Governor-General US economy trade unions domestic violence export liquefied natural gas foreign bribery firearms question time speaker superannuation public housing election results by-election expertise public policy climate Intergovernmental Panel on Climate Change leadership voting Department of Agriculture Fisheries and Forestry regulation Pacific Islands reserved seats research and development new psychoactive substances synthetic drugs UNODC carbon markets animal health middle class welfare ADRV Census Indigenous constitutional recognition of local government referendum consumer laws PISA competition policy royal commission US politics violence against women language education baby bonus Leaders of the Opposition citizen engagement policymaking Australia Greens servitude Trafficking Protocol forced marriage Population rural and regional mental health alcohol entitlements ministries Hung Parliament social citizenship maritime Iran transparency ANZUS regional students school chaplains federal budget 2011-12 salary Medicare Locals primary care Building the Education Revolution early childhood education Middle East; national security; terrorism social services Criminal Code Amendment (Misrepresentation of Age to a Minor) Bill 2013 online grooming sexual assault of minors ACT Assembly national security smoking plain packaging tobacco cigarettes Asia; Japan; international relations Work Health and Safety Migration; asylum seekers; regional processing China; United States; international relations fiscal policy Racial Discrimination Act; social policy; human rights; indigenous Australians Foreign policy Southeast Asia Israel Palestine asylum refugees immigration political finance donations foreign aid disability employment Economics efficiency human rights; Racial Discrimination Act employment law bullying asylum seekers Animal law; food copyright Australian Law Reform Commission industry peace keeping contracts workplace policies same-sex marriage disorderly conduct integrity retirement Parliament House standing orders prime ministers election timetable sitting days First speech defence budget submarines workers financial sector Canada Somalia United Kingdom GDP Tasmania world heritage political engagement leave loading Trade; tariffs; safeguards; Anti-dumping public interest disclosure whistleblowing Productivity Commission limitation period universities Ireland cancer gene patents genetic testing suspension of standing and sessional orders live exports infant mortality honorary citizen railways disciplinary tribunals standard of proof World Health Organisation arts international students skilled graduate visas temporary employment visas apologies roads Italy national heritage NHMRC nutrition anti-dumping Rent Assistance obesity evidence law sacrament of confession US presidential election international days DFAT UN General Assembly deregulation Regulation Impact Statements administrative law small business Breaker Morant regional engagement social determinants of health abortion Members suspension workplace health and safety marine reserves hearing TAFE Victoria astronomy resources sector YMCA youth parliament Korea fuel rebate Australian Greens presidential nomination Racial Discrimination Act political parties preselection solar hot water Financial Action Taskforce Horn of Africa peacekeeping piracy Great Barrier Reef Stronger futures political financing political education Social Inclusion Board early childhood National Quality Framework for Early Childhood Education and Care Murray-Darling Basin sanctions Norway hospitals republic President Barack Obama Presidential visits qantas counselling Korean peninsula Work Choices biosecurity hendra environmental law federalism federation preselection therapeutic goods Therapeutic Goods Administration plebiscites computer games pests suicide nuclear COAG Ministerial Councils floods ADHD stimulant medication advertising electricity extradition standards conscience votes poverty preventative health rural health coastal erosion Parliamentary Budget Office NATO work-life balance

Show all
Show less