Nigel Brew, Foreign Affairs, Defence and Security
In mid-2012, the Federal Government announced a proposal to routinely retain data associated with every Australian’s use of Internet and telephone services. The Government has since become implicated in global monitoring programs and had its data retention proposals stymied.
In May 2012, the federal Labor Government announced a review of national security legislation. This was followed in July 2012 by a Discussion Paper on the issue. Perhaps the most controversial of the proposed reforms was the introduction of mandatory ‘data retention’, under which carriage service providers (CSPs) would be required to routinely retain for up to two years, communications data associated with the use of the Internet and both fixed and mobile phone services.
Communications data is information about an electronic communication, and does not include its actual content. Described by the Australian Federal Police (AFP) as ‘one of the most efficient and cost effective investigative tools available to law enforcement’, communications data can provide, for example, ‘a snapshot of events immediately before and after a crime’ and evidence of ‘connections and relationships within larger associations over time’.
After revelations broke in May 2013 of secret monitoring by the US and UK Governments of their citizens’ private communications following the public disclosure of classified documents by (US) National Security Agency (NSA) contractor, Edward Snowden, suspicion fell on the Australian Government over its potential involvement and use of the intercepted material.
Media reports outlined how the NSA and the UK’s equivalent, the Government Communications Headquarters (GCHQ), routinely harvest, store and analyse communications data and content from international fibre-optic cables, often by co-opting CSPs. According to one report, by May 2012, ‘300 GCHQ analysts and 250 NSA analysts had direct access to search this data at will’. Despite public assurances that people’s privacy was protected, this was evidently not always the case. As one report suggests, the NSA clearly suffers from ‘gaps in governance and oversight’, with leaked documents revealing that some staff had ‘looked up the details of people they were obsessed or infatuated with’.
The interception of international communications by US and UK national security agencies quickly became conflated in the public’s mind with the Australian Government’s data retention proposals, due in part, to some of the commentary on the issues. Reports emerged in the Australian media ‘revealing’ that the AFP was accessing phone and Internet records without a warrant, as if it was a new power, when in fact warrantless access by police to communications data has been in place for over 15 years and reported in detail annually since 2008. The Australian Greens also linked the NSA revelations with data retention in a number of press releases, giving the impression that data retention is just “the thin end of the wedge”.
Although, since 1956, Australia has been a party to the UKUSA Agreement that enables the sharing of ‘signals intelligence’ between Australia, the UK, the US, Canada and New Zealand, this is distinct from police access to communications data and content for domestic law enforcement purposes. The routine secret monitoring of telecommunications by the US and UK Governments has only served to confuse this distinction in Australia.
The AFP has denied any links between US Government monitoring programs and the data retention proposal in Australia, and has also denied receiving any information from global surveillance programs. The AFP has stated that its requests for interception and access to telecommunications data relate only to the investigation of criminal offences, and that data retention ‘is not about spying or proactively looking at things’.
Agencies are currently able to request historical communications data from a CSP without a warrant by authorisation under the Telecommunications (Interception and Access) Act 1979, in cases where the information is considered reasonably necessary for the enforcement of the criminal law or a law imposing a pecuniary penalty, or the protection of public revenue. Disclosures of prospective data (that which comes into existence after an authorisation is received and during the period it remains in force) can only be made in cases where it is considered reasonably necessary for the investigation of an offence that is punishable by imprisonment for at least three years. Data can also be released under authorisation by CSPs to the Australian Security Intelligence Organisation.
Each individual request to a CSP must be approved by a designated senior official of the relevant agency and the total annual number of requests is reported publicly. In contrast, to access the content of a communication, police must obtain a warrant.
As CSPs are not required to store communications data longer than they need to for their own business purposes, and given the increasing volume of data they handle, the information upon which police have relied in the past is increasingly not being stored for long enough, if at all. Mandatory data retention would require CSPs to store communications data for a defined period of time.
The collection of signals intelligence in Australia is conducted by the Australian Signals Directorate (ASD; a defence agency), and although it is prohibited under legislation from performing the functions of a law enforcement agency, it may assist or cooperate with such agencies in limited circumstances. The ASD is also subject to Rules to Protect the Privacy of Australians.
According to media reports, the Snowden documents have so far revealed that the ASD receives information derived from the NSA’s monitoring programs, is intercepting international undersea fibre optic telecommunications cables, and has access to technology developed by US and UK intelligence agencies to crack encryption used worldwide to protect the security of emails, phone calls and online business and banking systems.
The data retention proposal attracted strong criticism on privacy and civil liberties grounds, and for lacking detail. The Government was accused of deliberately trying to restrict public scrutiny of the proposal while not actually making a sufficient case for its introduction. The then Shadow Minister for Communications and Broadband, Malcolm Turnbull, proclaimed his ‘very grave misgivings’ about the proposal, calling it ‘the latest effort by the Gillard Government to restrain freedom of speech’, and adding that ‘it seems to be heading in precisely the wrong direction’. The Australian Greens responded to the proposal with a Bill to ‘strengthen the regulation of data collection on Australians’ by requiring agencies to obtain a warrant.
In June 2013, the Parliamentary Joint Committee on Intelligence and Security (PJCIS) tabled the report of its year-long inquiry into the proposed reforms. Noting that its task had been made more difficult in the absence of any draft legislation, the Committee reserved its judgement on data retention, concluding that it was for the Government to decide whether or not to introduce it. However, the Committee did recommend that any draft legislation should, amongst other things, expressly exclude content and Internet browsing records; limit the retention period to two years; provide for oversight by the Inspector-General of Intelligence and Security; and ensure that costs incurred by providers are reimbursed by the Government.
In response, the Labor Government shelved its proposals. Just before the federal election, the then Shadow Attorney-General, George Brandis (who, as a member of the PJCIS, raised concerns about the data retention proposal), was reported to have said that the Shadow Cabinet had not yet made a policy decision on data retention.
N Brew, Telecommunications data retention—an overview, Background note, Parliamentary Library, Canberra, 24 October 2012.
For copyright reasons some linked items are only available to members of Parliament.
© Commonwealth of Australia