House debates

Tuesday, 17 March 2015

Bills

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014; Second Reading

7:57 pm

Photo of Graham PerrettGraham Perrett (Moreton, Australian Labor Party) Share this | Hansard source

I rise to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. I am going to begin with a quote from 2012. The speaker talks about proposed data retention legislation, and he makes the point:

Nor has there been an explanation of what costs and benefits have been estimated for this sweeping and intrusive new power, how these were arrived at, what (if any) cost was ascribed to its chilling effect on free speech, and whether any gains in national security or law enforcement asserted as justification for the changes will be monitored and verified should they be enacted.

The speaker makes the point that he has very grave misgivings about the proposed legislation, and he says that the data retention proposal is basically designed to:

… restrain freedom of speech.

That quote is from the Hon. Malcolm Turnbull in his 2012 Alfred Deakin Lecture on 8 October 2012—the same speaker who came into this house on 30 October last year and introduced this bill, the Minister for Communications, the Hon. Malcolm Turnbull. It is interesting to see the contrast between when he was in opposition and the immediate flip when in government. He obviously has a very flexible spine when it comes to taking a stance on something like restraining freedom of speech.

The Hon. Malcolm Turnbull's piece of legislation, which is before the chamber and which he introduced last year, was referred to the Parliamentary Joint Committee on Intelligence and Security for it to report on its provisions. The Labor representatives on the committee for this inquiry were Mark Dreyfus; Jason Clare, the shadow minister for communications; Anthony Byrne; and Senator Stephen Conroy.

The Parliamentary Joint Committee on Intelligence and Security had previously reported on a proposal for mandatory data retention in 2013. That was in the mind of the Minister for Communications when as shadow minister in opposition he made the comments that I have just referred to. That report, handed down by Anthony Byrne, contained many recommendations which , surprisingly , were not included in the original provisions of the bill. This is e ven more surprising given the Minister for Communication 's publicly stated concerns about metadata retentio n when he was in opposition. Normally you would think the minister would work with the Attorney-General to explain this quite significant piece of legislation that has many people concerned in this digitally connected world. Obviously anyone who has seen the video footage of Attorney-General Brandis trying to explain metadata on Sky Television would understand why so many people in my electorate are confused. The Attorney-General has basically been in hiding since that train wreck of an interview about this legislation. Combine the need for this legislation and the pressing need for the Prime Minister to wedge the Labor Party when it comes to national security, which is political manoeuvring not necessarily in the national interest but obviously in the Prime Minister's interests. With 39 backbenchers prepared to support a spill motion against him, he was desperate to have something that would attract a bit more popular support.

The report of the Parliamentary Joint Committee on Intelligence and Security inquiry into this bill made 38 unanimously supported recommendations for changes to the provisions of the b ill —despite the comments from speakers on the other side, these were unanimous recommendations. At the strong insistence of Labor, th e se recommendations have all been incorporated into the b ill in its current form. Especially since Minister Turnbull's comments when in opposition and Attorney-General Brandis's train wreck interview, there is no doubt that the term 'data retention' provokes extreme emotion in many sector s of the community. I have seen the reaction of many of my constituents over this issue. People are very passionate about this topic and t hey have made many very valid and rational arguments. Labor had serious concerns about the bill which was introduced quite hastily last year by Minister T urnbull. Some o f my concerns, which I expressed to a journalist, were reported in The Sydney Morning Herald . They reflected the worries that were put to me by many people in my electorate.

By way of example of Labor improvements, the specification of what data set is to be retained was originally to be added by regulation and not included in the b ill itself , not put before the parliament . The core purpose of this legislation is to retain data. It is crucial that all stakeholders know with certainty what data there is an obligation on telecommunications companies to retain. The PJCIS recommended in its report that the data set be included within the legislation and not by regulation. The c ommittee noted that the data set is central to the operation of the proposed data retention scheme and it is critical that the proposed data set comprise s that which is necessary and proportionate.

Minister Turnbull's b ill has been amended to incorporate the definition of the data set within the legislation —so good work that committee. But j ust who would have access to our data was also a concern raised by Moreton constituents. Simon from Eight Mile Plains said: 'M y main concern is misuse/abuse of the data which will most certainly happen. Any person with a valid criticism against government, police, the judiciary will fear this system. Imagine a stalker with access to the data, possibly a police officer going off the rails, blackmailing a subject into pseudo-consensual activities. Commercial abuse, political abuse. Imagine a foreign government gaining access, a terrorist organisation. Imagine a paedophile getting access. These things are exceptionally likely to happen.'

The PJCIS also had concerns, saying in its report that access to the stored data should be limited to agencies with appropriate functions and which are subject to appropriate safeguards. The c ommitte e recommended that law enforcement agencies that can obtain a stored communications warrant be specifically listed in the Telecommunications (Interception and Access) Act 1979 — ASIO, the Australian Federal Police, the state police forces, the Australian Crime Commission, the Australian Customs and Border Protection Service, the Australian Commission for Law Enforcement Integrity and state based anti-corruption commissionsThe committee noted that only agencies involved in investigating serious contraventions of the law should be designated as 'criminal law enforcement agencies' for the purpose of accessing stored data.White collar crime can of course be a serious contravention of the law. Accordingly, the committee recommended that the Australian Securities and Investment Commission and the Australian Competition and Consumer Commission be listed as criminal enforcement agencies under the legislation.Those recommendations addressing the concerns about access have been implemented in the current form of the bill.

Another major concern shared by the PJCIS and many ordinary citizens is the use to which this data may be put. Lyall from Tarragindi sa id: ' Clearly a large repository of data of this kind would be useful for all sorts of purposes , not just law enforcement , and its existence will be a temptation to criminals and the maintainers of the data alike.' Telecommunications data that is currently kept by companies for business use is being accessed under existing laws for purposes not related to law enforcement or national security. Jacqueline from Annerley said : ' This is about being given the right to decide what information you're happy to share and what informatio n you'd prefer to keep private.'

You d o not have to stretch your imagination fa r to imagine what an Aladdin's c ave or honey pot this data would be for civil litigants. To prevent the greatly increased store of data under this regime from being accessed for the purposes of civil litigation , the c ommittee recommended that the b ill prohibit access to data stored solely for the purposes of the mandatory data retention scheme from being accessed for the purposes of civil litigation. However, the c ommittee did recommend that individuals be able to access their own data that is stored under the mandatory data retention scheme . Both of those recommendations have also been implemented.

Many of my constituents also raised concerns about the security of the data retained. Amazingly , the original b ill was completely silent on the issue of data security. Concerns raised with the c ommittee included that the data would be a honey pot for those with criminal or malicious intent; t h at th e b ill did not prohibit offshore storage , a point I will return to later if I have time; that t he data was not required to be destroyed at the end of the retention period; and that t he vast amounts of data required to be stored would increase the security risk. To address these concerns, the PJCIS recommended that all service providers be required to be compliant with either the Australian Privacy Principles or binding rules developed by the Australian Privacy Commission. It also recommended that the government enact telecommunications sector security reforms prior to the end of the implementation phase for the bill, and the bill before the House now reflects those recommendations.

The telecommunications sector security reform was first addressed in chapter 3 of the PJCIS's 2013 report in the 43rd Parliament, but it was not included in the bill introduced to the House in October last year by Minister Turnbull. Importantly, the PJCIS also recommended that the data retained by the mandatory data retention regime be encrypted. The question, of course, is: to what standard of encryption should the data be protected? It is recommended that a data retention implementation working group develop an appropriate standard of encryption, and that it be incorporated into the regulations. Again, those recommendations have been accepted.

Sadly, as night follows day, a breach of security relating to the data is probably inevitable. When that happens it is crucial that there is a notification scheme in place. Again, it is interesting to note that the committee's 2013 report recommended that any legislation for mandatory data retention include a 'robust, mandatory data breach notification scheme'. However, this recommendation was not included in the bill introduced to the House last year by the Hon. Malcolm Turnbull. The PJCIS has, in its most recent report, recommended the introduction of a mandatory data breach notification scheme by the end of 2015, and that recommendation is now in the final form of this bill.

Comments

No comments