House debates

Tuesday, 17 March 2015

Bills

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014; Second Reading

8:40 pm

Photo of Tim WattsTim Watts (Gellibrand, Australian Labor Party) Share this | Hansard source

I am pleased to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. As someone who has previously in the Australian ICT sector, I have some experience with the issues in contention in this bill. I have also received a significant amount of correspondence on this bill from constituents and members of the Australian technology sector.

Given this, I should say from the outset that there are legitimate and serious issues that have been raised by both proponents and opponents of this bill. That being said, the overstatements and generalisations from some advocates on both sides of this issue have not helped the consideration of the issues in contention in this bill. If you believed everything that you read in the papers about data retention over the past few months you would be very confused indeed, as these overstatements on both sides have raised a series of contradictory propositions in the public sphere. On one hand, the Prime Minister has said that the bill will change very little and that:

… we want telecommunications companies to keep their data. We don't want to collect new data, but to ensure the limited data already collected can be accessed by authorities.

On the other hand we have had Senator Ludlam from the Greens in the other place describe the bill as a 'fascist, Orwellian mass surveillance scheme'. So what is really going on here?

At present, Australian telecommunications companies collect a range of data about their customers' communications; some of it collected deliberately for business purposes, like billing or network monitoring and maintenance, and some of it collected incidentally because of the way their systems are set up. Different telcos collect different types of data and amounts of data and retain it for different periods of time. A wide range of law enforcement agencies have made extensive use of this data for many years. In fact, there were 312,929 authorisations allowing law enforcement agencies to access this metadata in 2012-13 alone. The majority of the requests for access to telecommunications data are made by state and federal police for general law enforcement purposes. But there are a weird and non-so-wonderful range of other entities who currently undertake enforcement actions who have also been accessing and using this data, including local councils, the RSPCA, Centrelink and the Victorian Taxi Directorate to name but a few examples.

In this context, the bill before the House today is largely the result of concerns from law enforcement and security agencies that the current ad hoc arrangements for the collection and retention of this data by Australian telcos about the communications of their customers may mean that less data is collected by these telcos in the future. The fear is that technology changes or just changing business practices would reduce the effectiveness of an investigatory tool that is now fundamental to law enforcement and national security. Law enforcement and national security agencies have essentially sought a mandatory standard for what data is collected by telcos and how long it is to be retained for.

So it is not correct to say that these proposals would not result in more information being collected; plainly, standardisation means that telcos who are collecting less than this standard or retaining it for a shorter period of time will need to start collecting more or retaining it for longer. The bill provides for this. But neither is this an utterly new and unprecedented mass surveillance scheme. The proposition before us is not whether metadata should be collected by telcos or not. Rather, the proposition is whether we want to see metadata used in an ad hoc and largely unregulated environment, as it currently is, or within a standardised environment with safeguards and oversights.

As I indicated earlier, this proposition does raise important and serious issues. The Labor party is committed to ensuring our law enforcement and national security agencies are given the tools they need to keep us safe. At the same time, Labor will never sacrifice the rights and freedoms that define us and our democratic society. What is needed is a sober and balanced consideration of these two legitimate public policy aims. Despite the claims of some proponents of these measures, it should also be recognised that the majority of metadata is currently accessed for criminal investigations and law enforcement, not national security.

I have heard some argue in this context that this somehow undermines the utility of these provisions and that the fact that metadata has not been used to investigate or could not have been used to prevent all recent terrorist incidents means that there is no point to the bill. Similarly, I have heard some argue that the existence of a range of technologies that allow communications to occur without metadata being collected—technologies ranging from Skype to VPNs to Tor and the onion-router—would result in the bill only catching the dumb and, as a result, is futile. To this we must say that the fact that a proposal does not do everything does not mean that it does not do some things of value.

Clearly, the number of requests for metadata from law enforcement and security agencies is a testament to the metadata's current utility for these purposes. Similarly, the fact that this bill would only provide for the collection of data about the communications of the dumb is no reason to think the proposals are not valuable. The vast majority of criminals are dumb. This is no coincidence. Metadata has been used by our law enforcement bodies to catch dumb murderers and serial rapists in a range of recent high-profile cases. The fact that they are dumb does not mean they are not dangerous and there is not value in facilitating their identification. I'm personally convinced of the value of these measures for law enforcement and national security. However, this is not the end of the argument.

As I said earlier, we are not interested in simply giving law enforcement and security agencies more power without ensuring that Australians' liberties are also protected. I am disappointed to say that this balance was not right in the original bill introduced into this place by the Minister for Communications. This is especially disappointing given the primacy that the consideration of these liberties was given in the minister's 2012 Alfred Deakin lecture—a speech that does not seem to have been retained on the minister's website. In this speech the minister railed against the proposals for data retention canvased by my predecessor in this place as the member for Gellibrand with the Parliamentary Joint Committee on Intelligence and Security. The Minister for Communications at that time expressed his quite 'grave misgivings' about data retention and indicated that these measures were 'heading in precisely the wrong direction' and was 'a profound weakening of online liberty in Australia'.

If these are the Minister's views, you might have thought that he would think it important to ensure metadata retention provisions were clearly and narrowly described and that appropriate safeguards were in place. Sadly, these provisions were absent from the bill that the minister introduced to this parliament last year and sought to have rammed through the parliament in mere days. It has been for Labor, through the PJCIS, to strengthen the regulatory framework around data retention, building in transparency safeguards and oversight.

While Labor has offered bipartisan support for the government's efforts to keep Australians safe, no-one should be under any illusions about the diligence and robustness that Labor members have employed through the PJCIS to ensure that a proper balance was struck in this bill. The bill has been carefully scrutinised by the Parliamentary Joint Committee on Intelligence and Security in the advisory report released two weeks ago. The 38 recommendations made by the PJCIS are a welcome and necessary addition to this bill.

In the more than a decade that I have closely followed these committee processes in one role or another, I cannot think of a bill that has been improved more by a committee process than the one before us today. The final product is a bill that, while certainly not perfect and certainly not developed in a way that Labor would have chosen had it been in government, addresses both the security priorities of Australia's law enforcement and intelligence agencies while also substantively increasing the safeguards and oversight of the use of metadata currently in place. We should be very clear: this bill provides better protections of liberties of Australians in the collection and accessing of metadata than the status quo.

Let's look at how the committee's recommendations have improved this bill. In its original form, the bill left the definition of metadata to regulation and at risk of scope creep in future. Labor argued that this definition needed to be fixed in primary legislation to provide the public with certainty about what would be collected and to prevent its expansion without returning to parliament. The data to be retained will identify who a communication was made by and to and when and where it took place. The scheme will not require the content of that communication to be retained. This means that information about a phone call will be recorded but not what was said. Similarly, email interaction between people will be recorded but not the content of that email. People's browsing history will also not be recorded; only the IP addresses allocated by service providers.

In a similar way, Labor demanded that only agencies specifically listed in the bill should be able to access this data. Our view was that getting the balance right required that access to this metadata be limited to agencies dealing with national security and serious law enforcement. As such, the bill now limits access to ASIO, the Australian Federal Police, state police forces, the Australian Crime Commission, Australian Customs and Border Protection Service, the Australian Commission for Law Enforcement Integrity and state-based anti-corruption commissions—a marked improvement on the more than 80 agencies who currently have access to this kind of metadata. Labor also insisted on safeguards to limit the use of metadata retained under this bill to serious security or law enforcement investigations. As a result, the bill now prevents retained data being used in ordinary civil litigation. So the conspiracy theory that this was all about copyright enforcement hits the fence.

Labor also recognised that requiring the centralised retention of metadata significantly increases the security threat to this data relative to the status quo where this data is often retained across a range of locations. I must say that, in this respect, I found the blase attitudes of some members of the PJCIS to this increased security risk, as expressed in their questioning during committee's hearings, somewhat baffling. Given this, the committee has recommended that service providers be required to encrypt retained metadata. This would mean that, even if a telco experienced a data breach, it would be harder for those accessing it to read the recorded data. These safeguards on the storage of this metadata are further supplemented by the committee's recommendation to implement mandatory data breach notifications, forcing providers to inform customers if their data has been accessed without authorisation. This is a welcome improvement in Australia's overall data security arrangements and, as pointed out by the member for Melbourne Ports, will have general benefits for all Australians.

The government's original bill provided for the oversight of this regime by the Commonwealth Ombudsman—in itself a gain over the status quo—but the government failed to recognise how under resourced and over stretched the Ombudsman currently is. In this context, Labor insisted on increased funding for the Ombudsman to ensure this oversight occurs in substance and not just form. Further, Labor pushed for additional oversight mechanisms and, as a result, as recommended in the past by Senator Faulkner, the PJCIS will not have oversight of operational matters relating to access to metadata—a new and important oversight gain.

Finally, the PJCIS insisted on scheduled reviews of metadata retention policy, including its implementation and ongoing use. To enable these reviews, agencies will be required to keep records on their use of people's metadata to allow the PJCIS to assess the effectiveness and scope of the use of metadata.

The cost to internet service providers has also been carefully considered by the committee. Originally the government planned to force providers to finance their own data retention schemes entirely. The recommendation that the government make a substantial contribution to ensure service providers are able to implement their data retention requirements is welcome news. This will include extra support for small providers and account for differentiated impact across the industry.

The recommendations in the advisory report by the PJCIS have vastly improved this bill, and I wish to publicly acknowledge the members that I have worked with in this process—the member for Isaacs, the member for Blaxland, the member for Holt and Senator Conroy in the other place—for their efforts.

However, there are still other areas of contestation in this bill. Despite the PJCIS consideration of issues of journalistic freedom, there is a fear that there are not enough safeguards for journalists in the bill. I am pleased that the Prime Minister has chosen to listen to the Leader of the Opposition, the community and media stakeholders and include stronger safeguards around journalist and press freedom. Freedom of the press underpins our democratic system, and a strong fourth estate is essential both to keep citizens informed as well as to hold politicians and government to account. To ensure the press are able to conduct their work free of this threat of censorship and oversight, we need to implement strong barriers against the arbitrary investigation of journalists and their sources. It is not enough to trust any government of the day to respect press freedom; we need to articulate limits in law. The amendment requiring agencies to obtain a warrant to access journalists' metadata is the minimum level of protection journalists should have.

Debate on this bill has been robust in this parliament, in the PJCIS and in the broader community, but I am pleased with where the bill has finished up. The concerns of security and law enforcement agencies about the durability of one of their central investigatory tools have been addressed, while at the same time we have dramatically increased both the safeguards and oversight of the collection and accessing of metadata beyond what is currently the case. We have also seen a very good working example of the benefits that an active committee process can have in the development of legislation before the House. I support the government in accepting the recommendations of the PJCIS in full and I commend the bill to the House.

Comments

No comments