House debates

Wednesday, 18 March 2015

Bills

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014

11:15 am

Photo of Michelle RowlandMichelle Rowland (Greenway, Australian Labor Party, Shadow Assistant Minister for Communications) Share this | Hansard source

I come to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 with a long interest in this issue as both a practitioner and someone concerned with observing the way in which technological change is matched—or in many cases not matched—by regulation. It is true that we have crime, and new forms of crime have evolved. And the interception and access regime that we have in Australia has evolved sometimes in consequence to and sometimes in spite of different occurrences in our society. There used to be a plain differentiation between whether a matter was covered purely by the Commonwealth interception regime or by the listening devices legislation of the various states and territories. Fifteen years ago this was probably one of the most common and complex questions, and it was all concerned with voice—whether or not this particular voice communication was covered by a state or territory regime. And if we even look at the way the interception regime was enacted at a Commonwealth level, it was essentially drafted on measures to deal with SP bookmaking, which, of course, has now gone by the wayside. I think that gives you an illustration by way of background of the way in which this area of the law has evolved.

As someone who also worked in-house advising an operator on very complex issues relating to warrants and the law enforcement and access regime—in particular during a very significant incident several years ago in Sydney, which was a highly anxious time for all operators—I think it is an area in which I have had an enormous interest. And to set the scene also, I think it would be worthwhile quoting from a paper that I co-wrote in July 2008 for the Third Workshop on the Social Implications of National Security. I ended with these words:

Given that the use of warrants is already extensive in Australia, perhaps it is time to review whether the legislative framework and the associated regulatory regime represent the appropriate balance between the needs of law enforcement agencies and citizens. After all, the probable cause test is not so onerous that it could not be applied in Australia and members of the Administrative Appeals Tribunal will likely be just as available to the relevant agencies as they are for the existing warrant regime.

They were my views in 2008, and I have been consistent on a couple of points. The first is in highlighting that this is about balance, about proportionality and, in particular as we implement this regime, about oversight, about scope. I think it is also worth remembering that even when in opposition members of this government were some of the most vociferous opponents of the notions contained in this bill. The current Minister for Communications openly spoke of his grave misgivings on data retention. We had the member for Moncrieff saying:

I think that this proposal is akin, frankly, to tactics that we would have seen utilised by the Gestapo or groups like that.

Now, I do not mention that to in any way take away from the views that have been expressed in the past, and indeed with many of the reservations the sentiment is something I certainly share. But I think, where we are today, the task at hand is to improve on an extremely flawed bill that was presented by that very person, now the Minister for Communications, in October last year. And by no means do I believe that this bill is optimal. I think it has been improved by process. In some respects there have even been some positive and possibly unforeseen consequences arising from its recommendations in areas that will affect privacy, including the recommendations relating to privacy alerts. I want to make it clear that citizens, residents of Greenway—and many of them have contacted me—have been concerned about the way in which this bill may influence their rights. I have received numerous thoughtful direct representations from constituents, a broad cross-section of people—citizens who value their privacy. And the only rule that I think is possible when trying to predict technology and the interplay with regulation is: never underestimate technology.

But I do want to turn to some of the substantive issues. One of the most fundamental when I am talking about the improvements in this bill is that we now have a recommendation and supporting amendments that a dataset actually be defined, to give parameters to what we are talking about here. This was not in the original bill. There was a comprehensive series of recommendations relating to the dataset, including the most fundamental—primary—first item of recommendation here: that the bill be amended to include the proposed dataset in primary legislation. And it goes on, through recommendation 3, for example—how to declare items for inclusion in the dataset. There is even a series of recommendations that the explanatory memoranda be amended to make certain things clear. Now, why is that important? It is important of course for interpretation—extrinsic materials when looking at how these provisions will end up being applied in practice. I think that is probably the most fundamental change from the outset—to be improving on these measures.

The other issue that I think is important to mention—and it gives rise to some other substantive provisions in the recommendations—is the issue of proportionality. The committee that looks at this from a human rights perspective, the parliamentary joint committee of which I am a member, raised these questions in its initial consideration. They were very serious concerns about proportionality, particularly relating to the time for retention. I do not have entire visibility of the deliberations that occurred within the committee. What I do have to go on is the report and the recommendations in chapter 4. Looking, for example, at paragraph 4.39 where it mentions:

ASIO and the Attorney-General’s Department advised the Committee that the proposed two year retention period is the result of ‘extensive’ engagement between the Attorney-General’s Department, and law enforcement and national security agencies.

And I note in particular:

ASIO had advocated for a retention period of up to five years, however the Department concluded that the shorter, two-year retention period would be proportionate to the legitimate ends of safeguarding national security and public safety, and the enforcement of the criminal law.

There was clearly evidence also in paragraph 4.41 from the Australian Federal Police, emphasising that:

…while the majority of criminal investigations relate to relatively recent conduct, complex and serious investigations often require access to telecommunications data from a considerable time ago …

I want to stress again, that in spite of that I recognise that citizens will still have concerns about that two-year period.

I want to go to an issue that I believe will end up having substantive implications in the immediate and long term, and that this issue of costs. PwC commissioned a report estimating capital implementation of between $189 million and $319 million—that is capital expenditure. It is still unclear how smaller operators, especially smaller ISPs, will meet their obligations. I note recommendation 35, having regard to the regulatory burden on smaller providers with an annual turnover of less than $3 million, and a recommendation that the bill be amended to require all service providers to be compliant in respect of retained data with the Australian privacy principles or binding rules developed by the Australian Privacy Commissioner.

I point, in particular, to a letter from the Communications Alliance signed by the CEOs of its member companies, including Telstra, Optus and Vodafone Hutchinson, who have pointed out the need for clarity as to the government's intention to provide a contribution to up-front capital expenses that may fall on the industry following the anticipated passage of this bill. And they note:

… the Government has variously indicated it will make a 'reasonable' or 'substantial' contribution to these costs …

…   …   …

It is evident that the extent to which the Government's contribution falls short of the total cost to industry will determine the quantum of additional costs to be absorbed by carriers or carriage service providers or passed on to Australian telecommunications users.

This is significant for a number of reasons not only because of the potential implications for smaller operators, in many cases small businesses, and the implications for innovation; also, earlier today we had the announcement of another red tape repeal day. On its own website this government claims annual savings of over $2.1 billion in what it calls 'reduced compliance costs for businesses, community organisations, families and individuals'.

The reality is this scheme will cost. Costs, which we often take for granted, are just as important as compliance measures. I will watch this with interest. I am not alone in having concerns about these cost issues. It was interesting to read a recent opinion piece from the IPA, an organisation with whom I do not think I agree on much, noting, 'Communications minister Malcolm Turnbull will preside over the largest increases in the regulatory burden since the telecommunications market was liberalised two decades ago.' I think that is probably right. That is exactly what Mr Turnbull said in his 2012 Alfred Deakin lecture:

Leaving aside the central issue of the right to privacy, there are formidable practical objections. The carriers, including Telstra, have argued that the cost of complying with a new data retention regime would be very considerable with the consequence of higher charges for their customers.

Another extremely vexed area is of course that of the implications for journalists, and the flagged amendment on journalists and their sources. It is pleasing to see that the opposition's intervention in this matter has led to what we hope will be positives result in this area. It is frustrating that it has taken so long, but I will note, for example, the concerns in the community and the sector. The head of the Internet Society of Australia, Laurie Patton, told The Australian on 7 March, before the Prime Minister flagged his backdown on this:

There is no certainty that an effective mechanism to protect journalists and their sources can be retrofitted if the data retention bill is passed in haste.

This will be a significant issue. It will be a significant issue even for some of the most fundamental definitions. In the Evidence Act, for example, and we have definitions of what an informant is and what a journalist is. Journalist means:

… a person who is engaged and active in the publication of news and who may be given information by an informant in the expectation that the information may be published in a news medium.

'Informant' is defined separately. I am happy to stand corrected, but I actually have not seen the amendment in its final form on this issue, but many constituents have raised with me the issue of whether this will be a narrowly defined definition of a journalist. Will it be the same as the definition in the Evidence Act? Considering that so many of us are participants in a scheme where we participate in the new media as commentators, are we all active participants who would end up being covered? Can we define this separately for the purposes of an Act, and thereby have a different definition of journalists for one act or another? This is no trivial matter. I see this morning Chris Merritt writing very succinctly on this issue of the relationship between the metadata bill procedures and the shield law provisions. He encapsulates well the conundrum of benchmarking the tests that are in the shield laws with those already form part of the Evidence Act. He ends by saying:

Unless these requirements form part of the metadata bill, the shield law and the values championed by Brandis in opposition will become irrelevant as authorities turn to the metadata scheme instead.

There are some positive outcomes arising from the recommendations. For example, the original bill did not provide for individuals to access their own data. There was no provision for the encryption of data, even though this had been recommended in 2013, and the privacy alerts mechanism is certainly welcome.

I end by quoting one of the people who gave evidence to the committee:

The threshold proportionality issue—of whether retention of data that enables pervasive surveillance of all Australians is a reasonable and proportionate response to the threats of terrorism and serious crime—remains itself largely untested and therefore controversial …

It certainly is, but this parliament will have a very important role. After this debate is finished, it is not a matter of us walking away. Parliament will have a crucial role in the operation and oversight of the provisions of this bill, which will be enacted. We will have responsibilities that I believe our citizens expect us to take very seriously.

Comments

No comments