House debates

Tuesday, 17 March 2015

Bills

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014; Second Reading

6:43 pm

Photo of Mark DreyfusMark Dreyfus (Isaacs, Australian Labor Party, Shadow Attorney General) Share this | | Hansard source

The federal opposition is determined to ensure that our national security and law enforcement agencies have the powers that are necessary to keep Australians safe. As well as defending our nation's security, Labor also strongly believes in the importance of upholding the rights and freedoms that define us as a democratic nation, living under the rule of law. It is essential that in passing laws designed to protect the Australian community we do not compromise the very freedoms our nation proudly seeks to defend. Keeping Australians safe is an objective that Labor shares with other Australian political parties, which means approaching questions of national security in a bipartisan spirit. But bipartisanship does not mean that Labor will simply agree with every measure the government proposes. Rather, bipartisanship means that Labor will engage constructively on the proposals put forward by the government with a view to testing and, where possible, improving those measures.

It was in this spirit of constructive bipartisanship that, last year, we in Labor worked hard to improve the three national security bills that the Abbott government introduced. While Labor ultimately supported the National Security Legislation Amendment Bill (No. 1) 2014, the Counter-Terrorism Legislation Amendment (Foreign Fighters) Bill 2014 and the Counter-Terrorism Legislation Amendment Bill (No. 1) 2014, to meet what the government stated were pressing national security concerns, Labor also insisted that these bills be referred for scrutiny to the Parliamentary Joint Committee on Intelligence and Security. In the intelligence committee, Labor members argued for and obtained a number of significant improvements to these laws.

However, the bill that is now being debated, the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, differs in several important respects from the national security laws that were supported by Labor last year. To begin with, this bill is not primarily concerned with national security. I sat on the intelligence committee for the purposes of the inquiry into this bill, and evidence presented to that committee made clear that telecommunications data is used in law enforcement of all kinds and that counterespionage and counterterrorism makes up only a very small proportion of this data use in Australia. The majority of requests for access to telecommunications data are made by state and federal police for general law enforcement purposes. This means that the data retention regime set out in this bill is not specifically directed towards current national security concerns such as threats arising from Australians being radicalised by overseas terrorist organisations such as Daesh; rather, the proposed scheme provides for the retention of certain telecommunications data generated by all Australians who use the internet or a mobile phone.

It is also important to understand the context of this bill. As the committee heard in evidence, the retention of very large volumes of telecommunications data has been occurring in a largely unregulated manner by private companies in Australia for many years. This data has been accessed under the current legislation, the Telecommunications (Interception and Access) Act 1979, by a large number of agencies hundreds of thousands of times a year. The concern expressed to the committee by law enforcement and security agencies is that, while access to this data is often vital to their operations, technological change and changing business practices of telecommunications providers mean that less data will be retained by some companies in future. Given this context, Labor has approached this bill as an opportunity to regulate and improve the efficacy of data retention for law enforcement and counterterrorism purposes, while at the same time introducing safeguards that will greatly improve the transparency and accountability of both telecommunications data retention and access to that data.

Labor recognises that crime and threats to our national security are always evolving as global, regional and domestic circumstances change and as technologies rapidly advance. It is essential that our police and security agencies are also able to adapt their investigative capacities to keep pace with the changing threats that we face and, particularly, to the rapid changes in technology. Labor recognises that our laws must evolve to ensure that our law enforcement and national security agencies have the powers they need to keep Australians safe.

However, the fact that our enforcement and security laws must be regularly reviewed does not mean that these laws must constantly be expanded. It is my view that extraordinary powers introduced to meet an extraordinary threat should be periodically reviewed and repealed if it is clear that those powers are no longer needed. There is no doubt that Australians could always be made safer by stricter security and stricter laws, but Australia is a democracy and we value our freedoms as well as our security. It is Labor's view that finding the right balance between our security and our rights and freedoms is a critical ongoing task that all parliamentarians must engage in. Because new threats to our national security may suddenly arise or diminish as a consequence of events unfolding overseas, it is particularly important that our national security laws and capabilities are, to some extent at least, never taken for granted as a set-and-forget proposition.

It was in recognition of the need for ongoing review of our national security laws that Labor established the Office of the Independent National Security Legislation Monitor, and it was in recognition of the ongoing nature of this function that Labor fought hard for the retention of the monitor, even as the Abbott government announced last year that the office would be abolished, in the misguided belief that its purpose was somehow complete. I am pleased that the government backed down on its proposal to abolish the monitor.

To return to the data retention bill, Labor acknowledges that, while the proposed data retention scheme is a reform that will undoubtedly be useful to our police and security agencies, the scheme will also have significant implications for the rights and the privacy of all Australians. That is why Labor has been clear since the bill was introduced by the Minister for Communications last year that, if the government is to create a data retention regime, it needs to ensure that that regime is counterbalanced by appropriately strengthened safeguards and oversight mechanisms.

In examining the government's proposed scheme, Labor was well aware of the legitimate concerns expressed by many Australians that the scheme could unjustifiably compromise their privacy. In this regard, I want to emphasise that the data to be retained under the scheme is essentially information about communications. In particular, information is to be retained that identifies who a communication was made by and to, and when and where that communication was made. The scheme does not mandate the retention of the content of those communications. For example, under the scheme data will be retained that records the phone numbers of people talking to each other and the duration of the call but not what was said. In relation to email, information about email addresses and timing will be retained but not the subject line or content of those emails. To clear up any uncertainty that may have arisen following confused statements from the government late last year, while the scheme will record IP addresses allocated by internet service providers to devices because of the importance of that information to police in investigations of serious crime, the scheme will not require the retention of data that would reveal a person's web-browsing history.

Concerned about a number of aspects of the proposed data retention regime, which the government chose not to introduce with an exposure draft of legislation, Labor pressed the Prime Minister to allow time for proper consideration of the government's bill by the Parliamentary Joint Committee on Intelligence and Security. Labor was insistent that this inquiry include adequate time for the public, legal bodies and key stakeholders to make submissions, and for public hearings to be held.

In scrutinising the data retention bill, Labor members of the intelligence committee worked to improve the efficacy of the proposed regime, while at the same time introducing significant improvements to the data security oversight and accountability mechanisms under which the proposed regime would operate. I believe that these improved safeguards are essential to protecting the privacy of Australians and to giving the Australian community confidence that their personal data will not be compromised or misused. These measures will help to maintain and strengthen public confidence in our law enforcement and security agencies—a confidence that underpins the effectiveness of these agencies by ensuring a close working relationship with the community they protect.

The intelligence committee's report on the data retention bill, released on 27 February this year, vindicates Labor's view that this bill required careful consideration. The intelligence committee unanimously concluded that very substantial changes to the bill were required and made 38 recommendations for improvements to the bill. A number of general and specific concerns regarding the bill were raised with the intelligence committee through the hundreds of submissions received and at the public hearings of the committee. Labor carefully considered these concerns and worked through the committee to develop recommendations to respond to them. Labor members secured recommendations for a number of significant improvements to the way in which the proposed data retention scheme will operate, with a particular emphasis on improved oversight and accountability measures. I am pleased that the Abbott government has acknowledged the many shortcomings of the bill introduced by the Minister for Communications last year and has now accepted all of the intelligence committee's recommendations.

There were several key improvements to the bill that were supported by Labor and that were the subject of bipartisan recommendations of the intelligence committee. All of these recommendations to improve the bill have been accepted by the government. Labor argued for the data retention bill to be amended so that the dataset, which defines what data is to be retained under the new regime, is set out in the legislation. This is a substantial change from the Abbott government's proposal, which was for the dataset to be defined in regulations only and that therefore could be altered by the government without parliamentary scrutiny. In driving this change, Labor has made sure that the parliament and the Australian people are able to properly consider the scheme being proposed, and that any attempt by the government to change the scope of the scheme is made in a transparent and accountable manner. This means that no government will be able to expand the scheme without returning to the parliament. This change will also ensure that business has greater certainty and that Australians will know which parts of their private information are being retained. To provide for situations where changes to the dataset may be urgent, the bill will also be amended to give the Attorney-General the power to add items to the dataset by declaration. However, a declaration will cease to have effect within 40 sitting days, which means that permanent change to the dataset is controlled by parliament.

Retained data is presently available to any agency which enforces criminal or, in some cases, civil law. It means that, at present, many dozens of organisations are able to access retained telecommunications data, including local councils. The bill as introduced by the government would have limited access to a much smaller number of essentially law enforcement and national security agencies—ASIO, the Australian Federal Police, state and territory police forces, the Australian Crime Commission, Australian Customs and Border Protection Service, the Australian Commission for Law Enforcement Integrity and state based anticorruption commissions. While reducing the number of agencies with access to telecommunications data is a positive step, the government's decision to exclude the Australian Competition and Consumer Commission and the Australian Securities and Investments Commission from the list of authorised agencies would have significantly reduced the capacity for those agencies to fight white-collar criminals. Labor argued for these agencies to be authorised to access telecommunications data, and the government has accepted this change.

The bill as introduced also gave the Attorney-General a very broad discretion to add further agencies to the list by regulation. Labor was concerned to ensure that new agencies only be added to the list through a transparent parliamentary process, and a recommendation to that effect was made by the intelligence committee. To provide for emergency situations, the intelligence committee also recommended that the bill be amended to give the Attorney-General the power to add agencies by declaration. However, as with changes to the dataset by declaration, the declaration to add agencies will cease to have effect within 40 sitting days, which means that any permanent change to the list must be made by legislation and referred to the intelligence committee for its consideration.

The bill as introduced by the government would have allowed access in ordinary civil proceedings to private information retained under the regime for the purpose of national security and criminal law enforcement. This could have led to serious intrusions into the privacy of individuals by civil litigants for purposes entirely unrelated to the reasons for which the data retention regime is being established. To respond to this problem, Labor argued for and the intelligence committee recommended amendments to ensure that retained telecommunications data cannot be used for civil litigation purposes, including enforcement of copyright claims. Exceptions to this prohibition will be able to be made by regulation. The government has proposed amendments to give effect to this recommendation.

The bill as introduced by the government did not expressly provide for individuals to seek access to their own retained data. Once again Labor argued for the bill to be amended to make it clear that individuals have a right to access their retained data. This right upholds an important principle of privacy law by ensuring that Australians are always able to access their personal data that is kept by companies. Indeed, just as the authorities should be able to access data needed for prosecutions and national security, individuals should be able to access data for any personal purpose. The intelligence committee recommended amending the bill to give effect to this right, and the government has agreed to introduce this amendment.

In its 2013 report to the parliament, the intelligence committee recommended that a system of mandatory data breach notifications accompany any data retention scheme. Labor agrees that Australians have a right to know when the security of their data has been compromised. Unfortunately, the data retention bill as introduced did not follow this recommendation and did not include such a scheme. Labor argued that a scheme imposing mandatory data breach notification—sometimes called privacy alerts—gives individuals peace of mind about the security of their data and, when there is a breach, allows them to protect against identity theft and take appropriate action such as changing passwords.

Labor has consistently supported mandatory data breach notification, but the government has until now refused to pass Labor's Privacy Amendment (Privacy Alerts) Bill 2014. Accepting Labor's arguments the intelligence committee recommended that a mandatory data breach notification scheme be legislated by the end of 2015. The government has accepted this recommendation.

The bill introduced by the government did not provide for mandatory encryption of retained data. This was recommended by the intelligence committee in its 2013 report and Labor was very concerned about this omission. Labor believes that encryption will help ensure that Australians' data is kept secure and private under the scheme and the intelligence committee accepted these arguments, recommending that the bill be amended to require encryption. The government has also accepted this important recommendation.

Under the current legislation through which telecommunications data is accessed, the Telecommunications (Interception and Access) Act 1979, an agency need only have regard to whether interference with privacy is justified in the light of the likely usefulness of data and the purpose for which it is sought. Labor believes that the rights of Australians to privacy should also be respected and that the powers conferred on agencies by the proposed data retention scheme should not be exercised other than for purposes related to national security and serious law enforcement.

Labor argued for and the intelligence committee has recommended amending the bill so that in order to authorise access an agency must be satisfied on reasonable grounds that any interference with the privacy of any person or persons that may result from the disclosure or use is justifiable and proportionate. The intelligence committee recommended that in making this determination the agency is to have regard to, firstly, the gravity of the conduct being investigated, including whether the investigation relates to a serious criminal offence, the enforcement of a serious pecuniary penalty, the protection of the public revenue at a sufficiently serious level or the location of missing persons. Secondly, the reason why the disclosure is proposed to be authorised and, thirdly, the likely relevance and usefulness of the information or documents to the investigation.

The government has proposed amendments to give effect to these significant restraints on the use of retained data. Labor also argued for oversight of the scheme by two independent Commonwealth agencies: the Inspector-General of Intelligence and Security; and the Commonwealth Ombudsman. Labor argued for the Ombudsman to be properly resourced to carry out his increased oversight role. Recommendations to give effect to these improved safeguards were recommended by the intelligence committee and have now been accepted by the government.

Labor further argued that the bill should provide for the intelligence committee to itself have operational oversight of security agencies under the data retention scheme. This is also the subject of a recommendation the government has accepted. This is a significant reform and a first step towards the implementation of a broader scheme of improved transparency and accountability measures proposed by recently retired Senator Faulkner. I will say more about Senator Faulkner's proposed measures shortly.

The data retention regime proposed by the bill will also impose significant regulatory burdens on over 600 telecommunications companies in Australia, at considerable cost to Australian taxpayers and consumers. The capital costs alone are estimated to be in the vicinity of $300 million but the government has been inconsistent in its statements regarding who will bear the brunt of these very substantial costs.

Labor will continue to press the government for clarity on this issue and will oppose any attempt by the government to pass the substantial costs of the scheme on to telecommunications providers and their customers, as to do so would effectively impose a new internet tax on Australian consumers.

Labor also sought and the government has now agreed to a change to the bill to require the intelligence committee to conduct a review of the entire scheme two years after the implementation phase, a year earlier than the bill had proposed. This review will provide an important opportunity to consider matters including: the effectiveness of the scheme; the appropriateness of the dataset and retention period; costs; any potential improvements to oversight; regulations and determinations made; the number of complaints about the scheme to relevant bodies; and any other appropriate matters.

Importantly, this statutory review will be informed by statistical details collected by the agencies over two years of the operation of the scheme.

There are three other particular matters that I want to note. One very significant matter on which the government would not give way was the manner and extent to which journalists and, by extension, freedom of the press should be protected from the potentially adverse effects of the proposed data retention regime. It is a matter of regret to me that I and my Labor colleagues on the committee were unable to convince the government members of the need to address this by recommending the creation of a warrant regime to protect journalists and their sources.

While Labor members of the committee were willing to reach a compromise on some matters in the bill to achieve an acceptable, if not ideal, outcome, we in Labor believe that a free press is a cornerstone of all healthy democracies, including ours here in Australia. While freedom of the press is not an absolute right and is necessarily curtailed to some extent to uphold other rights, every effort should be made to ensure that freedom of the press is maintained and defended.

It is Labor's view that a warrant should be required for access to the telecommunications data of journalists. No compelling evidence was presented to the committee as to why a warrant should not be sought for access to the telecommunications data of journalists. Some witnesses argued that because journalists have only rarely been the subject of data access requests, such a measure is not needed to protect freedom of the press. However, Labor believes that the chilling effect on freedom of the press that could arise from the very existence of data retention laws is very difficult to measure.

In addition, Labor's view is that because requests for access to the telecommunications of journalists are rare, requiring police and security agencies to obtain warrants for access to journalists' data would not impose a significant administrative burden. Conversely, requiring a warrant in these circumstances would significantly strengthen freedom of the press by making clear that judicial oversight is mandatory where journalists are the subject of a telecommunications data access request.

Unable to reach agreement on this matter, the committee recommended that an additional and comprehensive inquiry be held into appropriate measures for the protection of journalists and their sources under the data retention regime. The additional inquiry by the committee is to enable the important issues relating to press freedom to be thoroughly canvassed in a transparent manner, with the committee to report within three months, well before the scheme would come into effect late in 2016.

The committee recommended that, in undertaking this inquiry, the committee consult with media representatives, law enforcement and security agencies and the Independent National Security Legislation Monitor, while also considering international best practice, including data retention regulation in the United Kingdom. The first hearing of this additional inquiry is scheduled to be held this Friday, 20 March. The Leader of the Opposition has written to the Prime Minister, again pressing the need for the proposed bill to include a warrant regime to protect freedom of the press. Yesterday, the Prime Minister indicated that he had changed his mind and would now support amendments to create such a regime. I certainly welcome the Prime Minister's change of heart and look forward to the government's proposed amendments to give effect to a warrant regime for journalists.

An important concern raised in evidence before the Intelligence and Security Committee was how to maintain the security of retained data. It was suggested by some that this data would be a honey pot for hackers and, potentially, for unfriendly governments. Labor agrees that all practical steps must be taken to ensure that this data is never compromised. As I have noted, Labor argued for the bill to be amended to impose stringent standards for data security. These arguments were accepted by the committee, which recommended a requirement for stored data to be encrypted. Labor members also pressed for a recommendation that legislation imposing a mandatory data breach notification scheme be introduced so that anyone who has had their data compromised is informed of this breach and can take appropriate measures to respond.

However, one outstanding matter relating to data security relates to whether an obligation will be imposed on companies to store telecommunications data within Australia. Former Director-General of ASIO, David Irvine, said at a recent Defence and National Security round table that he would be concerned about the security of retained data if it were stored overseas because it would be:

… governed by someone else's sovereign legislative system.

This matter is currently being examined as part of the telecommunications sector security reform, a process commenced by Labor while in government and which the Abbott government has stated will be completed well before the end of the data retention scheme implementation period. When completed, any TSSR legislation will come before the Intelligence and Security Committee. Consistent with the comments of the former head of ASIO, during the review of any TSSR legislation, Labor will insist on a requirement that retained telecommunications data be stored onshore.

Finally, I come to the Faulkner reforms. Senator John Faulkner, who retired from the parliament in February this year, was a fierce advocate for improved governmental transparency and accountability in our nation. He argued that in recent years Australia has benefited from professional and well-run intelligence and security agencies that have respected the parliament, the government of the day and our laws. But Senator Faulkner also argued that effective safeguards against the abuse of security powers cannot depend on the personal integrity and quality of the leaders of our agencies. Rather, it is the responsibility of the federal parliament to prescribe safeguards that keep pace with the expansion of security powers. I agree entirely. While I personally have great respect for the law enforcement and national security officers who are currently serving our nation, it is the laws of the nation that must safeguard our rights and freedoms, and it is these laws that we are now debating.

Members of the federal Labor Party recognise that, in Australia, as in many other similar democracies, the powers of intelligence and security agencies have been strengthened significantly in recent years as a consequence of the increasingly complex and unpredictable security environment. Labor agrees that the maintenance of public safety in the current security environment requires enhanced powers for the agencies charged with this critical responsibility. However, with legislative changes extending those powers, the requirement for reliable, effective external oversight and other safeguards becomes critical to maintaining an essential level of trust in the community about agency operations. It was Senator Faulkner's view that it is the parliament to which the agencies are accountable and it is the parliament's responsibility to oversee their priorities and effectiveness and to ensure agencies meet the requirements and standards it sets. I agree.

Senator Faulkner developed a set of reforms designed to ensure that the effectiveness of parliamentary oversight of intelligence and security agencies keeps pace with any enhanced powers being given to the agencies. Labor will bring forward legislation this year to give effect to these important reforms. One key reform proposed by Senator Faulkner was for the Intelligence and Security Committee to have oversight of some operational matters of the security agencies. Labor pressed for this significant change to the role of the Intelligence and Security Committee to occur with respect to oversight of the data retention regime. As I have noted, the government has accepted the recommendation of the Intelligence and Security Committee to give effect to this change and has drafted amendments to the bill for this important expansion of the Intelligence and Security Committee's role.

Labor will always work to keep Australians safe and, at the same time, to uphold the rights and freedoms enjoyed by all Australians. Getting this balance right can be a challenging task, but with the addition of the numerous amendments to the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 that Labor has fought for, and with the government's agreement to further amendments to protect freedom of the press, we believe that the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 strikes the right balance. I commend the bill to the House.

6:51 pm

Photo of Andrew NikolicAndrew Nikolic (Bass, Liberal Party) Share this | | Hansard source

Listening to that speech, you would think that the Labor Party was the only party represented at the Parliamentary Joint Committee on Intelligence and Security. What we have heard from the member for Isaacs is: 'Labor did this. Labor did that.' My recollection, because I am a member of that committee, is that what we produced was a bipartisan report, a report that reflected a valued contribution from all members on that committee. There were certainly some tough discussions and, I would have to say, goodwill in most hearts. So it is disappointing to me to hear the criticisms and the partisan comments from the member for Isaacs because many of the things that he mentioned were, from my recollection, cooperatively concluded recommendations rather than in the way that they were portrayed.

The member for Isaacs also says that counterespionage and counter-terrorism make up only a very small amount of the requests for metadata. But I remind the honourable member that this is not a quantitative but a qualitative issue. One person can have a strategic affect and, as we have seen in recent times, all too often, resurgent terrorism has thrown up far too many recent examples of that essential truth.

The other essential truth is that the first duty of government—and this is where I agree with the member for Isaacs—is to keep its people safe. As a member of the committee that the member for Isaacs also belongs to, I am pleased to contribute to that very important outcome. In light of the resurgent threat of transnational terrorism, in light of the adaptive nature of those who engage in terrorism, in serious crime and in the appalling sexual abuse of our children, the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 is important to Australia and to all Australians.

Terrorism concerns each and every rational government in the world today. It also concerns multilateral organisations like the United Nations, which has called for greater action in this area. The recently adopted UN Security Council resolution 2178, for example, requires states to criminalise the travel or attempted travel of foreign fighters.

As I wrote in an opinion piece in The Australian newspaper just a few weeks ago on 16 February, the United Kingdom is considering the introduction of a power to suspend citizenship for those found guilty of terrorism offences. Canada is being even tougher following the terrorist attacks at Ottawa's national war memorial and parliamentary precinct. After the atrocity in Paris in early January, France, like Canada, is revoking the citizenship rights of dual nationals. I think this British, French and Canadian determination signals a pragmatic way ahead for others, including Australia, to confront resurgent terrorism.

I spoke in that opinion piece in The Australianabout my own encounter with captured terrorists while serving as team leader of a United Nations mobile team called Team Zulu in south Lebanon in September 1991. The terrorists we captured never achieved their mission after their small boat was seized by my United Nations colleagues. It was a boat crammed with AK47s, hand grenades, knives, explosives and rocket propelled grenades. Their intent was to land on the Israeli side of the border near a beautiful coastal town called Nahariya where my wife and then two very young daughters lived. Their mission was to kill as many Jews as possible before they themselves were killed. When I asked that three-man terrorist team through the French-Arabic interpreter how they would distinguish between Jews and overseas visitors, the terrorist leader confidently put that question in the hands of his god. I can recall thinking at the time how lucky we were in Australia not to have such insane, indiscriminate killers in our country. But, as we now realise, those days are long gone.

That is why this bill is so vital. It gives our police and security agencies the additional powers they need to keep us safe. We may not like it, but this is now the practical reality which will continue to increasingly inform and affects the lives of every one of us and those we represent. This climate is likely to continue to persist for at least the foreseeable mid-term future and perhaps even well beyond that. Indeed, informed pundits such as former Chief of the Army Lieutenant General Peter Leahy are predicting a century of commitment to confront and contain let alone defeat resurgent and spreading religious and social extremism, intolerance and barbarism. This bill is a common-sense approach to that serious threat.

I will turn now to the practical application of this bill. In essence, it requires telecommunications providers to keep a limited and defined subset of metadata for two years. It means that we can shore up consistent standards across industry for storing limited data so that it remains available for criminal and security investigations. This is absolutely vital because the case studies that we heard on our committee demonstrated that metadata is the basic building block in nearly every successful counterterrorism, counterespionage, organised crime and paedophilia investigation. That is why Hetty Johnston from Bravehearts has called this legislation a 'no-brainer'.

Remember that metadata is information about a communication—the who, when and where—not the content, substance or 'what' of a communication, for which a warrant is still required to access. For phone calls, metadata is information such as the phone numbers of people talking to each other and how long they have talked to each other, not what they have said. For internet based services, metadata is information such as an email address and when it was sent, but not the subject line or body of an email. Metadata allows our police and security agencies to understand the links between people and networks. We are talking here about pattern-of-life analysis, understanding how people or networks of concern might link with each other to determine the need for more intrusive means to look perhaps at the content of what they are saying to each other.

In comprehensive briefings to our committee, we learned that metadata was used in 100 per cent of cybercrime investigations, nine out of ten counterterrorism and child protection investigations, and eight out of ten serious organised crime investigations. In a recent European paedophile investigation, the UK was able to prosecute 121 offenders. In contrast, the Germans, who have no data retention regime, could not convict a single perpetrator.

This legislation is particularly urgent because of fast-changing technology and the adaptive nature of our adversary. Telecommunications companies are retaining less data for shorter periods. We do not want our police and security agencies to become increasingly blind in pursuing terrorists and those involved in serious crimes. In 2013 a major internet service provider reduced its retention period for IP address allocation from many years down to three months. Remember that this data enables agencies to match suspect communications with actual people. In June 2014 the Australian Federal Police were unable to identify a suspect who stated online that they intended to sexually assault a baby because the carrier only retained data for a maximum of seven days. No responsible government can sit by while those who protect our community lose access to such vital information. The Australian Federal Police and organisations like ASIO are adamant that the decreasing availability of this data is hampering investigations and preventing perpetrators being brought to justice.

Contrary to the scare campaigns by the Greens party and their activist mates, this legislation gives no extra powers to our agencies, which have been accessing metadata for decades. In fact, we are strengthening privacy in this bill because we are cutting the agencies which can access metadata from around 80 to around 20 who have a clear and demonstrable need. Currently, even local councils and the RSPCA can access metadata. Under our new law, we will substantially reduce access to around 20 core criminal law enforcement and security agencies. This reflects public concern around the number of agencies permitted to access telecommunications data.

As a member of the Parliamentary Joint Committee on Intelligence and Security, I can also provide assurances on the privacy protections in this bill. The Commonwealth Ombudsman will be given powers to inspect access to and the use of telecommunications data by Commonwealth, state and territory enforcement agencies. The Privacy Commissioner will continue to assess industry's compliance with the Australian Privacy Principles and monitor its nondisclosure obligations under the Telecommunications Act. The Inspector-General of Intelligence and Security will inspect and report on ASIO's access to data. The government has significantly increased the inspector-general's resources to enable it to effectively oversight the activities of intelligence agencies, and the Attorney-General will report on the scheme annually. It is important to make the point that the data retention proposal does not affect the immunities given to whistleblowers who qualify for protection under laws like the Commonwealth Public Interest Disclosure Act 2013.

It is clear that this legislation is urgent, but no-one can accuse us of rushing it through the parliament, given that we introduced the bill almost four months ago, on 30 October 2014. In relation to costs—an item raised by the member for Isaacs, again, in a critical way—the government has provided the Parliamentary Joint Committee on Intelligence and Security with a confidential briefing on the costs of the scheme. This briefing to our committee enables us to include in our report details of the range of estimated costs of the scheme and to ensure that these details are made public prior to debate of the bill. The government has said from the outset—not under pressure from the member for Isaacs or anyone else—that we are prepared to meet a reasonable share of the up-front capital costs to implement this legislation. We are confident that industry understands the importance of data retention and takes seriously its corporate responsibility to do the right thing by helping our police and security agencies to protect Australians. But even at the highest estimate, the cost is less than one per cent of the $40 billion plus sector, so the costs involved will be comparatively modest.

Importantly, this bill is fair to all law-abiding and decent Australians. It targets only those among us who would seek to do the very great majority harm and supports their detection at the very earliest opportunity. To do otherwise is neither sensible nor prudent. Perhaps, in the end, the best way to assess the validity of this bill is for all of us and, indeed, all those we represent to ask a simple question: who has most to gain or benefit by delaying these measures? The answer to this question is pretty clear: it is not any of us in this chamber nor the majority of Australian citizenry beyond, rather it is those who intend to harm their fellow Australians. While the subject of data retention is, itself, less dramatic than the use of aircraft armed with both kinetic and smart weapons against Daesh, it is nevertheless an important complementary measure, which may very well prevent others from joining their murderous ranks.

I heard the member for Isaacs talking about journalists, and the journalist issue has been topical in recent times. My view is that we must not exempt categories of people from the law. Let's face it, journalists are just as likely as to commit crimes as others—lawyers, priests and doctors—who also engage in privileged private communications. Despite what the member for Isaacs has said about there being no compelling evidence why a warrant regime for journalists should not be implemented, there was no evidence presented of abuse of the metadata scheme over the last 30 years that it has been used. There is no evidence whatsoever about abuse in relation to journalists or their sources. So the question I ask is: what problem are we solving? There are safeguards within the PJCIS recommendations to provide additional protections. Law enforcement agencies must notify the Ombudsman or in the case of ASIO the Inspector-General of Intelligence and Security each time an authorisation for metadata relates to a journalist's source. The committee I am a member of—the PJCIS—must also be informed and can consider the operational imperatives relating to that authorisation.

Let me conclude by reinforcing the important effect of this bill in helping secure our current way of life in an otherwise difficult and testing security environment. This bill establishes a vital statutory obligation to retain metadata. It is vital because it is at the heart of keeping our community safe. It is the agencies that conduct those activities that are telling us exactly how vital it is. This government will not rest until our community is as safe as it possibly can be, and a vital part of that is getting this bill through the parliament. I commend the bipartisan nature of the committee's consideration of this bill. I congratulate our chair, the member for Wannon, Dan Tehan, and the deputy chair, the member for Holt, Anthony Byrne. I commend this bill to the House.

7:27 pm

Photo of Jason ClareJason Clare (Blaxland, Australian Labor Party, Shadow Minister for Communications) Share this | | Hansard source

The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 is controversial legislation, and I can understand why some people are very concerned about it. Even senior members of the government have previously expressed concerns about the retention of telecommunications data for the purposes of law enforcement. The minister who introduced this bill, Malcolm Turnbull, said in 2012:

I must record my very grave misgivings about the proposal.

In 2012, he said that a data retention regime would have a:

… chilling effect on free speech …

The Deputy Leader of the Liberal Party, Julie Bishop, said in 2012:

The idea that the Government should collect and retain the online records of all Australians for a period of two years I think is disturbing. It appears to go too far and I would have to be persuaded that this was a reasonable request.

These concerns are not restricted to one side of politics. People in all political parties have concerns about the mandatory retention of telecommunications data. Legislation like this raises legitimate and serious privacy issues and it is important that they are addressed.

This is all so complex. It is not easy to get your head around. We saw a compelling example of that last year when the Attorney-General could not explain to David Speers on Sky News what metadata is or whether telecommunications companies would be forced to keep a record of the websites people visit. That is why, when the government introduced this legislation into parliament just before Christmas, we said that it should not be rushed through; it should be subject to a proper inquiry by the Parliamentary Joint Standing Committee on Intelligence and Security. And that is what has happened. I am privileged to have been a member of that committee as part of its work.

The work that this committee has done has made clear to me that this legislation in its current form—in its original form—is not good enough. The committee received more than 200 written submissions and held three days of public hearings. It also held a number of private hearings. The weight of evidence that we received made very clear that the legislation in its current form puts too much power in the hands of the Attorney-General

It also does not sufficiently address legitimate concerns about privacy and the protection and security of the data that will be retained. It also does not have the oversight powers and resources that are really needed here to make sure that the use or misuse of people's telecommunications data can be properly investigated. That is why as a committee we recommended a lot of changes to this bill—38 in all. I will go through some of those in a moment and why I think they are important. But first I want to explain what is happening now in Australia.

Right now telecommunications companies keep a lot of data about us—metadata. They do not all keep the same data and they do not all keep it for the same period of time. Some data is held by companies for a couple of weeks. Some data is held for up to seven years. Police and other law enforcement agencies access this data right now, and a lot of it. Last year there were more than half a million applications by law enforcement to telecommunications companies to access metadata. It is part of most investigations. It does not always solve crimes, but it is an important investigation tool. For example, police turn up to a crime scene. There is a dead body and there are no witnesses. One of the first things they do is seek the phone records of the person who has died to see who the last people were that they were speaking to. Sometimes it provides the evidence that is critical to a conviction. We saw evidence of that in the case in the murder of Jill Meagher in 2012. In that case it was telecommunications data that led to the conviction of Adrian Bayley. This data is being accessed now, not just by police but by 80 different organisations, including councils and the RSPCA. There are very few rules around it, there is very little oversight and, therefore, there is very little evidence about how it is used or misused.

The argument that the government has used is that this legislation is required because telecommunications companies are not holding our data for as long as they used to, that they are going to hold less and less in the future, and that, therefore, law enforcement agencies will not be able to do their job. This is sometimes called 'going dark'. The Prime Minister said recently that if this legislation is not passed there will be 'an explosion of unsolved crime'. This is not right. It is true that some telcos have reduced the amount of data they hold. But it is also true that the major telcos—Telstra, Optus and Vodafone—all told the committee in public hearings that they have no intention of reducing the amount of data they currently retain.

In my view the real purpose of this legislation is not to stop law enforcement going dark. It is more about consistency. lt will require all telcos to keep the same type of data and hold it all for the same period of time. That will invariably mean that law enforcement agencies will have access to more data—data that is not currently being held by some telcos for two years. The real reason to support this legislation is this: law enforcement agencies access our telecommunications data right now, with very few rules and very little oversight. If the recommendations of the joint standing committee are adopted, tighter rules will be put in place, and for the first time there will be oversight of the agencies that access our data and their use or misuse of it.

I want to focus now on some of the committee's key recommendations: first, the controversial issue of what metadata is. The bill in its current form leaves it to regulations. In other words, it leaves it to the Attorney-General to decide. The committee rejected this approach. It puts too much power in the hands of the Attorney-General and creates too much uncertainty. We therefore recommended that the dataset that the telcos have to keep be embedded in legislation. Second, who can access this data? Again, the bill leaves that question to the Attorney-General to decide. And, again, the committee rejected that approach. The committee recommended that the parliament, not the Attorney-General, should decide what data has to be kept and who can access it.

Third, at the moment it is doubtful whether individuals have access to their own telecommunications data. The legislation deals with law enforcement access to data but does not address individuals' rights to their own telecommunications data. The committee's recommendations will fix this problem. The committee recommended that telcos be required to provide their customers with access to their own telecommunications data upon request for a fee. And I am glad to see that, in the wake of this recommendation, Telstra recently announced that that will put this into place for their own customers effective from 1 April.

Fourth, the security of the data kept under this legislation is also a real issue. The last time the committee looked at this issue in 2013, it recommended that the data be encrypted. This legislation in its original form says nothing about this. In 2013 former Attorney-General Mark Dreyfus also introduced legislation to create a data breach notification scheme. In other words, if your data is hacked, you are notified. This legislation was introduced into this place but lapsed after the last election. The committee has recommended that this data be encrypted and that a data breach notification system be created.

The committee also looked at the important issue of where this data should be held. We made no recommendation about this, but this is an important issue. There are good arguments to say that it should be held in Australia. The former head of ASIO, David Irvine, made that argument as recently as yesterday in Australian newspapers. The committee looked at this issue and will look at this further when it examines the forthcoming telecommunications security sector reforms.

Fifth, how will this data be used by other people and other organisations in civil litigation? This was the subject of a lot of confusion when this legislation was introduced. The AFP Commissioner said that it could be used to track down people who illegally download movies and TV series like Game of Thrones. On Q&A in November, George Brandis said that was not right:

TONY JONES: Okay. Well, can I put something to you and that is that I think that a lot of Australians are probably quite surprised to hear Commission Colvin suggest that these metadata or the metadata gathered could be used in a whole range, beyond terrorism, of different prosecutions, possibly even against Internet pirates …

GEORGE BRANDIS: Well, they can't be and they won't be …

But that is not right either. There is nothing in the bill that prevents the use of this data to pursue in a civil court people illegally downloading movies. The recommendations by the committee help fix this problem. We have recommended a prohibition on the use of data retained under this legislation from civil litigation.

Sixth is the issue of costs. This is very expensive: the capital cost of setting up this system has been estimated by PWC as between $188 million and $319 million. We all pay for that in one way or another. A substantial proportion will be paid for through our taxes, and the rest through our telco bills. It is a capital cost, not an annual operational cost, but it is still expensive. I am particularly concerned about the impact that this might have on small telcos. Competition in this sector is extremely important, and I am worried about the risk of this pushing small telcos out of the market. The committee recommended that the government ensure that the funding they provide to telcos to set up this scheme is tailored in a way to help particularly small providers who may not have the capital budgets or operating cash flow to implement this legislation without upfront assistance. The government has committed to do this. I thank them for it; it is important that this happens.

Seventh, the sort of powers that law enforcement agencies already have to access our data should be subject to real oversight. As I said, at the moment they are not. The original bill gets one thing right: it gives the Commonwealth Ombudsman oversight and investigative powers over the use or misuse of telecommunications data. This includes full investigative powers, the power to compel officers to answer questions and access to all records and premises. This applies to federal and state law enforcement agencies. But what is not done and what we do not see in the original legislation is the necessary resources that the Ombudsman needs to do this job. In evidence to the committee, the Ombudsman, Mr Colin Neave, said he lacked the resources to do this and that he would need an additional 12 staff and $2.3million in the first year and $1.65 million per annum thereafter. The committee, in our report, recommended that these resources be provided, and it is important this happens.

It also recommends, for the first time, real parliamentary oversight. At the moment the Parliamentary Joint Standing Committee on Intelligence and Security is not allowed to examine operational matters. This will also now change: the committee will have the power to examine the use of this legislation by the AFP and ASIO. This is important, because it will give the parliament, for the first time, the power to examine the operational activities of law enforcement and security agencies. This is the first step for this parliament—it gives the parliament the power to oversight the operational use or misuse of this legislation. But it is just the first step. The next step is to do what John Faulkner proposed in a private member's, or senator's, bill last year—and that is to give the Parliamentary Joint Standing Committee on Intelligence and Security a general power to review the operational activities of our law enforcement and security agencies. This will give the parliament the same sort of oversight powers that the US Congress and the UK Parliament have.

There are a lot of other important recommendations that I do not have time to mention in this debate, but I do want to say something about the issue of press freedom and how this legislation should apply to journalists. This is an area where agreement was not reached in the committee. In my view, though, if law enforcement agencies want to get access to a journalist's telecommunications data to get their sources, they should have to get a warrant from a court. There is a simple reason for this: journalists are different. The privacy of their sources is integral to freedom of the press; it is why journalist shield laws exist. It is also important because sometimes it is journalists who are investigating law enforcement. The UK Parliament has recognised this, and two weeks ago it passed initial legislation that requires law enforcement agencies to get a warrant to access a journalist's metadata. I am glad the Prime Minister has finally backed down and agreed to amend this bill to require law enforcement agencies to get a warrant. The government now needs to work with us, the crossbench and Australian media organisations to get that amendment right.

Deputy Speaker, let me go back to where I started. This is complex and controversial legislation. I understand why many people are concerned about it. The government has not explained why these laws are needed very well. No-one should be under the illusion that this legislation will somehow stop terrorism—it will not. It would not have stopped what happened at the Lindt cafe in Sydney. ASIO and the New South Wales Police both admitted that in the public hearings, but metadata was useful during the siege and after. The fact is less than two per cent of current requests for metadata are about terrorism or paedophile cases. The rest is about a whole range of other criminal offences, big and small. But remember this: there are half a million applications a year by 80 different organisations with very few rules and very little oversight. The committee's recommendations to this parliament will help fix that. They will mean tighter rules and, for the first time ever, real oversight of the use and misuse of this data.

7:42 pm

Photo of Philip RuddockPhilip Ruddock (Berowra, Liberal Party) Share this | | Hansard source

I rise to support the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 and I will support the amendments necessary to secure its passage. My view, as a former Attorney-General of this country and as a person who has taken very considerable interest in these matters, is that this legislation is absolutely essential. There was an urgent need for it some time ago, and that need remains very precipitant now. It has been said by the previous speaker, the member for Blaxland, that there are half a million requests for access to metadata now. He suggests that that means the scheme is working perfectly well and is adequate for the purpose, but nothing could be further from the truth.

I do not think we have been given accurate evidence, because that would undermine public confidence in the nature of our legal system, were it to be put in the public arena. I suspect we have seen a very significant degrading in our capability and capacity to be able to deal with terrorist threats and organised criminal activity, because those people who pose a threat to us know that there are some communications that can be accessed through the existing metadata regime and there are other communications that are not the subject of scrutiny because there is no legislation requiring people to keep the data. It is very clear. If you were a terrorist and you wanted to ensure that nobody was aware that you were engaged in those activities and whom you might be talking to, you would simply identify those agencies who supplied a service but did not keep the information because they were not required to keep the information.

It is certainly the case that information has been kept by Telstra and by Optus, because that has been part of their commercial models over a long time. It is the case that there are others who have said: 'Aren't we smart? We've found a way of providing a cheaper service and undercutting their model by not doing all the things that they do. If we don't keep the data, we can be more competitive. Aren't we smart?' To my way of thinking, that commercial model is not in the national interest. The legislation that we are dealing with will require those organisations to keep that data now, and we are going to pay for it. We may not pay for it directly, in its entirety, but we will pay for it through subsidy and through the increased costs of services. It may mean that some of those organisations who thought they had a very good commercial model are going to lose it.

We need to understand, when a lot of the media coverage on these issues raises all sorts of fears—and they do—that there are commercial reasons why certain organisations are putting that into the public arena. I open the Media section of The Australian on 9 March. Under the headline 'Rivals unite against data retention', an article dealing with metadata says:

JOURNALISTS and their sources could be tracked down in witch-hunts reminiscent of the Stalin era under the new metadata legislation, Australia's most powerful media bosses have warned.

I go to another article. Under the headline 'Poll highlights business fears over metadata', it says:

Australians don't trust government departments to correctly handle their personal information once controversial new data retention legislation is implemented.

An article headed 'Phone, internet spying "violates human rights"', quotes somebody who wants to get into the business:

Wikipedia co-founder and influential technology entrepreneur Jimmy Wales has slammed the … plan to make telcos store the metadata of every phone and internet use as a 'human rights violation' …

If these 'human rights violations' have been there over the last 30 years, why wasn't this an issue in this parliament every day as it was brought to our notice, as people who were concerned about it were identifying the abuse? You would think you would have heard about it. I have been here all that time and I have never heard about it. It was not raised by the opposition, not raised by the newspapers, until there was a commercial reason why some people needed to undermine putting in place a comprehensive regime.

If you think I am strongly convinced that this is necessary: you bet. I am concerned about people's right to privacy; of course I am. I recognise the arguments about the protection of privacy needing to be proportional. I want to weigh it up against other rights that I have, and one of those rights that I believe I have is the right to life. If I were going to have to give up a little bit of privacy to continue living, I would be very prepared to accept that. Where I do get concerned about privacy issues—but I never hear this raised—is with those commercial organisations who think they can make a profit out of selling information they get about my use of particular products or where I might shop. They sell it on to somebody else to make money. I do not hear anybody complaining about that.

I would like to think that members want to inform themselves. I cannot inform them of what I might know from agencies who have to be careful about identifying potential weaknesses in their own operations, where they might not be able to adequately fulfil the role that we are expecting of them. I do not think that data is going to be out there in the public arena or given in evidence before parliamentary committees. It is very difficult to get the arguments about the threats that we face. But I would encourage members to read TheEconomistof 17 January. I found quite a fascinating article. For copyright reasons, I had better say it is published in TheEconomist but there is no by-line. I do not know who wrote it but I regard TheEconomistas very authoritative. Under 'Getting harder', it deals with counter-terrorism. With the introduction 'Western security agencies are losing capabilities they used to count on', it says:

ONCE the shock that a terrorist outrage generates begins to fade, questions start to be asked about whether the security services could have done better in preventing it. Nearly all the perpetrators of recent attacks in the West were people the security services of their various countries already knew about.

It speaks about the recent attacks in France, saying of the terrorists:

… France's internal security agency, and the police knew them to be radicalised and potentially dangerous. Yet their … plots, which probably involved more people and may have been triggered either by al-Qaeda in Yemen or the so-called Islamic State (IS) in Syria, went undiscovered.

There … may have been a blunder, and there will undoubtedly be lessons to be learned, just as there were in Britain after the 2013 murder of Fusilier Lee Rigby …

The parties involved there, the article says, were known to MI5. It goes on:

But it is worth reflecting on the extent to which Western security agencies have succeeded in keeping their countries safe in the 13 years since September 2001. And it is worth noting that their job looks set to get harder.

Europe has suffered many Islamist terrorist attacks in recent years, but before the assault on Charlie Hebdo, only two of them caused more than ten deaths: the Madrid train attack in May 2004 and the London tube and bus bombings 14 months later. This was not for want of trying; intelligence sources say they have been thwarting several big plots a year. Sometimes this has meant arresting the people involved: more than 140 people have been convicted of terrorism-related offences in Britain since 2010. But often plots have been disrupted in order to protect the public before the authorities have enough evidence to bring charges.

Three factors threaten this broadly reassuring success.

The article goes on to talk about these factors and the second problem that we are facing now:

A second problem for the security forces is that the nature of terrorist attacks has changed. Al-Qaeda, and in particular its Yemeni offshoot al-Qaeda in the Arabian Peninsula, is still keen on complex plots involving explosions and airliners. But others prefer to use fewer people, as in commando-style raids such as the one on Charlie Hebdo and "lone-wolf" attacks that are not linked to any organisation. IS has called for attacks on soft targets in the West by any means available—one method is to drive a car at pedestrians, as in Dijon on December 21st last year.

At any one time MI5 and DGSI will each be keeping an eye on around 3,000 people who range from fairly low-priority targets—people who hold extremist views that they may or may not one day want to put into practice—through those who have attended training camps or been involved in terrorist activity in the past to those who are thought likely to be actively plotting an attack. But only a small number at the top are subjected to "intensive resource" surveillance.

These are pretty simple issues. We have an agency that is meant to be protecting us which has around 1,500 people. Could they put 3,000 people thought to be posing a risk under scrutiny? It is obvious that they cannot. They have to have other ways of finding out how they should target their activities more appropriately. This is why, as the article goes on:

Even when there are identified co-conspirators, though, it is getting harder to tell what they might be up to. This is because of the third factor that is worrying the heads of Western security agencies; the increasing difficulty they say they have in monitoring the communications within terrorist networks. The explosion of often-encrypted new means of communication, from Skype to gaming forums to WhatsApp, has made surveillance far more technically demanding and in some instances close to impossible.

The article continues:

The tech firms are very different from the once-publicly owned telephone companies that spooks used to work with, which were always happy to help with a wire tap when asked. Some, especially some of the smaller ones, have a strong libertarian distrust of government. And technology tends to move faster than legislation. Although the security agencies may have ways into some of the new systems, others will stymie them from the modern equivalent of steaming open envelopes.

It is an article worth reading to give you an idea of the difficulty in which the agencies who have a responsibility to protect us are working. This legislation is important because it is about giving these agencies the tools that they once had.

I think that the legislation is absolutely prudent, appropriate, measured and responsible. I know that we are amending it. I suspect that those amendments, which are going to be agreed to ensure the passage of the legislation, are not necessarily required and are going to impose significant and additional costs upon the Australian taxpayer. I hope that people will look at these issues in the context of where the problems of the past have been, because I can assure you that there is no need for the sort of scrutiny that people are demanding.

7:57 pm

Photo of Graham PerrettGraham Perrett (Moreton, Australian Labor Party) Share this | | Hansard source

I rise to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. I am going to begin with a quote from 2012. The speaker talks about proposed data retention legislation, and he makes the point:

Nor has there been an explanation of what costs and benefits have been estimated for this sweeping and intrusive new power, how these were arrived at, what (if any) cost was ascribed to its chilling effect on free speech, and whether any gains in national security or law enforcement asserted as justification for the changes will be monitored and verified should they be enacted.

The speaker makes the point that he has very grave misgivings about the proposed legislation, and he says that the data retention proposal is basically designed to:

… restrain freedom of speech.

That quote is from the Hon. Malcolm Turnbull in his 2012 Alfred Deakin Lecture on 8 October 2012—the same speaker who came into this house on 30 October last year and introduced this bill, the Minister for Communications, the Hon. Malcolm Turnbull. It is interesting to see the contrast between when he was in opposition and the immediate flip when in government. He obviously has a very flexible spine when it comes to taking a stance on something like restraining freedom of speech.

The Hon. Malcolm Turnbull's piece of legislation, which is before the chamber and which he introduced last year, was referred to the Parliamentary Joint Committee on Intelligence and Security for it to report on its provisions. The Labor representatives on the committee for this inquiry were Mark Dreyfus; Jason Clare, the shadow minister for communications; Anthony Byrne; and Senator Stephen Conroy.

The Parliamentary Joint Committee on Intelligence and Security had previously reported on a proposal for mandatory data retention in 2013. That was in the mind of the Minister for Communications when as shadow minister in opposition he made the comments that I have just referred to. That report, handed down by Anthony Byrne, contained many recommendations which , surprisingly , were not included in the original provisions of the bill. This is e ven more surprising given the Minister for Communication 's publicly stated concerns about metadata retentio n when he was in opposition. Normally you would think the minister would work with the Attorney-General to explain this quite significant piece of legislation that has many people concerned in this digitally connected world. Obviously anyone who has seen the video footage of Attorney-General Brandis trying to explain metadata on Sky Television would understand why so many people in my electorate are confused. The Attorney-General has basically been in hiding since that train wreck of an interview about this legislation. Combine the need for this legislation and the pressing need for the Prime Minister to wedge the Labor Party when it comes to national security, which is political manoeuvring not necessarily in the national interest but obviously in the Prime Minister's interests. With 39 backbenchers prepared to support a spill motion against him, he was desperate to have something that would attract a bit more popular support.

The report of the Parliamentary Joint Committee on Intelligence and Security inquiry into this bill made 38 unanimously supported recommendations for changes to the provisions of the b ill —despite the comments from speakers on the other side, these were unanimous recommendations. At the strong insistence of Labor, th e se recommendations have all been incorporated into the b ill in its current form. Especially since Minister Turnbull's comments when in opposition and Attorney-General Brandis's train wreck interview, there is no doubt that the term 'data retention' provokes extreme emotion in many sector s of the community. I have seen the reaction of many of my constituents over this issue. People are very passionate about this topic and t hey have made many very valid and rational arguments. Labor had serious concerns about the bill which was introduced quite hastily last year by Minister T urnbull. Some o f my concerns, which I expressed to a journalist, were reported in The Sydney Morning Herald . They reflected the worries that were put to me by many people in my electorate.

By way of example of Labor improvements, the specification of what data set is to be retained was originally to be added by regulation and not included in the b ill itself , not put before the parliament . The core purpose of this legislation is to retain data. It is crucial that all stakeholders know with certainty what data there is an obligation on telecommunications companies to retain. The PJCIS recommended in its report that the data set be included within the legislation and not by regulation. The c ommittee noted that the data set is central to the operation of the proposed data retention scheme and it is critical that the proposed data set comprise s that which is necessary and proportionate.

Minister Turnbull's b ill has been amended to incorporate the definition of the data set within the legislation —so good work that committee. But j ust who would have access to our data was also a concern raised by Moreton constituents. Simon from Eight Mile Plains said: 'M y main concern is misuse/abuse of the data which will most certainly happen. Any person with a valid criticism against government, police, the judiciary will fear this system. Imagine a stalker with access to the data, possibly a police officer going off the rails, blackmailing a subject into pseudo-consensual activities. Commercial abuse, political abuse. Imagine a foreign government gaining access, a terrorist organisation. Imagine a paedophile getting access. These things are exceptionally likely to happen.'

The PJCIS also had concerns, saying in its report that access to the stored data should be limited to agencies with appropriate functions and which are subject to appropriate safeguards. The c ommitte e recommended that law enforcement agencies that can obtain a stored communications warrant be specifically listed in the Telecommunications (Interception and Access) Act 1979 — ASIO, the Australian Federal Police, the state police forces, the Australian Crime Commission, the Australian Customs and Border Protection Service, the Australian Commission for Law Enforcement Integrity and state based anti-corruption commissionsThe committee noted that only agencies involved in investigating serious contraventions of the law should be designated as 'criminal law enforcement agencies' for the purpose of accessing stored data.White collar crime can of course be a serious contravention of the law. Accordingly, the committee recommended that the Australian Securities and Investment Commission and the Australian Competition and Consumer Commission be listed as criminal enforcement agencies under the legislation.Those recommendations addressing the concerns about access have been implemented in the current form of the bill.

Another major concern shared by the PJCIS and many ordinary citizens is the use to which this data may be put. Lyall from Tarragindi sa id: ' Clearly a large repository of data of this kind would be useful for all sorts of purposes , not just law enforcement , and its existence will be a temptation to criminals and the maintainers of the data alike.' Telecommunications data that is currently kept by companies for business use is being accessed under existing laws for purposes not related to law enforcement or national security. Jacqueline from Annerley said : ' This is about being given the right to decide what information you're happy to share and what informatio n you'd prefer to keep private.'

You d o not have to stretch your imagination fa r to imagine what an Aladdin's c ave or honey pot this data would be for civil litigants. To prevent the greatly increased store of data under this regime from being accessed for the purposes of civil litigation , the c ommittee recommended that the b ill prohibit access to data stored solely for the purposes of the mandatory data retention scheme from being accessed for the purposes of civil litigation. However, the c ommittee did recommend that individuals be able to access their own data that is stored under the mandatory data retention scheme . Both of those recommendations have also been implemented.

Many of my constituents also raised concerns about the security of the data retained. Amazingly , the original b ill was completely silent on the issue of data security. Concerns raised with the c ommittee included that the data would be a honey pot for those with criminal or malicious intent; t h at th e b ill did not prohibit offshore storage , a point I will return to later if I have time; that t he data was not required to be destroyed at the end of the retention period; and that t he vast amounts of data required to be stored would increase the security risk. To address these concerns, the PJCIS recommended that all service providers be required to be compliant with either the Australian Privacy Principles or binding rules developed by the Australian Privacy Commission. It also recommended that the government enact telecommunications sector security reforms prior to the end of the implementation phase for the bill, and the bill before the House now reflects those recommendations.

The telecommunications sector security reform was first addressed in chapter 3 of the PJCIS's 2013 report in the 43rd Parliament, but it was not included in the bill introduced to the House in October last year by Minister Turnbull. Importantly, the PJCIS also recommended that the data retained by the mandatory data retention regime be encrypted. The question, of course, is: to what standard of encryption should the data be protected? It is recommended that a data retention implementation working group develop an appropriate standard of encryption, and that it be incorporated into the regulations. Again, those recommendations have been accepted.

Sadly, as night follows day, a breach of security relating to the data is probably inevitable. When that happens it is crucial that there is a notification scheme in place. Again, it is interesting to note that the committee's 2013 report recommended that any legislation for mandatory data retention include a 'robust, mandatory data breach notification scheme'. However, this recommendation was not included in the bill introduced to the House last year by the Hon. Malcolm Turnbull. The PJCIS has, in its most recent report, recommended the introduction of a mandatory data breach notification scheme by the end of 2015, and that recommendation is now in the final form of this bill.

Photo of Michael DanbyMichael Danby (Melbourne Ports, Australian Labor Party, Shadow Parliamentary Secretary to the Leader of the Opposition) Share this | | Hansard source

Another Labor success!

Photo of Graham PerrettGraham Perrett (Moreton, Australian Labor Party) Share this | | Hansard source

I will take that interjection! Duncan from Salisbury expressed his concerns that 'there seems to be no concrete proposals for impartial oversight of access to this data'. However, the bill did include in its original form an increased role for the Commonwealth Ombudsman. That role is to include oversight of 'the preservation notices issued by criminal law enforcement agencies; and the access to and dealing with the stored data by the agencies'. Although the Ombudsman's office has the necessary expertise for this expanded role, it told the committee during the inquiry that it did not have the resources necessary to implement the tasks required of this expanded role. A sheriff starved of resources cannot cast a long shadow in the Badlands.

The PJCIS recommends that the government ensure that the office of the Commonwealth Ombudsman has the additional resources necessary to undertake these expanded oversight responsibilities. Additionally, the PJCIS recommended that the Ombudsman and the Inspector-General of Intelligence and Security notify the committee if they hold serious concerns about the operation of the scheme. Once notified, the committee should inquire into any matter raised in the reporting. This would be a substantial expansion of the oversight role of the intelligence committee—and this is a good thing.

The PJCIS's 2013 report included a review by the Parliamentary Joint Committee on Intelligence and Security no later than three years after its commencement. The bill introduced last year by Minister Turnbull did include a review, but in real terms the review would have been five years after the bill received royal assent. Obviously, with the implementation of such a radical mandatory scheme, a review within a shorter time frame is critical for appropriate oversight.

Another concern voiced by many of my constituents and shared by Labor is the potential impact on the freedom of the press. Tamara of Annerley says, 'I strongly oppose the use of metadata to track journalistic sources.' Elizabeth from Acacia Ridge says she believes the metadata regime is 'unfair and an infringement on citizen's freedoms and rights to privacy; not to mention the dire consequences for freedom of the press'. Labor believes that a warrant should be required for access to the telecommunications data of journalists.

The committee has recommended that it review the issue of how to deal with the authorisation of the use of data for the purposes of determining the identity of a journalist's source, and there is bipartisan agreement to conduct this comprehensive inquiry to sort it out. I am still wary of the warrant process, but it is better than what Minister Turnbull initially put forward. Legislation to ensure our security always requires a careful balancing of protecting our citizens and maintaining our freedoms, and upholding the rule of law is important. Daniel from Moorooka said, 'Limiting freedom to keep us safe from people wanting to limit our freedom is a slope I am genuinely fearful of.'

Labor is committed to national security. Labor is also conscious that extended powers of security agencies should be coupled with crucial external oversight. Senator Faulkner was the architect of a set of reforms which were designed to provide effective parliamentary oversight of intelligence and security agencies, and we will try to advance that. Labor has carefully scrutinised the recommendations of the committee and the consequential amendments the government has made to the bill. They have agreed to all 39 recommendations of that committee and hopefully will implement all of them.

Obviously, offshore storage is still something that I have a concern about, and it was mentioned in Malcolm Turnbull's speech back in 2012. I am concerned that we cannot, by contract, enforce Australian law overseas. It is important that we have debate about that and about a few other things in terms of the oversight and also the journalists being protected, and it is important that these concerns are addressed.

Labor has worked hard to ensure that this bill gets the balance between national security and personal freedoms right. I put forward this bill with the amendments that have been made, with my concerns noted about funding for the oversight, and with the subsequent changes and protections that will follow

8:12 pm

Photo of Jane PrenticeJane Prentice (Ryan, Liberal Party) Share this | | Hansard source

Previously when I spoke on the Counter-Terrorism Legislation Amendment Bill, I began by noting that in an ideal world nobody wanted the bill. It was a difficult but, regrettably, a necessary bill to strengthen Australia's ability to intercept and respond to the threat of global terrorism reaching Australian soil.

The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 is another bill that would not be necessary in an ideal world, but unfortunately we do not live in an ideal world. We live in a world in which paedophile rings use the internet to share images of child exploitation and abuse, a world in which traffickers use anonymously obtained SIM cards to coordinate international drug smuggling networks and a world in which terrorists use the internet and mobile networks to attract and indoctrinate potential recruits and to command them to carry out acts of indiscriminate mass murder. This is an unfortunate reality of today's world, to which Australia is not immune.

It is the job of law enforcement agencies to intercept and disrupt these operations to the best of their ability using the tools at their disposal. And it is the job of parliamentarians, as representatives of law-abiding residents, to provide them with these tools in a manner which best maintains the safety and security, but also the privacy, of the innocent.

It is this concept of privacy that I wish to now address, as it has dominated much of the public debate surrounding this bill. Colleagues in this place will know already of my strong commitment to individual rights. In my maiden speech, I spoke of my core belief that government must provide the environment to give individuals the opportunities to create and succeed but not unreasonably interfere or restrict the freedoms and rights of individuals.

Critics of this bill may argue that it is unreasonably restrictive on these individual rights and freedoms. To them I make this simple point: in a free society, freedoms and rights do not extend to infringing the freedoms and rights of others. They do not extend to misusing the internet to defraud the elderly, to abuse children or to orchestrate terrorist attacks in public places. Most reasonable people accept that there need to be limits on freedoms. We therefore do not object to law enforcement agencies obtaining warrants to conduct surveillance, access email accounts and obtain phone records of individuals reasonably suspected of engaging in criminal activity.

What many people do not understand, and what the public debate about data retention has largely ignored, is that changing technology has made data retention, for the purposes of criminal investigation, more difficult, not easier. It may seem counterintuitive for this to be the case, but I will explain with two examples. In decades past, phone calls were point to point, from fixed phone lines with fixed phone numbers, for which extensive records were kept for billing purposes. In criminal investigations, authorities were able to easily access these records with a warrant in order to pursue suspected criminality. Now, with the widespread use of mobile phones, and increasingly the use of disposable prepaid SIM cards purchased anonymously and changed frequently, authorities are finding it more difficult to use phone records to identify and track suspected criminals. There is evidence that organised crime networks are routinely using this tactic to avoid detection. Similarly, in recent years, the growth in the number of internet users and the range of devices with which the internet can be accessed has accelerated the use of static rather than fixed IP addresses. What this means is that IP addresses are constantly changing user, and it is increasingly difficult to identify a user purely by their IP address. Law enforcement agencies must therefore rely on the records of internet service providers to know who was using a particular IP address at the particular time it was associated with a suspected criminal act.

There are many real-life examples of instances in which data retained by service providers has been used to disrupt networks of individuals engaging in serious sexual, financial, drug related or violent crime. However, there is perhaps no more compelling case for mandating data retention than that identified in a recent Europol investigation into child exploitation. The investigation uncovered a vast network of online information shared by hundreds of users across several countries. Investigators uncovered evidence of up to 371 suspects believed to be in the UK and 377 suspects in Germany. Of the 371 suspects in the UK, authorities were able to positively identify 240, leading to 121 arrests and convictions. In Germany, however, only seven of the 377 suspects were able to be identified, and none were able to be arrested or convicted—not one. The difference? In the UK, investigators were able to use metadata to identify many of the suspects, whereas in Germany there is no data retention scheme in place. Dozens if not hundreds of perpetrators in Germany were able to evade arrest and conviction for child exploitation due to a lack of retained data.

This is where the need for this bill arises. In the past, records of phone and internet connections were kept for many years. Now, due to changes in billing practices and advancing technology, telecommunication companies are no longer seeing a business need to retain the information. Many are making a rational and legitimate business decision to no longer retain this information or to do so for a shorter period of time. At the same time, there remains compelling law enforcement reasons for the information to be retained. This bill strikes a balance between these competing business and law enforcement imperatives to require the retention of data for a period of two years. Residents in my electorate of Ryan have taken a keen interest in this bill. That is understandable, as many residents of Ryan work in professional or 'knowledge' jobs for which use of the internet and mobile technology is a daily part of their work as well as their social lives. They have followed the public debate on data retention closely. Unfortunately, it has been a debate in which a genuine discussion about the evolving challenges of modern law enforcement has been obscured by a misunderstanding of the scope of the bill. In a sense, that is understandable, as until recently the concept of metadata would have been foreign to many.

It is perhaps best to define metadata not by what it is but by what it is not. Metadata is not the substance of a communication. So, it is not the subject line or indeed content of an email. Nor is it what has been said in a telephone conversation. It is not web browsing history. It is not private social media posts. Metadata is merely information about a communication. In the case of phone calls, it may include the time of the call, the length of the call and the phone number called. For an email, it may include the recipient email address and the time the email was sent. It is the conflation of metadata and content that has led to confusion about the scope of the bill. So I want to be absolutely clear: access to the content of communications by law enforcement agencies has previously and will continue to require a warrant.

What this bill will ensure is that records of minimal details of time, length and recipient of communications are kept by providers for a two-year period in case they are required for the purposes of a criminal investigation. Nevertheless, it is prudent for legislation that broaches issues of privacy to be subject to thorough public scrutiny. I note that this bill has been subject to an inquiry by the Parliamentary Joint Committee on Intelligence and Security. The committee has released a unanimous, bipartisan report that makes 39 recommendations. Most importantly, the committee recommends that this bill be supported. And all 39 recommendations are supported by the government.

I will now speak to several of the recommendations as they address many of the contentions that have been raised about the scope of the bill. I will start with recommendation 2, which recommends that the proposed dataset be included in the primary legislation. This will ensure that it is absolutely clear in the legislation as to the data that is required to be retained by service providers.

Recommendation 5 is that the bill be amended to make clear that service providers are not required to collect and retain customer passwords, PINs or other like information. It is sensible and appropriate that retention of this information be specifically excluded, and the government has agreed to amend the explanatory memorandum accordingly.

Similarly, recommendation 7 is that the bill be amended to make clear that service providers are not required to keep web-browsing histories, or other destination information, for either incoming or outgoing traffic. The government will amend the explanatory memorandum to make this clear.

In recognition that there will be some cost to service providers in implementing data retention obligations, recommendation 16 is that the government make a substantial contribution to the up-front capital costs of implementation. It also recommends—and I paraphrase—that, in doing so, government appropriately balances the varying services, business models, sizes and financial positions of industry participants. In response, the government has reiterated its commitment to make a reasonable contribution to up-front capital expenditure required to implement data retention obligations. It will do so in a considered way, taking into account the wide range of participants in the telecommunications industry.

Importantly, recommendations 17 and 21 suggest clarification and specific listing of agencies that can obtain warrants and access telecommunications data in the Telecommunications (Interception and Access) Act 1979. They also recommend that the Attorney-General retain the power to list additional agencies for a time limited period in emergency circumstances. These recommendations have set clear boundaries around who can seek access to retained data and are supported by government. It is worth noting at this point that the effect of the bill will be to substantially reduce the number of agencies who are able to access telecommunications data from around 80 to 20.

Recommendation 24 is that the bill be amended to make clear that individuals have the right to access their personal telecommunications data retained by a service provider under the data retention scheme, under a provision similar to that already existing under the Privacy Act 1988. Access by individuals to their own information is an important safeguard in a free and fair society, and the government has amended the bill to cross-reference existing mechanisms under the Privacy Act 1988.

Recommendation 26 addresses the issue of press freedom and protection of journalists' sources. The committee considers that this matter requires further consideration in a separate review to report back in three months. This has been agreed to by the government.

Recommendation 27 proposes further committee and Commonwealth Ombudsman oversight of instances in which authorisations are made for the purpose of determining the identity of a journalist's source. This is also supported, and the office of the Commonwealth Ombudsman will be resourced accordingly.

In the time left, I want to touch on a few of the committee's recommendations. As a whole, they are considered, sensible and appropriate. I commend all committee members, and particularly the member for Wannon as chairman and the member for Holt as deputy chair, for their bipartisan and constructive contributions in what is a very sensitive area of policy. The full set of recommendations and government responses are publicly available. I encourage all members in this place, and indeed any listeners or followers of this debate, to read them in their entirety.

The end product of this process is a bill that is a fair and proportionate legislative response to a worrying and growing gap in the knowledge available to law enforcement agencies—a gap in knowledge that we know is currently, and will increasingly be, exploited by a small minority in our society to commit serious crimes to the detriment of the rest of us. I am confident that this bill returns to law enforcement agencies some of the tools they need to continue to protect the safety and wellbeing of all Australians. I commend this bill to the House.

8:26 pm

Photo of Alannah MactiernanAlannah Mactiernan (Perth, Australian Labor Party) Share this | | Hansard source

I think the great tragedy with this legislation, the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, has been the way it has been introduced into this place. We were promised by Tony Abbott that we would have grown-up government, but we have had anything other than grown-up government here. We have had a Prime Minister who has, on his own admission, had a series of 'near-death experiences', who has been unable to fulfil the promises that he made to the community and who has been unable to pass a budget.

The one area that he was perceived as having some slight advantage in was the area of national security. What we have had happen here is that a very important debate that needed to happen in our community—about how we regulate data and metadata, how we control access to that data—has been suborned to the need for this Prime Minister to try to ramp himself out of the doldrums of negative territory in popularity and wrap himself in the flag of national security. In that process, he has come into this place trying to wedge the Labor Party with a completely and utterly inadequate bill and has forced everyone to work around it to try to come up with a solution. That is not the way you do grown-up government in an important area like this.

What we needed to have happen was a process of community engagement where we went out and we spoke to the community about the very real needs that we have, both in law enforcement and in national security, to access data and we engaged the community in a complex and sophisticated way about how we were going to do that. But we had the exact opposite. We had the Prime Minister looking after his own political fortunes, thinking that he could get national security to get him over the line in a challenge by Malcolm Turnbull. So he went for it, and we as a community are all the poorer for it.

I want to compliment the Labor Party. The Labor Party has sought, in this highly imperfect setting, to work out a way that we could introduce some decent community engagement with it. We insisted that this matter go to the Parliamentary Joint Committee on Intelligence and Security, and I want to compliment the people that were involved in that process. I think they have done an incredible job in trying to turn a sow's ear into a silk purse.

We had a hideous process. If you wanted to be a grown-up and consensus-driven government how would you ever just lob a piece of legislation like this onto the parliament? Why would you not have established a green-paper process beforehand—and got the industry, ISPs, telcos, the community and people involved in civil liberties and law enforcement, and tried to work out some consensus? We did not have that. That is why I see this bill as one of those unfortunate legacies of Tony Abbott as Prime Minister. This is a bill that has been driven by this guy's need to try to ramp up his credentials, to try to get national security on the agenda.

We know—and the evidence presented to the joint standing committee tells us, quite clearly—that the intelligence agencies do access this data. To a much greater extent, the evidence tells us that law-enforcement agencies access this data. The intelligence and law-enforcement services see the existence of metadata and the current arrangements as absolutely critical to their ability to solve crime. There will be some dispute about the degree to which that evidence can be contested, but in a range of crimes it is pretty clear that this data has been significant.

It is also clear that we have an unregulated regime, which I do not believe is acceptable. In 2013 we had something in the order of 350,000 requests for data from over 80 agencies, so we have a lot of people out there. We have a lot of people enforcing the dog act. We have people looking at parking fines. We have a whole lot of people going in there and looking at that data. We needed to have a mature conversation with the community about this. We needed to get people to say, 'Guys, this is what we have to deal with. What do you think is the best way?' We did not get that. What we got was this piece of legislation, this shell, that enabled a media release, enabled the Prime Minister—who loves to wrap himself up in all the apparatchiks of national security—to come out and try to play that game. We as a community are poorer for it and this piece of legislation has been compromised because of it.

It is quite clear that there is a case—and a good case—for data retention. I respect the fact that our team has been able to put some boundaries around this thing—this steaming thing that was lobbed into the parliament without any warning—and that we have been able to put some serious constraints around it. We have specified that the datasets involved will have to be embedded in the legislation, not subsequently prescribed by regulation. We have limited the agencies that can have access to this. We have taken the number of more than 80 down to 20. We have required telecommunications companies to provide customers with access to their own metadata, on request. We have implemented restraints to accessing metadata for the purposes of civil proceedings. We have implemented mandatory data-breach notifications, so you get to know if there has been a breach of your metadata; a privacy alert.

Photo of Michael DanbyMichael Danby (Melbourne Ports, Australian Labor Party, Shadow Parliamentary Secretary to the Leader of the Opposition) Share this | | Hansard source

And not just for national security.

Photo of Alannah MactiernanAlannah Mactiernan (Perth, Australian Labor Party) Share this | | Hansard source

Not just for national security. We have required the stored data to be encrypted to ensure security and integrity of personal information. We have required, most latterly, protection of journalists' sources, and we have introduced into this legislation a role for the Ombudsman—whatever that is going to be worth, I am not sure—to give some oversights. We have worked very hard and diligently to try to put some boundaries around this thing, to retrofit a very flawed document.

There are still issues around the storage of data. There is an argument that all of this data should be stored in Australia. We know that rack space is much cheaper overseas and that there will be a major desire, if this is not fully funded by government, by telcos and ISPs to—as they do now—access that rack space overseas. That creates, for many people, a real problem. There is another argument to that, wherever we store it: whether we store it in China or Australia, the same sorts of people are going to be able to hack into it. These are complex pictures.

The joint standing committee has done what it can to allow the community some input, but there is no doubt that the community is not satisfied that they have had sufficient input into this process. There is a lot of concern. A standard critique we hear is about VPNs and other over-the-top services. If you have two clues, if you are really seriously organised crime or you are really seriously al-Qaeda or ISIS, you will be able to utilise technology to make yourself—

Photo of Michael DanbyMichael Danby (Melbourne Ports, Australian Labor Party, Shadow Parliamentary Secretary to the Leader of the Opposition) Share this | | Hansard source

So what you conclude is that they are dumb?

Photo of Alannah MactiernanAlannah Mactiernan (Perth, Australian Labor Party) Share this | | Hansard source

They are not that dumb, actually. The people who run the organisations actually have a lot of technological smarts. There is no doubt that that is true. I acknowledge that some of my colleagues, including the member for Gellibrand, have the view—I think it is probably right and it is certainly a view supported by the law enforcement agencies that presented to the committee at the public hearings—that many of their targets are not actually sophisticated, shall we say. Therefore, it is quite a useful and productive area for them to pursue people who might be engaged in terrorist activities or engaged in criminal activities, albeit that you might not get the Mr Bigs through this process. Again, this is complex stuff. This is stuff that affects virtually every adult Australian.

Photo of Alan TudgeAlan Tudge (Aston, Liberal Party, Parliamentary Secretary to the Prime Minister) Share this | | Hansard source

Will you get to the point? You only have three minutes left.

Photo of Alannah MactiernanAlannah Mactiernan (Perth, Australian Labor Party) Share this | | Hansard source

I think I have got to my point. My point is that your side has compromised a real and important debate in this country on data retention because you have got a Prime Minister who is absolutely struggling, who simply lacks the intellectual and moral calibre to be a Prime Minister of this country and who introduced a piece of legislation to try to ramp up his failing stocks within the electorate. We are trying to rescue that here. We are trying to set the proper balance for the Australian community to ensure that protect the interests of the Australian community, but allow—

Photo of Alan TudgeAlan Tudge (Aston, Liberal Party, Parliamentary Secretary to the Prime Minister) Share this | | Hansard source

Where is your amendment, then?

Photo of Alannah MactiernanAlannah Mactiernan (Perth, Australian Labor Party) Share this | | Hansard source

I tell you what, mate: do not worry. We have 38 amendments. There are 38 amendments in this bill that would not have been here unless the Labor Party had stood you up and went through the joint standing committee process. I can tell you that I believe that over time this will be yet another nail in the Abbott coffin. This has been a very, very unfortunate experience. This is an important debate that we need to have in this country. We need to have a regulated system of data retention. We need the oversight that is included in this bill, but this has been done very badly because we have a Prime Minister who is simply not up to the job.

8:40 pm

Photo of Tim WattsTim Watts (Gellibrand, Australian Labor Party) Share this | | Hansard source

I am pleased to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. As someone who has previously in the Australian ICT sector, I have some experience with the issues in contention in this bill. I have also received a significant amount of correspondence on this bill from constituents and members of the Australian technology sector.

Given this, I should say from the outset that there are legitimate and serious issues that have been raised by both proponents and opponents of this bill. That being said, the overstatements and generalisations from some advocates on both sides of this issue have not helped the consideration of the issues in contention in this bill. If you believed everything that you read in the papers about data retention over the past few months you would be very confused indeed, as these overstatements on both sides have raised a series of contradictory propositions in the public sphere. On one hand, the Prime Minister has said that the bill will change very little and that:

… we want telecommunications companies to keep their data. We don't want to collect new data, but to ensure the limited data already collected can be accessed by authorities.

On the other hand we have had Senator Ludlam from the Greens in the other place describe the bill as a 'fascist, Orwellian mass surveillance scheme'. So what is really going on here?

At present, Australian telecommunications companies collect a range of data about their customers' communications; some of it collected deliberately for business purposes, like billing or network monitoring and maintenance, and some of it collected incidentally because of the way their systems are set up. Different telcos collect different types of data and amounts of data and retain it for different periods of time. A wide range of law enforcement agencies have made extensive use of this data for many years. In fact, there were 312,929 authorisations allowing law enforcement agencies to access this metadata in 2012-13 alone. The majority of the requests for access to telecommunications data are made by state and federal police for general law enforcement purposes. But there are a weird and non-so-wonderful range of other entities who currently undertake enforcement actions who have also been accessing and using this data, including local councils, the RSPCA, Centrelink and the Victorian Taxi Directorate to name but a few examples.

In this context, the bill before the House today is largely the result of concerns from law enforcement and security agencies that the current ad hoc arrangements for the collection and retention of this data by Australian telcos about the communications of their customers may mean that less data is collected by these telcos in the future. The fear is that technology changes or just changing business practices would reduce the effectiveness of an investigatory tool that is now fundamental to law enforcement and national security. Law enforcement and national security agencies have essentially sought a mandatory standard for what data is collected by telcos and how long it is to be retained for.

So it is not correct to say that these proposals would not result in more information being collected; plainly, standardisation means that telcos who are collecting less than this standard or retaining it for a shorter period of time will need to start collecting more or retaining it for longer. The bill provides for this. But neither is this an utterly new and unprecedented mass surveillance scheme. The proposition before us is not whether metadata should be collected by telcos or not. Rather, the proposition is whether we want to see metadata used in an ad hoc and largely unregulated environment, as it currently is, or within a standardised environment with safeguards and oversights.

As I indicated earlier, this proposition does raise important and serious issues. The Labor party is committed to ensuring our law enforcement and national security agencies are given the tools they need to keep us safe. At the same time, Labor will never sacrifice the rights and freedoms that define us and our democratic society. What is needed is a sober and balanced consideration of these two legitimate public policy aims. Despite the claims of some proponents of these measures, it should also be recognised that the majority of metadata is currently accessed for criminal investigations and law enforcement, not national security.

I have heard some argue in this context that this somehow undermines the utility of these provisions and that the fact that metadata has not been used to investigate or could not have been used to prevent all recent terrorist incidents means that there is no point to the bill. Similarly, I have heard some argue that the existence of a range of technologies that allow communications to occur without metadata being collected—technologies ranging from Skype to VPNs to Tor and the onion-router—would result in the bill only catching the dumb and, as a result, is futile. To this we must say that the fact that a proposal does not do everything does not mean that it does not do some things of value.

Clearly, the number of requests for metadata from law enforcement and security agencies is a testament to the metadata's current utility for these purposes. Similarly, the fact that this bill would only provide for the collection of data about the communications of the dumb is no reason to think the proposals are not valuable. The vast majority of criminals are dumb. This is no coincidence. Metadata has been used by our law enforcement bodies to catch dumb murderers and serial rapists in a range of recent high-profile cases. The fact that they are dumb does not mean they are not dangerous and there is not value in facilitating their identification. I'm personally convinced of the value of these measures for law enforcement and national security. However, this is not the end of the argument.

As I said earlier, we are not interested in simply giving law enforcement and security agencies more power without ensuring that Australians' liberties are also protected. I am disappointed to say that this balance was not right in the original bill introduced into this place by the Minister for Communications. This is especially disappointing given the primacy that the consideration of these liberties was given in the minister's 2012 Alfred Deakin lecture—a speech that does not seem to have been retained on the minister's website. In this speech the minister railed against the proposals for data retention canvased by my predecessor in this place as the member for Gellibrand with the Parliamentary Joint Committee on Intelligence and Security. The Minister for Communications at that time expressed his quite 'grave misgivings' about data retention and indicated that these measures were 'heading in precisely the wrong direction' and was 'a profound weakening of online liberty in Australia'.

If these are the Minister's views, you might have thought that he would think it important to ensure metadata retention provisions were clearly and narrowly described and that appropriate safeguards were in place. Sadly, these provisions were absent from the bill that the minister introduced to this parliament last year and sought to have rammed through the parliament in mere days. It has been for Labor, through the PJCIS, to strengthen the regulatory framework around data retention, building in transparency safeguards and oversight.

While Labor has offered bipartisan support for the government's efforts to keep Australians safe, no-one should be under any illusions about the diligence and robustness that Labor members have employed through the PJCIS to ensure that a proper balance was struck in this bill. The bill has been carefully scrutinised by the Parliamentary Joint Committee on Intelligence and Security in the advisory report released two weeks ago. The 38 recommendations made by the PJCIS are a welcome and necessary addition to this bill.

In the more than a decade that I have closely followed these committee processes in one role or another, I cannot think of a bill that has been improved more by a committee process than the one before us today. The final product is a bill that, while certainly not perfect and certainly not developed in a way that Labor would have chosen had it been in government, addresses both the security priorities of Australia's law enforcement and intelligence agencies while also substantively increasing the safeguards and oversight of the use of metadata currently in place. We should be very clear: this bill provides better protections of liberties of Australians in the collection and accessing of metadata than the status quo.

Let's look at how the committee's recommendations have improved this bill. In its original form, the bill left the definition of metadata to regulation and at risk of scope creep in future. Labor argued that this definition needed to be fixed in primary legislation to provide the public with certainty about what would be collected and to prevent its expansion without returning to parliament. The data to be retained will identify who a communication was made by and to and when and where it took place. The scheme will not require the content of that communication to be retained. This means that information about a phone call will be recorded but not what was said. Similarly, email interaction between people will be recorded but not the content of that email. People's browsing history will also not be recorded; only the IP addresses allocated by service providers.

In a similar way, Labor demanded that only agencies specifically listed in the bill should be able to access this data. Our view was that getting the balance right required that access to this metadata be limited to agencies dealing with national security and serious law enforcement. As such, the bill now limits access to ASIO, the Australian Federal Police, state police forces, the Australian Crime Commission, Australian Customs and Border Protection Service, the Australian Commission for Law Enforcement Integrity and state-based anti-corruption commissions—a marked improvement on the more than 80 agencies who currently have access to this kind of metadata. Labor also insisted on safeguards to limit the use of metadata retained under this bill to serious security or law enforcement investigations. As a result, the bill now prevents retained data being used in ordinary civil litigation. So the conspiracy theory that this was all about copyright enforcement hits the fence.

Labor also recognised that requiring the centralised retention of metadata significantly increases the security threat to this data relative to the status quo where this data is often retained across a range of locations. I must say that, in this respect, I found the blase attitudes of some members of the PJCIS to this increased security risk, as expressed in their questioning during committee's hearings, somewhat baffling. Given this, the committee has recommended that service providers be required to encrypt retained metadata. This would mean that, even if a telco experienced a data breach, it would be harder for those accessing it to read the recorded data. These safeguards on the storage of this metadata are further supplemented by the committee's recommendation to implement mandatory data breach notifications, forcing providers to inform customers if their data has been accessed without authorisation. This is a welcome improvement in Australia's overall data security arrangements and, as pointed out by the member for Melbourne Ports, will have general benefits for all Australians.

The government's original bill provided for the oversight of this regime by the Commonwealth Ombudsman—in itself a gain over the status quo—but the government failed to recognise how under resourced and over stretched the Ombudsman currently is. In this context, Labor insisted on increased funding for the Ombudsman to ensure this oversight occurs in substance and not just form. Further, Labor pushed for additional oversight mechanisms and, as a result, as recommended in the past by Senator Faulkner, the PJCIS will not have oversight of operational matters relating to access to metadata—a new and important oversight gain.

Finally, the PJCIS insisted on scheduled reviews of metadata retention policy, including its implementation and ongoing use. To enable these reviews, agencies will be required to keep records on their use of people's metadata to allow the PJCIS to assess the effectiveness and scope of the use of metadata.

The cost to internet service providers has also been carefully considered by the committee. Originally the government planned to force providers to finance their own data retention schemes entirely. The recommendation that the government make a substantial contribution to ensure service providers are able to implement their data retention requirements is welcome news. This will include extra support for small providers and account for differentiated impact across the industry.

The recommendations in the advisory report by the PJCIS have vastly improved this bill, and I wish to publicly acknowledge the members that I have worked with in this process—the member for Isaacs, the member for Blaxland, the member for Holt and Senator Conroy in the other place—for their efforts.

However, there are still other areas of contestation in this bill. Despite the PJCIS consideration of issues of journalistic freedom, there is a fear that there are not enough safeguards for journalists in the bill. I am pleased that the Prime Minister has chosen to listen to the Leader of the Opposition, the community and media stakeholders and include stronger safeguards around journalist and press freedom. Freedom of the press underpins our democratic system, and a strong fourth estate is essential both to keep citizens informed as well as to hold politicians and government to account. To ensure the press are able to conduct their work free of this threat of censorship and oversight, we need to implement strong barriers against the arbitrary investigation of journalists and their sources. It is not enough to trust any government of the day to respect press freedom; we need to articulate limits in law. The amendment requiring agencies to obtain a warrant to access journalists' metadata is the minimum level of protection journalists should have.

Debate on this bill has been robust in this parliament, in the PJCIS and in the broader community, but I am pleased with where the bill has finished up. The concerns of security and law enforcement agencies about the durability of one of their central investigatory tools have been addressed, while at the same time we have dramatically increased both the safeguards and oversight of the collection and accessing of metadata beyond what is currently the case. We have also seen a very good working example of the benefits that an active committee process can have in the development of legislation before the House. I support the government in accepting the recommendations of the PJCIS in full and I commend the bill to the House.

Photo of Natasha GriggsNatasha Griggs (Solomon, Country Liberal Party) Share this | | Hansard source

Thank you very much, Member for Gellibrand. I also had a background in ICT before I joined this place.

8:54 pm

Photo of Sarah HendersonSarah Henderson (Corangamite, Liberal Party) Share this | | Hansard source

I rise to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. This bill represents another key element of the government's comprehensive plan to combat terrorism and fight crime. More than 25 countries around the world have implemented data retention laws similar to those proposed in this bill.

Before I go to some of the elements of this bill, I want to take particular issue with the contribution by the member for Perth in this debate. Anyone listening to the member for Perth would think that Labor was opposing this bill, with her inflammatory language and her hysterical claims. Anyone would think that the bill was introduced into the House yesterday. Well, I am very pleased to reiterate that those members opposite, the Labor Party, are supporting this bill. The member for Perth's contribution largely has attempted, at least, to undermine the bipartisan efforts that we have seen, to a large degree, by the opposition in improving various national security measures.

Let us go to the facts. The facts are that the bill was first introduced by the Minister for Communications into this House last October. It was referred to the Parliamentary Joint Committee on Intelligence and Security, chaired by Dan Tehan, who, I have to say, has done a wonderful job. They ran an inquiry for a number of months in relation to this bill. They made 39 recommendations. All of them were unanimous. A unanimous report was handed down on 27 February 2015. There were some unanimous recommendations in relation to improving a range of elements in the bill, with examples like: the dataset and the agencies nominated should be in the legislation rather than in the regulatory instruments.

Importantly—and I want to emphasise this—this has largely been a very successful example of how the government and the opposition have worked together to come up with a bill to combat terrorism and to keep Australians safe and secure. As I have spoken about previously in this place, Australia currently faces some extremely significant national security challenges. Recent attacks in Australia and elsewhere around the world show that no country is immune from the threat of terrorism. Even in the past number of months we have seen some truly horrific acts of terrorism in Australia and abroad. There was of course the Martin Place siege in Sydney in December 2014, which rocked the nation to its very soul. There was the terrible attack on the magazine Charlie Hebdo in Paris in January this year. There were the Copenhagen shootings in February this year and, going back, the terrible attack in September last year by the teenager in Endeavour Hills who stabbed two counter-terrorism officers and, as we know now, was shot and died in that attack.

The rise of ISIL, or Daesh, has no doubt caused an increase in terrorist activity. Australia's national terrorism public alert level was raised to high in September 2014. At that point, again we saw a very unfortunate demonstration by the member for Perth. There was a report in The Sydney Morning Herald on 13 September, 'Labor MP breaks ranks on bipartisan terror stance', about how she was undermining the opposition's strong bipartisan efforts to work with the government to introduce the legislation that we need to keep Australians safe and secure. The member for Perth made some frankly disgraceful comments referring to the Prime Minister as a 'terror'—appalling inferences. I just want to reiterate that the Leader of the Opposition said:

The Prime Minister and I are partners when it comes to matters of national security and protecting Australians. We are in this together.

As I say, we have seen a very unfortunate contribution from the member for Perth across the range of this debate.

In February 2015 Prime Minister Tony Abbott announced that the number of serious investigations continues to rise. As the Prime Minister outlined, ASIO is currently investigating several thousand leads and persons of concern. Roughly 400 of these are high-priority cases, which is more than double a year ago.

Debate interrupted.