House debates

Wednesday, 18 March 2015

Bills

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014; Second Reading

4:20 pm

Photo of Bruce ScottBruce Scott (Maranoa, Deputy-Speaker) Share this | | Hansard source

The question now is that the amendment be agreed to. I call the honourable member for Swan in continuation.

Photo of Steve IronsSteve Irons (Swan, Liberal Party) Share this | | Hansard source

I rise to continue from where I left off in this debate earlier today. The importance of our law enforcement agencies being able to access this information cannot be undervalued, but the issue they are currently faced with is that the telecommunications service providers across Australia are progressively reducing the amount of time they retain metadata, including some service providers changing their retention time frames from one year—which in this government's law and enforcement agencies' view still is not long enough—to as little as three months. This is largely because much metadata relates to a consumer's telephone or internet billing account, which telecommunications service providers destroy once they are no longer needed—for example, because the bill has been paid by the account holder.

The key aim of this bill is therefore to remove this impediment to our law enforcement agencies' ability to investigate criminal activity by creating an obligation for Australia's telecommunications service providers to retain this important data for a minimum of two years, which is in line with recommendations made in the committee's June 2013 Report on the inquiry into potential reforms of national security legislation. This two-year minimum retention period was also further endorsed in the committee's issued recommendations on this bill, which were released last Friday and endorsed in full by this government on Tuesday. This two-year retention obligation is needed to ensure that this data is not lost to our law enforcement agencies prior to a crime being brought to their attention—as has been the case in recent times: this has impeded a number of investigations and has prevented the successful prosecution of alleged criminals. I iterate the example which the Minister for Communications outlined in his second reading speech, regarding a child exploitation case in the United Kingdom where investigations relied heavily on access to telecommunications data to positively identify 240 suspects, which led to 121 arrests and convictions. This compares to 377 suspects believed to be in Germany—which does not have a data retention regime—where only seven suspects were able to be identified and there was not enough evidence to arrest or convict a single person.

Metadata plays a central role in a number of law enforcement investigations, including counter-terrorism, cybersecurity and organised crime. As I have previously highlighted, access to metadata as part of these investigations is not new. This bill does not seek to change or increase the type of metadata that the telecommunications service providers collect or that law enforcement agencies are able to access. The government only wants to see it retained for a longer period of time.

I note that the media hype surrounding these laws since their introduction in this place has put a large focus on the use of metadata for counter-terrorism purposes. Although it is important to highlight the importance of these measures for international security purposes, I do, however, also believe it is important to highlight that the retention of this data can assist our law enforcement agencies in so many other capacities, including removing those heinous criminals from our streets who seek to pervert our children and steal their innocence, as the Minister for Communications has also emphasised. These are people who, in my mind, are the worst form of humans to walk this planet.

The prevalence of child abuse and exploitation, not just in Australia but around the world, is something that members would have heard me discuss before in this place and is something that I have been proactive in raising awareness of as part of my aim to achieve zero abuse of children. As members would know, child abuse can take many forms. It has the ability to impact every person differently, both in the short and long term. Child abuse can occur through neglect, sexual abuse, physical abuse or emotional abuse. On Sunday, I read an article in The Weekend Australian which further reiterated my belief that this government and communities across Australia need to do more to protect our children. One way I believe this can be achieved is through the provision of metadata to get these abhorrent individuals off our streets. I read an article entitled, 'Aussies at centre of online child-sex surge,' with dismay, revulsion and anger. As the article states:

AUSTRALIA is witnessing an explosion in online child sex exploitation, including a growing number of child sex abuse films being produced locally.

It goes on to state:

The Australian F ederal Police has recorded a 54 per cent rise in reports of online child exploitation in the past 12 months, with a record 5 617 cases directly involving Australians. This figure does not include those cases dealt with by state police.

Despite this sickness that I, and I am sure other members , feel when hearing these statistics—and when understanding the mental and physical impact this exploitation and abuse may have had on each of the children involved in the 5,617 cases the AFP have recorded—I do take this time to highlight how metadata has assisted these officers to progress their investigations and to remove these deplorable people from our communities.

In this same article in The Weekend Australian , the AFP stated that metadata has :

… played a central role in 87 per cent of child-protection cases in the first quarter of 2014-15 and this had allowed investigators to more quickly and accurately identify offenders.

As highlighted by the Attorney-General yesterday, the AFP has also advised that between July and September of 2014 telecom munications data was used in 92 per cent of count er-terrorism investigations, 100 per cent of c ybercrime investigations and 79 per cent of serious organised crime investigations. These figures demonstrate that there is a serious need for Australia's law enforcement agencies to have acce ss to this data. I believe m embers would agree that the proof of its value is evidenced by the amount of people who are sitting behind prison bars rather than being able to walk freely through our communities and commit more crimes.

As I have previously mentione d, under the provisions of the bill before the House, telecommunications service providers would be required to kee p a consistent and minimum set of metadata records for two years. Concerns have , however , been raised that the bill before the House could in some way allow more organisations to access metadata, which may create a greater potential for a person's privacy to be breached. This is despite the b ill , in fact , ensuring quite the opposite. This is because metadata can currently be accessed by a range of organisations , including local governments and the RSPCA. But the b ill before the House will instead strictly limit and reduce the range of agencies that are able to access metadata to a prescribed list of criminal law enforcement agencies. This provision has now also been further strengthened following y esterday's endorsement by this government of the c ommittee's recommendation to have this list of agencies specified in the legislation. This ultimately created an additional safeguard for cases where the g overnment may seek to add an additional agency to this prescribed list.

As the government's response to the c ommi ttee's report highlighted, the g overnment does , however , require flexibility in these matters to ensure additional criminal law enforcement agencies are able to be added quickly and efficiently where necessary. The g overnment has , therefore , proposed to endorse the c ommittee ' s recommendation with an amendment that the Attorney-General will be able to declare additional cri minal law enforcement agencies subject to the Attorney-General being satisfied on reasonable grounds that the functions of the agency to be declared include the enforcement of criminal law, administering a law imposing a pecuniary penalty or administering a law relating to the protection of the public revenue. In addition, the current list of agencies will be amended to include the Australian Securities and Investments Commission and the Australian Competition and Consumer Commission as criminal law enforcement agencies for the purposes of accessing metadata.

With respect to privacy, concerns have also been raised that there is not enough detail about how this metadata will be protected while it is being retained, and the processes for how this data would eventually be destroyed once the retention period has lapsed. The government has endorsed the committee's recommendation in this area, confirming that we will amend the bill to include an obligation to encrypt and secure data retained where possible, as part of the service provider's data retention implementation plan.

Another concern raised by the community and the media is in relation to the cost of implementin g this initiative, both to the government and to telecommunications service providers, with the total cost expected to be between $188.8 million and $319.1 million. As outlined in the government's response to the committee's recommendation to make a substantial contribution to the up - front capital costs of the implementation, the government had previously stated that it would make a reasonable contribution and has recommitted to this in its response.

Lastly, another key concern that I would like to take this opportunity to respond to is the me dia industry's claim that this bill will impede journalist s ' prot ection of sources and challenge the principle of press freedom. In this regard , I highlight that the g overnment will move an additional amendment to require agencies to obtain a warrant if they want to use metadata to identify journalists' sources , to ensure greater safeguards are afforded. The government has also endorsed the committee's recommendation in this area to have a separate review by the committee that responds to the question of how to deal with the authorisation of the disclosure or use of telecommunications data for the purpose of determining the identity of the journalist's source.

In all, there is no conspiracy here, as previously suggested by the member for Griffith, who said that this is all Labor's work. I have to deny that. This is just protection and I commend to the House the bill's intent to increase this protection even further.

4:30 pm

Photo of Ed HusicEd Husic (Chifley, Australian Labor Party, Shadow Parliamentary Secretary to the Shadow Treasurer) Share this | | Hansard source

It has been a long march towards this legislation. A number of years have now passed. We, actually, in government, had started looking at this issue. I remember having concerns then, as I do now, and I have been up-front all along about the impact of this type of legislation. I am not alone; the member for Wentworth, now Minister for Communications, has expressed his concerns in times past. He has not been the only one on his side of the fence or, certainly, on our side of the fence—for a number of reasons.

I have, however, attempted in this process to have an open mind. I have said all along that I remain to be convinced about the need to undertake the breadth and scope of what is being proposed in this legislation and in legislation past. I waited for the committee report and went through it, and I commend my colleagues on that committee—in particular the shadow Attorney-General and shadow communications minister—for the work that they have done in proposing a number of changes to what was put forward by the government last year. Having said that, I think it is only fair, right and proper, particularly given that we are told that parliamentary oversight will be a feature of this system in years to come, that I exercise my ability as a parliamentarian to express some concerns and ensure that, in due course, they are addressed along with other concerns expressed by colleagues in this chamber on either side of the House—some expressed publicly; others expressed privately.

In saying that, and recognising that there are deep feelings and concerns, I think it is important to come back to this point about having an open mind. There will be people who will not be convinced whatsoever about the need to do what is being proposed by this legislation. There will also be people on the other side of the argument who refuse to be convinced that those concerns are valid. However, we have a responsibility to find the midway point, and I think it is important to recognise, along with the concerns, that there are some things that will be done by this legislation that are important. My concerns relate to the scope and the effectiveness of what is being proposed, they relate to the cost and the impact on telecommunications companies and they also relate to the adequacy of parliamentary oversight.

Having said all that, having read the report and having seen the comments of law enforcement, I recognise most certainly that law enforcement will benefit from having access to metadata—there is no denying that. For people to not accept that is to ignore reality. I certainly appreciate the capacity to try to determine the undertaking of criminal behaviour and who is responsible for it and the ability of metadata to provide some assistance in that. I certainly recognise that and I think it should be appreciated. We also need to recognise that, for law enforcement agencies trying to undertake their important work, times have changed. We do not have the plain, simple telephone networks of old. We do not chase down facsimiles. We have a multitude of platforms and we have an explosion in the growth of data, which will continue to grow at phenomenal rates down the track. I do note the concerns of law enforcement agencies about their degraded capacity to keep tabs on that. This is important; we cannot deny it. So, certainly, when it comes to law enforcement, I appreciate the benefit.

But when it introduced this legislation, and in the lead-up to the introduction of the legislation last year, the government's foundation stone for this legislation was national security. I humbly suggest that that is contestable. The notion that this will have major benefit from a national security perspective is, I think, a contestable claim and needs to be tested. If the argument is that metadata will help identify and thwart terrorism suspects, you also need to recognise that the terrorism threat has evolved. We appreciate that, now, we do not have actors that are in sophisticated, complicated, collective activity; what we have now and what is a serious threat to us is isolated, unstable individuals who determine all of a sudden to do something. They will not have necessarily communicated with others, though I do accept that there is the possibility that they would have been in contact with others, but largely that may be sporadic. They may be under the age of 18. They may have been influenced improperly by what they have seen on social media or other outlets and have decided to act on their own. There should be a degree of caution about whether or not we conclude that these measures would have prevented the types of attacks that we have seen in the last 12 months.

This is not something that I just pluck out of the air; it is actually contained in the report. At 2.57 on page 25 of the report, I note the following:

The Committee noted evidence that data retention would likely not have enabled agencies to prevent these incidents. NSW Police gave considered evidence on this point, emphasising that attempting to determine whether such information could have assisted in hindsight necessarily involves a hypothetical, counterfactual exercise:

[A]s a hypothetical, with the nature of Sydney itself and where law enforcement would benefit from metadata in relation to, say, the Sydney incident, it most likely would not have prevented the Sydney incident.

That is an important point to bear in mind. I also read the remainder of the quote, which says:

At the time, metadata could have been essential in trying to identify any other persons who may be engaged in a group or involved in that type of offence.

That was Assistant Commissioner Lanyon from the Hansard of the committee hearing that took place on 30 January this year.

So, as I say, it is contestable whether or not this bill would necessarily have a benefit from a national security viewpoint, and we should be mindful of it because, through this legislation, we are about to undertake a massive effort to capture a massive amount of data that will be held for two years on:

who you spoke to; when you spoke to them; how long you spoke to them for; and how often you speak to them. This type of information does not necessarily rely on the content alone—it can establish a profile based on these types of behaviours. This is a serious issue. It will create a digital fingerprint of every single person in the nation.

It is also worth noting that the number of people who are on active surveillance or being watched is not the entire populace. It is a small number of people. I would have been interested to see, for example, why we are not reforming the preservation notice mechanism and trying to improve that mechanism as a way of capturing the metadata of people who are under active surveillance and ensure that that is done over that period of time, as opposed to the breadth and depth of what is being proposed here. What we are going to let through is fairly significant, and I think it is important that that be recognised.

It is also important to recognise that, in undertaking that, we should test whether it will be effective. I have made reference to some of the quotes earlier. I also make reference to testimony given by the Law Council of Australia. They looked at other jurisdictions and tested what the effectiveness of mandatory data retention was and, on page 38 of their report, they say:

    Again, it is important that we remember that in this exercise, as much as I have already indicated earlier that law enforcement will benefit from this, that when it has been tested some of these figures have come up.

    The other area where I have concerns relates to cost. I am deeply concerned about the number of figures that have been bandied around about how much it will cost telecommunications companies to set up the systems to ensure that this massive collection and retention of data occurs. We had iiNet indicate early on: $400 million—I understand the Prime Minister may have used a figure of $300 million. An industry working group established a bandwidth of between roughly $180 million and $300 million. But we have not had any firm commitment from the government about what it will do in the establishment and ongoing maintenance of such systems.

    Bigger players, like Telstra and Optus, will understandably be able to absorb a lot of the costs. They have the wherewithal to do it. I am concerned—and I am not the only one, because the industry is concerned as well—about what impact this would have on smaller players. That is why a number of them wrote to the minister at the table and to his colleague the Attorney-General saying that this cost issue had to be resolved. I think it is unfair that this is left unresolved and that no firm commitment has been given.

    The suggestion is that this will be passed off to the budget. This is not right. Today, for example, we had the government announce a measure where they would reverse something in relation to bank accounts and lost superannuation accounts. They announced this on the spot, without any notice—$300 million is the cost of this system today—reversing a previous government law. Why are our telecommunications companies not given this assurance? Instead, they are forced to wait with the prospect of it being fixed up in the budget. This is wrong. This should be fixed up now.

    We may have a lot of disagreements across this table, but one of the things that we reckon works well is competition within the telecommunications sector. The multitude of players offering a multitude of services and being able to put pressure on the big players is important. But if we keep adding to the costs of those smaller players, we make their viability uncertain. I would implore the minister—and I am sure that he has done this, because he knows as well as others the cost pressures on those smaller players. It is not just this: Australia's internet and telecommunications costs are relatively high by world standards. We are going to add to this. If we do not fully fund the capex requirements, they will have to pass through these costs or die.

    Photo of Malcolm TurnbullMalcolm Turnbull (Wentworth, Liberal Party, Minister for Communications) Share this | | Hansard source

    They will not die.

    Photo of Ed HusicEd Husic (Chifley, Australian Labor Party, Shadow Parliamentary Secretary to the Shadow Treasurer) Share this | | Hansard source

    Okay, I will withdraw that. But certainly it will put massive pressure on their ability to continue their operations. It is not the only cost in the pipeline. When you look at TSSR, the telecommunications sector security review, and the cost implications that might come out of that, there are added costs. We have done nothing to provide some assurance to those companies—apart from this legislation. The government has rushed this legislation through, given no assurance and, when there is no ability to actually ensure that those people are looked after, they will then no doubt lowball the amount and put pressure on those small companies, even though they have the ability today to fix it up.

    The other issue that I wanted to impress upon people is parliamentary oversight. For this to work, understanding that this is more likely than not to go through both houses of parliament, it is my fervent wish, when it is set up and parliamentary oversight is exercised—and this takes nothing away from the calibre, commitment and determination of my colleagues in sitting on those committees in the future—that we would continue to test the assumptions that are put forward. Security agencies will by their very nature be very cautious and want to ensure that the full breadth of measures available to them can be exercised. But you cannot necessarily write a blank cheque on these things, and I am genuinely worried that all it takes is for a security agency to say, 'We need these powers; if we don't, terrible things will happen.' We are going to have to test that. Our job as parliamentarians is to balance the need for security with the need for the exercise of freer liberties. It is certainly something that needs to be dealt with.

    People are concerned about this. People outside this chamber recognise that the general groundswell of opinion is for governments and companies to lay off privacy. An article in CNET in early March was entitled, 'Tim Cook to governments: Lay off our privacy'. That is the Apple CEO saying that governments would need to be very mindful of people's privacy down the track. If someone in Apple gets it, it is because their consumers are telling it to them. They are responding. This is not an issue that is going to go away. The next generation of voters, the next generation of Australians, will value their privacy more and more, and that is why there is such concern about this.

    Again, I recognise that we have to balance the issues that confront law enforcement with being able to have access to data that can help them in their work. But I also recognise and respect the value placed by the citizens of this country on their privacy. I recognise and value the work being done by telecommunications companies that will be impacted by this. I hope that these types of concerns are tested in the years to come. Bear in mind: this system will be set up in two years and then tested in two years after that. That is a long period of time for this system to be in operation.

    4:44 pm

    Photo of Karen McNamaraKaren McNamara (Dobell, Liberal Party) Share this | | Hansard source

    I rise to support the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. This bill introduces important measures to enhance our national security and better equip our law enforcement agencies to combat crime in our communities. In the past 12 months it has been quite difficult for Australia and we have witnessed unimaginable atrocities that have claimed the lives of innocent Australians. We have also heard of the outstanding work of our law enforcement agencies in preventing numerous attacks on our liberty, values and freedoms.

    This government is steadfast in its commitment to improving national security to ensure that we have an inclusive and cohesive society. The measures within this bill have drawn a significant degree of commentary. At its core, we are debating to what degree we value personal freedom and liberties, weighed against national security needs. I would like to state that this is a question the government has given much thought and consideration to, as stated by the Hon. Malcolm Turnbull MP, Minister for Communications, during his second reading speech:

    No responsible government can sit by while those who protect our community lose access to the tools they need to do the job. In the current threat environment in particular, we cannot let this problem get worse.

    This bill is critical in enhancing the capabilities of Australia's law enforcement and national security agencies.

    The need to take this action stems from technological change over the last 15 years where significant advancements in communications technology have led to substantial changes in consumer behaviour. The telecommunications industry is highly innovative and evolving at an unprecedented rate. Sophisticated criminals and individuals who engage in illegal activities are often early adopters of communications technologies for their own purpose. Without a satisfactory framework which identifies potential risks and prescribes relevant actions permissible by law enforcement agencies, they can also remain ahead of the game and avoid investigation and prosecution.

    This bill amends the Telecommunications Interception and Access Act 1979 and the Telecommunications Act 1997 to require that companies providing telecommunications services in Australia, carriers and internet service providers, maintain a limited prescribed set of telecommunications data for two years. Such information has been successfully used in Australia to investigate, prosecute and prevent serious criminal offences, including murder, sexual assault, kidnapping, drug trafficking and fraud. It is essential that this information be made available for use against activities that threaten national security.

    The nature of technological advancement has meant that the value of this information has lessened over time. I recently spoke in parliament about this government's reforms to enhance the online safety of children using the internet. This is another area where legislative requirements had failed to keep pace with technological advancement and, as a result, we have witnessed a steady increase in the instances of cyberbullying and threatening behaviour targeting Australian children.

    Just as some individuals use the internet to carry out cowardly and vicious personal attacks, people in groups threatening Australia's national security are using telecommunications service providers and communications technology to plan and carry out their activities. Existing powers and laws are not adequate to respond to this challenge. Currently, the Telecommunication Interception and Access Act provides for our national security and law enforcement agencies to access information held by a communications service provider in order to investigate criminal offences and other activities that threaten safety and security.

    The value of this data can be demonstrated with a couple of case studies. In February 2014 the Australian Federal Police received information regarding a person suspected of uploading suspicious photographs to an image-sharing website. Two different IP addresses were used by the suspect and requests were submitted to the relevant telecommunications companies to identify the users of the IP addresses. Of the two requests submitted, data was not available for one of the individuals. However, data obtained relating to the second IP address identified a user and subscriber, and a location. This information was subsequently used to obtain search warrants, which identified a large volume of child pornography material and information indicating possible abuse.

    The individual in possession of the material was subsequently arrested. This outcome would not have been achieved without the provision of the initial data from the telecommunications company. In this instance, the information was obtained for the purpose of identifying individuals involved in illegal activities and to enable further, more specific investigation into their actions.

    In recent times we have become aware of this information being used to foil acts of terrorism. The use of metadata to combat the threat of terrorism is not new. In 2005 a combined ASIO and law enforcement operation prevented a mass casualty-terrorist attack in Australia. The terrorist's plans included targeting the Melbourne Cricket Ground on the day of the AFL Grand Final. Telecommunications data was critical to the successful outcomes of the investigation and subsequent trial where 13 men were convicted on terrorism charges and where custodial sentences of up to 28 years were imposed.

    It is confronting to think what may have happened on that day had this information not been made available to our law enforcement agencies. The fact is that metadata is used in almost every case to solve crimes such as the two that I have identified as case studies. It is important that we clearly define what information this bill seeks to retain.

    Metadata is essentially information about a communication but not of its actual content. For example, if two people were communicating via telephone, the metadata would reveal that a number belonging to a particular account was connected to another number at a particular time and for a specific duration. It would not reveal the content of the discussion. Similarly, for internet users, it would reveal that a particular IP address was used to engage in unlawful activity by someone at a particular time. In the context of text messaging it would reveal the sender, recipient, time and date but, again, not the content. In no way does this legislation enable the government or any of our agencies to access the content of phone calls, text messages or internet usage, and it must be stressed that access to content requires a warrant. Additionally, agencies will be required to obtain a warrant in order to access a journalist's metadata for the purpose of identifying the journalist's source.

    Data is often the first source of lead information for an investigation, helping to eliminate potential suspects and utilised to support applications for more privacy intrusive investigative tools, such as search warrants and interception warrants. We must also keep in mind that access to metadata has been used in almost every counter-terrorism, counterespionage, cybersecurity and organised crime investigation. The intent of this bill seeks to address the ad hoc nature in which metadata is retained by telecommunications companies. This government seeks to ensure that our law enforcement agencies have the necessary tools to investigate serious crimes, such as murder, sexual assault, kidnapping and drug trafficking, along with threats to national security. I believe that this is a view shared by the majority of law-abiding Australian citizens.

    Sadly, these necessary reforms have been described by some members of this parliament as a mass surveillance scheme. In addition, the Australian Greens have described this government's proposal as:

    … a time of renewed Government efforts to intrude, observe and monitor the private lives of ordinary Australians.

    This is a complete misrepresentation of the intent of this bill and I, along with my government colleagues, reject this claim. In fact, this bill's statement of compatibility with human rights states:

    The Bill is compatible with human rights because it promotes a number of human rights. To the extent that it may also limit human rights, those limitations are reasonable, necessary and proportionate.

    Sadly, some members of this parliament are choosing to ignore the professional advice and requests of our law enforcement and national security agencies. Their actions and opposition to this legislation, unfortunately, do have the potential to put more innocent lives at risk. This government is committed to ensuring that this does not happen and that our law enforcement and national security agencies are equipped with the tools to fight crime and that ordinary Australian citizens are protected from those who seek to do us harm.

    Currently, the Telecommunications (Interception and Access) Act does not prescribe the type of data telecommunications providers should retain for law enforcement and national security purposes. Moreover, it does not specify for how long information should be retained. This is resulting in a significant variation of data retention across the telecommunications industry and, more specifically, the type and quality available to law enforcement and national security agencies. Telecommunication organisations currently retain this data based upon business, taxation, billing and marketing needs. Law enforcement and national security agencies have specifically identified the lack of available data as:

    … a key and growing impediment to the ability to investigate and to prosecute serious offences.

    This bill specifically addresses these concerns by regulating a prescribed, consistent, minimum set of records that service providers who provide telecommunication services in Australia must retain for two years. This time period as been determined upon the advice of our law enforcement and security agencies.

    In June 2014, the Parliamentary Joint Committee on Intelligence and Security handed down its report entitled Report of the inquiry into potential reforms of Australia’s national security legislation. While the report noted the various views of committee members, it did make several recommendations about what a mandatory data scheme should include, if implemented. The bill will adopt and formalise several of the committee's recommendations, including that mandatory data retention will only apply to telecommunications data, not content, and internet browsing is explicitly excluded; that mandatory data retention will be reviewed by the committee three years after its commencement; that the Commonwealth Ombudsman will provide oversight of the mandatory data retention scheme and, more broadly, the exercise of law enforcement agencies' powers under the Telecommunications (Interception and Access) Act; and that an agency's use of and access to telecommunication data will be confined through access arrangements, including a ministerial declaration scheme based on demonstrated investigative or operational needs. These recommendations have been adopted, as this government recognises that data retention carries with it genuine concerns about privacy. This bill will ensure a high degree of oversight by the Commonwealth Ombudsman.

    Comprehensive record keeping will be implemented in relation to the access to and dealing with stored communications by criminal law enforcement agencies and the access to and dealing with telecommunications data by criminal law enforcement agencies and enforcement agencies. This new record-keeping regime will require all Commonwealth, state and territory law enforcement agencies to maintain prescribed information and documents necessary to demonstrate that they have exercised their powers in accordance with their statutory obligations. This oversight will ensure that individual privacy is protected and that information is not accessed inappropriately.

    It must also be noted that this bill does not provide our law enforcement and security agencies with any new powers to access communications data. We are simply enhancing the quality of data available to agencies as part of legitimate investigations. This bill will also allow the Police, Customs, crime commissions and anticorruption bodies access to data. Access to data will continue to be subjected to the same strict limits that currently apply. In order to respond to an ever changing security threat, this bill also allows provisions for the Attorney-General to declare, via a legislative instrument, additional agencies who can access this information. Again, this process will be subject to parliamentary oversight and must consider a range of strict criteria, including whether the agency is subject to a binding privacy scheme.

    This government's actions are actually formalising the arrangements in which telecommunications data is maintained. As a result, we will have new and enhanced safeguards. For the first time, there will be an independent and comprehensive oversight of access to telecommunications data for law enforcement agencies. We will also require the Parliamentary Joint Committee on Intelligence and Security to review the effectiveness of this scheme no more than three years after the end of the implementation of the scheme. The Attorney-General will be required to report annually on the operation of this scheme. It is also important that we address the financial impact of this bill. This Bill will have financial impacts on service providers, who will be required to meet the new minimum data retention obligations. The Minister for Communications has made it clear that the government is committed to ongoing, good faith consultation with the industry and that we expect to make a substantial contribution to both the cost of implementation and the operation of this scheme.

    This government is taking the necessary steps to ensure the safety and security of this country and its citizens. We are providing our law enforcement and national security agencies with the tools required to combat serious crime and threats of terrorism on our soil. We are also ensuring that the privacy and liberties of law abiding Australian's are protected and that specific details of their telecommunications activities are protected. This bill strikes the right balance between securing Australia's national security and protecting our rights and liberties. I commend this bill to the House.

    5:00 pm

    Photo of Pat ConroyPat Conroy (Charlton, Australian Labor Party) Share this | | Hansard source

    I rise to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. This bill deals with extremely complex and concerning issues. I have wrestled with these issues and concluded that I can, and should, support the bill its current from. There are many legitimate concerns held about data retention, and a balance must be struck between enhancing our security and protecting the rights and liberties of Australians. The original bill did not have this balance, and it is only through months of work by Labor that this bill is in a presentable form. However, let us look at the facts of data retention as it currently stands. Right now, telecommunications companies keep a lot of data about us. They do not all keep the same data and they do not all keep it for the same period of time. Police and other law enforcement agencies access this data right now—and a lot of it. Last year there were over 500,000 applications by government agencies for access to metadata. It is part of most investigations by police. It does not always solve crimes but it is an important tool in their investigations. Sometimes it provides evidence that is critical to a conviction. We saw that in the case of the murder of Jill Meagher in 2012. Access to this data has grown very strongly in the last few years. Applications for access to that data were made by over 80 agencies—including councils, Centrelink, the RSPCA, Harness Racing NSW and the Victorian Taxi Services Commission. Most infamously, Wyndham Council applied for 18 authorisations in the past 12 months to chase people for unauthorised advertising, unregistered pets and illegal littering.

    Those opposed to this bill do not accept the reality that there is a huge amount of metadata access going on right now with little or no regulation. This bill, if the balance I discussed is achieved, is the best chance of regulating and standardising access to metadata. What the Greens and others are really saying by their opposition to this bill is that they do not want to regulate this. They want local councils to be able to access our data. They want agencies that have no criminal law enforcement functions to continue to have access—and that is regrettable. Opponents of this bill will argue against any data retention and the need for 500,000 individual warrants. This is simply unrealistic. It is impractical and we cannot put the genie back in the bottle. I was opposed to the original bill, but the bill in its current form provides the opportunity to regulate this access and restrict it to national security and law enforcement agencies. I believe that, as this data is already being collected, this legislation presents the best opportunity to regulate the collection and storage of such data to protect the rights of individual Australians, not weaken those rights.

    The work of the Parliamentary Joint Committee on Intelligence and Security should be applauded. The work of the Labor members has vastly improved this bill. Improvements include: listing the data set in the bill itself so that we know what data is being retained; limiting access to telecommunications data to only those enforcement agencies specifically listed in the bill; oversight of the operational use of this legislation by parliament's intelligence committee, the first time the committee has been given this power; authorising ASIC and the ACCC to access telecommunications data to assist in the investigation and prosecution of white-collar crime; requiring telecommunications companies to provide customers access to their own telecommunications data upon request; requiring stored data to be encrypted to protect the security and the integrity of personal information; prohibiting access to telecommunications data for the purposes of civil proceedings such as preventing its use in copyright enforcement; requiring a mandatory data breach notification scheme to ensure telecommunications companies notify consumers if the security of their telecommunications data is breached; increasing the resources of the Ombudsman to strengthen oversight of the mandatory data retention scheme; and a mandatory review of the data retention scheme by no later than four years from the commencement of the bill.

    For me, the three outstanding issues once Labor won agreement on the committee recommendations were press freedom, data storage and parliamentary oversight. Labor believes the freedom of the press is fundamental to our democracy. Freedom of the press underpins our democratic system. An independent media is essential to holding governments to account and informing citizens.I agree with the member for Gellibrand that, to ensure the press are able to conduct their work free of this threat of censorship and oversight, we need to implement strong barriers against the arbitrary investigation of journalists and their sources.We cannot, and should not, simply trust any government of the day to respect press freedom; we need place limits through law.That is why Labor insisted that access to journalists' telecommunications data for the purposes of identifying sources should require authorisation via a warrant.After concerted pressure from Labor the Prime Minister has caved in and agreed to this amendment.We do need to ensure that the detail of the amendment matches the intent, but this is an important safeguard.This safeguard is the minimum level of protection journalists should have.We do need to observe closely how the UK safeguards operate, as they are developing a system at a similar time to us, and we should review this closely when the scheduled review is undertaken.

    An unresolved issue that I am particularly concerned about is the storage of the retained data. During the inquiry iiNet made it very clear that the data would be stored overseas. The chief re gulatory officer of iiNet said: 'W e'll be looking for the cheapest, lowest-cost option. That means cloud storage , and the lowest-cost cloud storage in the world today is in China .'

    I believe this is unacceptable . If we are to mandate that this data must be stored, then we should mandate that it be stored in Australia to give Australians confidence that it will be protected. This view is c onfirmed by the former Director- General of the Australian Security Intelligence Organisation , David Irvine. He said: 'W hile the cloud was a wonderfully efficient thing and it is where everyone is going, I would rather the cloud hovered over Sydney or Melbourne than Shanghai or Bangalore , where it is governed by someone else's sovereign legislative system .' Mr Irvine said he would feel much more comfortable with data governed by Australian law than by the law of some other country . He said: 'W e should be trying to develop for Australia, particularly for government and industry, the ability to manage national data on a national basis, with international hook-ups of course . T hen it can be subject to national law, which can be privacy law and national secu rity considerations.' I agree wholeheartedly. Like Mr Irvine, I am a cybernationalist and I am pleased that the parliamentary committee explored this issue and that Labor successfully argued for the bill to be amended to impose stringent safeguards on data security.These amendments were accepted by the committee, which recommended a requirement for stored data to be encrypted.

    Labor also pressed for, and won, an amendment imposing a mandatory data breach notification scheme to be introduced so that anyone who has had their data compromised is informed of the breach and can take appropriate measures to respond. However, the committee did not resolve the ongoing onshore storage issue. This matter is currently being examined as part of the broader telecommunications sector security reform process, a process commenced under the last Labor government. The current government has stated that the process will be completed well before the end of the data retention scheme implementation period and, when completed, the TSSR legislation will come before the intelligence committee.

    I am proud to repeat Labor's strongly held position: Labor will insist on a requirement that retained telecommunications data be stored onshore. I am very proud and relieved that, as part of Labor's consideration of this important policy area, we came to the conclusion that this data must be stored onshore to maximise the security of this data. There may be cost issues, and they need to be explored, but this data must be stored in Australia.

    I now turn to my third concern, which relates to parliamentary oversight. Our system of oversight of intelligence activities is not as well developed or comprehensive as those of the United States or Western Europe. I have argued that, as we strengthen these laws to deal with evolving threats, we must also increase the level of parliamentary oversight. As the people's representatives, we must know what is being done in our name.

    I fully support the reforms outlined in a comprehensive paper authored by former senator John Faulkner, a man who has spent decades looking at these matters in a most responsible manner. I was pleased to see that the parliamentary committee recommended, and the government accepted, a reform that was part of this process.

    For the first time ever, the parliament's intelligence committee will have operational oversight over security agencies—a first step towards the reforms recommended by John Faulkner. I am also pleased that Labor will bring forward legislation this year to give effect to all of the important reforms contained in the Faulkner paper. These include: a more flexible Parliamentary Joint Committee on Intelligence and Security; to ensure that the best qualified parliamentarians serve on the committee; that the parliamentary committee's remit be expanded to cover the counter-terrorism activities of the Australian Federal Police; that the committee receives enhanced powers and access; that there be expansion of the committee's powers to generate its own inquiries; that there be increased resourcing of the Inspector-General of Intelligence and Security; that there be a stronger relationship developed between the parliamentary committee and other oversight bodies, including the Inspector-General of Intelligence and Security, the Independent National Security Legislation Monitor and the Australian National Audit Office; that there be a requirement for mandatory sunset clauses for all controversial national security legislation; and that there be a comprehensive review of the oversight of Australian intelligence agencies, encompassing the role, powers and scope of oversight mechanisms. These reforms are desperately needed, and I am proud that it is now Labor policy to implement them fully. There can be no greater tribute to the legacy of Senator John Faulkner than the full implementation of these reforms—reforms that he has passionately worked towards for decades.

    In the time remaining, I would like to express my disappointment regarding the behaviour of the Australian Greens during this debate. As in almost every other policy debate I have witnessed, the Greens will never attempt to engage seriously on matters of complex public policy. Instead, they will adopt a position of empty populism that gives their members a warm inner glow and lures disappointed, progressive supporters of Labor. This is their real goal: to replace Labor as the party of the left by scoring cheap political points, rather than looking at what is in the national interest.

    We have seen this petty opportunism on display during this debate. For example, we had Senator Ludlam from the Greens in the other place describe this bill as a 'fascist, Orwellian mass surveillance scheme'. They have not tried to engage on the substance nor do they recognise that we must regulate a data regime currently out of control. They argue either that data must not be retained or that all 500,000 accesses that occur per year should require an individual warrant. Both are unrealistic and clash with the genuine needs of our law enforcement agencies. They are also completely out of step with the expectations of the community.

    To invoke fascism and George Orwell demonstrates that Senator Ludlam and the Greens are cheapjack populists and nothing more. Either they have not attempted to examine these issues seriously or they are cynically exploiting the significant public concern that exists, often without foundation, regarding this issue. Whatever the truth, it is a despicable position and demonstrates their unfitness to be accorded a serious role in political debate.

    I would like to conclude by thanking the Shadow Attorney-General and shadow minister for communications for their consultative approach to this issue. Ever since this issue first arose in its current form in October last year, they have worked very closely with the Labor Party caucus and the various committees to develop a Labor position to enhance a bill that was deeply flawed, and to push a responsible agenda that balanced the rights of individuals versus the genuine needs of law enforcement agencies.

    I also want to take this time to applaud the contributions to both the public debate and the debate within the Labor caucus by the members for Chifley, Gellibrand, Scullin and Griffith. I have not agreed with all their views on this issue but I have learned much from their serious engagement on this policy. I congratulate them for their great contribution to this debate.

    This is an important issue, an issue of great contention, but we must standardise and regulate access to retained data. While this is partly driven by national security needs, it is primarily law enforcement agencies that need this data. Some people engaging in crimes will be able to circumvent this bill through technical innovations, be they Skype or VPNs. That said, this bill will help our law enforcement agencies to prevent crimes and catch criminals.

    I echo the view of the member for Gellibrand: the fact that a proposal does not do everything does not mean that it does nothing of value. I believe that this bill, with strong protections for journalists through an effective warrants process, onshore storage of retained data and powerful parliamentary oversight, should be supported. I have been contacted by some members of my electorate expressing disappointment with Labor's position and outright opposition to data retention, and I can understand their disappointment. But I say to them: I believe this bill achieves the necessary balance—it balances individual rights with the genuine needs of law enforcement agencies to use every tool in their arsenals to catch criminals and prevent crimes. I firmly believe that with strong oversight and comprehensive review mechanisms in place we can have this bill go forward, we can review it when it is appropriate and we can tinker with it if that becomes necessary. But we must engage with this issue seriously rather than just saying no to a very important issue. I commend this bill to the House.

    5:15 pm

    Photo of David GillespieDavid Gillespie (Lyne, National Party) Share this | | Hansard source

    The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 has generated much controversy. But, in essence, I think a lot of the controversy is because of a misunderstanding of what metadata actually is. I will commence my comments by just clarifying what metadata is. Metadata is not the content of a conversation on a digital device. It is not the content of a phone conversation. It is not the content of an email message. It is not the content of a web page when people are web browsing. It is IP numbers. Every individual digital bit of equipment has its own IP number. It is actual phone numbers that are recorded. This sort of data has been recorded for decades. You only have to look at your own telephone bill that you get from your telephone provider. It will show where your mobile phone called from, what cell it went through, what digital mobile phone tower it went through and for how long. But it shows nothing about the content of your phone conversation.

    So, that is the first essential, important difference. A lot of the conversation against this legislation is based on the inference or the implication that it is the content that is being stored—as though it were phone taps, wire taps or internet sabotage, or reading live content or stored content. As I have alluded to, it has been done for ages. But this legislation is important in that, because of the efficiency of the digital era, records that most telecommunications people have been keeping at some state eventually become digital. The billing processes and all the things you need to succeed in business in this space have been so efficient that these days some of these records are only kept for up to a week before they are entered into a billing system, and then they are no more.

    That phenomenon is what has driven this bit of legislation. Metadata is like a digital fingerprint. Can you imagine the police or the AFP or our intelligence agencies being able to investigate without the humble fingerprint? It would set back justice and investigation of crime by decades. Well, in the digital world, metadata and the patterns of connections—not the actual IP number or the phone number—give the intelligence services, whether police, AFP, ASIO or ASIS, a pattern of behaviour so that they can use that to investigate serious crime, such as child abuse, sexual assault, exploitation and kidnapping, as well as counterintelligence matters. These are all very essential things that the community relies on our security services to look into and prosecute. That is why it is so essential. In fact, the figures that were mentioned at a committee meeting today were that 85 or 90 per cent of all the recent serious crime and terrorism investigations involved the use of metadata to assemble a direction for investigation about who is involved in these serious crimes or who is conspiring to commit serious crimes.

    So, that is the first thing. There is a reason. This has not come out of thin air. The other matter is that all this metadata has been accessed for decades as well, by up to 80 separate bodies. This legislation and the Parliamentary Joint Committee on Intelligence and Security has whittled that down to 20 bodies. People like the RSPCA—just about anyone—could get hold of this metadata. We are putting some appropriate limits on it. Other issues that come up in conversation about this rather heated issue are parliamentary oversight, storage and security of the data, allusions to limiting the freedom of the press or invading privacy, and whether it compromises legal privilege. There is also the issue that has been brought up about notifying those who have had their data accessed, either after the event or, as some have recently argued, at the time or before the access happens.

    I will go through each of those. There is parliamentary oversight of this process. There are senior-level officers with the Inspector-General of Intelligence and Security, the Commonwealth Ombudsman, state ombudsmen and the security forces who have to meet criteria before this data can be accessed. There is extensive and long-term parliamentary oversight through these processes. It is not as though we are just putting this out there on to the Australian people. Metadata has been stored for decades, but it is vanishing because of changes in technology. We need to provide a system so that the security services, the police and all the appropriate financial regulatory bodies, like ASIC, ACCC and the tax office, can establish a case to prosecute serious crime—child abuse and counterintelligence matters.

    One of the previous speakers this evening mentioned concern about the limitation of the freedom of the press. I would just like to say that this does not limit the freedom of the press. The press in Australia has a very well established and frequently used ability to say just about whatever they like, even skirting into libel. Having metadata is not going to limit that. I think they are concerned that one of their sources might be identified. That is a pretty long extrapolation. Unless they are dealing with people involved in serious crimes or they are the innocent so-called B party when the metadata is linked up, they should have nothing to fear. If they are not involved in counterintelligence, espionage, plotting terrorism, serious fraud and crime, child abuse and all those networks involved in paedophilia—all the things that the criminal investigation and national intelligence services need to be interested in to do their jobs—they should have no concern. And, as I mentioned, there is oversight of the system at the level of the Ombudsman and the Inspector-General.

    Regarding the issue of privacy, I have come from a meeting today where this very issue was discussed at length. There are many basic rights that we run our society by, including the right to privacy and also the right to expect our security and our wellbeing to be protected by the state—whether it is the state government police, the federal police or our security services. This metadata has historically been used in a proportionate manner, and it would be under this legislation, because the people accessing the data do not do so on a whim. There have to be firm indications.

    You could ask the people in my electorate: 'Would you like investigations into very serious matters up to and including terrorism, where there is a risk to life and multiple lives? Would you mind if the appropriate officers checked if certain people or bodies had connections via frequent internet traffic or frequent phone messaging, or gaining information about building bombs, or committing terrorism acts by frequenting terrorism websites?' And I think 99.9 per cent of the people in the Lyne electorate would say, 'Yes, that's not an infringement of our rights; that's protecting our rights'. They expect to be safe and secure in their own country. It is a matter of judgement and balancing the proportionate risk. Some of our commitments on the human rights treaties and agreements that we have committed to as a country are engaged in this process, but it is proportionate—the actions are proportionate to the risk.

    The issue of legal privilege being compromised by access to metadata was raised, but I think it would be very hard to argue that metadata alone would be enough to make a case. Whether it is financial crime, violent crime, paedophilia, child abuse networks or conspiracy for terrorism acts, it is not the metadata alone that is enough to convict a person. That is just part of the armamentarium in the investigative process. The content is the bit that could be used as evidence. The use of metadata is like the entree to making a legal case, or applying for a control order or applying to interrupt serious crime.

    The other issue that has been raised around this legislation is whether or not it is appropriate to notify people who have had their data accessed. There are some practicalities that have to be taken into account. If an investigation for any matter is underway and you notify the people that you are investigating, you do not need to be a rocket scientist to work out that the investigation will be compromised. By their very nature, a lot of these investigations by the appropriate authorities into these serious matters have to be discrete otherwise there is no point investigating because the suspect is notified.

    I do not think the proposals to notify people who are about to have their metadata accessed are appropriate at all. The practicality of notifying everyone who has had their IP address picked up in a random search for connections to these crimes would not be appropriate either, because the volume of applications and instances of searching amount to thousands and thousands per year. Any one IP address interacts with lots of other IP addresses, so it is like a cascading, viral list of IP addresses. It is only the patterns that help in these investigations. If everyone had to be notified, there would be hundreds of thousands of people who would have to be notified every year. If it had to go through a court process to get a warrant to look at these things, you would have to be notifying hundreds of thousands of people a year. You would have to have hundreds of thousands of courts to deal with it—just the practicality of it. The important thing is the proportionality of the principle of privacy being interrupted on a valid, justified basis. There are many issues, but the most important issue is that our law enforcement agencies require this ability. They have had it for years. It is vanishing rapidly. If we do not secure it, the Australian investigating bodies will be compromised. It is not mass surveillance. Unless you are involved in one of these suspected activities, it should be of no consequence to you. It is for all of our security— (Time expired)

    5:30 pm

    Photo of Chris HayesChris Hayes (Fowler, Australian Labor Party) Share this | | Hansard source

    I too rise to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. Without doubt, this bill has generated significant controversy. There have been many submissions. Interest groups have made their positions known to members, on both sides, and many have taken the opportunity to make submissions directly to the Parliamentary Joint Committee on Intelligence and Security while considering this bill.

    I take this opportunity to commend the committee on its analysis of the array of arguments and on delivering a very well-considered report. The committee's work has been critical in striking an effective balance between protecting the rights and privacy of individuals and enabling our security services, police and law-enforcement agencies to access the vital information they need to keep our country and communities safe. The committee's 39 recommendations were important in improving this bill, and they have made a substantial difference. Left in its original form, it would have been problematic to members on both sides of the House. The work of the committee has brought a focus, a balance, to the rights of individuals and the needs of our police and law-enforcement agencies.

    Given the importance of law-enforcement and national-security bodies, I commend the work of the Labor members of the committee: Anthony Byrne, Jason Clare, Mark Dreyfus and Senator John Faulkner. They played a truly significant role in shaping these recommendations into a position where this bill, in its current form, will receive the support of both sides of the House. Their contribution has improved the bill, and much of the credit for the level of oversight and safeguards should go to them.

    It is also worth noting that our police services have had access to metadata under the telecommunications legislation since 1991. Since this bill has been in the public eye significant controversy has surrounded it. It has been out there for a substantial period. Police are using techniques that prosecute serious and organised crime and that minimise and, hopefully, offset those who would perpetrate terrorist acts on our community.

    This bill is not about access to a new form of information for police or security agencies, although it comes at a time when a lot of restriction is being made on access to information. In terms of having this information available to them, when we had a monopoly on our telecommunications systems it was clear that Telstra—and, for a large part of the time, Vodafone—held the information that was readily available to our police and national-security agencies. There are many new players in the telecommunications space now, and a degree of regulation is required. This is to ensure that they will house the necessary metadata and enable it to be sourced by our police and the national security agency.

    This bill will ensure that bodies such as the AFP, state and territory police and ASIO continue to have access to metadata that the telecommunications companies already store for their own purposes. Given my background, I accept fully that access to this type of communication is essential in effective crime fighting, criminal investigations and counter-terrorism efforts. The declining ability to ready access telecommunications is undermining the efforts of our police and law-enforcement agencies; without access to this essential capability their efforts will be severely eroded.

    The bill introduces a number of changes that will give a measure of comfort to those concerned about the level of access to stored telecommunications data. The bill provides access to data that will be limited to two years prior to the date of intervention. The bill specifies exactly which law-enforcement and security agencies are able to access the metadata, significantly narrowing the existing range of bodies that have access to that data. The bill also defines, precisely, the metadata that will be retained and available to law-enforcement agencies.

    An important aspect of this bill is that it brings about a substantial level of oversight and reporting mechanisms that will ensure transparency of the access to information and the compliance regime within the law. The Commonwealth Ombudsman, in the case of law enforcement, and the Inspector-General of Intelligence and Security, in the case of ASIO, will have important roles in monitoring the overall integrity of the scheme and its day-to-day operations.

    It is also important to note that these organisations that do have access to retained data are required to have regard to the privacy of individuals before they seek the data from the telecommunications service providers. Each access must be authorised by a senior officer of the relevant security or law enforcement agency and the authorising officer must be satisfied that any interference with a person's privacy is justifiable and proportionate. This is what will be monitored by both the Commonwealth Ombudsman and the Inspector-General of Intelligence and Security. This bill brings about a degree of oversight that was not there before when this information has been used—and I still say correctly used—by our police and national security agencies. People should have a far greater degree of comfort in the fact that the level of oversight that is now being brought about by regulation will ensure transparency takes place in terms of access to this metadata.

    I know that in areas of the media there has been a concern about the passage of this bill, and I certainly appreciate that journalists have a very real concern that access to data retention could well compromise the anonymity of many of their sources. Whilst we may not always like it, I think all of us in this place appreciate the freedom of the press and that it is central to our democratic way of life. Therefore, we do have a need to protect journalists and particularly their sources of information. I think that is critical. We acknowledge the concern they raise and that it is critical to protect their sources of information but at the moment in the case of, for example, a leak investigation by a particular agency, that information is already available on request to a number of law enforcement and investigative bodies. So this is not something that is being introduced through this bill. I understand there is an area of concern there, but I am reasonably happy with the recent agreement with the government—albeit somewhat reluctantly on their part—to ensure that, where journalists' information is to be accessed, it can only be achieved by a warrant. I think that is a very substantial development. That warrant will require the intervention of a judicial officer. It should be acknowledged as something significantly greater than what currently exists in protecting the sources of journalists' information.

    ASIO, in evidence to the committee, confirmed that communications data had been critical to the disruption of terrorist attacks in Australia and provided the committee with a detailed, unclassified summary of the use of telecommunications data in Operations Pendennis and Neath, ASIO's assessment was that, in both cases, had relevant telecommunications data not been available, ASIO would have been ignorant to critical information, including the existence of covert communications between members of the terrorist groups, which could have had 'disastrous consequences'. In the case of policing, the AFP advised the committee that telecommunications data is the 'cornerstone of contemporary policing' and allows the police to identify suspects or victims; to exculpate uninvolved persons from proceedings; to resolve life-threatening situations; to identify associations between members of criminal organisations; to    provide insight into criminal syndicates and terrorist networks; and, importantly, establish leads to target further investigative resources.

    The fact is that police use metadata for investigations into counter-terrorism, serious and organised crime, firearm and drug trafficking, child protection operations, cybercrime, crimes against humanity such as slavery, people smuggling and human trafficking as well as community policing. This information is certainly well used by police agencies. We have been talking about the figures over the last 12 months. There have been around 250,000 applications for metadata use. I think that indicates not a reliance but the fact that this is a modern tool of law enforcement and one that has a significant impact in police investigations. So, for a range of reasons, I fully accept that for police and security agencies access to metadata is critically important.

    Clearly, access to this data is already extensively relied upon by police. I note that, in the last reporting period of 2012-13, the annual report on the Telecommunications (Interception and Access) Act 1979 shows that the greatest use of metadata was by the NSW Police Force. Over that reporting period the alone accessed metadata under 119,705 authorisations. I am advised that metadata proved vital in seeing 18 men who were planning a mass casualty attack in Sydney in 2006 convicted of terrorism offences and, again, was vital in relation to the planned assault on the Holsworthy army base in 2009.

    Only yesterday, I was talking to a couple of friends of mine, Ron Iddles and John Laird, from the Victorian Police Association. They were here in Parliament House attending a function in the President's chamber. They advised me of the importance of metadata to contemporary policing. Ron, who has had a long career as a homicide detective, told me that metadata was a crucial tool in assisting the Victorian police with tracking down Jill Meagher's killer and the place where he disposed of her body in 2012. Without access to this information, Ron tells me, the investigation process would have been quite slow because of the lack of witnesses. On this occasion, Jill Meagher's killer was brought readily to justice.

    For a range of different reasons, which I cannot go into now because I am out of time, I support this legislation. It is crucial for policing. If we expect police to protect our community we, at a minimum, must ensure that they have the appropriate tools to do their job.

    5:45 pm

    Photo of Alex HawkeAlex Hawke (Mitchell, Liberal Party) Share this | | Hansard source

    I rise to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, which is before the House. In doing so I want to commend the work of the Parliamentary Joint Committee on Intelligence and Security for preparing what is a set of necessary and excellent recommendations that I am pleased to say the government will be adopting in full. Indeed, all 39 of the recommendations have been accepted by the government. I think that is an important point to start my contribution with. There is a bipartisan spirit in relation to this bill, and that is more than welcome because of the significance of the matters we are considering.

    As I listen very carefully to the debate by members on all sides about the merits of each of the provisions of this bill, I note there is concern amongst members opposite about various elements that the government put forward in its original legislation, including, of course, from the members for Gellibrand, Scullin, Griffith, Chifley and Charlton, who have some valid bases for concern and objection, as do many people in my own electorate and from around the country who have contacted me in relation to this.

    Members here will remember that the previous government had a very authoritarian approach towards the internet. The communications minister who predominated in last Labor government was Senator Stephen Conroy, and he of course famously proposed to filter the internet. One internet service provider believed this would go so far as recording each URL a customer visited and all emails, and that the regime could see the Australian government retain data for much longer than has been proposed in the mandatory data retention bill. I was pleased the coalition opposed the mandatory internet filter. I was certainly an advocate against that. Subsequently, I have made contact with a lot of younger people, particularly people who have now had access to the internet for most of their lives, who have an enhanced concern about the retention of data and the use of data by government, and the legislation that governs that data. I think that is a worthwhile thing for people to do.

    It is important that we hold governments to account and that legislation be refined and put forward in the best way possible. This process that some Labor members have been critical of is actually a worthwhile process in this parliament. We have actually had a bipartisan committee go through this legislation severely to improve the quality of it to the point where most of us in this place, even those with reservations about some elements and components of the legislation, can now support the bill in its form, enabling the security services to do their job and get on with the work they need to do in fighting crime and targeting extremism and terrorism. That is not anything that anyone in this place would have an objection to. We do want to see our security agencies have access to the data they need to clear crime and to defeat crime and extremism.

    We know from some of the mandatory data regimes that the evidence is still unclear about them. In Germany crime clearance rates have increased by a miniscule 0.00016 as a result of mandatory data retention. Is it not yet the case that we can say with any justifiable evidence that mandatory data retention will lead to more crime clearance, although it will certainly help the security services and the police to do their jobs and to continue to clear crime at the rates that they are. Of itself, that is very important. It is why the joint parliamentary committee also reported that this particular piece of legislation, of itself, may not help to prevent a Man Monis situation, which we saw in Sydney recently. Although it is important to note that all of the security agencies are seeking this access and the retention of this data so that it is there and there is no degradation in the investigative capabilities of national security agencies, or an acceleration of the degradation of data.

    I think we in this place need to recognise the fact that as we move forward as a society and technology moves forward we need to be flexible with our laws and our regulatory frameworks. This bill no doubt will require amendments in the future. It will require amendments to keep pace with technological change, and it will require amendments to keep pace with the demands of society—that is, the right to privacy, which I think is becoming an increasing concern for generations of people in the Western World in particular, especially with those having internet access almost from the age of birth until the day they die. Issues like the right to delete data are now in the frame of the concerns of emerging generations, as are digital liberty, the right to access your own content and your own internet and browsing histories—all of your metadata content. I think these issues are going to become more vital as we move forward in Australia.

    I am one of the people who will acknowledge the member for Chifley for his valid concerns. Even figures like Senator Scott Ludlam, who I do not normally have a kind word for in relation to his politics or his policies, I think approaches this from a position of principle. Some unkind things have been said about him here in this debate, but I would stand up for him on this particular issue, saying that he is approaching it from the right angle and concern, but perhaps not reaching the right conclusion—that there is a form of law that needs to be passed by this parliament and by the Senate in the immediate future. I think he would do well to consider that and to help be more constructive in promoting the principles and the points that he is.

    I also welcome the group, the members for Gellibrand, Scullin, Griffith, Chifley and Charlton—I do not know if they call themselves the 'ginger group' or if they describe themselves as 'factions without borders' or something like that—as their concerns are, I think, coming from a good place. I welcome that from all members on all sides here today.

    I want to specifically speak about the recommendations of the joint committee because in them we find the reasons why the House should accept this legislation at this time. The recommendations have given us all a level of comfort as members of parliament that we now have a framework within the bill and the legislation that will ensure the right level of oversight, the right level monitoring, and the right ability of the parliament to continue to have oversight over each of the provisions.

    I want to speak briefly about some of these recommendations and how they will affect the different elements of the bill. In particular, let's start with recommendation 6 and the authority to access stored communications and telecommunications data. This is particularly important because the Attorney-General will now be able to declare an authority or body as a criminal law enforcement agency subject to conditions. Those conditions include: the declaration ceasing to have effect after 40 sitting days of either house; amendments to specify authorities or bodies as criminal law enforcement agencies in legislation will be brought before the parliament before that expiry period of 40 sitting days; and the amendments will be referred to the Parliamentary Joint Committee on Intelligence and Security within a minimum of 15 sitting days for review and report.

    I think it is important to go through those qualifications because these are the kinds of mechanisms that are now in place that will ensure the public can have confidence that there are strong protections and safeguards within this bill before us on their privacy and on the nature of the data. Parliament will have that strong level of oversight—either by the amendment expiring if the parliament does not consider it or the parliament will have to consider it through the Joint Committee on Intelligence and Security.

    This is typical of the recommendations in full, although I do not have the time to go through the recommendations in full. This has been well thought out, in my opinion. There will be stronger safeguards and oversight. While some members of the opposition have waxed lyrical about how it was all Labor's idea and Labor have done it, they have short memories about the previous government. There has been this ongoing discussion between parliamentarians in this country about these issues of privacy in relation to technology legislation and communications legislation. It is an ongoing conversation that we need to continue to have. As I have said, we need to be alive to amendments, flexibility in the law and moving with the times in relation to the expectations of the community and users of the internet and owners of content.

    In particular, I also want to speak about some of the other recommendations before we are out of time. Recommendation 33 will require an annual report to be prepared, including: the costs of the scheme; the use of the implementation plans; the categories of purpose for accessing the data, including a breakdown of the types of offences; the age of the data sought; the number of requests for traffic data; and the number of requests for subscriber data. This goes to the issue of transparency. I think Australians rightly have the expectation that this parliament will consider the issue of transparency in relation to legislation of this type. There will be great transparency about access and the access to the mandatory retained data. That is a very good recommendation which is absolutely accepted by the government.

    Recommendation 37 will ensure this bill is amended to require service providers to encrypt telecommunications data. I welcome that. I think that is a great development. It is a great positive. I think it is something that is supported on all sides of the House, including the committee developing a data retention implementation working group. It is a sensible mechanism. Australians can have security that both sides of the House will have a working group to implement the entire data retention regime—recognising that this is a difficult area of law; this is a new area of law; it is an emerging area of technology and law; and the intersection of technology and law. We need to get it right, and we need to have flexibility. The data retention working group will enable the parliament to have that flexibility and the ability to move and change as necessary within the confines of the legislation.

    A mandatory data breach notification scheme is also a very welcome recommendation, as is some more definition around the civil litigation, civil litigants and how the operation of this bill will intersect with access for civil litigants. The recommendations that the minister and the Attorney-General review this measure, and report to parliament on the findings of that review by the end of the implementation phase of the bill, is a step forward. I look forward to seeing the findings of that review of the implementation phase of the bill myself.

    Moving back to the actual content of the bill, I believe that this legislation needs to pass the House. While I have had my own concerns about aspects of this legislation, I certainly share the approach of the member for Chifley, in some regards, that we do need to keep an eye on how we legislate in relation to these areas.

    We also need to be very aware of the threat posed to Australia by extremist organisations and those of our citizenry among us who have no respect or regard for the law. We now know they exist within our society. They exist in more numbers than any of us would like to see—that is, people who have absolutely no regard. We live in a world where people do not even acknowledge that the law exists or that they obey it, or that they as a citizen have responsibilities under it. It is very dangerous when we have those people in our midst who have no regard or no respect, or no belief that they have to obey or respect the laws of our land. We also know that those people are so fanaticised and poisoned in their mind that they are willing to destroy their own lives to destroy others. They are willing to take their own lives to hurt others; to do damage to others; to destroy our society. When you have a group like that among us, you have to be willing to concede certain amounts of liberty to ensure that we are protected and safe.

    Of course there should be a debate around how much of that is given up, under what circumstances, for how long and under what limits. I think this bill has come to a point where we can support it in this House and in the Senate to ensure that our national security agencies and our police agencies—who are in a very good zone of fighting crime and fighting extremism—can have the powers and the technological capability they need to do their jobs well, and to fight those extremists and target that serious category of crime.

    Where we need to be vigilant as a parliament and where we need to be vigilant in the future is in ensuring that there is no breaching of this legislation by individuals, criminal agencies or government agencies. In particular, we need to make sure there are the right limits here. I want to commend the Attorney-General for ensuring himself, before this bill was drafted, that there were restrictions placed on the number of agencies that could access people's data. I think that is a big step forward. We need to see more of those restrictions. We need to see tighter access to data in the future and only on the basis that it is absolutely necessary for national security or policing. We need to make sure that, in the future, we do our job both through the parliament and through the Parliamentary Joint Committee on Intelligence and Security in making sure that the provisions of this bill are adhered to at all levels and respected by future attorneys-general and future governments.

    I commend in particular the Attorney-General. I commend in particular the member for Wannon, the chair of the committee. I think he has done an outstanding job in preparing these recommendations. I commend those members of the opposition who, in that bipartisan spirit, understand that this is necessary legislation and are giving up some of their views to ensure it is passed.

    6:00 pm

    Photo of Laurie FergusonLaurie Ferguson (Werriwa, Australian Labor Party) Share this | | Hansard source

    I approach this legislation in the context of two of my father's favourite dicta: 'Politics is the art of the possible,' and, 'One should be thankful for small mercies'—because, quite frankly, I think we should be very thankful that the Parliamentary Joint Committee on Intelligence and Security has very thoroughly investigated this bill and that these 39 recommendations, obviously driven mainly by the opposition, have been accepted within the committee and by the government. I do have deep concerns about these matters. The world has been very affected by the revelations of Edward Snowden. David Cole, professor of law at Georgetown University, commented in Vanity Fair of May 2014:

    We were sleepwalking into abandoning our privacy, and Snowden has woken us up.

    A person on a very different part of the spectrum to me, former congressman Ron Paul, whom I would not agree with on many matters but is certainly a very credible person with regard to human rights, commented:

    Thanks to one man's courageous actions, Americans know about the truly egregious ways their government is spying on them.

    Furthermore, Jim Sensenbrenner, who actually was a driving force behind Bush's PATRIOT Act, commented:

    While I believe the Patriot Act appropriately balanced national security concerns and civil rights, I have always worried about potential abuses.

    …   …   …

    Seizing phone records of millions of innocent people is excessive and un-American.

    So we must be aware that we live in a world in which, by a secret legal opinion, the power of the PATRIOT Act was extended to justify very extensive spying around the world on US citizens and, indeed, through exchanges of information, people in many nations. This reached the stage where we saw the Chancellor of Germany, the President of Brazil, the wife of the President of Indonesia amongst those who were basically spied upon and had their communication interfered with. We have seen a significant number of instances around the world where, under the guise of national security, this kind of power has been utilised for corporate requirements. We have a situation where there are allegations that, in dealings with our own neighbour, Timor, the negotiators in that operation were basically listened to illegally. We live in that kind of context.

    We must also be mindful that there is a very big question of how useful this technology is in combating terrorism and extreme crime, and there is also a question about the limited time that the data is useful for. The estimates in Europe are that 90 per cent of the requests are for information from the previous 12 months. Frank La Rue, the UN special rapporteur, commented:

    When accessed and analysed, even seemingly innocuous transactional records about communications can collectively create a profile of individual's private life, including medical conditions, political and religious viewpoints and/or affiliation, interactions and interests, disclosing as much detail as, or even greater detail than would be discernible from the content of communications alone.

    The UN High Commissioner for Human Rights commented:

    … it has been suggested that the interception or collection of data about a communication, as opposed to the content of the communication, does not on its own constitute an interference with privacy. From the perspective of the right to privacy, this distinction is not persuasive. The aggregation of information commonly referred to as "metadata" may give an insight into an individual's behaviour, social relationships, private preferences and identity that go beyond even that conveyed by accessing the content of a private communication.

    I can quote another person I give a bit of credit to, perhaps more than some people: Chancellor Merkel of Germany:

    For the possibility of total digital surveillance touches the essence of our life. It is thus an ethical task that goes far beyond the politics of security. Millions of people who live in undemocratic states are watching very closely how the world's democracies react to threats to their security: whether they act circumspectly, in sovereign self-assurance, or undermine precisely what in the eyes of these millions of people makes them so attractive—freedom and the dignity of the individual.

    Whilst in Germany, one of the other questions is the degree to which this measure would actually be effective. We are seeking, of course, to attack terrorists—religious fascists, psychopaths and sex criminals who are recruited to these kinds of causes—and, as people have commented, paedophiles et cetera. However, the Arbeitskreis Vorratsdatenspeicherung commented in Germany:

    Blanket data retention can actually have a negative effect on the investigation of criminal acts. In order to avoid the recording of sensitive and personal information under a blanket data retention scheme, citizens increasingly resort to internet cafes, wireless internet access points, anonymisation services, public telephones, unregistered mobile telephone cards, non-electronic communications channels and suchlike. This avoidance behaviour can not only render retained data meaningless but even frustrate targeted investigation techniques (eg wiretaps) that would possibly have been of use to law enforcement in the absence of data retention.

    It is interesting to note that President Obama's Review Group on Intelligence and Communications Technologies—one would think that they might have done a thorough review; one would think that they might have had some equipment to investigate these matters—commented:

    Our review suggests that the information contributed to terrorist investigations by the use of … telephony … meta-data was not essential in preventing attacks…

    That was the comment of the group. They went on to recommend that:

    … as a general rule, and without senior policy review, the government should not be permitted to collect and store all mass, undigested, non-public personal information about individuals to enable future inquiries and data-mining for foreign intelligence purposes.

    We have real questions as to the effectiveness: balancing the intrusion into people's lives with whether it will actually be that important in combating these crimes. We have questions about how long data should be retained and what percentage of it is actually useful after the event.

    On the other side, of course, we must be aware of the growing corporate interest in ensuring that more people are snooped upon. In an article by David Cole in The New York Review of Books on 8 January this year, he made the point:

    The US spent $3.3 trillion on counterterrorism in the first decade after September 11. There are forty-six separate national security agencies. Some 854,000 people have security clearances from the US government. Private technology and security companies, which land huge government contracts to develop and operate better surveillance tools, have become one of the nation’s most lucrative industries. As a result, substantial institutional forces will press for expanded security authorities, and will seek to create ever more powerful ways to monitor human activity.

    So indeed, as I said at the outset, I am thankful for small mercies—the committee has been persuasive upon the government. The context in which they did this was not encouraging.

    Next month it will be 400 years since Samuel Johnson said—probably of Edmund Burke—that 'patriotism is the last refuge of the scoundrel'. I have to say that, when we see the Prime Minister of this country grabbing every flag in sight to place behind him as he makes announcements in this policy area, we might replace the word 'patriotism' with 'national security'.

    It is interesting to note that the previous speaker made references to the so-called draconian efforts of the previous government with regard to the question of the internet and other areas, and that it outrageously tried to trample on people's rights. The government has to accept 39 amendments to a bill introduced by the Minister for Communications. This is a man who, like the member speaking previously, was critical of the previous Labor government's initiatives. Yet the bill he introduced has to accept 39 significant amendments so that people's rights were protected.

    The work done by the committee was very important, because I do not regard this as the end point. Areas such as the Ombudsman's alleged ability to give people rights have been basically interfered with. It depends, of course, on the degree to which that organisation is financed, and I am pleased to see that there have been some agreements on that front.

    There are very real questions about this, obviously, on the government side. I listened to the member for Berowra, a person that I respect deeply but, at the end of his contribution, he said that he did not think that these amendments were necessarily required. That was his conclusion. I have to say that I have more faith in the member for Ryan's comment that the amendments are indeed 'considered', 'sensible' and 'appropriate'.

    The member for Berowra quoted extensively from an article in The Economist about the threats we face: the fact that 3,000 people in the United Kingdom were regarded as a dangerous threat to society. He also talked about commando raids, the soft targets that these people were exploiting and the fact that they needed scrutiny. In quoting that article in The Economist, he told us how serious the threat is, that there are many people who have been radicalised and that we should have measures. But I do not think there was any conclusion in that article whatsoever that justified the kinds of measures that we are moving towards. There seems to be some degree of difference as to how necessary these amendments are.

    In summary, it is important that the dataset has been defined. Rather than it being an argument for this legislation, I find it alarming that there are 300,000 to 400,000 recourses to this. It is not just a question of the list of people that can access it being too long. Everyone is referred to—the RSPCA and various councils. There is also a question that the Australian public and the Australian parliament should be asking about whether it is too readily the activity of police and security forces to have recourse to this. Quite frankly, it is amazing that that level is thought to be necessary.

    We also have the issue of the cost to these telecommunication companies. Quite rightly, the committee on all sides has fought to make sure that it is not advantageous to large telecommunications corporations as opposed to small operators, and there should be an up-front payment from the government. There is also the question of notification of breach, private alerts, for people who have been actively interfered with with regard to this. There is a recommendation for a mandatory review of the data retention scheme for no later than four years after the commencement of the bill. That is, indeed, very important because, as we have seen, in the United States in particular, there has been creep by the security forces well beyond what the legislators originally intended in the Patriot Act. It is important that there be a review in that period.

    Obviously, a comprehensive inquiry into the potential impact of data retention on the freedom of the press and protection of journalists' sources is important. I noticed a discussion in a program the other night about the question of who journalists are. I do not think the only people who should be defended are the Albrechtsens, the Bolts et cetera of this world, who will never be launching investigative inquiries into the way people are abused in the public service. I think there is a real question about people who are not full-time journalists, but who perform the role of informing the public and are investigative in the way they operate also being covered. I am not clear at this stage whether that is the case, but it should be.

    In conclusion, this is a measure that, because of the activity of the committee, people on all sides, but most particularly the opposition, has come down to a broad series of suggestions that have been summarised by many members of this parliament. It is more than necessary. Even though it is so-called neutral metadata, there is a real fear the more that is known about people. I heard someone today jokingly ask—I think he was serious—are people worried that they might be found going to sex shops or whatever? This is a more serious matter. There could be a situation where, in a particular political cause, a large number of people have broad agreement and a common connection on a particular position, say, on Palestine or West Papua, but they are possibly being stereotyped and their privacy is being affected because it could emerge at a later stage that one person who agreed with them in affiliation on those issues had acted more violently.

    6:15 pm

    Photo of Steven CioboSteven Ciobo (Moncrieff, Liberal Party, Parliamentary Secretary to the Minister for Foreign Affairs) Share this | | Hansard source

    I am pleased to speak to the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. I have for some time had a particular interest in relation to data retention. In fact, prior to becoming a member of the executive, as a backbencher I was quite outspoken on data retention laws. I have been quoted in the media, raising concerns that I had with respect to data retention at the time, making the remark that they were 'tactics akin to the Gestapo'. I think those were my exact words.

    I think it is important in the fullness of time to appreciate the context in which I made those remarks. We know as students of history that there have been many examples of governments misusing and abusing their power. I am someone who is fairly strong—at least, I like to think I am fairly strong—on civil liberties and a firm believer in the supremacy of the individual over the state. Indeed, that lies at the very core of why I am a member of the Liberal Party. So for those reasons I am often on guard in relation to state intrusion on personal rights.

    I heard the member opposite cynically remark, 'That's because you were in opposition and now you are in government.' It is a shame that ignorant people make comments like those—ignorant because it is ignorant of the facts. The fact is that the proposal that Labor first aired on data retention was very, very different to what now lay on the table in relation to the coalition government's proposal.

    The key difference and, I think it is fair to say, the most salient point in this debate that is conveniently overlooked very readily by critics of this government's proposed data retention approach comes down to this. And it is a crucial difference. The laws that the Labor Party first mooted and proposed did many similar things to what the government is now proposing but, in addition, they required that web-browsing history—that is, originating IP addresses and destination IP addresses—be retained. In particular, it is the destination IP address that marks an absolutely fundamental difference between the proposal that Labor put forward when they were in government and what this government is now doing. The reason why it is such a stark and fundamental difference and provides a difference akin to night and day with respect to this legislation is that under Labor's proposals—when I made remarks about it being 'tactics akin to the Gestapo'—it would have enabled the state to not only have known who was sitting on the end of an IP address and tapping into their computer or on their telephone but also have known which web pages they were looking at. And by knowing information such as which web pages or bullets and board, Relay Chat, P-to-P service or whatever, the state was afforded a privilege completely unprecedented in terms of knowing what each individual member of that state was looking at, for how long they were looking at it, exactly which page on the internet they were on, how long they were reading that page, whether it was a cursory click and whether they spent an hour or more looking at it. We are not doing that. That is not the coalition's proposal.

    Let me make it clear. If it had been, people would have known about my objection to us doing that. But we are not. I was pleased to be able to work within government, to speak to the Attorney-General, to speak to the Chair of the Parliamentary Joint Committee on Intelligence and Security, the member for Wannon, about my very concerns. They were not just my concerns; they were concerns that were held by a number of coalition members because, fundamentally, the true protector of civil liberties in this parliament is the Liberal Party. It is the Liberal Party that is the bastion of belief of the supremacy of the individual over the state. The socialists on the Labor side will always put the needs of the collective above the needs of the individual. But not us. As a Liberal, I was very pleased to work within government and to build on the very fine work that was undertaken by the Attorney-General, the Minister for Communications, and the Parliamentary Joint Committee on Intelligence and Security, who determined that access to actually knowing which web pages were visited and for how long they were examined went well and truly above and beyond what was required for intelligence purposes.

    We live in a new era, unfortunately. The threat from individual actors and, more broadly, from groups and organisations, whether you call them lone wolves or terrorist cells, has never been as strong as it is today. That is a simple statement of fact. We have already seen, unfortunately, too many examples in this country of those that want to infect our nation with fear by carrying out the most obscene and repugnant acts against private individuals and citizens who were simply going about the ordinary course of business in their lives. In that context, one of the primary responsibilities of government and, indeed, of the parliament is to provide safeguards to the general population that we will do what we can to thwart the terrorists' activities in planning stages. One of the most fundamental ways that we can do this is through the use of metadata.

    If you go back to the commencement of mobile telephony, you would know that the world was a very different place. I recall one of the very first mobile phones that was available in the retail market. It was an old analogue. It would have been around about 1992. At the time, telecommunications companies routinely kept what is referred to as metadata. They knew who was the account holder, that is, the name of the person who owned the account. They knew the originating source of, for example, a call, in this case, that is, who was making this phone call and what number they were making it from. They kept who they called and they kept the duration of the call. The reason that telecommunications companies did that is because that was how they charged. Who did you call, how long did you speak to them for, was it a local call, was it an STD call, was it a call to another mobile? The duration of the call then determined the price you were charged. That was routinely kept because it was important billing information.

    What we learned over time was that that information was invaluable to our law enforcement agencies in undertaking their work. The fact would simply be that there would be scores of people who are in prison today or who have been imprisoned as a direct result of that metadata. Without that data, those people would still be on the streets or would not have been convicted of a crime that they committed. They were convicted for no reason other than good investigation and metadata. It is a statement of plain fact.

    With changes in billing, that is no longer routinely kept information. Most people know that, in this day and age, you can sign up for a mobile phone plan with unlimited calls, unlimited SMS and data services that basically have unlimited amounts of data in any particular billing cycle. The need for telecommunications businesses to continue recording that information, such as who the account holder is, what number they are calling from, what number they are calling to and how long they spoke for, is no longer a billing requirement for the telecommunications companies. For that reason, many telecommunications companies are in the process of having either phased out or commenced phasing out the retention of this information.

    This is the challenge that presents itself to government: this very vital tool of data, so crucial to the effectiveness of our law enforcement agencies in investigating and prosecuting criminal activity and illegal activity more broadly, is being phased out. So, as a government, we have responded, I think, in a very appropriate way. The framework that is in this legislation says we must retain that data. We have extended it to also include, for example, IP data, such as who holds the account from which a computer is accessing another computer on the internet.

    Again, I stress that we are not interested, as a government, in knowing which page someone was looking at on the internet. We are not interested in the destination IP address, because the way these investigations routinely work is that our law enforcement agencies and, indeed, others around the world work collaboratively. Take, for example, one of the most repugnant crimes that there is—child pornography, the assault of innocent children. Law enforcement agencies will find a site that contains this repugnant material and they will watch which IP addresses are going to that particular site. Sometimes those that are accessing those sites, of course, attempt to mask their address through the use of proxies. But once they know what the IP address is, they can then trace the steps back to know which computer it has come from and who the account holder is. They still do not know who was actually sitting behind the computer at that point in time, of course. But they do know who held the account and they do know that that site was accessed.

    The retention of this information under this legislative framework is about enabling our authorities not just to prosecute potential terrorists but to prosecute those engaged in all sorts of criminal activity or those for which there is a pecuniary penalty, and that is appropriate. As someone who has been a strident advocate for civil liberties, I do not walk away from the fact that the key tipping point for me in this debate is destination IP addresses. Who you have called and the phone number you have called from is information that has essentially been in existence since we commenced using telephones and commenced charging for them. It has been decades. Who the account holder is and which IP address you are using is information we need, and I do not believe it is that much of an incursion on civil liberties for us to know which computer is being used.

    It is an incursion to know which web page you have been to. The state does not need to know that. But it is not an incursion to know that you hold an account and that that account was used in accessing whichever particular site might be monitored by authorities—not every site, but a site that is being monitored, for example, if it had, as I mentioned, child pornography on it. For those reasons, this legislation by this government is appropriate. It is very different to Labor's original proposal that I railed against.

    The concerns that I know have been put forward by journalists in relation to the protection of their sources are concerns that have been addressed by the coalition and the Labor Party by including an amendment to require a warrant when it comes to revealing a journalist's source. That ability existed for a lot more agencies than it does under this legislation, and it was not abused previously by this or any previous government—or, more importantly, by the agencies themselves. So safeguards are in effect and it is important to realise that, if we do not have retention of this data, then we are effectively removing the opportunity for our agencies to be able to prosecute those who engage in all sorts of nefarious activities—from terrorism through to child pornography—and that is too high a price to pay.

    6:30 pm

    Photo of Joanne RyanJoanne Ryan (Lalor, Australian Labor Party) Share this | | Hansard source

    I rise to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. I, like most of my Labor colleagues, have worked long and hard to come to grips with the complexities of this issue. We have tried to be as responsive as we can to our own concerns, the shared and individual concerns of the caucus, as well as the shared and individual concerns of the community. It is a complex issue and it is one that takes time and energy to come to grips with. I am not a lawyer—I know there have been many with a background in law who have spoken on the bill today. I was a teacher, so for me the process in going through this is based around common sense. I am not au fait with the intricacies of the law, but I can understand the common-sense argument. So I rise tonight to give some understanding as to how and why I have come to the decision to support this bill.

    When the legislation was first introduced by Minister Turnbull, it was clear that additional sensible amendments were needed. It was clear, even to someone without a law degree, that what was put before us for consideration did not have checks and balances, did not have the appropriate balance between personal freedoms and community safety. It was interesting to hear the member for Moncrieff talking about the positions that the coalition took, when they were in opposition, on the work done earlier by the Labor government. It was interesting to note that Minister Turnbull said in 2013 that he thought the legislation in this area would have a chilling effect on free speech and that he must record his grave misgivings about the legislation that was put before the coalition by the Labor government.

    But I think we have all moved a long way since then. And we have done that because of the hard work of the Labor Party in the months since we managed to get the legislation referred to the Joint Parliamentary Committee on Intelligence and Security. Across those months, all of us on this side of the chamber have worked hard to understand this. We have engaged in long conversations with the members of that committee about the progress of the recommendations, about the hearings that were held, about the stakeholders that were listened to and about the very careful and deep consultation and discussion that was occurring not only among the members of that committee but also in public hearings and with the parliament.

    I am reminded of one of the first conversations I had about this legislation, which was with the member for Gellibrand, who is on our side and acknowledged as having a degree of expertise in this area. I was surprised when the member for Gellibrand explained to me that, under the current system, my local council could be accessing metadata that tells them who I am ringing, how long the calls are and where I am when I am making those calls. I am sure most people in the community have similar feelings and misgivings about unsworn officers accessing our metadata. These people are not members of our police forces or security agencies, they are not people who have been trained, sworn and have protocols and protections and accountabilities in place in their organisations. Of course, I was also reminded that my local council was one of the councils that had authorised its officers to access the metadata of residents and that they had done this through telcos. This goes to the core of why we are all standing here today to pass this legislation. The current situation is that councils and others, as many have been on their feet to talk about today, can do that.

    Wyndham City Council could come in here as they did with me when I spoke to them about this when it hit the press. When Wyndham City Council did this, they were the only Victorian council to have done it and they encountered enormous backlash from both their own community and the broader picture and community. If you listen to the story of why they accessed the metadata of residents, their rationale was not sinister. They had someone who had been attacked by a dog, and the owner of the dog left their mobile number but then fled. Wyndham City Council sought to find that dog owner through the people who register dogs. This work may have been better referred to the police. I am sure everyone in this chamber now would argue that the legislation before us is reasonable because in that situation it would be referred to the police and it would be sworn officers of the police department who seek that metadata. And Wyndham City Council were not alone. Other councils did similar things. There was also access by authorities such as Work Safe.

    What I have learnt across the last three or four months is that in the current situation the bar has been set too low. It is too easy for people to make what the member for Griffith calls warrantless access applications. We know that in the last year there were half a million access requests granted. That is an enormous number, and the public need to know that this legislation will change the current situation, that we are looking at an area that is largely unregulated and that we are moving to a space where there will be regulation.

    I have listened with great interest in recent months and today as members on this side of the House have talked about the work of the security committee. I acknowledge the work of my colleagues on that committee, because the shape of this legislation now after that hard work is about consistency—consistency about keeping the data; that it will be two years for all data. There will not be an influx of people leaving one company for another to get around the basics of this legislation. There will be consistency around the type of data that is kept and, as we have heard all day, that is when talking on the phone: whom you were speaking to, where you were and for how long you were speaking. We have an understanding that emails will not include the content line.

    I have to join my colleagues and mention that it has been disappointing that the legislation was first rushed into this parliament in no state for debate and in no state to become law. It was done so under the presumption of terrorism, when in fact it has come to light that metadata is used minimally against terrorism but, most importantly, all the time in fighting crime and assisting our police and other agencies to prevent crime and find the perpetrators of crime after the fact.

    We have made some wonderful improvements during these three months. I want to assure the people in my community—the young people in my community who have concerns about metadata being used in civil litigation and families concerned that metadata could be used in family law courts—that one of the changes that will be brought down is that the limitations will be around criminal legislation, not civil action. That is a really important thing to stress.

    It is also important to stress the other changes that go to the core of why this legislation was not ready when it was rushed into the parliament. One of those issues is around the notion that the dataset, or the parameters of what was going to be retained, could be changed by regulation. I welcome the amendments, because it will not be the case that we will have to come back to this place, and any changes will have to be passed in the parliament. I also note the important inclusion of ASIC and the ACCC being able to access metadata to facilitate the prosecution of white-collar criminals. This is something that the community will appreciate.

    The other improvement is around requiring telecommunications companies to provide consumers with access to their own metadata upon request. This could be used in any individual's defence in terms of proving where they were or where they were not. So it could have a personal use for members of the community.

    As many of us have said today, the other important thing is—having just read about some of the breaches of privacy in the UK over the last several years that have culminated in prosecutions—that we will also be implementing a mandatory data breach notification scheme, where, if individuals have had their data breached, it will be law that telco companies notify them that there has been a breach in their privacy, that someone has accessed their data without proper consent. This is really important and it will bring some comfort to people.

    I think this legislation is about finding the balance between personal freedoms and collective safety, and I thank the Labor Party for the work that they have done to get it into a space where the community—my community—will accept this as being for the good of our community.

    There are lots of other issues. The data will now be encrypted—currently, it is stored and not encrypted—and that is another level of safety. There is an agreement to have a comprehensive inquiry into the potential impact of data retention on the freedom of the press, and that we come into a place where those warrants will have to be used to access the metadata of journalists. This shifts responsibility from the Attorney-General—or, let me be blunt, from any politician in this place—to a member of the judiciary in cases where the police can show cause and be given a warrant to access the metadata of journalists.

    There are other concerns not so much around personal freedoms or personal privacies but around the cost to business. We have commitments from the government that this will not become a digital data tax and that measures will be put in place to support companies and to ensure that this does not become an unfair burden on smaller businesses and start-ups. We need start-ups and innovation in this area to drive our country and our economy forward.

    The other contentious issue is around offshore and onshore storage. There have been long conversations on this, and we are looking for guarantees that that storage will be onshore and stored in Australia. There have been long conversations in our caucus, in the community and in the security committee. I hope there have been similar conversations across the chamber.

    There are many amendments to the original legislation that was put before us—all of them are improvements, including giving oversight to the Ombudsman, and guarantees that there will be sufficient funding and resources for the Ombudsman to ensure the oversight occurs efficiently.

    So, I see this as being quite a long journey to get here, but it is a beginning, really. It establishes the necessary balances between personal freedoms and community safety. It establishes a standard for independent oversight. And it is critical, going forward, that we have behind us, as a parliament, the community's trust that we can deal with complex issues, that we can respect their concerns, that we can work together in the joint committee and that the joint committee will be part of the oversight going forward. That, I think, gives some comfort to the community, and certain sections of the community are very anxious about this legislation. I support the amendments, as they have much improved what many of us on this side have said was a shabby piece of legislation. But what we have before us tonight is an improvement on the current unregulated status quo. It will protect Australians, it will help us fight crime and it will protect our privacy and our safety as well. I commend the bill to the House.

    6:46 pm

    Photo of Kelly O'DwyerKelly O'Dwyer (Higgins, Liberal Party, Parliamentary Secretary to the Treasurer) Share this | | Hansard source

    Modern communication technologies have drastically changed the way people communicate locally and globally. But just as everyday Australians have adapted to new technologies and have found easier, more instantaneous ways to communicate, so too have those who look to cause harm to our society and to our people. It is up to governments to put in place prudent measures that will protect the security of all Australians—prudent measures that assist our intelligence and law enforcement agencies to investigate, protect against and prosecute those who wish us ill and threaten our national security. Of course, governments must always be wary of laws and policies they put in place and be wary of how far they intrude into people's lives. There is always the need to balance what is good for the nation and what is good for its citizens.

    The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 is critical to protecting our citizens and our nation. This legislative package contains a number of reforms to prevent the further degradation of the capabilities of our law enforcement and national security agencies. It is important that they are equipped to do their jobs and do them properly. Access to metadata plays an important role in almost every counterterrorism, counterespionage, cybersecurity and organised crime investigation. It is also used in many serious criminal investigations, including investigations into murder, serious sexual assaults, drug trafficking and kidnapping. Indeed, we have heard in recent times from our intelligence and law enforcement agencies just how important it is for them to access information to enable them to do their job. The Australian Federal Police Commissioner, Andrew Colvin, has said that between July and September of 2014 telecommunications data was used in 92 per cent of counterterrorism investigations.

    This is nothing new. The importance of telecommunications data to major counterterrorism investigations was well and truly made clear 10 years ago in Operation Pendennis, a combined ASIO and law enforcement operation that prevented a mass-casualty terrorist attack in Australia. Telecommunications data was used to identify a covert phone network that was being used in an attempt to hide activities from ASIO and the police. If it were not for this data being available, it is unlikely that the authorities would have understood the network of people involved in the planning of a terrorist attack. As a result of the work undertaken by ASIO and law enforcement, a mass-casualty terrorist attack on the Melbourne Cricket Ground was avoided and this work led instead to the arrest and conviction of 13 men on terrorism charges.

    Telecommunications providers already store data they require for their own business practices. Often this is done to enable them to invoice their customers appropriately. However, changing technologies and business practice mean that providers are now keeping fewer records about the services they provide and are keeping those records for shorter periods of time. This has resulted in there sometimes being a lack of information available to our investigative agencies. In June 2013 the bipartisan Parliamentary Joint Committee on Intelligence and Security concluded that these changes have resulted in 'an actual degradation in the investigative capabilities of the national security agencies, which is likely to accelerate in the future'—a stark warning indeed. Given the current environment of threat that our country faces, we cannot let this essential capability deteriorate any further. David Irvine, the former Director-General of ASIO, has said, 'Unless metadata storage practices are changed, law enforcement and counter-terrorism efforts will be severely hampered.'

    This bill will create a minimum, consistent obligation for record keeping across the Australian telecommunications industry, for law enforcement and security purposes, by requiring specific categories of telecommunications data to be retained for a period of two years, subject to implementation and exemption arrangements. It is important to stress that this bill does not include any changes to the current access regime for metadata. Currently the Telecommunications (Interception and Access) Act allows law enforcement agencies to access metadata where reasonably necessary for the enforcement of criminal law or laws imposing a pecuniary penalty or for the protection of public revenue. It is also important that we consider what metadata actually comprises. Metadata—the data this bill considers—is information about a communication, not the content or the substance of a communication. For example, for the internet, data could be information such as an email address and when an email is sent but would not include any of the content of the email itself, such as its subject line or the body of the email. The substance of a person's communication will continue to only be able to be accessed under a warrant. That is not changing, and rightly so. Data captured under this bill may only be accessed on a case-by-case basis where it is reasonably necessary for a lawful purpose, such as part of a national security investigation.

    I acknowledge that there has been some concern surrounding these proposals. However, the government has introduced strong safeguards and protections in this bill to ensure that individual liberty is not unduly interfered with. These protections come on top of a number of safeguards and oversight mechanisms already in place. The Privacy Commissioner already plays a critical role assessing industry compliance with the Privacy Act. Protecting the security of personal information remains a key priority of both government and industry, and we expect that the standards and safeguards that industry already have in place to secure private information will continue.

    This bill will implement additional oversights for the new data retention regime, in line with the 2013 recommendations of the Parliamentary Joint Committee on Intelligence and Security. The bill limits the access to data to agencies, such as law enforcement and intelligence agencies, that have a clear need for such access and well-developed internal systems for protecting privacy. Indeed, despite all the noise and all the chatter, the range of agencies permitted to access telecommunications data will be reduced—not increased—from around 80 agencies to around 20. The current open-ended definition for which agencies can access the data will be replaced with this shorter prescribed list of key agencies, and supplemented with a new declaration power for the Attorney-General to declare, at his discretion, a new agency that meets strict criteria relating to their need to access stored communications or data and their ability to protect privacy whilst doing so. In addition, this bill will also introduce, for the first time, comprehensive oversight by the Commonwealth Ombudsman for any Commonwealth, state or territory law enforcement agency accessing retained data. These new safeguards will, in fact, increase privacy protections.

    Further, the government has indicated that it will move an additional amendment to require agencies to obtain a warrant in order to access a journalist's metadata for the purposes of identifying the journalist's source. Warrants are typically reserved for the most intrusive powers, such as the power to use force to enter a property, to intercept phone calls, use surveillance devices or to arrest a person. This bill does not, and did not, target journalists or their sources. Clearly, this additional protection for journalists and their sources is a demonstration of that.

    Just before I conclude my contribution to this debate, I would like to acknowledge the work undertaken by the bipartisan Parliamentary Joint Committee on Intelligence and Security. The committee undertook a detailed consideration of the bill and considered a wide range of issues raised in evidence by a wide range of stakeholders, who participated in its inquiry. I particularly acknowledge the chair, the member for Wannon, Mr Dan Tehan, a good friend and colleague, who worked hard together with the rest of the committee members to deliver a unanimous, bipartisan report into this important bill.

    This is an important bill, which deals with changes in technology and ways of communicating. As I spoke of earlier, just as Australians have themselves adapted to new technologies and have found easier, more instantaneous ways to communicate, so too have those who would look to cause harm to our people and our nation. It is clear that the government and this bill are putting in place the prudent measures necessary to protect Australian citizens against harm, whilst keeping a strong check on interference with individual liberty. I commend the bill to the House.

    6:56 pm

    Photo of Sharon ClaydonSharon Claydon (Newcastle, Australian Labor Party) Share this | | Hansard source

    I rise to also add my voice to this important debate on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. It is vital that we have these discussions and debates in this place as we work to set up a new legislative framework aimed at balancing the often competing needs of law enforcement agencies—who, as we all do, need to keep citizens safe—and protecting the rights of people's privacy and liberties.

    It is important to note at the outset that this is controversial legislation, and I can understand why there has been widespread discussion in our communities regarding its purpose. It has, after all, been very poorly explained by the government, and the bill, as first introduced, was grossly inadequate. This is why Labor has insisted that the legislation undergo a rigorous process of review and amendment to reach the point of debate that we have today.

    Constituents in my electorate have rightly contacted me with a range of questions and concerns regarding various aspects of the legislation, from differing points of view. Not everyone supports the bill, and some may never believe the reasons for it are valid. The status quo, however, is that the bill is bereft of privacy protections and lacks real oversight over the use and potential misuse of data.

    When the data retention scheme was first introduced in the previous parliament, the now Minister for Communications, who introduced the current bill before the House, had his own reservations and questioned the premise of data retention himself. People in all political parties have concerns about the mandatory retention of telecommunications data. Legislation like this raises legitimate and serious privacy issues, and it is important that they are addressed.

    The bill being debated today establishes a mandatory data retention scheme where, for the first time ever, telecommunication companies will be required to standardise the type of data they collect and the amount of time they hold it. More importantly, in my view—given that the law enforcement agencies are already accessing our telecommunications data right now, with very few rules and oversights in place—the recommendations of the Parliamentary Joint Committee on Intelligence and Security, if adopted, will place tighter rules and, for the first time, proper oversight of the agencies that access our data and the way it is used. These are important protections and they are sadly lacking from the existing regime.

    What is the situation with data retention? As the committee heard, in evidence, the retention of very large volumes of telecommunications data by private companies, such as telecommunication and internet-service providers, has been occurring in Australia in a largely unregulated manner for many years. This data is currently accessed under the Telecommunications (Interception and Access) Act by a very large number of agencies. It is accessed hundreds of thousands of times per year without the need of a warrant. Our data has been harvested, retained and accessed for many years. Data retention is not new in Australia.

    The 2012-13 data was accessed by some 80 different agencies with criminal-law or revenue-protection functions. These agencies included federal, state and territory police, Medicare, local councils, the RSPCA, the Australian Taxation Office, Australia Post, ASIC and ASIO. In 2012-13 metadata was accessed 330,640 times. That is an 11 per cent increase on the previous year and a jump of 31 per cent over the last two years. Fast forward 12 months to 2013-14 and this number increased to more than 550,000.

    As referenced by Mike Seccombe in The Saturday Paper, last weekend, the magnitude of these figures invites a number of observations, chiefly that this bill is not substantially about counter-terrorism. Despite assertions from the Prime Minister that the data retention bill is the vital next step in giving our agencies the tools they need to keep Australia safe, access to these tools is already available. This was referenced by the Minister for Communications when introducing this bill and is detailed in the bill's explanatory memorandum. The minister said that this bill does not expand the range of telecommunications metadata currently being accessed by law enforcement agencies, it simply ensures that metadata is retained for a period of two years.

    The dramatic increase in data access is in line with the fact that we are creating an ever-greater caucus of data for authorities to access. More data and more companies equals greater risk of misuse. More care and increased oversight is therefore needed. Arguments that retention is pointless—because ill-doers and criminals can use encryption programs to hide their identities or because the regime will not capture all of the overseas data—really ignore the need to address our unregulated open-slather access for data that we currently have.

    Whilst this bill is not in a form that Labor would have drafted if it had been in government, and while the bill will not stop terrorism or protect citizens against all crimes, it will ensure that data access is regulated and subject to privacy laws, for the first time ever.

    As referenced earlier, when this bill was introduced it was a skeleton of the draft legislation before the House today. Earlier this year, the Leader of the Opposition wrote to the Prime Minister outlining a number of serious concerns Labor had with the original legislation introduced by the Minister for Communications. Labor insisted the bill be subject to scrutiny by the PJCIS before being debated by the parliament in full. The parliamentary joint committee received hundreds of submissions from concerned citizens and organisations and held several days of public hearings. After considered scrutiny and substantial amendment of the original legislation, and having secured support for 38 recommendations, we are now in a position to support this bill. I acknowledge the work of the committee in coming to these recommendations—in particular, the work of the shadow Attorney-General and the shadow minister for communications.

    Through the rigorous process of the parliamentary joint committee, Labor achieved a number of very substantial amendments to the bill. The bill, as amended in response to the committee's recommendations, is of a wholly different character from the original bill. As the Liberals now concede, albeit reluctantly, it was a bill that was manifestly inadequate. Key features of the proposed data retention scheme were not settled, and the government's proposal to give these over to executive regulation was not acceptable to Labor. Oversight was inadequate. Safeguards were too limited. We remedied these problems through the committee process. The bill today is a very different creature from what was originally presented to this House, and it is only in its current form that Labor is able to offer its support.

    I remind the House that the committee made 38 substantive recommendations. I focus now on some of those key recommendations that Labor achieved through its work with the parliamentary joint committee process. In its original form, the bill left the definition of dataset to be retained to regulation. It set only very loose parameters on matters that the prescribed information must relate to. That is to say, the government's bill barely addressed the central detail of its own proposed scheme. Labor demanded, however, that the dataset be fixed in the legislation. Labor has made sure that parliament and the Australian people are able to properly consider the scheme. This will ensure that business has certainty and that consumers know what information is being stored. The government will not be able to expand this scheme without returning to parliament.

    In its original form, the bill limited access to retained data to a list of agencies. The government made a lot of noise about this change, claiming it limited the scope of the scheme; however, the bill also gave the Attorney-General a very broad discretion to add further agencies, by regulation, without the full oversight of the parliamentary process.

    Labor insisted that only agencies specifically listed in the legislation would have access. The Attorney-General cannot add further agencies without legislation, subject to an emergency power to add agencies for a very brief period of time ahead of that the legislation being brought on in the parliament. It is Labor's position that only agencies dealing with national security and serious law enforcement, such as the Australian Federal Police and the state police, should have access to data under the scheme, and we should have proper parliamentary and public debate if the government proposes to extend access to other agencies. Labor also pushed for the inclusion of ASIC and the ACCC—agencies which presently use telecommunications data to investigate white-collar crime.

    The government's bill did not prevent retained data being accessed in ordinary civil litigation. Labor again pushed to close this loophole. Private information retained for the national security and serious criminal law enforcement should be used for just that. This amendment to the bill will ensure that data retention cannot be used for copyright enforcement—an assurance the government has been unable to give convincingly.

    The original bill did not provide for individuals to access their own data. Labor asked that the bill be amended to make it clear that individuals can access their retained data. Labor believes that this is an important application of privacy law principles. Australians should always be able to access personal data that companies keep about them. The original bill did not provide any way of individuals knowing if the security or the privacy of their data had in fact been breached, even though this had been recommended by the Parliamentary Joint Committee on Security and Intelligence in an earlier report in 2013. Labor ensured that the government fix this by implementing mandatory data breach notification legislation—legislation which Labor has called for long before the data retention proposal. Australians have a right to know when the security of their data has been compromised, Mandatory data breach notification gives individuals some comfort about the security of their data and, when there is a breach, allows them to take protective action.

    The government's bill made no provision for the encryption of data—again, even though this had been recommended in 2013. Labor pushed for the bill to require encryption. Australians should have assurance that their data is protected, and encryption is currently the best means of ensuring that Australians' data is kept secure and private under this scheme.

    The government's bill provided an oversight for the Ombudsman; however, Labor was not satisfied with this. Again, through the committee, we have made the government commit to fully funding the Ombudsman to undertake this new expanded role. Crucially, as recommended by former Senator John Faulkner, we have pushed for the very first time for the parliamentary joint committee to itself have oversight of operational matters. Through the committee we demanded a full, considered and informed review of the scheme by the parliamentary joint committee two years after the scheme is fully implemented. Labor ensured that agencies will be required to collect and retain relevant statistical information to support this review. Documentation of all access requests must be retained until that review.

    We were not able to resolve all of our concerns through the committee process, however. As the opposition leader has said numerous times during the public debate about this bill, Labor holds serious concerns about the effect of the government's bill on freedom of the press. We know that working journalists fear the data retention scheme will compromise the identity of their sources. Labor has also been clear that we share this concern. In principle, Labor believes that the relationship between a journalist and their sources should be protected by warrant. This is why we made our support for this bill conditional on an additional amendment. While the government has resisted this—in fact, the Prime Minister and the Attorney-General have said they do not believe it is necessary—Labor will not offer its support for the bill without this condition being met.

    Another point of contestation which has not been resolved within the committee relates to the obligation that companies stores their data here onshore in Australia. Former Director-General of ASIO, David Irvine, said at a recent defence and national security roundtable that he would be concerned about the security of retained data if it were stored overseas because it would be governed by someone else's sovereign legislative system. (Time expired)

    7:11 pm

    Photo of Natasha GriggsNatasha Griggs (Solomon, Country Liberal Party) Share this | | Hansard source

    I also rise today to give my voice to the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. In dealing with this legislation, I think the most important thing that we can do in this parliament is frame this debate around reality. If you actually listened to those opposite you would think that they are going to vote against this piece of legislation. We need to peel back some of the hyperbole, some of the misconceptions and some of the fear-mongering that has surrounded what is a very moderate, sensible piece of legislation. But those on the other side cannot help but politicise. There was a case in point the other night with the member for Perth's contribution to this debate. Those opposite are out there spreading a lot of mistruths about this legislation, painting a picture drawn more from an Orwell novel rather than from the actual content of this legislation. We know that those opposite do not let the truth get in the way of a good story.

    So let us begin with what metadata is and what it is not. I think the most important point that people should bear in mind is that metadata is not the content of communications. Metadata is not what is said on the phone call. No-one has any interest in listening to the sweet nothings you tell your significant other or the conversations you and your friends have about the weekend's plans. Metadata is not your web browsing history. If you are browsing eBay late into the night, no-one cares. If you are spending your work hours on Facebook, that is a matter for you and your boss; it is not something that this legislation deals with or that we are actually interested in. Metadata is not the content of your emails. This legislation does not concern itself with what you are writing in emails.

    So what is it? Metadata is the information about the communication. It is the material that is already recorded by your phone company to send you out the bill. It is what you internet service provider would log to record when you are online and how much data you consume. This legislation will ensure that this information, which your ISP or phone company would keep for only a short time and in a variety of formats, is accessible to law-enforcement agencies, if needed to investigate a serious crime.

    Metadata is something that is already used across a huge spectrum of criminal investigations. People planning terrorism, conducting espionage or trading in illegal material leave a trail of digital breadcrumbs. Modern business practices mean that this information is not being stored for as long as it used to be. This is what this legislation is about: record keeping and preserving the data that already exists.

    This legislation will ensure that if the Australian Federal Police or some other law enforcement agency needs to follow those digital crumbs to stop a crime or to catch a bad guy the information will still be there and it will be in a format that can be read. This is about record keeping, not surveillance.

    Those opposite need to read the legislation a bit more clearly before jumping to conclusions. They need to understand what metadata is, what it is not, and engage in the argument on that front. We have seen a lot of hype, we have seen a lot of hyperbole, and we have seen straw-men appearing left, right and centre. This bill is not about thought crime and it is not about mass surveillance. It is about preserving some very basic data—data that already exists—in a usable form for serious crime investigations.

    Going back to the origins of this bill, communications companies—phone networks, internet service providers, and social media and email websites—all store metadata. It is essential to their business. It is the information that has been used for as long as we have had these types of communication. It is used to manage networks and it is used to collate bills. The problem that has arisen is that these businesses are not retaining the data for as long as they used to. The bipartisan Parliamentary Joint Committee on Intelligence and Security concluded that this has resulted in 'an actual degradation of investigative capabilities of national security agencies'. So, a bipartisan committee says that in losing these records we are losing a tool, a very useful tool, in the fight against crime, terrorism, and child exploitation. This bill will create a consistent standard of record-keeping across our telecommunications industry. It will ensure that the trail of digital breadcrumbs the AFP may need to track down a jihadi recruiter, a hate preacher, someone organising serious fraud, or to stop an act of child exploitation from happening, still exists.

    Now that we have defined what is actually in play here, I would like to mention to the House some of the safeguards that this legislation includes—the checks and balances that will ensure that the bill before the House today is used for its intended purposes and that individual privacy is preserved. The Privacy Commissioner already has a number of powers relating to compliance with the Privacy Act, and none of that will change. I will tell you something that will change. Fewer organisations will be able to access your communications data—fewer than currently can. This bill will actually tighten up the privacy requirements around metadata. Given the right circumstances, currently around 80 agencies could access your communications metadata. Once this legislation is in place that number will fall. It will go from around 80 organisations to around 20. For the first time, the Commonwealth Ombudsman will have an oversight role over any federal, state or territory agency that accesses this information. To sum up the situation on privacy, we have the Privacy Commissioner still in place, we have fewer agencies able to access these records and we have a new level of oversight by way of the Commonwealth Ombudsman.

    Much has been made of the impact this bill will have on whistleblowers and journalists. Again, the debate on this front has gone quite a long way from the reality of the situation. The bill does nothing to repeal whistleblower protections already in place. The bill does not roll back any privacy laws with regard to whistleblowers and it does not remove any of the protections afforded to them. In fact, the bill has additional safeguards in place for journalists, including reducing the number of agencies that can access metadata and restricting access to where it can be used in a criminal trial or a pecuniary matter. It cannot be used to identify sources or leaks unless laws have been broken.

    Earlier, I spoke about the work of the Parliamentary Joint Committee on Intelligence and Security. I mentioned the very diligent work of that bipartisan committee, which got us to the position that we are in here today to debate this bill. They released a report on this bill late last month, and remember that this is a bipartisan committee. The committee included Labor Senators Conroy, Faulkner and Wong, and Labor members of this chamber—the member for Blaxland, Jason Clare, the member for Isaacs, and the member for Sydney. I would also like to note, as other members in this House have, that a special thanks is due to the chair of this committee, Dan Tehan, the member for Wannon, who has done an exceptional job.

    The report had quite a bit to say about the dataset; the way that this legislation should deal with this dataset; the agencies that should have access to the data; and the oversight mechanisms. This government supported all the recommendations of that committee. There were 39 recommendations and the government supports these. Recommendation 39 of the bipartisan report was that this parliament pass this legislation. With that in mind, I commend the bill to the House.

    7:23 pm

    Photo of Matt ThistlethwaiteMatt Thistlethwaite (Kingsford Smith, Australian Labor Party, Shadow Parliamentary Secretary for Foreign Affairs) Share this | | Hansard source

    I speak in support of this amended bill, the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014.

    I have decided to support this bill after careful consideration of the facts and evidence, after consultation with constituents in my community and experts, and after a thorough review of the report of the Parliamentary Joint Committee on Intelligence and Security.

    I wish to point out that this bill that we debate tonight is fundamentally different to the original bill that was proposed by communications minister on 30 October last year. That was a piece of legislation that I, and many of my Labor colleagues, did not agree with. I would not have supported the bill in its original form. As a result of that opposition, the Labor opposition leader, Bill Shorten, wrote to the Prime Minister in February of this year, outlining Labor's concerns about the original bill proposed by the member for Wentworth.

    The concerns related to the following issues: the impact of the proposed laws on the privacy of citizens; the cost of the scheme, and who would be responsible for bearing that cost; the period the data would be retained by internet service providers and therefore would be accessible by government agencies; the safeguards for citizens in respect of their metadata, and the fact that the original bill proposed no encryption of that data; whether or not the public could access their own metadata; and the very serious issue of freedom of the press, and the protection of journalists and their sources under Australian law.

    The Leader of the Opposition, Bill Shorten, suggested to the Prime Minister that this bill be given serious consideration through an open and resourced inquiry by the Parliamentary Joint Committee on Intelligence and Security. Thankfully, and sensibly, the government agreed to that inquiry. The inquiry ran over several weeks and received hundreds of submissions.

    The inquiry also uncovered some interesting facts. Chief amongst those is that internet service providers already collect and store the metadata of their customers. They primarily do this for billing purposes. Most Australians would probably not be aware that their metadata is already being stored by their ISP, and that it is being accessed by government agencies routinely. Those government agencies go right down from the Australian Crime Commission and the AFP to local councils and other agencies such as the RSPCA.

    Last year, there were half a million requests to access that metadata under the Telecommunications (Interception and Access) Act. Some of those requests related to investigations of very, very serious crimes. I highlight the example of the tragic rape and murder of Jill Meagher in Melbourne several years ago. The police were able to pinpoint Jill Meagher's body by accessing the killer's metadata. The fact that he used his mobile phone, and he had his phone with him when he dumped the body, enabled the Victorian police to access that metadata and put that metadata together to ensure that crime was solved.

    The second fact that many Australians would not be aware of is that there is very little regulation regarding the privacy of metadata at the moment. It is a fact that the public cannot access their metadata. There is no encryption of the collection of metadata at the moment, and practically any agency can access that data under the Telecommunications (Interception and Access) Act. That probably includes police and other agencies accessing the metadata of journalists at the moment. That is something that people need to be aware of.

    Labor insisted on the Parliamentary Joint Committee on Intelligence and Security inquiry to uncover these issues to ensure that Australians are aware of how the current system works and, importantly, to improve the system—to make sure that, if we are going to have this review of the current laws, we improve the way this data is collected and the use of it by Australian agencies. That is exactly what this amended bill does. This amended bill includes many of the 38 recommendations of the Parliamentary Joint Committee on Intelligence and Security, as a result of that very thorough inquiry and the evidence of those organisations. It seriously rectifies many of the deficiencies in the original bill that was introduced by the communications minister. It actually makes the current system much better, offering more privacy and protection for consumers.

    Debate interrupted.