Senate debates
Tuesday, 17 March 2015
Questions without Notice
Telecommunications Data Retention
2:39 pm
Ricky Muir (Victoria, Australian Motoring Enthusiast Party) Share this | Link to this | Hansard source
My question is to the Attorney-General, Senator Brandis. Attorney, given that the NBN Co will become the largest wholesale provider of internet based services, including voice-over-IP telephone services, and that most of the internet traffic in Australia will be routed via this provider, and given that the NBN Co is a wholly owned Commonwealth company, a government business enterprise, and is represented by shareholder ministers, the Minister for Communications and the Minister for Finance, what is to prevent the NBN Co or any other internet service provider retaining customer data beyond the scope of the definition of 'metadata' in the metadata retention bill?
2:40 pm
George Brandis (Queensland, Liberal Party, Attorney-General) Share this | Link to this | Hansard source
Thank you, Senator Muir, for your advance notice of this question. I appreciate your customary courtesy, and I have some information for you. I need to make it clear, Senator, that the bill to which you refer does not propose to limit the retention of metadata by telecommunication service providers. What it proposes to do is to mandate it. The creation of metadata is a natural by-product of communications being made on networks, and service providers have technical reasons why they need to retain metadata, but they also have regulatory obligations.
Let me give you an example, because this is essentially about business records. Under the tax act, companies are obliged to retain their business records for tax purposes for five years, so telecommunications providers have, until now, had the practice of retaining their data for an unspecified period, and this bill will mandate an obligation, akin to that in the tax act, that they retain it for two years. The purpose of the bill is to establish that two-year period as a common minimum standard, but it is not a maximum standard. They may elect to retain the data for longer. The bill only applies to a closely defined subset of metadata which is set out in the bill: the metadata that is of most utility to agencies who protect the safety and human rights of the Australian community.
The recent bipartisan report of the Parliamentary Joint Committee on Intelligence and Security concluded that a two-year retention period was necessary and appropriate. I might say that this issue has been looked at in two consecutive parliaments by that committee, and on both occasions it arrived on a bipartisan basis at that conclusion.
The Privacy Act will continue to require the personal information that is no longer—
Stephen Parry (President) Share this | Link to this | Hansard source
Pause the clock. Order, Attorney.
David Leyonhjelm (NSW, Liberal Democratic Party) Share this | Link to this | Hansard source
Mr President, I raise a point of order. The senator's question was: what is to prevent NBN Co from retaining more data than is required by legislation in the light of its directors and ownership? The minister has not addressed that question so far.
Stephen Parry (President) Share this | Link to this | Hansard source
Thank you, Senator Leyonhjelm. I do believe the minister is addressing the question in the context in which it was asked. Attorney-General, have you concluded your answer? I call Senator Muir.
2:43 pm
Ricky Muir (Victoria, Australian Motoring Enthusiast Party) Share this | Link to this | Hansard source
Mr President, I have a supplementary question. Given that the NBN Co is permitted to retain data as defined under the data retention bill, what will prevent the owner of the NBN Co, the Australian government, from accessing this data for purposes unrelated to the intent of this bill?
George Brandis (Queensland, Liberal Party, Attorney-General) Share this | Link to this | Hansard source
Senator Muir, as I tried to explain in answer to your primary question, it is not this bill that gives NBN Co a capacity to retain data. This bill requires companies like NBN Co to retain data in circumstances where perhaps they otherwise would not have done. Nevertheless, there are a range of protections that will prevent access of the kind you describe.
It is a criminal offence for employees of a carrier, including NBN Co, to use or disclose metadata without a lawful purpose. The bill, with the government amendments I will move in response to the PJCIS inquiry, further tightens the lawful access arrangements. Finally, I should point out that law enforcement agencies have lawfully accessed metadata for more than 20 years, including from Telecom as it then was, which was also a wholly owned government business enterprise.
2:44 pm
Ricky Muir (Victoria, Australian Motoring Enthusiast Party) Share this | Link to this | Hansard source
Mr President, I ask a further supplementary question. This question may have partially been touched on now, but could the Attorney-General please outline the offences and penalties for unauthorised use of any retained data?
George Brandis (Queensland, Liberal Party, Attorney-General) Share this | Link to this | Hansard source
I did begin to address those, but I might also point out that, under the Telecommunications Act, it is an offence with a maximum penalty of two years imprisonment for employees of carriers and carriage service providers to unlawfully disclose customers' metadata. It is also an offence with a maximum penalty of two years imprisonment for officers of government agencies to unlawfully use or disclose metadata their agency has obtained in the course of an investigation. And there are other protections too, Senator Muir, but let me take the opportunity to point out to you that, under the current law, there is nothing to prevent as many as 80 government agencies and entities that are not actually government agencies—even, in some states, the RSPCA—from accessing metadata. Under this legislation, the number of agencies is reduced to 20.