Senate debates
Tuesday, 24 March 2015
Bills
Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015; Second Reading
6:03 pm
Christine Milne (Tasmania, Australian Greens) Share this | Link to this | Hansard source
I feel as if the parliament is playing catch-up—and not doing it terribly well—with what is in fact a revolution. The revolution, or the major transformation, is in big data. We have now reached the point where the revolution is not in the machines that calculate the data—something which has been our lived experience and which Senator Kate Lundy just spoke about in her valedictory remarks—it is now in the data itself.
I am strongly opposing the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 because I think the overwhelming majority of people in this parliament have no idea about what the retention of data actually means for the Australian community and for society in general—or what it could mean in the longer term. Up until now, because we could only deal with relatively small datasets, we have always looked for evidence, analysis and causation. We have looked at the dataset, looked at the evidence, tried to work out the causes and tried to extrapolate that to support evidence based decision making. Causation was where our focus was. Now the whole world is going to be shifting. We are going to be exchanging causality for correlations—in other words, no longer actually needing to know why, just focusing on what.
You get the correlation in the data and that gives you information about where people go, what they eat, who they see, which doctor they go to and so on. What does the information mean? There is nothing about causation, nothing about evidence—it is just about the correlation. It has reached the point where, with that data, the more you know about people—where they go, what they do, what their health is—the more valuable that data is to various businesses. The problem we have is that, if you collect data on people, no matter what the primary purpose of collecting it is, you do not know how, in two years time, that data might be used. It might be used for something entirely different. The data itself is now the product that is valuable to corporations, to governments or to anyone who gets hold of it. It enables them to make decisions; it enables them to develop and sell goods and services. The book, Big Data: A Revolution That Will Transform How We Live, Work and Think, tells us:
Mobile operators have long been loath to monetize that information for fear of running afoul of privacy regulations. But they are starting to soften their stance as their financial fortunes flounder and they regard their data as a potential source of income. In 2012, the large Spanish and international operators Telefonica went so far as to create a separate company, called Telefonica Digital Insights, to sell anonymous and aggregated subscriber-location data to retailers and others.
So that is the new market for people who have the data—to on-sell it to other people for profit, and basically to use that data about people. The argument will be that you can make it anonymous. You cannot. It is clear that even if you try to make it anonymous you cannot, because the dataset will match somebody. And inevitably that person will be locatable. That is one of the big problems.
So here we have a parliament which is deciding to legislate to allow the data about every Australian to be kept by telecommunications companies for two years. That is incredibly invasive. The data is going to tell you everything about that person—where they have been, the fact that they used their phone and who they spoke to, for how long they spoke and then the network of people that those people have spoken to. There will be a whole set of data built up about a person.
Who is going to have access to that data? There is no saying in this legislation that that data is going to be held and controlled by these corporations in Australia, under Australian privacy law. What is to stop one of these providers, who will store this information for two years, storing it in another country, where the privacy laws are not the same as Australia's and that—as Telefonica has done—they will allow access to that data to medical insurance companies, for example, who might decide that they want to determine whether they should give someone health insurance or adjust the cost of that health insurance over time?
There was an extraordinary example that I read about, where a car company is designing the most up-to-date seats. When you buy or get the car you can log in the impression of your body as you sit upright in the seat of that car. It will then program the car so that if you slump over the wheel or start going to sleep, the car will wake you up. It is meant to be a safety device, but the data is owned by the company. The company can then make that data available to law enforcement agencies or insurance companies, in the case of an accident, to say that you went to sleep at the wheel of that car or that you were distracted, leaning across or whatever you were doing, because of the physical imprint of you sitting in the seat. If you were not sitting up, that information can be made available and you could find that the data will get you, in the end.
We are getting to the point where people are making themselves vulnerable to the data collection agencies that hold the data. They could on-sell it or make it available. They could be vulnerable to being hacked. Yet this parliament is saying that 23 million Australian people are going to have all their data stored somewhere. The government and Labor think that it is perfectly all right to do that.
Already up to 80 agencies are able to access people's data. That is going to be pared down in this legislation, but the big flaw is that all those agencies have to do is to apply to the Attorney-General, and he or she can then allow those new agencies to be on the list of agencies that can collect the data. We have no idea what the Attorney-General of the day will rubber-stamp in terms of saying that any of these agencies can have access to the data.
Of course we know that ASIO, the police and all of the law enforcement agencies will want this. It is being dressed up to look as if it is to deal with terrorism. Nothing could be further from the truth. These agencies—up to 80 agencies now—want this data because it makes it easier to track down information about people or to engage in audits of compliance, enforcement and the like. It is a matter of considerable concern that these agencies wanted data to be stored for five years. They are not going to get it; they are getting two years—but that is, in fact, too many. There is a real concern here about what is going to happen to information that pertains to all Australians.
And, as I said, what about confidentiality? The Labor Party seems to think that it has made some very thin confidentiality arrangements to protect journalists and their sources—I will come back to that; it does not protect journalists' sources—but what about doctors and lawyer groups? What about any of those organisations which require and demand privacy of information? They will no longer have that privacy, because there is only one group of people protected through this fairly thin provision for a new public interest advocate. What about the people who provide the information? What about doctors? What about lawyers? They are not covered.
In fact, any information about any individual can be uploaded and held for two years. There are no confidentiality provisions. This legislation undermines everything we have understood about the rule of law and about professions that are protected in terms of the information that they hold. As I said, the idea of causality has gone; we now have the idea of correlation. Correlation allows people to work out probability. So we are going to get profiling of people and communities as being likely suspects in particular crimes—these groups of people have a greater probability, according to the data, of committing a crime. It does not allow for individuals in the community or for any analysis of other things in the community. So you are going to get additional policing and surveillance put into those areas, and that is completely unnecessary.
We are not saying—and I heard a few comments earlier to this effect earlier—that the Greens do not want to see adequate surveillance from police and law enforcement organisations dealing with terrorism. Of course we do. And that is why there are data preservation orders. If they have reason to suspect that somebody is likely to be involved in criminal matters then they can get a data preservation order. So 'targeted' is one thing; indiscriminate surveillance of an entire population under the guise of terrorism and national security is quite wrong. This has been on the agenda for a long time. Under the shadow of terrorism, we have had Labor roll over, go and join up with the government, and agree to legislation that will lead to surveillance of all Australians.
I just want to go to this public interest advocate that has been set up to oversee the metadata searches on journalists. There are a number of problems with that. There are no rules requiring the Attorney-General to seek the views of the public interest advocate to argue against warrants being issued for journalists' metadata. In addition, it will be an offence involving two years' jail for anyone to disclose that a warrant for metadata has been requested or applied. So the journalists will not be able to contest the idea that this has actually occurred.
Testimony from the Attorney-General's Department, combined with evidence from countries which have enacted data retention, has shown that there is no evidence of improved crime resolution statistics once data retention is enacted. Law enforcement agencies have consistently claimed that the extra powers are needed, but they have failed to provide any concrete examples of why it is needed—and in fact it is to the contrary.
I was surprised to see that the Attorney-General was going on about how this is the way that Western nations are going. No, it is not. Western nations are actually going in the opposite direction. That is why I said in my opening remarks that this parliament is playing catch-up. The fact of the matter is: the European Union had a data retention directive on this in 2006. In 2006, John Howard was Australia's Prime Minister. I do not think he would even have had any idea of what data was doing at that particular time in terms of retention or in terms of the transformation of what it would do. That was in 2006. Since then, countries have been winding it back. In fact, the European Court of Justice found it is unconstitutional. Austria has used it—for theft, for drugs, for stalking, but not for terrorism. Poland has used the data, mostly for civil disputes and to assist in divorce cases. In Denmark it was given up in June this year. And Germany abandoned the legislation in 2010.
So it is not about national security. It is about collecting data on every Australian, for every law enforcement agency and regulatory compliance agency to use. You will get this surveillance capacity and this data being used for everything from crime to trivial infractions of various things, for the tax office, the ACCC, ASIC, fisheries, health compliance agencies, local government and even the RSPCA. There are any number of organisations which have accessed data for various reasons. That is where we will actually end up in this country. Once you are identified, once your data is there, it will be used. We cannot even know now what the secondary use of that data will be, either next week, next year or in two years' time—how you might be able to use that data or what it is actually for.
Then we go to the cost of it. This is an extraordinary thing—that we have the Labor Party agreeing with the Abbott government that we go ahead and conduct the collection of data on every Australian for two years, and we have no idea what it is going to cost and no evidence that it actually assists in doing anything about terrorism. This is an extraordinary lie to the Australian people that is being perpetrated.
Let us go to cost for a moment. We have no idea what it is going to cost. The companies and government agencies not only will need to store the data but have to ensure it is stored safely. As I said before, how do we know that it is even going to end up being stored here?
It will be very attractive, for the reasons I indicated earlier, to hackers, and I want to know how the government is going to guarantee, if the data is not stored in Australia, how it will meet Australian privacy laws or will be protected from hacking. But let us go to the actual cost. What is it likely to cost a year? We have had all this talk. We had a budget emergency; now we do not have a budget emergency. Last year's budget was to fix the emergency; this year's budget is going to be dull. It is very interesting the way that the news about the budget travels. But what is the cost? Australians deserve to know how much the government intends to contribute to the mass surveillance of the Australian population. How much money are we going to put up to have this surveillance on ourselves? Surely the parliament deserves to get an answer to that question. We do not have an answer to that question. And it is fundamentally wrong.
Then we get to this idea that, if you are not doing anything wrong, you have nothing to hide. That is what the Stasi said in East Germany as well. And it is what every police state has to say: 'We will follow you. We will do surveillance on you. But do not worry about it; if you have nothing to hide, it won't be a problem for you.' Well, we saw what happened with the Stasi in East Germany and we know about the chilling effect that this will have on people. It will mean, for example, that you will know who attends a protest rally, for example, anywhere; you will have their location, if they make a call or have their phone on them while they are there, as they attend that rally. What is it worth to a foreign government to know who has been there and which of their overseas students was at a rally against human rights abuses, for example? Who knows how anyone is going to use this data on particular individuals. So this idea that if you are not doing anything wrong you have nothing to hide is no excuse whatsoever for this invasion of people's privacy.
When you get to the issue of trusting our government bureaucracies and intelligence agencies, what about the scrutiny? What about the oversight that we need? You know that if there is not proper oversight you will have corruption and you will have creep in what this data will be used for. Today people are deciding which agencies can access it but, as I indicated, the Attorney-General can change that anytime—add new agencies add different levels of surveillance—and that is where we will end up on this.
When we get to looking at this as an overall objective in Australia, I think it is really sad that we have got to the point that we are legislating without evidence. (Time expired)
6:23 pm
Lisa Singh (Tasmania, Australian Labor Party, Shadow Parliamentary Secretary to the Shadow Attorney General) Share this | Link to this | Hansard source
I rise to speak to the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015. The current bill has brought deep concern to many Australians—and rightly so, because it raises complex and concerning issues, especially in relation to privacy, freedom of expression and media freedom.
I have had my own deep concerns about this legislation and I know some of my Labor colleagues—such as the member for Chifley, the member for Fremantle, the member for Charlton and other Labor colleagues as well—have had similarly deep concerns. I have wrestled with these issues, because data retention is a complex global issue but an issue that has to be dealt with in this era of advanced technology.
It is not a surprise that these are concerning issues. Communications data can reveal quite personal information about an individual. Without the content of the data being made available, it can reveal who a person is in contact with, how often and where. But we are informed that this bill is needed to ensure that our law enforcement agencies can keep pace with the rapidly evolving telecommunications technology and services.
I agree wholeheartedly with the comments of former Senator John Faulkner who said:
The Australian Parliament’s … must ensure our intelligence and security agencies have the necessary powers and resources to protect Australian citizens and Australian interests. However, these powers can impinge on the values and freedoms on which our democracy is founded … which Australian citizens rightly expect Parliament to protect.
So Parliament must strike a balance between our security imperatives and our liberties and freedoms.
Key to achieving this balance is strong and effective accountability.
Therein lies the essence of what this debate is all about and what we as parliamentarians must try and strive to achieve.
So what we have before us now follows amendments that were brought through the work of the Parliamentary Joint Committee on Intelligence and Security. They have done a great deal of work to improve the bill the government presented last year—which I think can be regarded as a shell of a bill—making it into something which now is trying very hard to get that balance right.
On that, I would like to thank my Labor colleagues for their work. They have closely reviewed and rewritten this legislation. After months of work, their approach to the issue has led to a much improved piece of legislation being presented for debate, and that is what we have currently before us here in the Senate: significant minor, technical and consequential amendments to clarify the intent of the bill; limiting the dataset required to be retained under the scheme to that which is prescribed in the bill itself, rather than allowing the dataset to be prescribed by regulation. These are just some of the things my Labor colleagues achieved through that joint committee.
Labor has insisted on significant improvements to oversight and transparency through the PJCIS inquiry into this bill, and the work of that Parliamentary Joint Committee on Intelligence and Security has led of course to the 38 recommendations for inclusion in this legislation. These amendments, including protections for journalists, have been absolutely crucial to the substance of this bill.
The work of the Leader of the Opposition, the shadow minister for communications, the shadow Attorney-General and my Labor colleagues in pursuing the government for these amendments to be included has meant that today we are debating legislation of a much greater quality than what we saw last year. So I thank them wholeheartedly for the work they have done but also for their consultative approach to this issue, which has been part of our Labor caucus.
Looking at the substantive matter of this bill, examining the issues seriously and exploring all the options available to achieve a balance between the public interest in granting access to metadata and the protection of privacy rights, has been critical. In fact that is the critical factor when we debate this bill. That has been the focus from the outset for the Labor opposition.
The storage of data onshore, protections for journalists to ensure freedom of speech is preserved, the inclusion of privacy alerts and the importance of oversight have helped shape my position from one of having great concern to one where I am comfortable with the outcomes that have been now delivered through that process and into this legislation. As I said at the outset, it was a difficult issue at the beginning, but what we have before us now is a much more substantial bill than that which was provided to the parliament last year.
Sitting suspended from 18:30 to 19 : 00
I return to highlight the important factors that have helped to shape my position on this piece of legislation, and I want to list the improvements that have been made through Labor's input and through the process of the PJCIS inquiry. They include: listing of dataset in the bill so that we know what data is retained; limiting access to telecommunications data to those enforcement agencies specified in the bill; oversight of the operational use of this legislation by parliament's intelligence committee, the first time that committee has been given this power; authorising ASIC and the ACCC to access telecommunications data to assist in the investigation and prosecution of white-collar crime; requiring telecommunications companies to provide customers access to their own telecommunications data upon request; requiring stored data to be encrypted to protect the security and the integrity of personal information; prohibiting access to telecommunications data for the purpose of civil proceedings, such as preventing its use in copyright enforcement; requiring the mandatory data breach notification scheme to ensure telecommunications companies notify consumers if the security of their telecommunications data is breached—I currently have a private senator's bill in this place on this very matter. Other improvements are: increasing the resources of the Ombudsman to strengthen the oversight of the mandatory data retention scheme; and a mandatory review of the data retention scheme by no later than four years from the commencement of this legislation. All these factors are improvements that have helped to shape my position.
I do want to go into some further detail on a number of those issues, and the first of them relates to data storage. Protecting the cloud of data collected under this legislation is critical to the privacy of individuals. The storage of data needs to remain under Australia's jurisdiction to ensure that it is regulated by Australian law. On the eve of the data retention changes being reintroduced into the parliament, the former Director-General of the Australian Security Intelligence Organisation, Mr David Irvine, voiced his concerns clearly about where Australians' data should be stored in the cloud. He described himself as a 'cyber nationalist' when it came to the position of the cloud. He is correct: metadata provides knowledge of an individual whom this country has a duty to protect. In that sense I also describe myself as a 'cyber nationalist'. The issue of the location of stored data is one of concern not just to myself or not just to Labor, but to the broader Australian public as well. I am pleased that this matter is currently being examined as part of the telecommunications sector security reform, TSSR.
Mr Irvine said there had to be awareness in government, business and with private individuals of the fact that the internet world had brought huge benefits but it had created all sorts of vulnerabilities. He said:
We should be trying to develop for Australia, particularly for government and industry, the ability to manage national data on a national basis, with international hook-ups of course, but then it can be subject to national law, which can be privacy law and national security considerations.
He also said:
Our ability to use metadata is just as important in eliminating people from suspicion as it is from incriminating them.
I think that really highlights the importance of onshore data storage.
We are informed that this bill is going through another process to address that important issue. This bill raises another issue—which may come as a surprise to many Australian citizens—about who has access to data. There are currently more than 80 agencies, including many local councils and other organisations that can already access data without a warrant, and that is of quite grave concern. My understanding is that access to this data has grown over the years and now the types of agencies which can apply to access this data include Centrelink, the RSPCA and even Harness Racing New South Wales. Not many Australians would be aware of that. This bill addresses the issue and confines access to law enforcement agencies, and that is an important improvement that has been made in this bill. Having such a broad definition of the agencies that can authorise themselves to access your metadata, my metadata, I think is a problem. This bill very much deals with that issue. Limiting access to criminal law enforcement agencies specifically prescribed in the bill, rather than by an open-ended definition, and authorising ASIC and the ACCC to access metadata to facilitate the prosecution of white-collar crime I think is a better outcome. As I have said, Labor's position is that there should be onshore data storage of that metadata.
Another improvement made to this bill is in relation to the protection of journalists. The protection of journalists and their sources along with freedom of the press have been issues of particular concern to Labor. The Australian Federal Police have confirmed for the first time that they have accessed journalists' telecommunications metadata in the past 18 months, but said that the requests were 'rare'. Under the new laws, a public interest advocate, who will be able to contest police applications for warrants to identify a journalist's source, will be created. That is a great improvement to the current regime. Allowing a list of security-cleared barristers to argue the public interest case before judges deciding whether government agencies should be allowed to access journalists' metadata is important—and to argue the public interest case as a judge weighs that consideration against national security interests in deciding whether to issue such a warrant is the substance of it. Of course, there will be a presumption against issuing the warrant, and agencies must prove that the public interest in issuing the warrant outweighs the public interest in protecting the confidentiality of the identity of the journalist's source.
One other issue I want to highlight is that Labor has advocated for the inclusion of a system of mandatory notifications of data breaches or privacy alerts, a system of mandatory notifications similar to those contained in the Privacy Amendment (Privacy Alerts) Bill, which I introduced into the Senate in 2014 on behalf of the Labor Party. I am pleased that that system, introducing a new consumer privacy protection for Australians that will keep their personal information more secure in this digital age, forms part of this bill. Time and time again, we have heard examples of data breaches like that by the immigration department, where some 10,000 asylum seekers' details were accidentally breached as far as their security was concerned. It is important that, following the recommendations of the Law Reform Commission in 2008, those changes will finally be addressed in this bill. At the time we were debating my private senator's bill in this place, I was disappointed that it seemed that government senators were not going to support it. I am glad that they have seen the light.
I have raised a number of other aspects of this legislation that are great improvements. But, overall, regardless of those improvements—and they are very good—this bill was introduced very speedily and the government showed too little concern for the substance of the bill and the importance of getting it right. That is clearly on record with the bill that the government first introduced late last year. The government should have taken a different approach to this important piece of national reform dealing with security, privacy and our freedoms. There should have been a review of the data access regime, for example. Investigation should have been undertaken into whether warrantless access should have been allowed to continue at all. There has not been time to debate and go further into those issues because this government rushed this legislation into the parliament last year and has continued to rush it through the parliament this week. What we do have has gone through a very careful improvement in its design, due to the fact that my Labor colleagues on the PJCIS put in the effort and paid it the concern that was needed.
I will finish with a comment by former Senator John Faulkner, a former defence minister and someone who has very strong values in relation to freedom and privacy issues. He said that parliament must always strike the right balance between our security imperatives and our liberties and freedoms. That is what this bill should achieve. With any review in the future, that must always be at the forefront.
7:13 pm
Lee Rhiannon (NSW, Australian Greens) Share this | Link to this | Hansard source
The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 should not be passed. My colleagues Greens senators Scott Ludlam, Christine Milne and Penny Wright have set out a very clear case as to why this bill should not be passed. The way in which the Liberal, National and Labor parties have colluded to rush through parliament this bill, which creates the government's mass surveillance regime, is a disgrace. It is a result of an ugly backroom deal between these parties.
By the government's own admission, mandatory data retention alters the balance between government and individuals when it comes to their right to privacy. The best the Prime Minister and the Leader of the Opposition have come up with to justify their antidemocratic deal on internet and smartphone surveillance laws is to say, 'Just trust us.' They want us to trust a government which has broken election promise after election promise. They want us to trust a government which has shouted down any attempt to hold it to account and which has publicly savaged statutory bodies and human rights watchdogs for simply doing their job. We have to ask: why do Labor want us to trust this Liberal-National government? Our colleagues in the House of Representatives were contemptuously given just 30 minutes to debate 74 amendments, denying the public and parliament a chance to scrutinise this backroom deal between Prime Minister Tony Abbott and opposition leader Bill Shorten.
The bill now before this chamber should hold the government to account, but, no, instead it effectively waves through mass surveillance of Australian citizens. We know that because we have heard the opposition and the government saying, 'It'll be right. Just trust us.' There are a number of questions that remain unanswered as the government tries to ram these changes through.
There has been a lot of hyperventilating and hyperbole from the Prime Minister, who has all but claimed that law enforcement will halt without warrantless access to metadata and mass surveillance of our citizens. That is clearly ridiculous. It is just a new form of the law-and-order campaign that we have seen wheeled out by conservative governments, particularly at a state level but increasingly at a federal level, on national security. They are now using metadata in a similar way.
It is clear that the amendments agreed to by the Prime Minister and the opposition leader do not implement the recommendations of the Parliamentary Joint Committee on Intelligence and Security or address the concerns that have been raised. Labor rolled over. Why? We still have not got to the bottom of that. On an issue as serious as giving security agencies additional rights and powers over people's smartphones and internet records, the Labor, Liberal and National parties, as I said before, are saying, 'Just trust us.' But that raises a number of key questions. Where will the data be stored? Will it be subject to foreign laws? How does the government define a journalist and a journalist's source? Will the data be deleted after the mandatory period? If so, how? Will the data be secure from cyberattacks? But the answer we are getting is, 'Just trust us.'
We have already seen how this sort of metadata can be abused. The existing Telecommunications (Interception and Access) Act allows law enforcement authorities in Australia to access some categories of metadata from certain ISPs and telcos. However, a laundry list of other organisations have gained access to the metadata for undisclosed purposes, including Centrelink, the Western Australian Department of Fisheries, Racing Queensland, the New South Wales Health Care Complaints Commission, the Victorian taxi directorate, various local councils, the RSPCA and the Office of Environment and Heritage. I will come to the issue to do with the ABCC shortly.
It is open season on metadata already. Already under the current law there is the ability to do so much of what the government says that it needs to achieve. Three hundred and forty thousand warrantless accesses took place in the 2012-13 financial year, and that was before a mandatory data retention regime was in place. My colleague Senator Scott Ludlam set out very clearly the issue about the number of warrants that are out there. The evidence about metadata requests under the current regime shows that a massive number have nothing to do with solving serious crime but instead relate to petty requests by agencies, including the Australian Taxation Office and Centrelink, to track what ordinary Australians not suspected of any serious crime are doing. Again, this highlights the dangerous territory the Labor, Liberal and National parties are taking us into.
The Attorney-General has pointed out that this bill does not change the existing arrangements, and that is precisely the problem. It welds on two years worth of additional data which can be indiscriminately accessed by agencies. This is despite the fact that evidence shows that most law enforcement metadata requests are for short-term data, meaning within three months rather than two years. Now, under the new legislation, the Attorney-General will also be able to add to the list of agencies with access to our data. Senator Ludlam called this 'scope creep', and that is what you see all over this legislation.
Very relevant to the debate is to note that the now-defunct Australian Building and Construction Commission received a total of 77 authorisations for data through the T(IA) Act between 2007 and 2012. The Fair Work Building and Construction agency, which replaced the ABCC following a successful union campaign, received one authorisation in the 2012-13 financial year. We know the Abbott government is trying to reinstate the ABCC. That is one of the issues right at the top of its agenda. It also flagged in November 2014 that it is considering another agency with similar powers to ASIC dedicated to monitoring unions. Both of these organisations, like the ABCC before them, may be able to access the metadata of union officials and union members. This is a very frightening aspect of the bill. Again, what Labor have signed off on, considering they say they are so deeply against the ABCC, is very troubling. We need to look at these bills together and what this government is up to. As I said, it is a frightening aspect of this bill that the government will supercharge its anti-union attack legislation with these anti-democratic measures that we are making tonight. Again, that has to be emphasised so strongly—that Labor are hand in hand with this government in bringing forward legislation that, as we look into it more and more, we can see is like a twin of the ABCC legislation.
The Media, Entertainment and Arts Alliance has voiced concerns on behalf of its members on the chilling effect that the Abbott-Shorten deal will have on journalism in this country. While the Labor Party has claimed it wants to protect journalists and their sources, its deal with the government fails to deliver on this. As the MEAA has said, the requirement to get a warrant to access data of journalists still ignores the key ethical obligation of journalists to not allow their confidential sources to be revealed. While journalists worldwide have faced jail in upholding this obligation, mandatory data retention means it is no longer their decision. Journalists in Australia can no longer guarantee their sources and whistleblowers that they will be protected. Journalists, understandably, are concerned that this law is anti investigative journalism and anti whistleblowers.
I think we need to take a pause here. We need to consider what this means for investigative journalism and a free and open media in this country. So often we hear people in this place espousing the importance of a free media, but this bill puts that at threat. Again, this is a key consideration that should be at the top of this debate. We do not need to wait until we see whistleblowers hauled before courts for exposing dishonesty, fraud, waste or corruption to know that this bill is wrong. Investigations will not go ahead. Whistleblowers will hesitate. Courageous public servants will wonder if they should speak out. Reporters will decide that they do not want to put the people they depend on for their stories at risk. That is how we expect this to play out.
The public-interest advocate, which is to be set up to oversee metadata searches on journalists' data, is no solution. For example, there are no rules requiring the Attorney-General to seek the views of the PIA or for the PIA to argue against warrants being issued for journalists' metadata. In addition, it is an offence involving two years jail for anyone to disclose that a warrant for metadata has been requested or applied. This is compounded by the fact that, in today's environment, we see a fragmentation of journalism and the greater need of protection for acts of journalism—acts by the likes of Edward Snowden and Chelsea Manning. In fact, the protections—such as they are—may not apply to many of the new players in the media landscape, such as bloggers.
This prompts the question: who is really protected by mandatory data retention? In the rush to pass data retention, the government has failed to demonstrate how it will achieve even its own stated goals. The Attorney-General's Department could provide no evidence from anywhere in the world that mandatory data retention improves community safety or helps reduce crime. There you have it: no proof that it will improve our safety or reduce crime. Why is this being done? That is why you have to go back and look at the organisations that will access this.
The government still has not defined the metadata it wants industry to store, and it wants to change the definition on a whim. Law-enforcement agencies have consistently claimed that the extra powers are needed, without providing concrete examples of why they are needed. For example, why is it that we need to retain data for two years, when evidence shows that most law-enforcement metadata requests are for much shorter-term data, usually within three months? Evasion of the scheme is easy for anyone with ill intent. Virtual private networks are easy to set up and use, while something as simple as using a Gmail account can put one outside of the scheme jurisdiction. However, while those who may wish harm can easily bypass the scheme, all Australians will be subject to surveillance. It is wrong to assume that only those engaged in criminal activity will be affected by this surveillance.
The recent New South Wales parliamentary inquiry into police surveillance of other police officers underlines how irresponsible this legislation is. We cannot rely on police to determine issues to do with the surveillance of the public, with no external oversight. The New South Wales inquiry has revealed extensive abuses of how surveillance warrants have been issued and abuses by police using their resources to spy on other police and journalists. The inquiry found that TV reporter Steve Barrett was targeted by crime agencies, with dozens of improperly obtained covert surveillance warrants, between 1999 and 2000.
The inquiry uncovered a series of warrants rubber-stamped by the Supreme Court. In one case, there was zero supporting evidence for 46 of the 114 targets on a single covert surveillance warrant. A former judge admitted that that there was no way to properly check that the warrants were in order. He resorted to checking for obvious errors, like inclusion of the names 'M Mouse' or 'D Duck' before he signed off. That is serious; that is what he said. Despite an inundation of warrants, he could not remember refusing a single one. I set that out in detail because this is from an inquiry about police surveillance, where they could not get it right and where there was no accountability, standards or external involvement. It shows what we are walking into. Those abuses by police officers have been revealed, but did the Attorney-General take any notice or learn any lessons? Clearly, that has not occurred. The Attorney-General is ready to give police and security forces unprecedented access to endless quantities of data, to intensify surveillance in such an extreme way.
Then there is the still unresolved issue of who will actually pay for this surveillance. Senator Ludlam set out this out very clearly. He detailed the important letter, which came just last week, from a number of telecommunication companies, setting out how much this is going to cost. That is a very relevant part of the debate. The Australian government will not say who will be paying this surveillance tax. What we do know is that the public will end up paying, either with higher data changes or through higher taxes.
The New South Wales Council for Civil Liberties is one of the many groups that have provided in-depth analysis on the dangers of this bill. They have stated in some of their material:
It is not acceptable for ASIO, the AFP, police forces and other agencies to be able to access the extensive metadata of citizens on their own internal authorisation. The bill allows them to do just this—albeit within some parameters. Legal experts and organisations, civil liberties, privacy and human rights groups among others, argued the need for a warrant system—a longstanding safeguard within our legal system. The intelligence and security agencies argued—successfully it seems—that any form of warrant system would impose too great a logistical and bureaucratic operational constraint.
It would seem the self-serve system is to continue and long standing safeguards to be sacrificed.
This is a mistake and will lead to misuse, abuse and overuse of this data. The post-hoc safeguards proposed will not be adequate to protect against these outcomes.
I do urge senators to look up, in full, the material on this issue from the New South Wales Council for Civil Liberties.
Big Brother has become 'Big George' in this situation, and 'Big George' works hard to keep a straight face as he spouts his justification for these extreme laws, saying, 'Those who have nothing to hide, have nothing to fear.'
Barry O'Sullivan (Queensland, National Party) Share this | Link to this | Hansard source
Mr Acting Deputy President, on a point of order: if 'Big George' refers to Senator Brandis, the senator should withdraw the remark, call the senator by his correct title and, if she feels so inclined, apologise.
Alex Gallacher (SA, Australian Labor Party) Share this | Link to this | Hansard source
Senator Rhiannon, if you have been referring to the Attorney-General, I would invite you to refer to him by his correct title.
Lee Rhiannon (NSW, Australian Greens) Share this | Link to this | Hansard source
Thank you for the advice, Mr Acting Deputy President. With regard to the issue of collecting metadata, what the Attorney-General is doing to his own office is very concerning. The standing of the Attorney-General is very important to the whole nation in terms of the upholding of justice. We have already seen abuses of metadata. When the Australian intelligence agencies were interested in the phones of the former Indonesian President and his wife—leading figures in Indonesia—it was an issue of metadata. Again, that shows how these services have been abusing the use of that data.
Ever since the terrorist attack of September 2001, crime, spy and security agencies have been demanding more and more powers to reach into our private individual lives. This incursion for mandatory metadata retention will not make us safer or more secure. Mandatory data retention strikes at the very heart of the relationship between governments and the public. This bill, which is set to be passed on the combined vote of the Liberal, National and Labor parties, is an enormous setback as it delivers an increase in the power of the state over private individuals for indiscriminate surveillance. The campaign to stop this level of surveillance and to have this bill repealed is I believe set to become one of the most important issues in Australia.
7:32 pm
David Leyonhjelm (NSW, Liberal Democratic Party) Share this | Link to this | Hansard source
I rise to oppose passage of the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. I do so despite the fact that there are 10 amendments circulating in my name. These amendments will do the following: (1) require a warrant not just for access to journalists' metadata but also for access to the metadata of lawyers and medical professionals—lawyers have expressed particular concern about threats to legal professional privilege; (2) use the definition of 'journalist' in the Commonwealth Evidence Act so that freelancers are protected by Labor's warrants regime; (3) reduce the period of data retention from two years to three months, consistent with commercial practice among ISPs; (4) limit the use of retained data to serious criminal offences; (5) remove ASIC and the ACCC from the list of law enforcement agencies; (6) provide for a warrants regime that protects members of the general public; (7) ensure a definition of 'content' is included in the bill; (8) ensure that the most invasive parts of the bill will sunset rather than being merely reviewed by a committee that includes no crossbenchers or Greens; (9) prevent the addition of further agencies to the list of law enforcement agencies in order to halt creeping government overreach; and (10) provide that the penalty for disclosure of a warrant is reduced significantly from the current two years imprisonment and subject to a public interest test.
I wish to make it very clear that even if all my amendments were to pass—in addition to those proposed by Senators Ludlam, Xenophon and Wang—this would still be bad law. I recognise that I am on the losing side in this matter, so I propose to do two things here. First, I want to explain why one does not protect a free society by legislating liberty away. Secondly, since so few people seem to understand what this bill purports to do, I will explain exactly what it means in practical terms. Everyone has something to hide, and something to fear, from mandatory data retention. It is one thing to require monitoring of certain individuals where there is reasonable cause; but the idea that the government needs to store everyone's metadata without cause, including my 84-year-old mother's, should not be countenanced.
Data retention will do nothing to save us from terrorists. Paedophiles are already canny enough to use the 'dark net' and avoid it. Data retention instead places the entire population under surveillance no matter who they are or how blameless their lives. And thanks to its sheer volume, it will make terrorism harder, not easier, to track. This emerged in the wake of the Charlie Hebdo attacks in France; in fact, even real-time collection of targeted metadata was of no benefit to France's police. For the record, I have no problem with data retention when it comes to genuine suspects. But what the attacks in France show is that sifting through data is difficult. It places a significant burden on law enforcement. In France the perpetrators were dropped from watch lists. Finding a needle in a haystack is not made any easier by adding more hay to the stack.
ISPs such as iiNet, TPG and iPrimus, along with Telstra and Optus, will also be liable for hundreds of millions of dollars in storage costs, which raises the obvious question: who pays? This bill, as amended—thanks to the PJCIS report—now provides for the Commonwealth to make financial assistance available to ISPs to help pay for this wretched scheme. When you hear the word 'Commonwealth', remember, it really means 'taxpayer'. Wonderful—we will pay for the privilege of being spied on through our phone bills and through our taxes! And we really are talking about everyone—Air Chief Marshal Mark Binskin, Chief of the Defence Force; Duncan Lewis, the head of ASIO; and Prime Minister Tony Abbott. And unless the bill is amended to ensure data is retained in Australia, it may be simpler to bundle up two years worth of all our personal information and send it directly to the Chinese. After all, cloud storage is cheaper over there and access will not be subject to Australian law.
Then there is the basic reality that the government already has substantial powers to deal with terrorists and paedophiles. Apart from the fact, as Bret Walker SC often points out, that violence and conspiracy to commit violence have always been crimes, Australia's security agencies have extensive surveillance powers. They can, for example, obtain data preservation orders, ensuring metadata is retained and an individual's activities on the internet are examined. They can obtain warrants to intercept phone calls. People can be held and compelled to answer questions. Preventative detention orders and control orders, without any crime having been committed, restrain people from leaving their homes, if it is suspected they may commit a crime in the future. Passports can be cancelled. These powers are already so over the top that there is a serious case to be made that they are incompatible with the rule of law in a liberal democracy. Preventative detention orders and control orders, for example, are a direct assault on the presumption of innocence. They allow people to be locked up without a finding of guilt. And this in 2015, the 800th anniversary of Magna Carta, the source of the presumption of innocence at common law!
In preparing these remarks I tried to avoid references to George Orwell's Nineteen Eighty-Four. Too often banal developments are equated to this depressing future world. But in trying to describe the pervasive impact this law will have on our lives, there really is no better reference. In 1949, Orwell wrote of CCTV listening to our every word, in every room and alleyway. Had he imagined the advent of the internet and smartphones and the concept of metadata he would surely have written of the 'Ministry of Retention', tracking every step and every conversation with every device we use.
Government agencies already exploit the information they have about us in disturbing ways. In the year to June 2013, there were almost 320,000 authorisations to access telephone records, including 375 by Australia Post and 15 by Wyndham City Council, in Victoria. Stored data is a honeypot for intrusive snoops and bullies. And those are only the legal ones. That is why it is important to be aware that these immense data retention powers will not be used to fight terrorism. They are not really suited to that. As happened with the UK's Regulation of Investigatory Powers Act, RIPA, it is likely they will be used for minor welfare fraud, unpaid parking fines and catching petrol stations engaging in the heinous crime of comparing petrol prices. The latter is especially likely now that the ACC and ASIC have been added to the list of law enforcement agencies.
The idea for data retention of this type came from Europe, which is why Europeans were the first to appreciate that its record in crime clear-up is poor. Germany's parliamentary research unit, for example, surveyed that country's crime statistics, between 2005 and 2010, and found no evidence to suggest that data retention helped solve serious crimes. It was marvellous, though, for catching people who did not pay their rates or who evaded road tolls.
In April last year, the European Court of Justice overturned the EU's Data Retention Directive, in large part because data retention makes life miserable for law-abiding citizens, while criminals dodge it.
This bill shows government and opposition alike view ordinary people as criminals in waiting. Similar thinking in the past led to proposals for a national identity card to prove we officially exist and for national fingerprint and DNA databases to track us down when we inevitably offend.
What has been forgotten in all this is the fact that it is the state that poses the greatest threat to our freedom, not criminals and terrorists. It is the state that requires watching, not the people. We, the people, should hold the government to account. It is not a legitimate role of government to require us to account for ourselves, unless there is a reasonable suspicion that we have committed or are about to commit a crime.
For police forces across the land to so strongly support mandatory data retention, as their submissions to the PJCIS made clear, suggests they have all forgotten Peel's principles of policing, where the police are the public and the public are the police. ASIO's claim that data retention is justified, thanks to Edward Snowden's exposure of massive US government encroachment on privacy, is Orwellian.
And the claim by our own secret police, the Australian Crime Commission, that not having access to data is equivalent to having two hands tied behind their back, suggests the ACC is ineffectual and should be abolished. This would, of course, represent a considerable saving to the taxpayer.
It is high time that police and security agencies alike rediscovered their erstwhile status as public servants, not public masters. It would be helpful if they returned to real police work. It is legitimate to monitor the data of actual suspects, subject to appropriate oversight, as with traditional phone tapping, but it is not legitimate to treat every Australian as a potential criminal.
Now to my second point: what does mandatory data retention look like in practice? It has become clear to me that many people do not grasp just what this bill involves. Senator Ludlam has explained many of the technical aspects, and I mean no disrespect to him when I say that we need to better understand how it will work. Maybe what follows will convince a few brave souls to join those of us voting against this bill. And remember: mandatory data retention will apply to everyone, not just individuals of interest.
Late last year I undertook a controlled experiment. With the assistance of Mark White, of The Sydney Morning Herald, I had a technical firm record my metadata for a month to see what it revealed. This process deliberately avoided anything to do with my role as a senator. Before entering parliament I ran an agribusiness consulting company; I still have it. Data-monitoring equipment was installed in my business office and connected to the router. Because it only collected data relating to office traffic—my smartphone is tied to my job as a senator—there was no geographical information. This is important to bear in mind, because it was still spectacularly invasive. Without knowing any more than the company's name, in less than a day metadata revealed the business sector in which it operates. It was possible to work out which bank it uses, a record of its purchases, and a record of its staff's purchases—everything from furniture to renovations to compulsory third party insurance. Metadata also revealed how often and for how long staff used social media like Facebook, where they planned to go on holiday, what they wanted to buy for Christmas, and—chillingly—when a female member of staff knocked off early. As an employer, I have never been interested in monitoring people in this way. I have always taken a dim view of bosses who time their employees' loo and cigarette breaks. But at least a worker has a fighting chance of telling that person or company where to get off. Trying to tell the government—which is far more powerful than any employer, union, or professional association—where to get off is another kettle of fish completely.
Despite my desire to keep politics and business separate, metadata also revealed my membership of the Inner West Hunters Club and the subjects I and other members discussed in group emails, including gun law reform. I was not the only person identifiable, either—everyone who corresponded with me also had their identities revealed. It was possible to establish who was publicly in favour of gun law reform, and who was in favour of it privately but unwilling to say anything about the issue in public for, say, employment reasons. The possibilities for blackmail are obvious. Had the analysis included a smartphone, it would have been easy to leap to conclusions based on my location. What would a telephone call or Google search placed in front of a brothel, gay bar or abortion clinic reveal? That will be known from the metadata. Imagine if the caller were not me—with my classical liberal views—but a conservative Christian politician. What mischief could be had at his or her expense?
Yes, it is true that mandatory data retention is relatively easy to evade. My company could start using proxy servers, for example, and its staff could communicate with each other using wickr—which encrypts messages and destroys metadata—instead of normal text messaging. I have no doubt that many people—both criminal and not—will respond to passage of the bill in this way.
But why should a company concerned with the business of keeping animals healthy and crops productive be treated as though its employees are all potential criminals? Among other things, it has an interest in fertilisers. Terrorists use fertiliser. Do you see where this is leading? That is the nub of this issue. Mandatory data retention forces all of us to evade our own government. This is not how the system is supposed to work. What sets liberal democracies apart from authoritarian regimes of every stripe is the relationship between the citizen and the state. The citizen does not just enjoy the ability to 'kick the bums out' at election time. The citizen also has the capacity to hold the government to account, to reject its meddling in his or her life, to come and go as he or she pleases, to tell it where to get off, all subject to few or no controls. When we legislate those capacities away—allowing the state to hold the citizen to account, subjecting the citizen to state control—we then come to resemble the authoritarian regimes we are fond of criticising. Do we really wish to be spoken of in the same breath as Indonesia or Malaysia, whose citizens are monitored extensively and where there are widespread constraints on press freedom? And, make no mistake, these laws will persist, ripe and ready for future misuse by governments of every stripe.
This is bad law—law that compromises our rights and freedoms, treats us all as criminals-in-waiting, and invites abuse and overreach. It is wrong on every level. This bill should not be entertained in a liberal democracy such as ours.
7:49 pm
Jacqui Lambie (Tasmania, Independent) Share this | Link to this | Hansard source
I rise to briefly contribute to the debate on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. It is commonly known as the government bill which introduces the new metadata laws. I oppose this bill. The government has used the threat of a terrorist attack from Islamic State to grossly invade the privacy of every Australian. In an opinion piece in the Mercury newspaper Bruce Felmingham, the principal of a Tasmanian economic consulting firm, wrote:
There must be an exceptionally powerful argument for introducing such draconian laws in a pluralist, democratic society such as our own.
I agree with Mr Felmingham—and it is my view that the government has failed to make the argument for introduction of these draconian laws. It is my strong view that the government is misleading the Australian public over the government's capacity to respond to the threat posed by ISIS sympathisers and ISIS soldiers. This government already has the laws and the capacity to crack down on ISIS supporters if it chooses, and those laws are called sedition and treason. It is just that this government has chosen not to use existing laws to charge and put behind bars every Australian who assists in any way whatsoever our enemy the Islamic State and its members.
Why should the majority of law abiding Australians have their privacy invaded because a minority of our citizens have decided that their loyalties lay with a different country—with a different people? Why should the civil rights of law abiding Australians be lessened because some of our citizens decide to betray their country and give support and assistance to foreign powers that would do us harm? Instead of passing these laws, I am calling on this government to use the existing laws of sedition and treason to tackle terrorism—which I will turn to shortly.
I am also calling on this government, politicians and indeed all Australians to discriminate. My call to discriminate may alarm some, especially those who pride themselves on their level of political correctness, but the time has now come in Australia to discriminate against those whose loyalty is not 100 per cent to Australia. While I acknowledge that in Australia, by our law, you are not allowed to discriminate against anyone for his or her race, religion, ethnicity, sexuality and disabilities, it is a little known fact that Australian law—our Constitution—demands that we discriminate against citizens who are not 100 per cent loyal to this country. Senate Practice refers to section 44 of our Constitution, which indicates that anyone who has an allegiance to a foreign power—either formal or informal—is disqualified from standing for election to this place. Clearly, our Constitution and laws demand that even if your loyalty is divided between Australia and a friendly foreign power you are still legally discriminated against and you, correctly, are not allowed to stand for election in this place.
In order to stop the terrorist rot that has set into Australia it is time, firstly, to educate Australians. Rule No. 1: if you do not have 100 per cent loyalty to Australia and our democratic freedoms, rights and privileges then I will say it—and I will continue to say it—get out! As the Australian Constitution states, if you have an allegiance or loyalty to a foreign power not only should you be disqualified from standing for election to this parliament but also you should not be able to vote or to receive government benefits. If your allegiance happens to be with a hostile or foreign power—as is the allegiance of thousands, perhaps tens of thousands, of Islamic Australians—then you should be charged with the high crimes of sedition and/or treason, depending on your level of support for our country's enemies. If the government were serious about stopping terrorist attacks on peace-loving, loyal Australians instead of introducing laws to take away our civil rights, then the government, through the Attorney-General, should enforce that every citizen who in any way assists the ISIS forces fighting our troops should face at least seven years maximum jail sentence for sedition.
I know this government is negligent by failing to use existing laws of sedition and treason. If you have the evidence to deny our citizens passports and travel, then you have the evidence to lay charges, at least, of sedition, which carries a maximum sentence of seven years in jail. If some of these young people who are running off to fight and assist ISIS were caught and made to face a serious charge, which carried a seven-year jail sentence, and they, their families and the communities they came from were made to think about the concept of 100 per cent loyalty to our country—a secular constitution and democratic government—then maybe we would be building a more tolerant, safe and free Australia for our children and grandchildren. That is the reverse of what this legislation is doing, which is taking away democratic civil rights and privileges and making us less safe from future home-grown tyrants.
The loyalty or not of citizens of Australia is an important part of the legislative and constitutional foundation of this nation. Those citizens with loyalties divided between Australia and foreign powers that are our enemies are a direct threat to our nation's peace and long-term survival. It is important to know that, in my view, you cannot be a 100 per cent loyal Australian with undivided loyalty if you support sharia law. If you support sharia law it is clear that your allegiance is, at the very least, with a foreign power—namely an overseas religious figure that exercises the powers of both state and church. At the very worst, if you support sharia law it is likely that your allegiance and loyalty is with an overseas religious figure who has declared war on Australia and every other Western democracy, simply because he wants to impose by force his religious rules and rules of state.
If you do not believe me, just use your reason and look to countries which are ruled by sharia law. They are some of the most backward, violent, aggressive countries in the world, which have failed to separate church and state. They are ruled by religious dictators who promote the death penalty for crimes such as book burning, adultery, being gay and changing your religion. Some of those sharia governed countries may try and put up a window dressing of democracy. Countries like Iran might hold elections, but the reality is that all power—religious, state and military—rests in that one religious dictator who personally chooses all the candidates for the country's election. And God help the world if that Iranian leader is ever allowed to get his finger on a nuclear trigger! Confronting and admitting to ourselves the plain truth of the sharia ideology we are fighting will do more to make us and our children safe than will passing laws like this that will undermine the civil rights of all law-abiding Australians.
Introducing laws which reinstate the death penalty for terrorism and traitors who kill during their attacks will do more to prevent attacks against us from our enemies than this piece of rubbish legislation. If you disagree with that argument, I ask that you think about what would have happened if the Sydney ISIS terrorist had survived the Lindt Cafe siege after killing hostages. The worst our current legal system could have done is to have put him behind bars for life—a sentence he would have welcomed, I am sure, clapping gracefully. He would have been able to turn his jail cell into a terrorist-recruiting cell. Imposing the death penalty on terrorists and traitors who kill during their attacks on Australia will do more to protect the national security of Australia than this legislation will ever do. This legislation and the establishment of the capital equipment that stores the metadata will also cost the Australian taxpayer, and an unknown amount of money at that. Some people are saying it will be $400 million, but that does not appear to take into account the charges that will be levied on all Australian telecommunication users.
I have had community feedback and hundreds of people have contacted my office and expressed their opposition to this legislation. The following is an example of that opposition: 'Given that law-enforcement agencies are already able to apply for a warrant to access metadata for known suspects, I am curious to know just how mandatory data retention will be used.'
Option 1: will the AFP or state police conduct random audits on Australian residents and citizens' metadata on the off-chance they find something suspicious? This clearly represents an unacceptable intrusion on the right to privacy and does not accord with a free and democratic country. It would be unacceptable to allow the police unfettered access to the metadata of people who are not engaged in or planning any criminal activity.
Option 2: will the Australian federal police racially, religiously or culturally profile groups of people who they believe may be more likely to engage in terrorist-type activities or other criminal activities or people who are socially undesirable, and do regular checks on their metadata? All Australians, regardless of background and country of origin, should have a right to privacy. I would hope that the AFP and-or police would not engage in this kind of behaviour, but history has shown it to be inevitable.
There are many examples of the police profiling groups of people based on who they are or their background and treating them unfavourably. For example, Indigenous people and those of ethnic origin are often treated worse than other Australians by the police, resulting in discrimination. If the coalition's proposed laws are passed, this will be a very real outcome of how the metadata will be used, leading to greater disunity in the community and further disenfranchising groups. Those who intend committing atrocities will find other ways to communicate or source information to get around any law change, and I fear that only innocent people will be affected.
Option 3: will the metadata be stored, at a huge cost to industry, until a suspect is identified and then that person's history for the past two years checked? This is the only option that I believe provides an acceptable use of the metadata. This option is already covered by existing laws. The Australian Federal Police and state police simply need to apply for a warrant before accessing the data.
I am struggling to think of any other ways that metadata may be used for law enforcement purposes. It may be noted that, internationally, mandatory data retention has not worked and no compelling arguments or evidence have been provided by the government as to why it would work in Australia. I would like to note that I find any act of terrorism devastating and fully support efforts to combat terrorist activities. However, any law change, particularly that which infringes on the rights of innocent people, must be backed up by evidence that it will actually bloody work. In the case of mandatory data retention, that is not the case.
In closing, it must be said that the mass storage of the metadata of all Australians is a huge invasion of the privacy of every Australian citizen. It is open to misuse and abuse, with no systems to monitor it or monitor whether other countries are hacking into storage facilities and using the data to spy on high-profile Australians and, even, the Australian government itself for both commercial and God knows what other reasons. This level of invasion of privacy, which will be committed on every Australian who uses online phone services, is completely over the top to achieve the purpose the government claims it will achieve. In order to catch a few hundred or thousand terrorists it wants essentially to search every Australian household in this nation via electronic devices.
Giving away this level of privacy of every Australian to that level of invasion by the government and its agencies no longer makes us a free society in my view and in the view of many courts and respected privacy advocates throughout the free world. I say this: I have a very, very strong suspicion that this is going to come back and bite the coalition. When it does there will be a few of us on this side standing up to say, 'I told you so!' I will be looking forward to that. I oppose this legislation.
8:02 pm
Nick Xenophon (SA, Independent) Share this | Link to this | Hansard source
I indicate my serious reservation about this legislation and its safeguards or, rather, its lack of adequate safeguards. We do have an existential threat in our nation with the threat of terrorism—I acknowledge that; I am acutely aware of it—but the issue is how you best tackle this threat. My concern is that this bill, the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015, will have a number of consequences that will impact on the freedom of the press in this country, which will be unambiguously bad for our democracy. I am concerned that this bill will have the potential to cause serious harm to our democracy without appropriate checks and balances in place. I do recognise the need for legislation to adapt and change in response to new technologies, new political and social circumstances and, above all, threats to our security, but I believe such change should be measured, thought out and carefully considered. This is particularly the case when it comes to security and intelligence, which should have greater accountability and scrutiny than all others because of their greater capacity for abuse. It is interesting to reflect on remarks made by former Senator Faulkner, who put the very simple proposition when the counterterrorism legislation amendment, the foreign fighters bill, was in this place last year that enhanced power requires enhanced accountability. This is enhanced power because of the swoop of metadata storage. The capacity of the state to have everyone's online information, in terms of whom they have contacted, does carry with it a need for much greater scrutiny.
I am concerned in particular about the adverse impact of some of the measures in this legislation on journalists' ability to do their jobs. There is a line that has often been attributed to George Orwell:
Journalism is printing what someone else does not want printed. The rest is public relations.
To me, this epitomises the essence of what journalism, at its very best, should be about. Journalism should provide the checks and balances, should hold public figures accountable for their actions and should inform the public and foster debate. There are countless examples of times when journalists have broken stories that were clearly in the public interest but those in power did not want that information to be disclosed. Look at Woodward and Bernstein's expose of Watergate; the Frost-Nixon interviews; the Spycatcher story, when our now Minister for Communications, as a barrister, very courageously defended Peter Wright; the coverage of detainees David Hicks and Mamdouh Habib; and the saga of Dr Mohamed Haneef. My concern is that the provisions in this bill will mean that journalists will no longer be able to investigate such stories because sources and whistleblowers will be too frightened to come forward and because, in some cases, to report on such things will be an offence punishable by imprisonment.
I acknowledge that the government and opposition attempted to address these concerns in relation to the access of journalists' metadata, but I must say I am very disappointed with the compromise that has been reached. The committee stage will give us an opportunity to explore that. With respect, the amendments moved in the House of Representatives do not go nearly far enough. We need to put this in the context that things go wrong. The authorities, our intelligence services, sometimes make mistakes and they need to be held accountable for that. For instance, on 18 February last year the Australian Federal Police raided the offices of the Seven Network in a very heavy-handed manner, as part of a proceeds-of-crime investigation related to a story on Schapelle Corby. Seven West Media chairman Kerry Stokes, the owner of the Seven Network, is big enough and, dare I say, ugly enough to look after himself. And he did, eventually getting an apology for his network from the AFP for executing search warrants, later quashed by the Federal Court, erroneously describing a Seven West lawyer a suspect in the case. But the botched raid shows that the authorities can make mistakes and that the ability for journalists to expose that may well be compromised by this.
The metadata bill will give the AFP and intelligence agencies very long arms to reach into our everyday lives to track our whereabouts and with whom we have been communicating. For journalists, they will require a warrant, but some fear it will be issued as a formality, and the very process of that warrant concerns me greatly. What kind of future are we ushering in for our democracy with this bill? I foreshadow that I will be moving some amendments in the committee stage in an attempt to fill a number of the gaps left by the government and opposition, and I will speak further on this at that stage.
I want to look at the intention of this bill as a whole. The Australian law has, in general, lagged far behind technological advancements. We see this in all sorts of areas, not just national security—the way we have failed to respond to regulation of online gambling, for example—but in this case the most significant matter we are looking at is the regulation of metadata. It is important to note that there is no legal definition of metadata in Australian law or, indeed, in this legislation. While it concerns metadata as it is generally understood, it outlines this under the term 'retained data'. In essence, metadata is everything but the content of a communication, so it includes the fact that I made a phone call at a certain time to a certain person but not what was said between the two parties. When you browse a webpage, however, the distinction between content and metadata disappears because it is all machine-produced and machine-understandable information about web resources. It is all metadata.
As Professor Clinton Fernandes from the University of New South Wales Centre for Cybersecurity said a few months ago: 'Metadata can be incredibly intrusive. For instance, if a woman rings her GP and then an abortion clinic and then her mum but not her boyfriend, you can probably figure out what's going on.' That is incredibly intrusive. Examples of metadata include the email address, the phone number, the voice over internet protocol number, the time and date of the communication, the general location of information such as cell tower data, information about the duration of the communication, and the names and addresses—home, postal and billing if they are different—of the parties.
Under current law, law enforcement agencies do not have to get a warrant to access metadata. They do, however, have to get a warrant to access content. Further, there are a huge number of organisations that can request metadata, and some of the examples that I have put out over the last couple of years include local councils, parking enforcement services and the RSPCA. I acknowledge that this bill tightens that access to law enforcement agencies, although organisations can come under that umbrella term if designated by the minister. But my question is: why shouldn't warrants be required for access to any metadata, but, more importantly, why shouldn't there be much stricter safeguards and protocols for journalists, who are an essential part of our democracy? A free press is at the very foundation of a democracy. Of course the police should be able to access metadata when investigating serious crimes or a terrorist plot in the making and, indeed, they should be able access that information quickly and efficiently, but why should journalists and whistleblowers, who invariably want to expose malfeasance, corruption or waste in government, be subject to the same rules as ISIS, or Daesh? Indeed, there are increasing calls from citizens around the country that the government should not have the right to access their data willy-nilly. That was the response that I got from an article that I wrote for The Drum not so long ago. The extent of information that can be gathered through metadata and the conclusions that can be drawn from it mean that, in some situations, content is almost superfluous.
The arguments put forward by some of my colleagues in this place, Senators Ludlam and Leyonhjelm in particular, have clearly dispelled the myth that metadata is less intrusive than content and so can safely be subject to a lesser level of control and scrutiny. The fact that both Senator Ludlam and Senator Leyonhjelm, on perhaps very different parts of the political spectrum, take this position indicates that this is an issue that goes beyond ideology. Many people are unaware of the scrutiny their information could be subject to both now and under this proposed legislation. The government are, in effect, asking the public to trust them with this information—to trust that it will not be misused or abused—even though there are not any measures to protect against this, as I see it. Historically, blind trust in government has not worked out well for democracy in general and individuals in particular.
The key potential drawbacks to the compromise that was reached between the government and the opposition on the public interest advocates are, firstly, that the public interest advocate cannot disclose any confidential information to the affected journalist or receive instructions from them about how to deal with it, thus limiting the journalist's ability to test any adverse evidence. Secondly, the playing field will be skewed in favour of the authorities. Unlike the authorities, such as the police, who have the resources, researchers and analysts, public interest advocates will lack the resources of an ordinary legal team for the purpose of mounting a proper case in secret. Thirdly, unlike that available to the police or those seeking the warrant on the journalist, who have a long corporate memory, the lack of a searchable database of secret judgements will mean that individual public interest advocates are unaware of what arguments are likely to sway the judge who decides whether to issue the warrant. Fourthly, public interest advocates may well have no power, as I see it, to call witnesses. Finally, the tactic that could be used of prejudicially late disclosure may eliminate the public interest advocate's practical ability to call evidence.
Contrast this bill with the approach in the United States of America, our closest ally. No-one can question their seriousness in tackling terrorism and threats to their citizens, particularly after the calamity of the terrorist attacks of 9/11. After a bungled attempt to obtain metadata from the Washington bureau of the Associated Press some two years ago, the US Attorney General, Eric Holder, issued comprehensive guidelines and protocols to protect journalists' sources. In the United States, media organisations and journalists are given advance notice of an attempt to obtain metadata and have the right to argue the public interest case before a decision is made. I will be moving amendments based on the American approach. Not only has this worked well but just two months ago Mr Holder, the US Attorney, issued new guidelines that further strengthened protections. Just this month, legislation was introduced to the UK's House of Commons which included draft codes of practice to protect journalists' sources where the public interest is also a primary consideration. Back home, it seems the approach to metadata by both the government and the opposition can be paraphrased this way, with apologies to Sting: every click you make, every keyboard stroke you take, the government will be watching you.
I just wanted to reflect briefly on the most recent terrorist attack that this country has had, the awful events of the Sydney siege. Some people say that Man Haron Monis was a madman. He may well have been a madman, but he was also a terrorist. He fulfilled the definition of a terrorist. I still do not understand why this man, with his appalling history of taunting the families of Australian soldiers who had died in service overseas, did not continue to be on a watch list; why this man, with a long history and string of sexual assault matters before the courts, was not still on the watch list; why this man, who was charged as an accessory before the fact of the murder of his wife, was still in the community; and why this man, who praised the work of ISIS and other terrorist groups and jihadists, was allowed on the streets. That does not involve metadata. That involves some decent intelligence work, some appropriate surveillance and, more importantly, information that should have been used and that should have been collated to prevent this man—both madman and terrorist—from doing the terrible harm that he did. Two innocent lives were lost, in my view, needlessly, and I will wait—of course, we need to wait—for what the New South Wales coroner will say.
These are important matters. The impact of this legislation on the free press in this country, in my view, will be chilling. We failed to have the same sorts of safeguards that the United States, our closest ally, has or, indeed, the broader safeguards that are in the process of being adopted in the United Kingdom. For that reason, I will be moving a number of amendments. I look forward to the committee stages of this bill. But I am deeply concerned that our democracy will be weakened as a result of the chilling impact this will have on journalists and their ability to do their valuable work.
8:17 pm
Jacinta Collins (Victoria, Australian Labor Party, Shadow Cabinet Secretary) Share this | Link to this | Hansard source
I will take a moment to respond to the Greens second reading amendment before Senator Brandis winds up this debate. The Greens second reading amendment would defer consideration of this bill until the government provides a full response to the letter from the Communications Alliance tabled by Senator Ludlam today. That letter expressed concern about the government's contribution to costs of the scheme for industry. Labor does call on the government to work with industry to finalise arrangements around the costs of this scheme. We have been clear all along that the government should be transparent about the costs of this scheme with both industry and the public.
The Joint Parliamentary Committee on Intelligence and Security made a number of recommendations about how costs would be met. Chief among them was that the government should meet a substantial proportion of those costs. However, there is no need to hold up this bill while final details of costs are settled. The government has assured us and the public that it will honour the committee's recommendations in full. I also note that the letter tabled by Senator Ludlam does not ask the government to delay this legislation.
8:18 pm
George Brandis (Queensland, Liberal Party, Attorney-General) Share this | Link to this | Hansard source
In closing the second reading debate, I thank honourable senators for their contributions. In particular, I acknowledge the thoughtful contributions of Senator Leyonhjelm and Senator Xenophon, and I will respond with particularity to certain of the issues which those two senators from the independent crossbench have raised. I see Senator Xenophon is still in the chamber. So let me say to you, Senator Xenophon, that anyone listening to the broadcast of this debate could be forgiven for thinking from some of the language that has fallen from the lips of Senator Xenophon or Senator Leyonhjelm and others who have spoken from the crossbench or from the Greens that this bill proposed an important or significant or even draconian new set of powers which the state would be able to exercise over the citizen. You would think that that was so from what those contributions suggested.
I can tell you and those who may be listening to this broadcast tonight that this bill contains no powers exercisable by the state over the citizen. Not one. The only change that this bill makes to the relationship between the state and the citizen is to introduce safeguards in relation to the access of law enforcement agencies to metadata which were not there before. That is the only change this bill introduces to the relationship between the state and the citizen. Senator Leyonhjelm, whose libertarian principles I greatly respect, would be reassured to know that, whereas under existing law some 85 government agencies and even local councils and NGOs can access metadata, as a result of the bill before the chamber this evening, that number of agencies has been reduced to 21. Those 21 agencies—all of them law enforcement agencies—are set out in the bill, and they cannot be added to except by regulation, which is disallowable by this chamber. So, far from expanding the power and the reach of the state, this bill very significantly reduces the power and reach of the state by reducing by three-quarters the number of bodies which can access metadata without a warrant.
It would shock you, Mr Acting Deputy President Williams, to learn of some of the agencies which today can access metadata but, as a result of this bill, will no longer be able to do so. Some eight Commonwealth departments will no longer be able to do so. Australia Post will no longer be able to do so. The Clean Energy Regulator; the Office of Environment and Heritage of the New South Wales government; and municipal authorities including the Ipswich City Council, the Knox City Council and the Wyndham City Council can today access metadata. As a result of this bill, they will no longer be able to do so.
Would you believe, Mr Acting Deputy President, that even the RSPCA can today access metadata? But, as a result of this bill, they will no longer be able to do so, because this bill, by proposed section 110A, limits the agencies which can access metadata specifically to law enforcement agencies: the Australian Federal Police and the state and territory police forces; the anticorruption authorities in the states; and the principal economic regulators—ASIC, the ATO and the ACCC. All of those agencies of course can access metadata today, as can another 60-odd agencies or entities; as a result of this bill, they will be prohibited from doing so. So, far from expanding the power of the state over the individual, Senator Xenophon and Senator Leyonhjelm, this bill actually does the opposite.
It also introduces a provision that is not part of our law at the moment—that is, a large and detailed architecture of protection for journalists. There are no protections for journalists under existing law. There are none to prevent access to metadata concerning journalists or their sources. But, as a result of this bill, there are protections. And I have heard your critique of them, Senator Xenophon; I will deal with it in particularity during the committee-stage debate. I simply make the broad proposition that, whereas under existing law there are no protections for journalists and their sources in relation to metadata, under this bill there will be. How this bill can then be described as having a 'chilling effect' on the freedom of the press, when it introduces a protection of the freedom of the press which forms no part of the existing law, escapes me.
As well, there are other protective mechanisms, Senator Xenophon. There is, for example, a new role given to the Commonwealth Ombudsman which does not exist under existing law, to ensure that access to metadata is not abused. There are additional powers of oversight given to the Parliamentary Joint Committee on Intelligence and Security which do not exist under the current law, to ensure that access to metadata is not abused. So, far from this being a bill that introduces draconian new powers, it introduces no new powers but extensive new safeguards.
Mr Acting Deputy President Williams, let me explain very simply why both sides of politics, after long deliberation, have concluded that there is a need for this legislation. For more than 20 years or so, telecommunications service providers and ISPs have collected the metadata of their clients as a business record—as a business record—because they needed it for billing purposes. That is why the metadata was stored, and it has been accessed by the 85 or more agencies and entities that I mentioned before, essentially for law enforcement or regulatory purposes. But, with the evolution of technology, the retirement of legacy systems and, in particular, the change in the billing practices of the telcos, it is no longer necessary for them to retain that metadata, so they are not doing so. But, as a result, the capacity of the law enforcement agencies to conduct criminal investigations, which are materially assisted by access to metadata, has been degraded. So the core provision of this bill is to impose upon telecommunications companies an obligation to retain the metadata that they hitherto had retained anyway for two years. What the bill does, in effect, is freezes the status quo.
So, not only does the bill contain no new powers of the state against the citizen, not only does the bill contain protections which do not exist under existing law; what the bill does in relation to the telcos is it freezes a status quo which has existed for the last two decades and about which we have heard no complaint from those who have suddenly and rhetorically seen fit to claim, erroneously, that the bill contains draconian new powers.
Let me turn to another error, which came from Senator Xenophon, I am sorry to say, and from others who have spoken in this debate—that, as a result of this bill, 'The government will hold our metadata.' No, it will not, Senator Xenophon. The government will not hold metadata as a result of this bill. What this bill does is mandates private industry to retain metadata that it currently retains. It is the private sector, not the government, that will retain the information, the metadata, that it actually currently retains. You praise the American system, Senator Xenophon, but you do not refer to the fact that, in the American system, government agencies hold metadata. But, under our system, no government agency holds metadata. The 21 agencies listed in proposed section 110A of the bill will have access to that metadata on the same basis that they currently do, but with additional safeguards. But that is all.
Let me turn to the claim that has been made, in particular in Senator Ludlam's contribution, that this legislation has been rushed and that there has been insufficient deliberation. Well, Senator Ludlam, I do not know what you think is rushed, but the process by which this legislation was developed was initiated in May 2012—almost three years ago—when my predecessor, then Attorney-General Roxon, sent a reference to the Parliamentary Joint Committee on Intelligence and Security, asking it to review, among other things, the applicability in Australia of the European Data Protection Directive. The Parliamentary Joint Committee on Intelligence and Security, of which I was a member during the last parliament, deliberated at great length throughout the rest of 2012 and the early months of 2013. In May 2013 it produced a unanimous report after a year of deliberation, in which there seemed to me to be endless hearings—the hearings are actually listed in the appendices to the report. It received thousands of pages of submissions. The PJCIS produced this unanimous report. Then, with the change of government and acting upon the unanimous report that was tabled during the period of the previous Labor government, my department developed this bill.
The bill was introduced by my colleague, Mr Malcolm Turnbull—who is not well-known for his authoritarian propensities, I might say—into the House of Representatives on 30 October last year. The bill was referred back to the same committee, which, now under the chairmanship of Mr Dan Tehan, the member for Wannon, deliberated at great length again—in particular during the Christmas period—and on 27 February produced a detailed report with 38 recommendations, many of which involved amendments to the bill, plus a 39th recommendation that the bill be passed. That report was also unanimous. The government, having considered that unanimous report of the PJCIS decided to adopt all of the recommendations of the report. We have the balance of this week—for many hours to come—to debate the bill in the committee stage. So far from being rushed, it cannot honestly be said that that is so, when this is the work of two parliaments, of two successive governments, of two long inquiries by the Parliamentary Joint Committee on Intelligence and Security, spanning almost three years.
Let me, in the time left to me, turn to—though we will return to it more detail—the claim that we heard from Senator Xenophon that this will have a chill effect on freedom of the press. Well, Senator Xenophon, about a quarter of the bill, about 20 pages, is devoted to a very extensive architecture of protections of the very thing about which you claim to care but which under existing law has no protection is at all—none at all. Division 4C is devoted to the matter. To respond to your claims, Senator, that you fear that a rubber-stamp approach might be taken to approvals, we have a long series of criteria about which the minister must be satisfied and then a long series of criteria in relation to which a court must be satisfied and, uniquely in my experience in Commonwealth law, we have the creation of the special statutory office—a public-interest advocate who can appear and argue where appropriate that it is not in the public interest that a warrant be issued in relation to a journalist or a journalist's source. At the moment, access to metadata by some 85 agencies and entities is warrantless. This legislation introduces a requirement for a warrant, where none existed before; a more complex series of preconditions and the procedural steps and criteria for the issue of the warrant, where none existed before; and a unique provision for a public-interest advocate, which is unknown in any other area of Commonwealth law enforcement where warrants are required.
It is being claimed by some, particularly from the Greens, that metadata has no utility. Senator Leyonhjelm said the same thing: that the retention of metadata has no investigative significance. I note what you say, Senator Leyonhjelm and Senators from the Greens, but that is not the view of those who actually have the responsibility for carrying out these investigations. As I have done many times, I refer you to the view of the much-respected former Director-General of ASIO, Mr David Irvine, who, when asked about the importance of metadata in the investigation of terrorist crime and terrorist networks, said that it was 'absolutely crucial', a view shared by the current Director-General of ASIO, Duncan Lewis, and by the Commissioner of the Australian Federal Police. You may have a scepticism about the law enforcement authorities being interested in accreting to themselves more power, but, as I have pointed out to you, they do not have any additional powers under these laws—none. I, with all due respect to my colleagues, would rather rely on the professional judgement and advice of those who actually have the responsibility than on the wild rhetorical claims of certain senators with no professional experience in the field at all. Metadata is in fact used in every significant criminal, organised criminal, paedophile and terrorist investigation.
Finally, let me address the issue of cost, and I note Senator Ludlam's second reading amendment, which, of course, the government will oppose. The question of cost is a matter of discussion, and has been for some months now a matter of discussion, between government and industry. The government announced, as Mr Turnbull made clear in his second reading speech in the House of Representatives on 30 October, that the government will make a substantial contribution to the capital costs of industry in establishing a retention regime. In relation to the ongoing costs, a PricewaterhouseCoopers review has estimated that, even if there were to be no government funding, the average cost over 10 years would equate to between $1.83 and $6.12 per customer per annum, with a median price of $3.98 per customer per annum. That is not, it seems to me, with all due respect, Senator, a vast cost for what this legislation seeks to do to preserve—not to extend; in fact, in important ways to limit—an important investigative capability.
Stephen Parry (President) Share this | Link to this | Hansard source
The question is that the second reading amendment moved by Senator Ludlam be agreed to.
The question is that the bill be now read a second time.
Bill read a second time.