1.) What was the name of the Bill, and what existing legislation did it amend?
The Bill is called Telecommunications (interception and Access) Amendment (Data Retention) Bill 2015 which has citations to the Telecommunications (interception and Access) Amendment (Data Retention) Bill 2014. These two bills amended the Telecommunication (Interception and Access) Act 1979.
(2 marks)
2.) When did the Bill pass the House of Representatives and the Senate? When did it receive royal assent?
On the 30th of October 2014, the bill was introduced for the first time in the house of Representatives. After the 3rd reading in the House of Representatives the bill on passed on the 19th of March 2015. The bill was then introduced into the Senate on the 24th of March 2015 and subsequently passed by the senate on the 26th of March 2015. Having been passed by both houses the Bill was sent to receive royal assent which it achieved on the 13th of April 2015.
(2 marks)
3.) Which Minister was responsible for introducing the Bill in the House of Representatives (name and ministerial portfolio)? What is his current position in government?
On the 30th of October 2014 Senator Mitchell (Mitch) Fifield read the bill for the first time and introduced it to the House of Representatives. Senator Fifield is a senator from Victoria and was the Assistant Minister for Social Services from the 18th of September 2013 to the 21st of September 2015 and then assumed the portfolio of the Minister Assisting the Prime Minster in Digital Government from the 21st of September 2015 to the 18th of February 2016. Currently Senator Fifield is the Minster of the Arts and also the Minister for Communications, with both positions held since the 21st of September 2015.
(3 marks)
4.) What reasons did the government give for introducing the Bill?
Due to the massive increase in communication technology the Government reasoned that criminals would be using some or all this technology in the planning and execution of their crimes. The requirement of having the telecommunications companies hold the data for two years was to allow the police and other law enforcement agencies time to investigate crimes thoroughly. To ensure public safety and confidence the Government added specific requirements into the Bill to prevent the police and government agencies from accessing data without a warrant being issued by placing a ‘independent and comprehensive oversight of agencies’ access to telecommunications data’ (Fifield, 2014). The Government wished to demonstrate through this bill to the Australian public that as a Government they are committed both protecting and safeguarding their wellbeing and private information.
(4 marks)
5.) What are the major features of Australia’s metadata laws, as enacted?
Metadata is the data collected on the data from the technical information around the many different types of communications including the date, time and length of a phone call, a computer webpages IP address and email addresses but the actual recording is not stored or the website that an individual visited. Attorney-General George Brandis stated that metadata was like a letter with the metadata being ‘the name and address on the envelope, not the content of the letter’ (Brandis, 2014)
There are many areas of data the laws have affected and are now in place. The telecommunication companies are required to store six different types of metadata. These areas include the identifying information attached to subscribers of telecommunication service providers including the names, addresses, phone number, email address and IP address that is linked to the billing details of the customer. Metadata is recorded from both the source and destination of any communications from a phone-call, SMS message, voice mail or an e-mail. The information recorded by the telecommunication companies includes the usernames, phone numbers, email addresses of the individuals on both end of the communication. This information is held by these companies for 2 years at which any time government law enforcement agency are able to access to investigate crimes.
For internet services the date, time and duration of any online connection communication to an internet service connection such as Wi-Fi or ADSL. Using the Wi-Fi or ADSL connection the type of communication sent is also recorded including social media, SMS messages or emails. Finally, the physical location of where and when a communication is made is recorded including the fixed physical addresses of a laptop or home computer or the geographical address of a mobile device.
(4 marks)
6.) What kinds of individuals and organisations wrote submissions to the PJCIS inquiry? What concerns did they raise?
Many different individuals and organisations wrote submissions regarding the data retention laws. The New South Wales Council for Civil Liberties wrote a submission to the Parliamentary Joint Committee on Intelligence and Security stating that the law should not be passed. They raised three major concerns regarding to the data retention and the immunity given to the Australian Security Intelligence Organizations’ Officers and their contracts. The first is opposing the retention of telecommunication metadata recorded from the Australian public. They wished for the laws to stay very close to the original laws, so that the NSWCCL would still have access to the metadata. Their second concern was of police seeking and receiving stronger and or additional powers. The NSWCCL argued that there is a ‘distinction between seeking more powers and the application of existing powers to new areas is a distinction without a difference’ (NSWCCL, 2012). Were police going to be granted new powers that they did not have previously? The third and final point from the CCL was to oppose the proposal of certificates of immunity being granted to ASIO officer for immunity from civil and criminal liability. The Australian Security Intelligence Organisation would be granted immunity from the 3-year jail sentence for accessing the metadata information. ASIO is not a law enforcement body, they are a ‘covert intelligence-gathering agency’ (NSWCCL, 2012). Due to them not being a law-enforcement body they should not be granted police like powers and immunity from prosecution like the NSWCCL would receive from trying to accesses the telecommunication metadata.
Law Institute Victoria or the LIV wrote a submission to the PJCIS inquiry. Like the NSWCCL, they also wished and recommended that the Bill should not be passed. They raised concerns surrounding who would receive access to the data and if there would be controls or limits on the access. Many departments and local council had access to the metadata including Centrelink, the Department of Immigration and even the RSPCA and how would the metadata be accessed by private individuals and the process they had to go through to access the information. The LIV also criticized the proposed two-year retention plan, with the LIV suggesting a six-month retention based on reports from the UK. The report was from 2011 and revealed that ‘over a 4-year period, 74%+ of disclosures to law enforcement agencies…. was less than 3 months old’ (European Commission, 2011). The European Commission also recommended a retention period of six to twenty-four months, with only one country implementing the max time of twenty-four months. They argue that the shorter retention timeframe will reduce the risk of data breaches with less data being possibly hacked and there also being less to guard.
(5 marks)
7.) How significant a risk do the metadata laws pose to individual privacy? What protections for individual privacy exist in Australia?
The risks the metadata laws pose is quite large especially on individual privacy. The data is not required to be stored within Australia and companies are not required to inform their customers if there has been are data breach or hack. In 2015 Optus suffered a data breach affecting over 300,000 customers, with more information being stored now due to the laws there is much more information, both regular and extremely personal at stake.
Australia currently has The Australian Data Privacy Acts; personal information is subjected to the Privacy Principles within the act. As part of the act any person has the ability to access their own personal information so they know what information is held and to also correct wrong information. IP addresses and URL’s visited along with geolocation data are ineligible to be protected by the Australian privacy law. This means that someone cannot know their own internet browsing history, IP address or geolocation data when contacting their ISP.
(5 marks)
8.) What risks do the metadata laws pose to whistleblowers and journalists? How did the federal government address these risks?
Whistleblowers show the public unlawful activities engaged by others. Under the old metadata laws, government officials could access the metadata of whistle-blowers and journalists’ and use this information to track them down and detrimentally affect their life. This could be by way of job security or advancement. This would then create an environment where whistleblowers and journalist could refrain from exposing unlawful activities. The new laws require government officials who want to look at a journalist’s metadata must now obtain a journalist information warrant. The government official must go to a judge or magistrate and the process is kept secret from the journalist going to be investigated. The journalist or whistleblower has a government assigned lawyer who will argue on behalf of them. The government addresses these risks by hiding access to the metadata from journalists but also prevents them from knowing if their own metadata is being investigated, the government just put more risks upon the journalists and whistleblowers.
(5 marks)
9.) What have been some of the challenges and difficulties with implementing the metadata laws in practice?
After the passing of the Bill in 2015, it took 18 months for the Bill to be implemented and it was fully implemented in April of 2017. As the Bill is designed for use by law enforcement agencies only there is an ongoing issue for civil authorities such as Law Institute Victoria and the New South Wales Council for Civil Liberties in accessing metadata for their purposes. They have put forward submissions for change in the 2019 review. The estimated cost to the government to implement the Bill was quite significant but more importantly, there is an ongoing cost of $4 per customer every year to maintain the system. Also, there have been significant costs imposed upon the Internet Service Providers. This cost ranges between $10,000 and $250,000 depending on the size requirements and these costs were not known by the ISP’s when the amendment was passing through the House of Representatives and the Senate. The ISP’s are not very confident in knowing what data they had to retain and encrypt under the act as they have not been well advised.
The three biggest telecommunication companies in Australia, Telstra, Optus and Vodafone, were late in starting to retain all of the metadata. Originally the three companies were required to start retaining information in late 2015 but were unable to. Telstra submitted an extension request which was granted giving the company an 18-month leeway. More and more ISP submitted extensions to where the date was moved for all telecommunication companies to April 2017, with over 84% not being ready for the initial start date and applying for an extension to April 2017. The cost along with the short time frame given to the telecommunication to be ready by was simply not possible.
(5 marks)
10.) Do you think the federal government struck the right balance between the need to investigate serious crimes and the need to protect individual privacy?
I do not think the federal government hit the right balance for both sides. The two years that metadata is now being required to be held for is far too long. I agree with the NSWCCL that metadata should be held for 6 months or even up to 12 months as most investigations for crimes that require metadata is looked into about 3 months after the actual date. To accommodate for companies to hold two years of information cost both the government and the telecommunication companies and will have a continuing cost upon the Australian public.
Not allowing the public to access some of their own information is also a big failure for the protection of privacy. No access to one’s IP address, the URL’s visited and their own recorded geolocation is unacceptable if the information is being recorded and held for such a long period of time. There are negatives on both sides that do not lead to an enforcement equal and fair level between an individual’s privacy and the government and law services.