Tomorrow morning at 10am, the Attorney-General’s Department will front the Joint Committee on Intelligence and Security to discuss the national security proposals put forward by the government. It’s the most anticipated moment of the committee’s public hearings.
A key issue will be the definition of the “telecommunications data” to be retained under the data retention proposal put forward as one of 44 national security reforms. The proposal was not discussed in the “discussion paper” prepared by AGD for the inquiry, and the definition of data to be retained was not discussed in AGD’s own submission to the inquiry. Committee members, as well as the public and stakeholders, have been left in the dark about the meaning of the proposal.
Last week, in a robust question and answer spell (on both sides) at Senate Estimates, AGD and the Australian Federal Police handed over a definition of telecommunications data to Greens Senator Scott Ludlam that they insisted reflected their own current interpretation of legislation. The robust exchanges centred particularly on whether the URLs that an IP address visited were included in telecommunications data. The AGD and AFP view was that they definitely were not. AGD secretary Roger Wilkins was quite direct, not to mention rude, on the subject.
But that’s not the end of the matter, because the law actually says something different — according to Wilkins’s own department.
This is an excerpt from page 10 of the AGD report on the Telecommunications (Interception and Access) Act 1979:
Section 172 prohibits the disclosure of any content or substance of a communication. While telecommunications data is not defined in the TIA Act, it is taken to mean anything that is not the content or substance of a communication. It can include:
- subscriber information
- telephone numbers of the parties involved in the communication
- the date and time of a communication
- the duration of a communication
- Internet Protocol (IP) addresses and Uniform Resource Locators (URLs) to the extent that they do not identify the content of a communication, and
- location-based information.
That is, according to AGD, URLs can be part of telecommunications data if they don’t identify the content of a communication — contrary to the AGD insistence to Ludlam at Estimates.
The problem is, however, what sort of URL doesn’t identify the content of a communication? A URL — even if converted to a numerical address — must reveal where a user wanted to go online and therefore the content of the communication. The concept of a URL that does not identify the content of a communication is an oxymoron.
The AGD definition handed over at Estimates, or more specifically the assurances from Wilkins that accompanied it, actually complies with this approach because they rule out URLs entirely, thereby avoiding the problem. But their own TIA report appears to cloud the issue by including URLs.
Perhaps AGD officials — who have a poor track record of explaining national security legislation when put under pressure by parliamentary committees — can clarify this vexed issue once and for all.