Jun 24, 2013

National security inquiry declines to endorse data retention

A key review of proposal to strengthen national security laws has opted against recommending mandatory data retention, and suggested a strictly limited scheme if governments do consider one.

Bernard Keane — Politics editor

Bernard Keane

Politics editor

Parliament's joint committee on intelligence and security has failed to endorse a data retention regime as part of its response to a slate of proposed national security reforms, instead laying the groundwork for a limited scheme if a government should decide to implement one. The committee -- headed by Labor MP Anthony Byrne and including senior figures such as John Faulkner, George Brandis and Phillip Ruddock, as well as independent MP and former intelligence analyst Andrew Wilkie -- was asked to consider 44 national security reforms by then-attorney-general Nicola Roxon in May last year, initially with a tight deadline that was later extended to the end of 2012 to reflect the extent and range of the proposals under consideration. After repeated criticisms of the Attorney-General's Department about the lack of detail in the proposals, particularly around data retention, by committee members, the committee missed its end-of-year deadline as it grappled with a long list of complex technical, legal, national security and privacy issues. Data retention occupied most of the committee's time in its hearings, even though there were 43 other, often significant, proposals before it, such as giving intelligence and law enforcement agencies the power to wiretap social media, infect or alter information on people's computers, or give intelligence officials immunity from all but the most serious crimes. With revelations about the massive extent of US and UK internet and telephone surveillance from Edward Snowden, the committee's view on expanding national security powers to address the challenges of online communication emerges at a critical time. On data retention, the committee was unable to resolve internal disputes over whether a data retention regime was required. It concluded:
"There is a diversity of views within the Committee as to whether there should be a mandatory data retention regime. This is ultimately a decision for Government."
The committee's inability to resolve this highly controversial issue was exacerbated, it says, by the Attorney-General's Department. In a remarkable statement for such a powerful committee, the report begins with direct criticism of A-GD, complaining that "one of the most controversial topics canvassed in the discussion paper -- data retention -- was only accorded just over two lines of text" by the department in its discussion paper, which was approved by Roxon:
"This lack of information from the Attorney-General and her Department had two major consequences. First, it meant that submitters to the Inquiry could not be sure as to what they were being asked to comment on. Second, as the Committee was not sure of the exact nature of what the Attorney-General and her Department was proposing it was seriously hampered in the conduct of the inquiry and the process of obtaining evidence from witnesses. "Importantly the Committee was very disconcerted to find, once it commenced its Inquiry, that the Attorney-General’s Department (AGD) had much more detailed information on the topic of data retention. Departmental work, including discussions with stakeholders, had been undertaken previously. Details of this work had to be drawn from witnesses representing the AGD. "In fact, it took until the 7th November 2012 for the Committee to be provided with a formal complete definition of which data was to be retained under the data retention regime proposed by the AGD."
Unable to resolve its concerns about a data retention regime, the committee declined to recommend it. It accepted that data retention would be of "significant utility" to national security agencies. However:
"... a mandatory data retention regime raises fundamental privacy issues, and is arguably a significant extension of the power of the state over the citizen. No such regime should be enacted unless those privacy and civil liberties concerns are sufficiently addressed."
Instead, the committee chose to lay out a possible limited scheme if a government decides to pursue one. The scheme would involve:
  • Telecommunications or meta-data data only (i.e. no content; where meta-data cannot be separated from content, it must be regarded as content and not retained)
  • No internet browsing data of any kind to be stored
  • All retained data to be encrypted
  • Data retained for a maximum of two years (no minimum was specified)
  • The (potentially significant) costs borne by government
  • Independent audits to check no content data is being stored
  • Agency access to be overseen by the Inspector-General of Intelligence and Security and ombudsmen
  • Any legislation establishing a scheme be the subject of public consultation and oversight by JCIS as well, with annual report and triennial review requirements.
Coupled with a review to curb the number of entities that have access to meta-data (including, currently, organisations like the RSPCA), the data retention scheme outlined by the committee -- but not recommended -- would be highly limited, particularly given the limitation on internet browsing data, assuming any bill survived the process of scrutiny to which it would be subject Among the other recommendations by the committee in what is a long and detailed report, the committee rejected a proposal to allow ASIO officers to stop and search individuals as well as premises, recommended the number of agencies with access to telecommunication data be reviewed with the aim of reducing them; a comprehensive public process of revision of the Telecommunications (Interception and Access) Act to address privacy, technology and industry concerns; the committee did not endorse a proposal to allowed ASIO to "disrupt" computers but merely recommended further consideration to it, but did recommend ASIO be permitted to access target computers via third-party computers; that proposals to protect ASIO officers from criminal liability match the current scheme applying to the Australian Federal Police. Attorney-General Mark Dreyfus said in a media release that data retention was off the agenda for the moment. “The Committee did not make a recommendation in relation to whether Australia should pursue a data retention regime, but the Committee did make a number of recommendations in relation to the details of a potential data retention regime. Accordingly, the Government will not pursue a mandatory data retention regime at this time and will await further advice from the departments and relevant agencies and comprehensive consultation." Read more:

Free Trial

You've hit members-only content.

Sign up for a FREE 21-day trial to keep reading and get the best of Crikey straight to your inbox

By starting a free trial, you agree to accept Crikey’s terms and conditions


Leave a comment

6 thoughts on “National security inquiry declines to endorse data retention

  1. robinw

    The committee may recommend as much as they like. The question to be answered is will the government of the day (any day) listen or will it be swayed by the Attorney General’s Department and its coterie of spooks?. Call me a pessimist but if the UK and the USA are anything to go by then we will be caught in the same trap as the citizens of those two countries. And the committee’s deliberations do not answer just what our spooks are already getting about us from GCHQ and NSA which wasn’t a part of the committee’s remit. In addition, just what are the spooks doing with this data if they are, undoubtedly in my opinion, receiving it?

    The greatest danger I see in all this is that we are in danger of giving to non elected officials the power to gain access to data on all of us which could be used at a later date to blackmail anyone to satisfy the agenda of those unelected officials. Something like the J Edgar Hoover dirt files but magnified exponentially. Obviously this has serious ramifications for democracy, freedom and ultimately social cohesion.

  2. Harry Rogers

    Remember Dreyfus our current AG fought on behalf of Labor Party for Freedom of Information laws . Now it appears he has no real beliefs just anything that his seriously incompetent department requests he rubber stamps.

    The only saving grace for all of us is, if East German history is an example , eventually the government will have so much information,that relying on their incompetence, they wont have a clue what to do with it.

    Faulkner must hang his head in shame when he sees what is being proposed and decided not to campaign against it as he will soon be out of politics and leave behind for his and our children and a legacy of Stazi land Australia.

    Can anyone tell me the last Federal law which was repealed apart from taxation law.

  3. AR

    At the moment the buzz word is meta data and the bromide spray machine is going full blast, nothing to worry about, we know best etc ad nauseam.
    The problem is not just the government knowing as much about one as one knows oneself but MORE, ie wrong information, lies, mistakes, rumour and unfounded speculation.
    The Admiralty Rating system used in intelligence, A-F/1-6, is, roughly A1 means “eye witness, proved” to F6 “3rd hand/unknown provenance”
    The vast majority of the reports struggle to rise above C3, most is garbage lower in D4 or worse.
    DATA is NOT information, INFORMATION is NOT knowledge, KNOWLEDGE is NOT intelligence and INTELLIGENCE must be accurate, useable & timely.

  4. Elliot Blue

    Yes @robinw but the risk isn’t only blackmail: Eighteen months ago the Age reported rampant corruption in the APS which neither goverment or opposition will say a word on. Corrupt civil servants could use data retention to find out what citizens reporting them are doing and who they are talking to. They can already do this to some degree with their existing warrantless access to communications and email metadata also reported last year. Right now they can’t see what the target is saying but they can see which journalists and politicians they are talking to which is handy for damage control.

  5. Mysta Squiggle

    Meta-Data *is* data and reveals a lot more than these committee members realise. eg http://www.zeit.de/datenschutz/malte-spitz-data-retention

  6. The Cleaning Lady

    The sentence of the Committee’s report that I find troubling is this: “This is ultimately a decision for Government.”

    No. Government must be accountable to the parliament. The Committee must find out what the government is doing and what provisions of the law it interprets as giving it the authority to do what it is doing. Is it letting the proposed legislative changes rest because it has a fall back position based on other statutory provisions that it is using for purposes beyond the original legislative intent? The Committee should require the department to provide it with the legal advice on which it bases its current data retention activities.

Share this article with a friend

Just fill out the fields below and we'll send your friend a link to this article along with a message from you.

Your details

Your friend's details