Who can obtain the metadata that you create whenever you use a communications service? Well, it might be quicker to ask who can’t access it. Under current laws, the full list of agencies that can contact a telco or ISP and ask for the metadata relating to a specific service has never been compiled, because it’s too long and open-ended.

Under the Telecommunications (Interception and Access) Act, any “enforcement agency” can ask telcos and ISPs for your metadata. That term extends to a host of identified state and federal law enforcement agencies, but also includes any body whose functions include administering a law imposing a pecuniary penalty or a law relating to the protection of the public revenue. The only limitation is that the request for your data must relate to something necessary for the enforcement of the criminal law, to finding a missing person or for the enforcement of a law imposing a pecuniary penalty or for the protection of the public revenue.

That means that even non-government bodies that protect revenue or investigate criminal acts can request your data — most famously the RSPCA, but Harness Racing NSW, and Victorian Taxi Services Commission also feature in the list of bodies who have obtained metadata in recent years — the Queensland RSPCA isn’t backward in using its power, seeking data over 80 times between 2009 and 2013. Environment and consumer protection agencies also use the powers, as well state and territory revenue offices.

And in the last couple of years, local government has begun obtaining metadata as well. Outer-suburban Wyndham Council near Melbourne was a pioneer, making 20 applications in 2010-11, then 11 and 15 in subsequent years. By that stage Sydney’s Bankstown Council had joined in, followed by Melbourne’s Knox Council and Ipswich in Queensland. Wyndham even got its own case study in last year’s TIA Annual Report.

“There are no figures on ASIO’s collection of metadata — for reasons not satisfactorily explained, ASIO is not required to even reveal the number of requests it has made for data.”

But the 30% surge in surveillance that occurred between 2010-11 (251,000 requests) and 2012-13 (330,000) wasn’t driven by your local council snooping on where you were when you put your bins out, or the RSPCA investigating animal cruelty claims, or revenue officers pursuing tax dodgers — it was caused by police forces. NSW police metadata requests rose 15% in 2012-13; Qld police requests more than tripled between 2009 and 2012, then increased 15% again in 2012-13; the AFP’s requests rose nearly 11% in 2012-13. Along with Victoria police, these are the big users of metadata, accounting for around 80% of requests in 2012-13. And the big rises in law enforcement use of metadata have occurred at a time when crimes rates, other than for sexual assault and fraud, have been falling significantly.

Bear in mind, though, that there are no figures on ASIO’s collection of metadata — for reasons not satisfactorily explained, ASIO is not required to even reveal the number of requests it has made for data. The only sense we have of the volume of requests from ASIO is via agency head David Irvine, who argued “the system would grind to a halt” if a requirement to obtain a warrant were introduced for metadata requests, suggesting the number of ASIO requests is at least in the thousands.

Even so, the remarkable array of bodies that can obtain personal information about you has caused concerns even among surveillance advocates, who see the wide accessibility of metadata as a potential impediment to the establishment of data retention. As part of the reforms put forward by then-Attorney-General Nicola Roxon in 2012, her department proposed (somewhat vaguely) limiting the number of agencies that could obtain information to only those “that have a demonstrated need to access that type of information.” The Joint Committee on Intelligence and Security agreed, recommending that “the threshold for access to telecommunications data” should be reviewed, focusing on “reducing the number of agencies able to access telecommunications data by using gravity of conduct which may be investigated.” Greens senator Scott Ludlam’s inquiry into the TIA is currently exploring similar issues.

However, the proposal to reduce the number of agencies that can access data hasn’t been mentioned in the government’s effort to sell its mass surveillance proposal. Under the Coalition’s data retention scheme, the local council, the RSPCA and Harness Racing NSW will all still be able to access your data.

Peter Fray

Crikey is funded by readers like you.

Without subscribers, we cannot do what we do. We can’t examine, explore or explain. We can’t take the spin, the weasel words, the waffle and lectures and render them meaningful. Without subscribers, we cannot help you understand the world better, so you can form your own views and opinions. That’s what we’re here to do, and that’s why we need you.

Now more than ever.

Peter Fray
Editor-In-Chief of Crikey

Join us today