Belatedly, the media appears to have woken up to the threat posed by data retention to whistleblowers and journalists. All it took was two-and-a-half years, three inquiries and the intelligence committee of the federal Parliament bending over backwards to get them to step up on the issue.

The third inquiry — after one into national security reform proposals, including data retention, in 2012-13 and one specifically into data retention reported last month — is specifically focused on “access to journalists’ telecommunications data”. And the remit is very broad: “The authorisation of a disclosure or use of telecommunications data for the purpose of determining the identity of a journalist’s source.”

The inquiry was the result of a deal within the committee — Labor strongly supported the model now being adopted in the UK, where police have to get a judicial warrant if they want to obtain metadata on journalists’ sources, while government senators resisted the push. The committee has a strong, though not completely perfect, record of unanimous reports, so the compromise was for a separate inquiry that wouldn’t hold up the bill. Labor traded away the strong hand of being able to delay the bill in exchange for giving the media industry a final chance to put its case, without the static of national security issues.

The industry did put its case during the previous inquiry. The Media Entertainment and Arts Alliance made a submission, as did the mainstream media organisations acting jointly, expressing concern about the impact on press freedom; other outlets like The Guardian and Private Media, publisher of Crikey, also made submissions raising such concerns. What the issue failed to attract was much in the way of actual press coverage. That finally started to change, but not til JCIS had already issued its report giving the tick to mass surveillance. The week after the report, the ABC’s Media Watch carried some of Australia’s most senior journalists attacking data retention; even The Australian’s Cameron Stewart, a former spy and hitherto a fan of mass surveillance, expressed concerns about protecting sources under a data retention regime. The Financial Review carried a damning op-ed by Law Institute of Victoria president Katie Miller and even ran a rather dodgy poll of 200 subscribers that showed little support for the scheme.

Why the reaction from the media, and in particular from journalists who will be directly affected by data retention, has come so late is a mystery — the ramifications of storing everyone’s communications information have been apparent for years. Then again, much of the media only woke up to the potential impact of last year’s “special intelligence operations” provisions — which could jail journalists for revealing intelligence activities even by accident — once the law had passed. Attorney-General George Brandis eventually had to respond to that by proposing amendments that would require the Attorney-General to sign off on any such prosecution — not exactly the most comforting thought.

Bear in mind that when it comes to tracking down journalists’ sources, all that glitters is not dross. The UK move follows a report by a government watchdog on the level of police accessing of journalists’ metadata; as the report noted, many of the cases related to Operation Elveden, the investigation into bribery of public officials by UK media outlets. As a consequence of that investigation, a number of police, as well as journalists, have been prosecuted, convicted and jailed. Then again, that’s what happens when the media abuses its power — it creates justifications for those who want to restrict it.

This week Brandis, or at least his office, has sought to assuage concerns about the impact on whistleblowers and, like much of what the government has had to say on the subject, was entirely dishonest. His office was reported as making two statements — that the laws would “not provide for any new or increased powers in relation to access to telecommunications data” and that they “not have an impact on existing whistleblower laws”.

The first statement is plainly false: the new laws will give security agencies the power to trawl through two years’ worth of data for most of the population of Australia. What part of that power isn’t “new” or “increased” compared to what agencies currently have is evidently only apparent to the spokesperson for Brandis, who either has a capacity to detect some hypernuance far beyond the normal threshold of human comprehension, or is happy to casually lie.

The second statement is more relevant. It’s a rare mixture of non sequitur and statement of the bleeding obvious. Yes, data retention laws don’t amend existing whistleblower laws (viz., Mark Dreyfus’ Public Interest Disclosure Act 2013). But no, that has virtually nothing to do with data retention. That act covers only public servants, and indeed not all of them, either. Just to repeat that — the “whistleblower laws” to which Brandis blithely refers as though they cover any Australian who might choose to disclose wrongdoing, only cover bureaucrats, not corporate whistleblowers.

More to the point, the act requires the small group of people whom it covers to jump through some fairly elaborate hoops in order to qualify for the lucky title of “whistleblower” — most particularly, you don’t get to be an official whistleblower if you don’t tell one of your superiors first. Doesn’t matter if you’re concerned about your career or even your safety if you reveal wrongdoing in your organisation to someone within that organisation — you don’t get any protections unless you speak internally first.

And even more to the point, the impact of data retention lies in enabling police to identify whistleblowers, even if by some miracle the latter manage to qualify for protection from prosecution. It is anonymity that is crucial to whistleblowers, not just protection from prosecution, because anonymity is the only real protection against the internal discrimination and harassment that is the lot of most whistleblowers once they are revealed.

One thing more for JCIS to consider: if they’re genuinely concerned about mitigating the impact of data retention on whistleblowers and sources, they might want to think of themselves, as well. The AFP have admitted that they obtain the metadata of politicians in order to try to track down whistleblowers. If JCIS ignores this issue, they’ll in effect be saying to the community that they should avoid ever contacting an MP or senator with a confidential issue, or a matter on which they wish to remain anonymous, because thanks to data retention, no politician can guarantee confidentiality to anyone they communicate with electronically.

Perhaps they should widen the terms of reference just a little.