If we’re to accept the justification for the government’s data retention scheme at face value, Parliament’s Joint Committee on Intelligence and Security should immediately seek to inquire into its shambolic introduction by the Attorney-General’s Department.

Despite the government rushing the establishment of the scheme through Parliament, when the scheme commenced on Tuesday, only a small number of ISPs had had their data retention implementation plans approved by AGD. The rest remain gummed up inside George Brandis’ department — the department that lost track of Man Monis’ letter and misled Parliament about it, the department whose secretary, Chris Moraitis, “lost his notes” of a crucial meeting to tell the head of the Human Rights Commission to resign.

Under successive ministers and secretaries since 2008, AGD’s attempt to introduce data retention has been a litany of bungles. Its secret industry consultations in the Rudd era leaked. Its attempt to railroad the issue through cabinet was halted by other departments criticising the proposal. The department repeatedly misled Senate committees about its work on data retention. When JCIS was tasked by then-attorney-general Nicola Roxon with considering national security reforms including data retention, the department’s discussion paper — which it later admitted to the committee was inadequate — barely mentioned data retention at all, and JCIS had to find out second hand that the department had already prepared draft legislation for the proposal. The department ended up on the receiving end of scathing criticism in the committee’s report.

And as repeatedly noted, AGD has still been unable to properly define the dataset it wants retained — a problem since 2008 and one that continues to confront service providers all these years later.

The department’s inability to process implementation plans in time for the formal commencement of the scheme — it appears to have been too busy issuing threats to companies — is despite AGD helping itself to nearly $3 million of the appropriation intended to help fund a fraction of industry’s costs in implementing the scheme. That money would have funded an additional 18 bureaucrats in AGD to help set up the scheme.

Meantime, smaller ISPs and other service providers struggle with the burden of trying to meet unclear legal obligations, as well as the additional capital costs they face from establishing additional storage capacity to keep citizens’ personal data. All from a government that likes to pretend it is about cutting red tape and deregulation for business.

While some of these issues are likely to be teased out at estimates hearings of the Legal and Constitutional Affairs Committee next week, AGD officials will be able to deflect detailed probing from senators by relying on claims of commercial confidentiality and national security. That’s where JCIS comes back into the frame. Under the data retention legislation, JCIS has a very strong role in overseeing the scheme — unusually for the committee, and the product of a push by Labor MPs to give the committee more power to reflect the greater powers security agencies were being handed by Tony Abbott. JCIS has to review amendments to the legislation, it must be copied into much of the paperwork relating to both the scheme and to the “journalist information warrant” process belatedly added by the government, and demand briefings on it, and it must conduct a review of the scheme after three years. Having changed its position from 2013 and backed data retention this year, JCIS in effect owns the scheme and the safeguards it says will protect Australians.

If we accept the claims of the government, AGD itself, agencies like ASIO and the Australian Federal Police and some JCIS committee members at face value, the data retention scheme is crucial to our national security. And yet the scheme has commenced without AGD having made sure that most of the industry was actually compliant with the scheme’s requirements, or even understands exactly what dataset is supposed to be retained. How many crimes will, according to mass surveillance spruikers, go unsolved because companies aren’t keeping data? How many attacks won’t be prevented? If data retention advocates truly believe it’s so important, a JCIS examination into the bungled implementation of the scheme by AGD — the department that ignored a disturbing letter from Man Monis — is surely warranted.

The problem is, JCIS can’t initiate its own inquiries. Committee chair Dan Tehan would have to ask George Brandis to request the committee conduct such an inquiry. And Brandis is not exactly likely to ask the committee to inquire into his own department.

All the more reason why a private member’s bill before the Senate, introduced by Labor Senate leader Penny Wong (inherited from John Faulkner), which would give the committee the power to initiate its own inquiries, deserves to become law. If we’re going to have a government that hypes national security above everything else, then let’s have a proper oversight process for it that holds the agencies charged with implementing it to proper account.

Peter Fray

Fetch your first 12 weeks for $12

Here at Crikey, we saw a mighty surge in subscribers throughout 2020. Your support has been nothing short of amazing — we couldn’t have got through this year like no other without you, our readers.

If you haven’t joined us yet, fetch your first 12 weeks for $12 and start 2021 with the journalism you need to navigate whatever lies ahead.

Peter Fray
Editor-in-chief of Crikey