Australian telcos were forced to hand over customer data to law enforcement agencies without the need for a warrant more than 600,000 times in the last financial year, even before Attorney-General George Brandis’ mandatory data retention scheme was in place.
The Australian Communications and Media Authority revealed 824,841 disclosures were made of customer data under the Telecommunications (Interception and Access) Act and the Telecommunications Act in the last financial year in its annual report, tabled in Parliament last week.
This is up from 748,079 made in the 2013-2014 financial year.
Of the total disclosures, 604,718 were made under the TIA Act, the law that allows government agencies to request data held by telcos in order to investigate crimes. This was up from 582,800 in the previous 12 months.
The overwhelming majority of these disclosures were for the enforcement of criminal law, with authorities using the data to find missing persons, protect government revenue, or enforce a law in a foreign country requiring fewer disclosures.
This data is reported to ACMA by the telcos as a reflection of how much data they are handing over, while a separate annual report into the TIA Act, usually handed down in November but delayed until March this year, examines how many times the law enforcement agencies request data.
The difference between the two is that one deals with the number of times requests are made — regardless of the amount of data that is requested — and the other is the number of times data is handed over.
The AGD figure is much lower (334,658 authorisations in 2013-2014; we don’t have current figures yet) because one request from one law enforcement agency can result in multiple disclosures of customer data, often from more than one telecommunications company.
The two are often confused, but worth highlighting separately, because it gives a better picture of what agencies want to access versus what they are getting. The AGD report also breaks down into what individual agencies are requesting, which ACMA does not report.
It was confusing, then, as to why the then-Abbott government attempted to stop telcos from reporting this data to ACMA as part of its “red tape reduction” program last year.
Plans to stop this reporting were eventually abandoned when the government was told that this was a very useful transparency measure to include while the government was also trying to legislate to force telecommunications companies to keep much more data for two years.
Now with mandatory data retention in place, albeit with the government allowing telcos until April 2017 to be fully compliant, the real interesting stats from mandatory data retention will not be revealed until after this financial year.
Those statistics will show the true impact of the legislation. While telcos will have much more data and for a longer period for agencies to access, the government claims access to that data has been limited to fewer agencies, meaning fewer fingers in the pie.
This is all without including disclosures made to the Australian Security Intelligence Organisation, which is exempt from the reporting.
The Inspector General of Intelligence and Security’s annual report, tabled last month in Parliament, revealed one unnamed intelligence agency had “serious gaps” in its record keeping.
It only came to light after a public official disclosed the matter to IGIS under the Public Interest Disclosure Act for whistleblowers.
IGIS reported that there were “serious concerns” about the record keeping. It was said to have been dealt with by the agency and a “very valuable lesson had been learnt”, without any specific actions taken against the anonymous agency.