The mandatory data retention regime had one upside in that it was supposed to reduce the number of government agencies, departments and local councils that were able to access your metadata from over 80 down to just over 20.
Those culled from the list weren’t too happy about it at the time, but it seems like they’ve just found another way to circumvent this new regime. Tech site ZDNet first reported yesterday that Communications Alliance, the peak lobby group for Australian telcos, told the Attorney-General’s Department that local councils and the RSPCA were back to their old habits now instead using section 280 of the Telecommunications Act to force Telstra, Optus and other telcos to hand over metadata, bypassing the data retention rules:
“Several agencies that were excluded from the list of Enforcement Agencies with the introduction of the DR regime are now simply relying on powers in their own statutes to request data. Such agencies include local councils (who request access to data to manage minor traffic offences, unlawful removal of trees, illegal rubbish dumping and billposters), the RSPCA, the Environment Protection Authority and state coroners, to name a few. The use of these other powers to access communications data appears to circumvent protections in the Act and TIA Act.”
Sneaky, and a clear contravention of the intention of the legislation. The response came to AGD’s review of whether metadata should be accessible for civil suits, like when chasing down people pirating online. Interestingly, at a casual glance of the submissions online, there are no industry bodies actually backing the proposal, raising the question: why is the government even considering it?