The timing of Attorney-General George Brandis’ decision to drop plans to allow metadata to be accessed during civil lawsuits on issues like piracy has more to do with the politics than seeing the light.
Late on Thursday, just before many people kicked off for a long Easter weekend, Brandis quietly announced that the government had dropped plans to allow all the data that telecommunications companies are retaining — purely as part of the mandatory data retention regime — to be accessible under civil lawsuits.
This would have meant that the data would have been available to film companies chasing alleged pirates, or companies chasing the sources of journalists writing stories about their corrupt behaviour.
The government floated the idea late last year just before Christmas, and despite the timing, submissions made to the inquiry from telecommunications companies, media companies, and the public in general were largely opposed to the proposed change, raising the question as to why the government had even considered it in the first place.
Then last Thursday, the government went cold on the proposal. The review conducted by the Attorney-General’s Department found that the case had not been made for access to data. In particular, most individuals sending in submissions were opposed:
“Of the 217 individuals who made submissions, four expressed support for allowing civil litigants access to the data. Almost all other individuals were strongly against making exceptions, largely because of concerns about privacy. A range of submissions expressed concerns that providing access to retained data for civil proceedings would be an expansion upon the stated national security and law enforcement objectives of the data retention scheme, including in relation to cases involving copyright infringement.”
Why the change in heart? Was it simply that those who wanted it in the first place didn’t make their voices heard, or was there more politics involved?
It was curious, then, that this announcement was followed this week by the release of the latest Australian Cyber Security Centre (ACSC) survey on cybersecurity, announced by Brandis as “AUSTRALIAN CRITICAL INFRASTRUCTURE ORGANISATIONS TARGETED BY CYBERCRIMINALS UP TO HUNDREDS OF TIMES EACH DAY” (we apologise — Brandis thought it needed to be shouted in all caps), even though the report itself doesn’t specifically mention critical infrastructure in this context (it has two mentions related to the role of ACSC and CERT Australia).
The decision to drop the civil suits, and the phrasing of the release about the survey to be all about critical infrastructure seems to be more to do with getting on the good side of telecommunications companies about legislation currently before the Senate, which will give the government power to direct companies what tech they can and can’t put in their networks — what is referred to in the sector as the No Huawei (a Chinese tech company) legislation.
Brandis is setting up the case for justifying these new intrusive powers as a means to protect from foreign spies, while also seeking to allay concerns with the average consumer about how their data is being used. The legislation is a big change for the telecommunications companies, but ultimately won’t have a major impact on customers — aside from potentially higher prices because the companies are forced to buy tech the government wants rather than the cheapest one on offer.
It also comes the week after telecommunications companies were required to have their mandatory data retention systems in place, and in a Twitter chat yesterday using the hashtag #LetsTalkCyber, the prime minister’s adviser on cybersecurity matters Alastair MacGibbon was asked about whether mandatory data retention created a bigger cybersecurity risk for these companies retaining the data. MacGibbon said data retention “solves serious crimes” and he didn’t buy that it made the companies more at risk, because they already hold a lot of data.
The chat seemed to be more about allowing security vendors to ask Dorothy Dixers than real engagement, in any case. Including questions that seemingly made no sense, as though they were cut and pasted from emails about proposed questions to ask during the chat.