Telecommunications Data Retention Legislation Introduced into Parliament
Friday 31 October 2014 @ 12.42 p.m. | Crime | IP & Media
Yesterday (30 October 2014) the Federal Communications Minister Malcolm Turnbull introduced the government’s widely reported and controversial Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. The Bill will require, among other matters, that internet service providers (ISPs) store details of internet usage by Australians for a period of two years.
Key Features of the Bill
Essentially the Bill amends the Telecommunications (Interception and Access) Act 1979 (Cth) (the TIA Act), and the Telecommunications Act 1997 (Cth) to standardise the types of telecommunications data that ISPs must retain under the TIA Act and the period of time for which that information must be held by ISPs.
The Bill, according to the second reading, gives effect to several of the Parliamentary Joint Committee on Intelligence and Security's (the PJCIS) recommendations on data storage, the key ones being:
- Mandatory data retention will only apply to telecommunications data (not content) and internet browsing is to be explicitly excluded.
- Mandatory data retention will be reviewed by the PJCIS three years after its commencement.
- The Commonwealth Ombudsman will have oversight of the mandatory data retention scheme and more broadly the exercise of law enforcement agencies’ powers under Chapters 3 and 4 of the TIA Act.
- The Bill confines agencies’ use of, and access to, telecommunications data through refined access arrangements, including a ministerial declaration scheme based on demonstrated investigative or operational need.
The Bill amends the TIA Act to standardise the types of telecommunications data ISPs must retain under the TIA Act and the period of time (namely, two years) for which that information must be held.
In his second reading the Minister indicated that the Bill did not affect access to substantive information and that the current restrictions and checks and balances applying to substantive information would remain in the TIA Act saying:
"Accessing content, or the substance of a communication (for instance, the message written in an e-mail, the discussion between two parties to a phone call, the subject line of an e-mail or a private social media post), without the knowledge of the person making the communication is highly privacy intrusive and under the TIA Act can only occur under an interception or stored communications warrant, or in limited other circumstances such as in a life-threatening emergency. Interception is subject to significant limitations, oversight and reporting obligations. None of these arrangements are affected by this Bill."
The Bill reduces the number and type of agencies allowed to access the information under the TIA Act which currently includes bodies like the RSPCA and local government. The Bill will now limit access specifically to criminal and law enforcement agencies (namely; federal, state and territory police and anti-corruption agencies), Australian Customs and Border Protection, and those declared by the Attorney-General as criminal law enforcement agencies, such as the AFP and ASIO.
The Bill allows ISP's to seek an exemption from their data retention obligations under the proposed legislation, and will be able to apply to the Communications Access Co-ordinator to be excused from either retaining metadata altogether; retaining specific metadata or retaining the data for the designated two year period.
Criticism and Response
One issue so far is that while the Bill prescribes that telecommunications service providers must retain a data set on each customer for two years, to be made available to law enforcement agencies without a warrant, the actual details of the data required are yet to be detailed by the government, with the Minister indicating in his second reading, that such will be outlined as part of future “supporting regulations”, to be made under the Bill once it becomes an Act.
The proposed Bill has been controversial since it was first mooted by the government, largely due to opposition coming from both ISPs, legal groups and ordinary citizens concerned about the costs and privacy implications. It continues to be controversial with the cost, and the as yet ill-defined area of metadata collection and storage causing the most reaction. For example the cost has has been said to be as much as 200 million by ISPs, including iiNet and Optus.
Next Steps for the legislation
The Minister is reported as indicating that consultation on the Bill will be undertaken in the next few weeks with the industry to set out the technical details of the data to be kept and the cost to ISPs of meeting their obligations under the Bill.
TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products.
Sources:
- Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 supporting materials and EM as reported in the TimeBase LawOne Service.
- Illegal downloaders could be targeted by new data retention laws (Financial Review - 31 October 2014)
- Turnbull introduces data retention legislation (IT News - 30 October 2014)