Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014



This is controversial legislation – and I can understand why some people are very concerned about it.

Even senior members of the Government have previously expressed concerns about the retention of telecommunications data for the purposes of law enforcement:

The Minister, who introduced this Bill, Malcolm Turnbull, said in 2012 that: “I must record my very grave misgivings about the proposal”.

In 2013, he said that a data retention regime would have a QUOTE “chilling effect on free speech.”

The Deputy Leader of the Liberal Party Julie Bishop said in 2012 that QUOTE “the idea that the government should collect and retain the online records of all Australians for a period of two years I think is disturbing. It appears to go too far and I would have to be persuaded that this was a reasonable request.”

These concerns are not restricted to one side of politics.  

People in all political parties have concerns about the mandatory retention of telecommunications data.

Legislation like this raises legitimate and serious privacy issues – and it is important that they are addressed.

This is also complex. 

It’s not easy to get your head around. 

We saw a compelling example of that last year when the Attorney General couldn’t explain to David Speers on Sky News what metadata was or whether telecommunications companies would be forced to keep a record of the websites people visit.

That’s why when the Government introduced this legislation into the Parliament just before Christmas we said it shouldn’t be rushed through.

It should be subject to a proper inquiry by the Parliamentary Joint Standing Committee on Intelligence and Security.

And that’s what has happened. I have been privileged to be a member of that Committee as part of its work.  


The Work of the Committee

The work of this Committee has made clear to me that this legislation – in its current form, in its original form – is not good enough.

The Committee received more than two hundred written submissions and held three days of public hearings.  It also held a number of private hearings.

The weight of evidence that we received made very clear that this legislation in its current form puts too much power in the hands of the Attorney General.

It also doesn’t sufficiently address legitimate concerns about privacy and the protection and security of the data that will be retained.

It also doesn’t have the oversight powers and resources that are really needed here – to make sure that the use or misuse of people’s telecommunications data can be properly investigated.

That’s why, as a Committee, we recommended a lot of changes to this Bill – 38 in all.

I will go through some of those in a moment and why I think they are important.  But first I just want to explain what is happening now in Australia.


The Current Situation

Right now telecommunications companies keep a lot of data about us. Metadata. They don’t all keep the same data.  And they don’t all keep it for the same period of time.  Some data is held by companies for a couple of weeks.  Some data is held for up to seven years.

And police and other law enforcement agencies access this data right now.  And a lot of it.  

Last year there were more than half a million applications by law enforcement to telecommunications companies to access metadata.

It is part of most investigations.  It doesn’t always solve crimes but it is an important investigation tool.

For example – police turn up to a crime scene.  There is a dead body.  There are no witnesses.  One of the first things that police will do is seek the phone records of the person who has died to see who were the last people they were speaking to.

Sometimes it provides the evidence that is critical to a conviction – we saw evidence of that in the case in the murder of Jill Meagher in 2012.  In that case it was telecommunications data that led to the conviction of Adrian Bayley.

This data is being accessed right now.  Not just by police but by 80 different organisations – including Councils and the RSPCA.

And there are very few rules around it.  And very little oversight.  And therefore very little evidence about how it is used and misused.


The Purpose of this Legislation

The argument that the Government has used is that this legislation is required because telecommunications companies are not holding our data for as long as they used to, and that they are going to hold less and less in the future, and, that therefore, law enforcement agencies won’t be able to do their job.

This is sometimes called ‘going dark’. 

The Prime Minister has said recently that if this legislation is not passed there will be QUOTE “an explosion of unsolved crime.”

This is not right.

It is true that some telcos have reduced the amount of data they hold.  But it is also true that the major telcos (Telstra, Optus and Vodafone) all told the Committee in public hearings that they have no intention of the reducing the amount of data they currently retain.

In my view the real purpose of this legislation is not to stop law enforcement going dark.  It’s more about consistency. 

It will require all telcos to keep the same type of data and hold it all for the same period of time.  That will invariably mean that law enforcement agencies will have access to more data – data that is not currently being held by some telcos for two years.

The real reason I think to support this legislation is this – law enforcement agencies access our telecommunications data right now – with very few rules around it and very little oversight.

If the recommendations of the Joint Standing Committee are adopted, this will put in place tighter rules, and for the first time oversight of the agencies that access our data and their use or misuse of it.


Key Recommendations

I want to focus now on some of those key recommendations.

First – the controversial issue of what is metadata.

This Bill in its current form leaves this to regulations.  In other words leaves it to the Attorney General to decide. 

The Committee rejected this approach.  It puts too much power in the hands of the Attorney General – and creates too much uncertainty.

We therefore recommended that the data set that telcos have to keep be embedded in this legislation.

Second – who can access this data?

Again the Bill leaves that question to the Attorney General to decide.  And again the Committee rejected that approach.

The Committee recommended that the Parliament, not the Attorney General, should decide what data has to be kept and who can access it.

Third – at the moment it is doubtful whether individuals have access to their own telecommunications data.

The legislation deals with law enforcement access to data – but doesn’t address the issue of individual rights to their own telecommunications data.

The Committee’s recommendations will fix this problem.  The Committee recommends that telcos be required to provide their customers with access to their own telecommunications data upon request for a fee – and I am glad to see in the wake of this recommendation Telstra recently announced that they would put this into place for their own customers effective from the first of April.

Fourth – the security of the data kept under this legislation is also a real issue.

The last time the Committee looked at this issue in 2013 it recommended that the data be encrypted.  This legislation says nothing about that.

In 2013 the former Attorney General Mark Dreyfus also introduced legislation to create a Data Breach Notification Scheme.  In other words, if your data is hacked, you are notified.  This legislation was introduced into this place but lapsed after the last election.

The Committee has recommended that this data be encrypted and that Data Breach Notification System be created.

The Committee also looked at the important issue of where this data should be held.  We made no recommendation about this but this is an important issue.  There are good arguments to say it should be held in Australia. The former head of ASIO, David Irvine made that argument as recently as yesterday in Australian newspapers. The Committee looked at this issue and will look at this further when it examines the forthcoming Telecommunications Security Sector reforms.

Fifth – how will this data be used by other people and other organisations in civil litigation?

This was the subject of a lot of confusion when this legislation was introduced.  The AFP Commissioner said it could be used to track down people who illegally download movies and TV series like Game of Thrones.

On the Q&A in November last year George Brandis said that wasn’t right.

Tony Jones:  Well can I put something to you and that is that I think that a lot of Australians are probably quite surprised to hear Commissioner Colvin suggests that … the metadata gathered could be used in a whole range, beyond terrorism, of different prosecutions possibly even against internet pirates.

Attorney General George Brandis responded:  Well, they can’t and they won’t be.

But that’s not right either.  There is nothing in the Bill that prevents the use of this data to pursue people illegally downloading movies in a civil court.

The recommendations by the Committee will help fix this problem.  We have recommended a prohibition on the use of data retained under this legislation from being used in civil litigation.

Sixth – the issue of costs.

This is very expensive.  The capital cost of setting up this system has been estimated by PWC to be between – $188M and $319M.

We all pay for that – one way or another.  A substantial proportion will be paid for through our taxes.  The rest through our telco bills.

It is a capital cost, not an annual operational cost, but it is still expensive.   I am particularly concerned about the impact this might have on small telcos.  Competition in this sector is extremely important and I am worried about the risk of this pushing small telcos out of the market.

The Committee recommended that the Government ensure that the funding they provide to telcos to set up this scheme is tailored in a way to particularly help small providers who may not have the capital budgets or operating cash flow to implement this legislation without upfront assistance. The Government has committed to do this. I thank them for it. It is important that this happens.

Seventh – the sort of powers that law enforcement agencies already have access to our data should be subject to real oversight.  As I said, at the moment they are not.

The original Bill gets one thing right.  It gives the Commonwealth Ombudsman oversight and investigative powers over the use or misuse of telecommunications data.

This includes full investigative powers, the power to compel officers to answer questions, and access to all records and premises. This applies to Federal and State law enforcement agencies.

But what isn’t done and don’t see in the initial legislation is give the Ombudsman the resources they need to do this job.  In evidence to the Committee the Ombudsman Mr Colin Neave said he lacked the resources to do this job.  And he said he will need an additional 12 staff and $2.3M in the first year and $1.65M per annum thereafter.

The Committee in our report recommended that these resources be provided. It’s important this happens.

It also recommends for the first time real parliamentary oversight.

At the moment the Parliamentary Joint Standing Committee on Intelligence and Security is not allowed to examine operational matters.

This will also now change.  The Committee will have the power to examine the use of this legislation by the AFP and ASIO.

This is important.  It will give the Parliament for the first time the power to examine the operational activities of law enforcement and security agencies.

This is the first step for this Parliament – it gives the Parliament the power to oversight the operational use of misuse of this legislation.

But it is just the first step.

The next step is to do what John Faulkner proposed in a Private Senators Bill last year – that is to give the Parliamentary Joint Standing Committee on Intelligence and Security a general power to review the operational activities of our law enforcement and security agencies.

This will give the Parliament the same sort of oversight powers that the US Congress and the UK Parliament has.


Press Freedom

There are a lot of other important recommendations I don’t have time to mention them in this debate.

But I do want to say something about the issue of press freedom and how this legislation should apply to journalists.

This is an area where agreement wasn’t reached in the Committee.

In my view if law enforcement agencies want to get access to a journalist’s telecommunications data to get their sources, they should have to get a warrant from a court.

There is a simple reason for this.  Journalists are different.  The privacy of their sources is integral to freedom of the press. It’s why journalist shield laws exist.

It’s also important because sometimes it’s journalists who are investigating law enforcement.

The UK Parliament has recognised this. Two weeks ago it passed legislation that requires law enforcement agencies to get a warrant to access a journalist’s metadata.

I am glad the Prime Minister has finally backed down and agreed to amend this bill to require law enforcement agencies to get a warrant.

The Government now needs to work with us, the crossbench and Australian media organisations to get that amendment right. 



I want to go back to where I started.

This is complex and controversial legislation.

I understand why many people are concerned about it. 

The Government hasn’t explained why these laws are needed very well. 

No one should be under any illusion that this legislation will somehow stop terrorism.  This wouldn’t have stopped the attack at the Lindt café in Sydney.  ASIO and the NSW Police both admitted that in the public hearings.  But metadata was useful during the siege and after.

The fact is less than two per cent of current requests for metadata are about terrorism or paedophile cases.  The rest are the whole range of other criminal offences – big and small.

Remember this – half a million applications a year. By 80 different organisations.

With very few rules and very little oversight.

The Committee’s recommendations to this Parliament help fix that.

They mean tighter rules, and for the first time real oversight over the use and misuse of this data.

I am glad the Government has agreed to accept them. The original bill was not good enough. I urge members to support the amendments.