With Simon Breheny
Thank you, first of all, to the committee chair, Senator Scott Ludlam, and the other members of the committee for inviting us to speak with you this morning. At the outset, let me make some general statements of principle. These principles should guide any reform to the Telecommunications (Interception and Access) Act 1979.
Interception and access of telecommunications data by government agencies is an intrusion into the human right to privacy. As individuals we have the right to control aspects of our lives that we wish to keep private. Government access to communications data should be strictly limited. The first limitation on access to communications data is the requirement that it must be targeted towards a person reasonably suspected of criminal wrongdoing. The second limitation is that interception of and access to communications data should only be allowed in accordance with a warrant issued by the courts. Warrants allow the interception and access to communications data in limited circumstances. They create a threshold for interception and access and ensure a level of accountability of the law enforcement agencies conducting criminal investigations by judicial oversight.
The proposal to introduce a mandatory data retention regime in Australia is a clear violation of these principles. Mandatory data retention would establish a systematic and ongoing mass surveillance regime on the internet activity of everyone in Australia. It is a very serious breach of privacy; it is easily circumvented and it is likely to suffer significant mission creep. As my colleague Chris Berg has argued, mandatory data retention will also have a chilling effect on free speech. The Australian privacy principles were updated and implemented just six months ago, yet mandatory data retention is a policy that would require the explicit rejection of these principles—namely, that businesses, including internet service providers, should only retain the information that is required for business purposes and should delete that data when it is no longer required for those same purposes.
We have seen in recent times some very significant breaches of privacy by government agencies. Most recently, the Australian Federal Police was responsible for a very serious breach of privacy when it revealed the identities of criminal suspects and other details about criminal investigations. Such inadvertent disclosures are unavoidable, but government should be seeking to reduce the possibility of these disclosures where possible. It is also worth noting that it has not been adequately shown that preservation orders are not adequate to achieve the aims of the law enforcement. Stored preservation orders are targeted, proportional data retention schemes that offer a flexible and privacy-protecting mechanism to law enforcement agencies. It is striking to us how rarely the existence of this mechanism is discussed in the data retention debate when it would seem to resolve all the problems with the TIA act that have been identified by law enforcement agencies.
The authorised access regime established under the TIA act allows for warrantless access to communications data stored by telecommunications companies. This is a clear breach of the principle that access to communications data should not occur unless a warrant has been issued by judicial authority. The TIA act annual report 2012-13 revealed that there were more than 300,000 access authorisations made in that year. Some of these authorisations were made by organisations like Australia Post, the Clean Energy Regulator, Harness Racing New South Wales and the Wyndham City Council. The authorised access regime should be abolished and should be replaced with a regime where communications data may only be accessed in accordance with the warrant issued for that purpose.
One of the problems we have identified in this debate concerns the word ‘metadata’ as opposed to ‘content data’. In our view the word ‘metadata’ describes nothing of analytical value; it is all just data. Indeed, as has often been pointed out in this debate, metadata is capable of revealing even more than what has been described as content data. We are happy to discuss the issue in detail if the committee wishes. Thank you.