Introduction: Recent terrorist attacks have emphasised the need for counter-terrorism and law enforcement policy to be flexible, robust, and up-to-date. The rise of Islamic State is a significant threat, materially changing the foreign fighter problem. Many of the government’s recent anti-terror law changes have been welcome and necessary. As I argued in December 2014, the “knee-jerk reaction against any and all national security changes is not merely wrong, it’s dangerous. There is no more basic responsibility of government than security.”
However, The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 (“data retention bill”) will mandate the creation of large databases of information about the activities of all Australian internet users, not just those suspected of criminal activity.
The information contained in these databases will be sufficient to reconstruct extremely deep profiles of the activities of internet users. The information within the databases will be potentially available in any court proceeding, including, for instance, as the result of a subpoena in civil litigation. The government has made a decision not to limit access to this information to national security purposes. The creation of these databases manifests substantial new privacy risks to Australians, both from lawful and unlawful access.
The government has not demonstrated that the risks and consequences of mandatory data retention outweigh the benefits to law enforcement, nor has it demonstrated that the existing legal framework – which was substantially revised in 2012 – is insufficient to tackle the security challenges which the government has identified.