The Parliamentary Committee examining the Government’s controversial national security reforms has recommended that the data retention segments of the reforms go through the committee process once again and criticised the Attorney-General’s Department for the cloak of secrecy it has hung around the issue.
In May last year the Federal Government unveiled a wide-reaching program to substantially reform its telecommunications interception and surveillance powers, with the aim of bolstering the ability of law enforcement organisations to fight crime. The package included a number of controversial measures, including a criminal offence for Australians refusing to decrypt data, new powers allocated to intelligence agency ASIO to hack the computers of innocent Australians in order to gain access to PCs owned by suspects in investigations, and a modernisation of the warrant scheme used to govern law enforcement access to telecommunications data.
However, by far the most controversial proposal contained in the reform program was a project that would have resulted in a massive database of telecommunications data for access to details of all Australians’ telephone calls and emails, in a technique known as ‘data retention’. The reforms as a whole have been being examined over the past year by the Parliament’s Joint Committee on Intelligence and Security, in a process which has come to be known as the ‘National Security Inquiry’. The reforms as a whole were launched publicly by then-Attorney-General Nicola Roxon, but in general they are believed to have been generated by the Attorney-General’s Department itself, with consultation with law enforcement agencies such as ASIO and the Australian Federal Police.
The data retention and surveillance package has been almost universally opposed by a wide range of political, commercial and special interest groups since it was handed to a parliamentary committee to examine several months ago, with groups as diverse as the Institute of Public Affairs, the Greens, Electronic Frontiers Australia, telcos such as iiNet, the Pirate Party of Australia, Shadow Communications Minister Malcolm Turnbull and Liberal Party backbenchers, Victoria’s Privacy Commissioner and many other segments of the community vehemently opposing the package as a dramatic and unnecessary intervention in Australians’ private lives.
Currently, the only organisations known to support the package include the Attorney-General’s Department, which has been discussing data retention issues internally for at least four years, as well as law enforcement groups such as the Australian Federal Police (AFP) and the Australian Security and Intelligence Organisation (ASIO). Other government departments such as the Australian Taxation Office and the Australian Securities and Investments Commission have also expressed interest in the package.
In the last sitting week of Parliament before the September Federal Election, this week the committee released its long-awaited report into the National Security Inquiry reforms. The report contained a stinging rebuke for the Attorney-General’s Department. The committee’s chair, Labor MP Anthony Byrne, wrote that the committee had been faced with three key difficulties in its work.
“Firstly, the terms of reference were very wide-ranging as they contained 18 specific reform proposals containing 44 separate items across three different reform areas,” Byrne wrote. “Secondly, the lack of any draft legislation or detail about some of the potential reforms was a major limitation and made the Committee’s consideration of the merit of the reforms difficult. This also made it hard for interested stakeholders to effectively respond to the terms of reference.”
“Thirdly, that one of the most controversial topics canvassed in the discussion paper —data retention—was only accorded just over two lines of text.”
The Labor MP added: “This lack of information from the Attorney-General and her Department had two major consequences. First, it meant that submitters to the Inquiry could not be sure as to what they were being asked to comment on. Second, as the Committee was not sure of the exact nature of what the Attorney-General and her Department was proposing it was seriously hampered in the conduct of the inquiry and the process of obtaining evidence from witnesses.”
“Importantly the Committee was very disconcerted to find, once it commenced its Inquiry, that the Attorney-General’s Department (AGD) had much more detailed information on the topic of data retention. Departmental work, including discussions with stakeholders, had been undertaken previously. Details of this work had to be drawn from witnesses representing the AGD. In fact, it took until the 7th November 2012 for the Committee to be provided with a formal complete definition of which data was to be retained under the data retention regime proposed by the AGD.”
Partially because of these difficulties, and partially because of the “large amount of criticism and comment from organisations and concerned individuals” the committee recommended that the data retention issue specifically go through a more transparent process and be looked at again in the committee context before going ahead.
“There is a diversity of views within the Committee as to whether there should be a mandatory data retention regime,” the report states in its ‘recommendations’ section. “This is ultimately a decision for Government. If the Government is persuaded that a mandatory data retention regime should proceed, the Committee recommends that the Government publish an exposure draft of any legislation and refer it to the Parliamentary Joint Committee on Intelligence and Security for examination.”
The committee noted that any draft data retention proposal should contain a number of key features, such as a pure focus on ‘meta-data’ and not the actual content of emails or telephone calls; the same controls on agency access to the data as already exists today; the explicit exclusion of Internet web browsing data from the scheme; a stipulation that information constituting a mix of metadata and content should be treated as content; mandatory use of encryption in storing the data; a time limit of two years on retaining the data and a cost recovery scheme where the Government should reimburse Internet service providers for their costs of keeping the data under the system.
In addition, the committee noted that a “robust, mandatory” data breach notification scheme should exist, so that Australians could be notified if their privacy had been inadvertently breached a a result of the scheme; that an independent audit function be established, and that the government ombudman and Inspector-General of Intelligence and Security should have oversight of the system.
Furthermore, the committee also recommended that if a mandatory data retention scheme should proceed, that the committee itself should have an oversight mechanism of the scheme, that an annual report on the scheme should be presented to parliament, and that the committee review the effectiveness of the data retention regime three years after its commencement.
The Greens, which have been opposed to the data retention and many other aspects of the National Security Inquiry reforms since they were first revealed in May 2012, issued a statement this morning demanding that the Government abandon the data retention project in the wake of the committee’s report.
Greens communications spokesperson Senator Scott Ludlam said the report reinforced the overwhelming public opposition to the proposal to collect and store the telephone and email data of all Australians for two years
“98.9 per cent of public submissions to the National Security Inquiry were opposed to mandatory data retention. This report refused to endorse data retention and condemned Government’s secretive approach,” Ludlam wrote. “Today the Government must respect the will of the vast majority of Australians and abandon a scheme that would treat all 22 million of us as suspects.
“The Report vindicates the Greens’ long standing call for the Telecommunications (Interception and Access) Actto be reformed, but does not tackle the key problem – the interception of communications without a warrant.In 2011-2012 government agencies, not including ASIO, made 293,501 requests to access communications data – without a warrant. The Greens’ ‘Get A Warrant’ Bill currently before the Senate fixes this problem, but the Joint Committee’s report ignores it.”
“Also troubling, the report recommends making the refusal to assist in decryption of communications a criminal offence. This has serious ramifications for protecting whistleblowers, journalists’ sources, and general privacy – and should be rejected outright by the Government.”
Ludlam noted that the report, “to its credit”, did acknowledge what he said was the “serious problem” of surveillance over-reach, containing recommendations that would reduce the number of government agencies that can access Australians’ telecommunications data, and also recommending better oversight of such access.
“However, the report is also notable for what it doesn’t discuss: Not one word on data sharing with overseas national security agencies including the United States’ National Security Agency,” said Ludlam, referring to the recent spying scandal to have engulfed the US, and which several commentators believe directly affects the privacy of Australians.
“The PRISM scandal erupted after the committee had concluded taking evidence, and the report ignores the possibility of large-scale warrantless surveillance over Australian citizens by foreign governments,” said Ludlam. “The bulk of the report focusses on the minutiae of surveillance regulations in Australia which may have been rendered completely redundant by transfers of data from the US.”
“Disturbingly, twenty-one of the recommendations point towards a further extension of the ever-growing power of ASIO – including the power to access a third party computer in order to hack the computer of ASIO’s target. This drags law-abiding citizens into the net of ASIO’s surveillance. The Government must abandon data retention, and reveal the whole truth on the ‘deluge’ of information it is receiving from foreign intelligence agencies including the NSA.”
I think much of the rest of the National Security Inquiry package will eventually get through in one guise or another (including most of the provisions relating to ASIO), given its largely bi-partisan support. It looks like this report will put enough controls around much of the rest of the legislation to render it palatable to the mainstream (if not those concerned with digital rights, such as Ludlam).
However, I’m quite unsure as to the eventual fate of the data retention portion of the package. Ordinarily, this kind of highly negative report would signal the virtual death knell for this kind of policy; and I would bet that Labor wouldn’t be keen to pick it up again very quickly, given the overwhelming criticism which the project has attracted, even to the extent that the Labor chair of the committee was willing to publicly criticise the Attorney-General’s Department on the issue.
However, it’s also true that Labor is very likely about to get booted from Government. We saw during the Howard years and previously that Coalition Governments are not shy about enacting draconian new national security powers. Shadow Communications Minister Malcolm Turnbull, a traditional ‘small l liberal’, might be against intrusive powers such as data retention, and so might many of the smart young Liberal MPs currently rallying behind Turnbull’s anti-NBN banner.
But it’s a different situation when it comes to the rest of the Coalition. Shadow Attorney-General George Brandis would appear to represent the perfect Attorney-General from the point of view of the bureaucrats inside the AG’s Department who are the ones really pushing these reforms. The anemic Brandis, who has been virtually absent from this, or any other, policy debate over the past several years in opposition, is unlikely to severely challenge his department’s projects if he becomes the Attorney-General in an Abbott administration, and one suspects that there are many others within the Abbott camp who would be sympathetic to the data retention argument — or, alternatively, just too out of touch with modernity and the Internet to know how much of a threat data retention represents to Australians.
I predict that the data retention policy, specifically, will go away for about 18 months from now, but will pop up again at that stage when AGD has had a chance to get its tentacles into its new AG. We should be grateful that the parliamentary committee examining these reforms appears to have listened to the extreme amount of public concern about them. But don’t be fooled: The bureaucrats in the Attorney-General’s Department aren’t elected and have a great deal more patience for the development of these matters than individual politicians. This fight isn’t over, and I suspect it won’t be over for the better part of a decade yet.