AGD advised Dept of Agriculture to skirt metadata laws and rely on coercive powers
When Australia's metadata retention laws made their way through Parliament with the support of both major parties in 2015, the Bills reduced the number of government agencies authorised to request metadata to 21.
Subsequently, 61 agencies that previously had access to telco metadata sought to be added to the list of metadata enforcement agencies.
Among that number was the Department of Agriculture, which, in a letter written in March 2016 revealed under Freedom of Information (FOI) laws, said it was advised by the Attorney-General's Department (AGD) to try to access metadata through means other than being declared an enforcement agency.
"On advice from the Attorney-General's Department, the department has considered other methods of obtaining metadata using statutory coercive powers under portfolio legislation, and by engaging the Australian Federal Police (AFP) to obtain metadata," Department of Agriculture and Water Resources Deputy Secretary Lyn O'Connell wrote a letter dated June 10, 2016, and published on RightToKnow.
"The department has received preliminary legal advice as to the merits of using coercive powers, which suggests that the approach is problematic due to the construction of portfolio legislation.
"Advice received from the AFP indicates that it does not have the resourcing, compliance, or risk considerations to obtain metadata on behalf of other agencies, including the department."
A Department of Agriculture spokesperson told ZDNet that the department does not currently have the means to access metadata, and that the legislation needed to allow it to use coercive powers is not within its remit.
The spokesperson said the department still believes it should be declared an enforcement agency.
In the documents released under FOI, the Department of Agriculture said that because it enforces criminal law and is responsible for administering legislation related to biosecurity and quarantine, it should have access to telecommunications metadata.
Between January 2011 and June 5, 2015, the department said it had made 318 requests for telecommunications data in relation to 76 investigations.
The department cited three investigations where stored telco data had played a part. In one instance, the use of IMEI association and location data led to the identification of an offender; while in another, an international smuggling ring was busted; and telco data was used to help prosecute a company and one of its directors involved in a separate smuggling network.
"The department would have been unable to obtain the information used in the above examples without access to historical telcommunications data," it said in 2015. "No other data holdings or repositories held the relevant data to identify and prove the communication of suspected criminal entities."
The Attorney-General's Department did not respond to ZDNet on how many agencies it has advised to use coercive powers.
In March, AGD said it had no issue with the ability of government agencies to make demands on telco data outside of the scope of Australia's data retention laws.
Under those laws, law-enforcement agencies are able to warrantlessly access customer call records, location information, IP addresses, billing information, and other data stored for two years by telecommunications carriers.
"There have long been provisions in the Telecommunications Act 1997 allowing records, including telecommunications data, to be disclosed where required or authorised by law," a spokesperson for AGD told ZDNet at the time.
"These powers are distinct from the data retention regime set out under the Telecommunications (Interception and Access) Act 1979."
In its response to ZDNet, AGD did not say it would look to prevent agencies from accessing metadata by other means.
On Thursday, a spokesperson for Shadow Attorney-General Mark Dreyfus said the matter had been raised via the Parliamentary Joint Committee on Intelligence and Security.
"To get a direct response from the government, the shadow attorney-general will write to the attorney-general to establish the full facts of the matter," the spokesperson said.
The Australian government in April decided to prevent civil litigants from using metadata stored under data retention laws in court proceedings, saying its review into the matter found there was "insufficient reason" for allowing exceptions.
Updated at 4.30pm AEST, June 22: Added comment from Shadow Attorney-General Mark Dreyfus.