Australia's security agencies quiet on metadata definition

The security agencies that will most use stored telecommunications data under new legislation before the Australian parliament will not reveal exactly what data they want retained until negotiations with telecommunications companies have finished.

When Communications Minister Malcolm Turnbull entered legislation into parliament in October that would force telecommunications companies to retain customer data for a period of two years for warrantless access by law-enforcement agencies, the exact data set to be retained had not been defined.

The type of data is detailed as call records, assigned IP addresses, customer billing details, and other so-called metadata. The legislation specifically rules out retaining internet browsing history, but Turnbull and Attorney-General George Brandis said the data set would be defined through regulation after the passage of the legislation, and once negotiations with telecommunications companies had concluded.

The Australian Federal Police (AFP) and the Australian Security Intelligence Organisation (ASIO) are leading the charge demanding the retention of this data, stating that it is vital for their work in investigating terrorist-related activity and espionage.

Speaking at a Senate Estimates hearing on Thursday, however, the two agencies were reluctant to reveal the exact data set they want.

"This largely relates to the identifiers of who is using the data, and doesn't relate to the content of the data," AFP commissioner Andrew Colvin said.

He was interrupted by Brandis, who said that the data set would be defined after negotiations with telcos.

"I think we're getting ahead of ourselves. The government published a draft data set for the purposes of discussion with telcos and the industry. There was input from various stakeholder agencies. Those discussions are occurring at the moment, so that's where we are," Brandis said.

ASIO's deputy director-general Kerri Hartland also declined to state the definition of metadata according to ASIO, but said that it is vital in the agency's work.

"In terms of the use of metadata, we in almost every investigation, and certainly every serious investigation we undertake, we use such data. It is a very important tool for us. What we're looking for in terms of the data-retention regime is consistency across the data sets held," Hartland said.

Hartland said that ASIO would like the data to be retained for longer than the current set period of two years, as some investigations around serious terrorist threats require the data for longer than that, but said the agency realises that it needs to meet the compromise around privacy.

When asked whether web browsing history is retained, Hartland said that it would require a warrant for ASIO to ask for web browsing history to be kept. She did, however, indicate that download volume may be retained as part of the metadata set.

"This is why we're going through these discussions with industry, so we can get clarity around what each of these elements are," she said.

Liberal Senator Ian Macdonald said that Greens Senator Scott Ludlam had indicated in the Senate that web browsing history would be retained.

"Senator Ludlam doesn't have the faintest idea about [metadata]," Brandis replied.