Australian Security Intelligence Organisation Director-General David Irvine has said that safeguards in place for the access agencies have to stored telecommunications data means it is less of a "Big Brother" government intrusion into privacy than the model in the United States.
In evidence provided to the Senate committee investigating telecommunications interception and access legislation this morning, Irvine said that critics of the scheme that allows government agencies to access stored telecommunications customer data without a warrant do not understand that agencies like ASIO are only able to access the data in a "controlled environment"
"We don't work in a vacuum, we work in a layered accountability system that has been in place for decades," he said.
He said that the current agency request for telcos to keep the data for two years is not a "Big Brother arrangement".
"We're not seeking a Big Brother arrangement where the government itself stores all that data. We want the companies to keep that data. The problem is that as technology advances, the companies don't have the commercial need to keep that data as they once did," he said.
"We are not the United States. We have, in my view, a very adequate surveillance regime, which strikes an excellent balance between the privacy of the individual on the one hand, and the needs for national security on the other hand."
Irvine said he failed to understand why people were comfortable with handing over private information to commercial companies, but raised questions about ASIO's intelligence gathering.
"If you're going to be concerned about that, then frankly, you're going to be concerned about how commercial companies use your [personal] to sell you a new BMW or a new whatever," he said.
"For the life of me, I cannot understand why it is okay for your privacy to be invaded for a commercial purpose, and not for me to save your life."
He said ASIO staff are recruited and promoted on their ability to be accountable and to operate with integrity, and there were measures and levels of approval for intelligence collection.
He also said that ASIO is required to pay telecommunications companies each time data is requested.
"That's another restraint on this notion of mass surveillance," Irvine said.
"We'd be broke in a week."
Greens Senator Scott Ludlam suggested that Irvine's statement was a "red herring".
Irvine also reiterated that the data ASIO would seek to access under data retention would not include web browsing history, and if the agency sought access to that data, it would require a warrant.
"It's the surfing the net that is regarded as content," he said. "Search history... I have to have a warrant."
The government hasn't yet decided whether to proceed with new data retention legislation. Last week Attorney-General George Brandis said the government was "actively considering" the proposal.
Irvine said that the government would need to work with telecommunications companies on developing the policy should it proceed given the companies would be required to store the data for two years. Security obligations would fall to the telcos, with Irving indicating that telecommunications companies generally already had a responsibility to protect customer data.
"If large volumes of data are being stored, what provisions need to be made to ensure the security of that data from unlawful access. This is an issue that relates, in my view, to the responsibility of telecommunications providers and doesn't relate only to stored data."
Irvine also revealed that in the time since the Edward Snowden leaks about NSA surveillance powers, many people ASIO had been keeping tabs on had switched to commercial encryption technology.
"In the last six to nine months, the prevalence of those evasive techniques, particularly since the Snowden revelations, has increased dramatically," he said.
One of the new powers slated for ASIO in national security legislation introduced into the parliament last week would see ASIO be able to access third party "innocent" computers in investigations. Irvine said that this would largely be targeted at innocent computers that are being used as part of "hacker attacks".
He said ASIO wouldn't be interested in the private data on those computers, only "their ability to communicate malicious information to other people."