Data retention is 'the way western nations are going': Brandis

Data retention is 'the way western nations are going': Brandis

Summary: Australia may follow in the UK's footsteps in implementing data retention, but the government won't be rushed on it, according to Attorney-General George Brandis.


Attorney-General George Brandis has said that forcing internet service providers to retain customer data for up to two years for access by law enforcement agencies is under "active consideration" by the government, but it won't be rushing on it like the United Kingdom.

(Image: Screenshot by Josh Taylor/ZDNet)

The House of Commons in the United Kingdom passed emergency legislation today to force telecommunications companies to retain customer data for access by government agencies for law enforcement investigations.

The UK government brought on the legislation in reaction to a ruling by the European Court of Justice in April that the EU directive forcing data retention for between six months and two years was invalid because requiring the retention of the data directly interferes with those fundamental rights.

The last report from the Attorney-General's Department revealed that in Australia, a wide range of local, state, and federal government agencies accessed telecommunications customer data 319,874 times in the 2012-2013 financial year.

The data, which the government prefers to describe as "metadata", is a comprehensive history of the time, date, location, and recipient information about telephone calls, emails, and other communications. A warrant is not required to access the data because agencies argue that telecommunications customer data does not include content.

Government agencies have been arguing that telecommunications companies should be required to store this data for up to two years, but a parliamentary committee report last year left the decision on data retention to the government.

As Brandis today announced the introduction of the first legislation created from the report, aimed at boosting ASIO's spy powers, he said that data retention was one matter under "active consideration."

"The question of data retention is under active consideration by the government. I might point out to you as recently as yesterday, the House of Commons passed a new data retention statute. This is very much the way in which western nations are going," he said.

As many as seven countries in Europe have ruled that data retention is unconstitutional. Brandis also pointed to the recently thrown out EU directive as evidence of the regime existing in other parts of the world, but said Australia was undecided at this stage.

"It has been the case in Europe under the European data retention directive for some little while now. It's not a decision Australia has yet made. It is not a matter that the Australian government has decided to do, but it is true to say it is under active consideration," he said.

Talking points obtained by ZDNet under Freedom of Information revealed this week that the Attorney-General's Department is moving to distance any proposed data retention regime in Australia from the rejected EU directive, stating that there will be more privacy safeguards in place in the Australian setting.

Brandis said the government would not be rushed on national security legislation.

"The government has thought carefully and thoroughly about the recommendations of the committee. The public are entitled to be reassured that their government will put the security and safety of the Australian people foremost, but they're also entitled to be assured that in making policy choices and reforming laws, governments behave in a careful and considered manner, and not in a hasty or reactive manner," he said.

"We haven't approached this in a hasty way."

Head of Australia's peak intelligence agency, ASIO, David Irvine said that data retention was "absolutely crucial", but it would be held by the telcos, not ASIO.

"As there is increasing sophistications in communications, almost every ASIO investigation, and a very large number of law enforcement investigations depend at least on access to retained data [collected by telecommunications companies]," he said.

"We don't collect it and retain it ourselves."

The national security legislation, including data retention will likely have bipartisan support from Labor to get through parliament. Earlier this week former chair of the Joint Standing Committee on Intelligence and Security, Labor MP Anthony Byrne, called on the Australian government to bring on similar data retention legislation before a terrorist attack occurs in Australia.

Opposition Leader Bill Shorten today also indicated that Labor would consider supporting data retention legislation provided that the Independent National Security Legislation Monitor was retained. The Coalition had originally planned to axe this position, but Brandis announced today that the role would be retained.

Additional national security legislation is expected to be brought to parliament in the Spring sittings, Brandis said.

Topics: Privacy, Government, Government AU, Australia


Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Well, the thing about the "way things are going" . . .

    "the way western nations are going"

    Well . . .

    . . . you know what? Not everybody has to go the same way. If Australia doesn't want to go that way - it doesn't have to.

    Shocking, I know.

    "The data, which the government prefers to describe as 'metadata'"

    That's a common way to describe it.

    In some sense, metadata is a real thing: It's data that describes other data. Metadata in photos can contain information such as dimensions, type of description, camera settings when the photo was taken - and even GPS position information, in the case of photos taken with devices with GPS built in (ie smart phones).

    In another sense, governments really are abusing the term: Metadata *IS* a type of data itself, and *CAN* contain personally identifiable information (PII), which is considered sensitive information in many jurisdictions, and should be protected.

    In fact, I'd argue that metadata is sometimes MORE sensitive than the data itself.

    * A photo may be completely generic, like a sunset, but the metadata can contain time and GPS position.

    * A Word document can just be a recipe for meatloaf, but the metadata can contain things like your full name and the company you work at.

    * A phone call can be just about the weather today, but the metadata can contain your phone number, and if your number is listed, can lead back to your home address.

    However, even though sometimes metadata is more sensitive than the data itself, governments seem insistent that they treat it as a "lesser" form of data. Which is something I'd like to move us away from.