You're not likely to see Independent MP Andrew Wilkie, Liberal Senator George Brandis, and Labor Senator John Faulkner agreeing on much, but all three were highly critical of the handling of the data-retention proposals by the Attorney-General's Department.
In the discussion paper released in July, the data-retention proposal got two and a half lines of a 61-page document outlining a range of reforms to telecommunications-interception legislation:
Applying tailored data-retention periods for up to two years for parts of a dataset, with specific timeframes taking into account agency priorities and privacy and cost impacts.
But despite the glossing over it got in the discussion paper, it has been the main focus of committee hearings, YouTube videos, and online campaigns, with many concerned that the government is asking internet service providers (ISPs) to keep all of our data for two years, so that it can be accessed by law enforcement without a warrant.
The initial concern was that the "dataset" was not defined. Then the department said it was "metadata" or the information about communications — like the time of a call, the sender, the location from where the call was made — rather than the content itself. Late last month, the Australian Federal Police (AFP) then tabled a document (PDF) in Senate Estimates hearings, explaining that for ISPs, all that would be required was the retention of email addresses and an "internet identifier."
This caused further confusion, because an "internet identifier" could be interpreted as an IP address, which — for the destination IP address — is essentially the person's internet history. Department secretary Roger Wilkins has since said twice that URLs would not be retained under any such proposal, and that any data that could be linked to the content of a communication, such as an IP address, would not be part of the scheme.
On Friday, almost all of the MPs on the committee investigating the proposal took the department to task for not providing enough information about the proposal.
Both Brandis and Faulkner were direct with their concerns about the process.
"There has been concern that from the kick-off of this process, there has not been any flesh on the bones about the data-retention scheme proposal. A very controversial issue manages about two and a quarter lines in a dot point on page 13 [of the discussion paper]," Faulkner said.
"I find it almost incredible that the one issue that we have identified as being of concern to us has been left obscure in the document," Brandis chimed in.
Wilkie questioned how effective it would be, given that "evil doers" will find ways around it through encrypted services.
In fact, the only person who appeared sympathetic to the department and the data-retention proposal was former Attorney-General Phillip Ruddock. Ruddock said that he had lots of feedback from the community about acting on terrorist threats, but none about community concern over the data-retention proposal.
While none of the committee professes to be technical experts, it is clear that the data-retention issue is now front and centre in their minds as a concern to the public. It is something that has united Greens, Independents, and parts of the Liberal and Labor parties.
It is heartening to see the politicians assessing this issue thoroughly, and it is clear that the Attorney-General's Department and law enforcement are becoming increasingly uncomfortable with justifying their reasoning behind data-retention proposals.
I wouldn't be surprised if the report from the committee argues against implementing a broader data-retention scheme. Or, if it does, it will be very narrowly defined. The difficulty here is that a narrowly defined list of what they can and can't obtain about a person's communications records is hardly going to be technology-neutral, and law-enforcement agencies might end up finding themselves in the same situation five years down the track.
In any case, the government can just ignore the advice of the committee and go ahead with its own plans, if it so chooses. Ultimately, we have no way of knowing what will be included in the data that ISPs will be forced to retain until we see the legislation in full. So the "flesh on the bones" is still fairly stringy at this point.