The Joint Parliamentary Committee on Intelligence and Security has launched its inquiry into Australia's telecommunications interception laws, following a request for a review by Attorney-General Nicola Roxon earlier this year.
In May, Roxon asked the committee to look at reforming five pieces of legislation to assist law-enforcement agencies working with telecommunications companies in investigating organised crime and terrorism.
The terms of reference for the inquiry are largely the same as those that were provided in May. While the government is looking to actively progress and consider a number of reforms, at this stage it is just seeking the views of the public on data retention. It is seeking public opinion on whether the Telecommunications (Interception and Access) Act 1979 should be amended to require telecommunications companies to have data-retention periods of up to two years for certain, as yet undefined, data sets. The committee is to take into account what impact this would have on customer privacy, and the costs it would impose on telcos.
The Attorney-General's department also published an accompanying 61-page discussion paper (PDF) outlining the proposals put to the committee. In the paper, the department stated that rapid changes in the telecommunications environment and new technologies impact the ability of law enforcement agencies to investigate and prosecute crimes.
"Telecommunications sector security reform seeks to address the national security risks posed to Australia's telecommunications infrastructure. The security and resilience of such infrastructure significantly affects the social and economic well‐being of the nation," the department stated.
"While advances in technology and communications have resulted in unquestionable benefits to society and the economy, they have also introduced significant vulnerabilities, including the ability to disrupt, destroy or alter critical infrastructure and the information held on it. As Australia’s telecommunications landscape continues to evolve, it is appropriate and timely to consider how best to manage risks to the data carried and stored on our telecommunications infrastructure, to secure its availability and integrity in the long term."
Although the government is just seeking public opinion on data retention, and is not seeking to change the law at this stage, it has flagged that it ideally would like internet service providers (ISPs) to store data for up to two years, and access to that data should be provided when investigating crimes that carry a jail term of three years, a reduction from seven years.
The department said that it needed to change the type of data it wanted to intercept, because carriers had changed the sort of information they kept on record.
"As carriers' business models move to customer billing based on data volumes, rather than communications events (for example, number of phone calls made), the need to retain transactional data is diminishing. Some carriers have already ceased retaining such data for their business purposes, and it is no longer available to agencies for their investigations."
The department also noted that IP-based telecommunications also made it difficult to reconstruct data for the purposes of interception, and given the large volume of data, reconstructing IP-based communications was difficult for agencies.
Under the current Act, agencies can access "stored communications", which would include emails and text messages. The department proposes that interception of communication of data should be targeted to specific topics or areas, to avoid agencies having to sift through irrelevant data and potentially invade the privacy of innocent parties.
"One way to address these concerns would be to introduce a simplified warrant regime, that focuses on better targeting the characteristics of a communication that enable it to be isolated from communications that are not of interest."
Costs for implementing the interception capability should be shared between the government and the carriers, according to the department. Carriers pay to install, develop and maintain the interception capability, while agencies pay to develop, install and maintain the delivery of those communications to the agencies. The larger carriers, like Telstra, would be expected to have a comprehensive system for interception, while smaller providers would only be expected to provide reasonably necessary assistance to agencies.
The committee will accept submissions on the review until 6 August 2012.