AFP backs privacy and metadata over anonymity

As Australia's PM ramps up his push for the passing of the government's mandatory data-retention Bill, AFP assistant commissioner Tim Morris has said that the agency cannot support the right to anonymity where it may lead to unlawful activity.

An individual's right to anonymity should play second fiddle to the Australian Federal Police's (AFP) right to access metadata without a warrant if that anonymity leads to unlawful activity, according to the law-enforcement agency's assistant commissioner Tim Morris.

Morris, who reiterated the reasons behind the AFP's desire for warrantless access to at least two years' worth of individuals' non-content communications data -- or metadata -- at the Tech Leaders Forum 2015 in New South Wales' Blue Mountains on Sunday, suggested that while privacy remains important, it should not trump the tools with which law-enforcement agencies investigate crime.

"The AFP understands the importance of individual privacy, and supports this as a fundamental right in Australia," said Morris. "However, the AFP cannot support the right -- if you like -- to anonymity, especially when it becomes related to unlawful activity."

Morris' comments come as Australian Prime Minister Tony Abbott hints at making changes to the balance between personal rights and community safety, following the release of the report into the siege at Sydney's Lindt Cafe in Martin Place last December.

"Precisely where we draw the line in the era of terrorism will need to be reconsidered," said Abbott in a media conference broadcast by the ABC. "We need to ask ourselves, at what stage do we need to change the tipping point from protection of the individual to the safety of the community?"

Just last week, Abbott said the estimated AU$400 million cost to implement the proposed mandatory data-retention scheme, which would force telecommunications providers and internet service providers (ISPs) to retain their customers' metadata for a minimum of two years, is a small price to pay for Australians' safety.

"The cost of data retention is less than 1 percent of the total sector," Abbott said. "It seems like a small price to pay to give ourselves the kind of safety and the kind of freedom that people in a country like Australia deserve."

The cost of losing this data, said Abbott, would be "an explosion in unsolved crime".

Certainly, from Morris' perspective, the AFP's ability to successfully investigate crime would be "severely diminished" if it could not draw upon the mandatory metadata set to be retained under the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014.

As it is, the AFP claims to use metadata from customers of local ISPs and telcos in 92 percent of counter-terrorism investigations, 100 percent of cybercrime investigations, 87 percent of child protection investigations, and 79 percent of serious and organised crime investigations.

Morris reiterated the AFP's claims that if the legislation calls for a retention period of anything less than the stipulated two years, it would degrade the AFP's ability to investigate.

Already, according to Morris, there is a list of companies that the AFP doesn't even send metadata requests to any longer after a certain length of time, because the agency knows that the records simply no longer exist.

"We know exactly [how far back we can reach], because we pay for all this data, and the AFP pays about AU$1.5 million per year for this data, so we don't ask for data from companies we know don't keep it anymore.

"Without the reforms proposed in the Bill, the AFP will be increasingly relying on chance," he warned.

However, Morris also outlined a number of avenues that the AFP and other intelligence and law-enforcement agencies can use to garner the metadata of individuals.

"We can preserve the data through the provisions of the Budapest Cybercrime Convention, and then, secondly, we can make a request under the Mutual Legal Assistance in Criminal Matters Act to get that data back," he said. "There's lots of data sources; this [metadata] is but one."

According to Morris, the AFP sent about 45,000 metadata requests to ISPs last year, out of a potential 44 million or so IP addresses for connected devices in Australia.

"So, it's a very small percentage," said Morris, citing a figure of 0.14 percent.

According to Greens Senator Scott Ludlam, however, the total number of annual metadata requests cumulatively submitted under the current legislation stands at around 580,000 -- a hundred-fold increase over warranted data access. He believes this figure indicates the necessity for greater checks and balances to be attached to agencies' ability to access metadata without a warrant.

"We still have a broken access scheme, authorisation scheme, dozens of agencies accessing this data without a warrant. This material is a lot more valuable than content, in aggregate," said Ludlam, who also spoke at the Tech Leaders 2015 event. "Metadata is actually more invasive than content. You can lie in a phone conversation, but your metadata doesn't lie."

For his part, Morris suggested that the AFP already possesses a "pretty rigorous" oversight regime through the ombudsman, which is set to be increased if the legislation passes.

However, Ludlam said that the larger oversight concerns under the current metadata laws involve organisations like Centrelink, which he suggested probably claims a "huge wedge of the pie chart" comprised of the 580,000 or so warrantless requests submitted per year.

"They're not a national security agency. How can they do that when the AFP needs to go through all this paperwork to get warrantless metadata? I think things are wildly out of balance," said Ludlam.

While the new legislation would, in fact, remove entities not investigating serious crimes or terrorism from the list of organisations that can obtain warrantless access to metadata, the proposed scheme would allow organisations to request re-admission to the list of agencies with access.

Ludlam said he maintains his support for the country's law-enforcement agencies, and said it is clear that some level of metadata access is essential for the ability of those agencies to successfully carry out their duties.

The question for Ludlam, though, resides in how to design a scheme that balances safety, security, and privacy.

"I don't have a beef with law-enforcement agencies, but it's about where the balance should be struck," he said.

To this end, he reaffirmed his decision to vote the legislation down, along with other cross-benchers, and said that he hopes Labor will do the same -- despite harbouring an idea that the opposition will help it pass.

"There's unrest within the Labor ranks on this," he said. "[But] my instinct is they're going to vote for it. We will vote for amendments, or we will write them ourselves, and sometimes you can get them up."

The prime minister has indicated that he wants the legislation to go to the vote next month, with the Parliamentary Joint Committee set to table its report on the proposed legislation on February 27.

"At that point, the Labor party will put some cards on the table," said Ludlam.