AFP denies seeking URLs for data-retention plans

The AFP has said that it is not seeking internet users' web-browsing history as part of a proposal to force ISPs to retain customer data for up to two years.
Written by Josh Taylor, Contributor

The Australian Federal Police (AFP) has defined the sort of "non-content" communications data that it would like internet service providers (ISPs) to retain for up to two years, and has denied suggestions that web-browsing history would be included.

The federal government has proposed, as part of a suite of suggested modifications to telecommunications-interception legislation, that ISPs be required to retain customer "metadata" for up to two years. This metadata would be "non-content" communications data, according to law-enforcement agencies.

The AFP, appearing before a Senate Estimates hearing yesterday, tabled a document (PDF) outlining exactly the sort of data that it would like ISPs to retain.

The document reveals that non-content data would include the phone number called or texted, an email address, location, duration of communication, billing information, and the "internet identifier."

AFP commissioner Tony Negus told the hearing that this would be the IP address of the user, not the IP addresses that they are visiting.

"For instance, how it works in child-protection investigations is a very good example. We receive from our international law information agencies what has been accessed — that is, child-abuse material — and an IP address. That is all we get. We do not get any other information. We then ask the telcos to identify who has accessed that IP address to enable us to commence the investigation."

Roger Wilkins, secretary for the Department of the Attorney-General, said that the proposed data-retention model "does not include web browsing." This would be considered as being content data, and would require a warrant to access, according to the AFP.

Catherine Smith, assistant secretary in the telecommunications and surveillance law branch of the Attorney-General's Department, agreed.

"The internet aspect of that will be in relation to IP addresses. For example, through an intercept, they have found out that there are various people accessing it, and they will have a number of random IP addresses. They will go to the provider and say, 'Who belongs to these IP addresses?' under a data authorisation," she said.

"But they have no authority, and the law does not allow them to access the contents of the communication outside a warrant."

When questioned about why agencies should be able to access non-content data without a warrant, Negus said that in the last year, the AFP has made 23,000 requests for this type of data, and to require a warrant for each of those requests would place an unreasonable burden on the agency.

"If you were wanting to grind the AFP to a halt, then you should implement a warrant scheme to actually do non-content data application — because 23,000 of these would require 23,000 judges to consider affidavits for those to be prepared and for those to be granted. It is an unrealistic expectation."

Australian Security and Intelligence Organisation (ASIO) chief David Irvine told the hearing that seeking content data should continue to require a warrant.

"I believe we must continue to apply for warrants where we are accessing the content of people's communications. There is a level of intrusion there that I believe absolutely warrants having warrants," he said.

"When we asked for certain information to be retained, it is so we can have access to it if we need it. This is not a system of constant surveillance. In relation to internet usage, we are simply not looking to track everyone's internet usage, or even have data on people's internet usage stored."

Editorial standards