ASIC seeks to be added to metadata access list

The Australian Securities and Investments Commission will apply to the attorney-general to retain its access to metadata after mandatory data-retention legislation has passed the parliament.

The Australian Securities and Investments Commission (ASIC) and other government agencies left out of the mandatory data-retention access legislation will be able to apply to be re-added in the six months after the legislation passes the parliament.

As part of the Telecommunications (Intercept and Access) Amendment (Data Retention) 2014 Bill, telecommunications companies will be required to retain a set of customer data, such as time of call, call duration, the number dialled, assigned IP address, email addresses, and other information, for a period of two years.

Although a wide array of government agencies can access the data today, in order to allay privacy concerns about mandatory data retention, the government has proposed as part of the legislation to limit the access to the data to law-enforcement agencies, such as the Australian Federal Police and state police.

There is, however, a major exception. Through ministerial direction, the attorney-general can add agencies to the list after assessing a request made by an agency.

ASIC, the government agency charged with investigating investment fraud, insider trading, and other white-collar criminal activity, has already voiced its displeasure with effectively being removed from the list. Speaking before the Senate Committee for Corporations and Financial Services, ASIC commissioner Greg Tanzer said that ASIC can apply after the legislation has been passed, but it is unclear whether it would be a permanent addition.

"My understanding, from subsequent discussions with the department, is that the intention is that the Bill would not be brought into effect for six months after it has passed, during in which time there would be the ability for agencies such as ours to make an application to the attorney-general for a declaration of that kind," he said.

"What is not very clear ... is whether that declaration might be limited by time, or by particular offences.

Tanzer said that access to metadata is "absolutely essential" for ASIC to discharge its law-enforcement responsibilities for insider trading, market manipulation, and superannuation fraud.

He pointed to the recent case of an AU$7 million insider trading case between a National Australian Bank employee and an Australian Bureau of Statistics employee.

ASIC chairman Greg Medcraft said that the agency should be counted as a law-enforcement agency.

"What I'm disappointed about is frankly, I think we're a law-enforcement agency. I do appreciate in the Bill that many agencies have been carved out of that Bill who probably it is reasonable they not access that data, [but] we're a law-enforcement agency of white-collar crime, just like the police," he said.

"The concern I have is the fact that it is left up to the future attorney-general [who] could remove that power, and I think it is critical for us to have that ability to get that data, and it has to be unquestionable. And frankly, it's a really genuine concern. Seventy percent of what we do is law enforcement."

Tanzer said that ASIC would be making a submission to the Joint Parliamentary Committee on Intelligence and Security, which will be investigating the legislation and reporting back to parliament in February .