Followingof the to require internet service providers (ISPs) to retain unspecified customer data for up to two years, the Australian Security Intelligence Organisation (ASIO) and Attorney-General Nicola Roxon have taken the unusual step of releasing public submissions on the proposal, defending the need to retain the data.
In the submission, published yesterday, Roxon said that she didn't have a "specific data-retention model" planned at this stage, but that the government does not intend for the content of communications data, such as emails, SMS messages, or phone calls, to be included in the scheme.
Roxon pointed to thethat was created in 2004, which requires companies to keep a log of the source, destination, date, time, duration, type, and the equipment used in making the communication for between 6 and 24 months.
"The directive has been implemented by the majority of the 25 member states of the EU, with the remaining member states at various stages of implementation," Roxon said.
"The directive only requires the retention of subscriber and traffic data. No data revealing the content of the communication may be retained under the directive."
ASIO stated in its submission that it would like a similar type of data retained, stating that changes in the way that telecommunications companies now bill customers, such as by data allowance rather than per SMS or phone call, has placed at risk existing means of investigating crime. While the Communications Alliance had pointed to the European model and said that most data required is less than 6 months old, ASIO said that two years is a more appropriate length of time to keep the data.
"Investigations of serious criminal activity and threats to security are often long and complex. The identity of all persons of interest may not initially be known, and often additional persons of interest will emerge as investigations unfold. The longer relevant data is available to access, the greater the potential utility for the agencies," ASIO stated.
"Given complex investigations are measured in years rather than months, access to CAD for a minimum period of two years is proposed to ensure that agencies can undertake effective investigations in accordance with their functions. Shorter periods of access carry the risk that agencies may be less able to access the critical intelligence that they require to progress an investigation."
ASIO stated that the data-retention proposal should remain distinct from the interception-of-content regime, for which ASIO currently requires a warrant issued by the attorney-general.
It is expected that there will be more hearings on the proposal before the Joint Parliamentary Committee on Security and Intelligence in the coming weeks.
The issue also got an airing in parliament this week, with Greens Senator Scott Ludlam stating that privacy risks being "annihilated" by the proposal.
"Let us face one question head-on, the one I am asked most often: 'I have nothing to hide, so why should I worry about my privacy being basically annihilated?' My question back is: 'Do you have curtains? Why? If you have nothing to hide, why hang curtains on your windows?'," he said.
"It is not a question of you having something to hide; it is because your transaction records for the last two years are none of anybody's business. It is perfectly legitimate to say, 'I may have nothing to hide but I don't necessarily feel like showing you, either.' That is your right to privacy."
His criticism of data retention has the support of Liberal Senator Brett Mason. However, Shadow Attorney-General George Brandis avoided the topic, instead turning his attack to press freedom.
"I caution against the use of privacy as a Trojan horse argument to conceal further invasions of the freedom of the individual rather than to protect it," he said. "We have seen that in this country, within the last year or more when privacy has been used as a Trojan horse argument to conceal attempts by this government to restrict freedom of speech, and, in particular, freedom of the press."