Australian government has no issue with agencies demanding telco data outside metadata laws

The Attorney-General's Department does not consider agencies using their own statutes to demand data from telcos as a loophole.
Written by Chris Duckett, Contributor

The Attorney-General's Department (AGD) sees no issue with the ability of government agencies to make demands on telco data outside of the scope of Australia's data retention laws.

One of the so-called benefits of passing data retention laws -- which allow enforcement agencies to warrantlessly access customer call records, location information, IP addresses, billing information, and other data stored for two years by telecommunications carriers -- was the reduction in the number of bodies with access to telco data to 21.

However on Wednesday, telco industry body the Communications Alliance said some agencies that were meant to have had their data access privileges revoked were skirting the restrictions and remain able to call upon telcos to produce data they are interested in.

According to the Communications Alliance, because the metadata laws force telcos to respond to any lawful information requests, some agencies have been able to cite powers contained in their own statutes to demand data.

"Such agencies include local councils (who request access to data to manage minor traffic offences, unlawful removal of trees, illegal rubbish dumping, and billposters), the RSPCA, the Environment Protection Authority, and state coroners, to name a few," it said.

"The use of these other powers to access communications data appears to circumvent protections in the Act and TIA Act."

In response to questions on whether the AGD -- the part of government with oversight of the data retention scheme and its implementation -- would look to end this behaviour, it did not say it would.

"There have long been provisions in the Telecommunications Act 1997 allowing records, including telecommunications data, to be disclosed where required or authorised by law," a spokesperson for the department told ZDNet.

"These powers are distinct from the data retention regime set out under the Telecommunications (Interception and Access) Act 1979."

Australia's data retention laws passed Parliament with the support of the Australian Labor Party, which former Shadow Communications Minister Jason Clare defended last year.

"The changes we forced the government to make mean tighter rules, and for the first time real oversight over the use and misuse of this data," Clare said.

"The original legislation that the Coalition introduced was seriously flawed and we made over 70 changes to it. One of the big changes we made was to limit the number of organisations that can now access metadata from 80 to about 20."

On Thursday, Shadow Attorney-General Mark Dreyfus told ZDNet that Labor would probe the government on the situation revealed by the Communications Alliance.

"Labor pressed for a reduction in the number of agencies that could seek access to retained data at the time legislation was passed," Dreyfus said.

"Labor will seek an explanation from the government as to whether some agencies that are not on the list of approved Enforcement Agencies are still accessing retained data."

In January last year, AGD said it had not utilised provisions in the metadata legislation that allow it to grant an agency temporary access to telco data. When asked to confirm this stance on Thursday, the department said it had not "added any enforcement agencies under the Telecommunications (Interception and Access) Act 1979 since the data retention legislation was passed".

AGD is currently examining a prohibition on the use of telco metadata in civil court cases.

From April 13, any data stored solely for compliance with the data retention laws will not be able to be used in a civil court case. Data that is used for other purposes by carriers will remain available for civil proceedings.

Australia's dominant carrier, Telstra, said in a submission to the review there would be a number of practical compliance issues for telcos should the prohibition come into force.

"This will create uncertainty for staff in having to differentiate between what telecommunications data is retained for the purposes of s187AA of the TIA Act, and what data is retained for other business purposes," Telstra said.

"This may be the case particularly if [carriers] are put in a position where they have to determine at what point in their systems the data retained is in compliance with the TIA Act, or whether the data is retained solely for day-to-day business purposes.

"This added logistical hurdle adds costs to the process of compliance. The differences in approach may also make it complicated for parties to litigation to know what data they will be permitted to have access to."

Lining up to shoot down the idea of widening access to telco metadata were the Australian Privacy Foundation, Electronic Frontiers Australia, Victorian Commissioner for Privacy and Data Protection David Watts, and the Australian Communications Consumer Action Network.

Editorial standards