The Department of Immigration and Border Protection has been granted the power to access the telecommunications data of all Australians after the government quietly amended legislation it passed just two months ago.
Under the mandatory data-retention legislation, only a select number of government agencies can access the stored call records, assigned IP addresses, location information, and other telecommunications data for the purposes of investigating breaches of the law.
When the Australian Labor Party announced that it would side with the government and pass mandatory data-retention legislation in March, the support came with a number of amendments to the legislation, designed to increase oversight and improve accountability over government access to the stored data.
One of the accountability measures was to require the parliament to approve the addition of any new agencies to be allowed access to the stored data. The original legislation only required the attorney-general to add the agencies through regulation.
Less than two months after the passage of the Bill, however, another agency has been quietly added to the list: Immigration and Border Protection.
The amendment came in the Customs and Other Legislation Amendment (Australian Border Force) Bill 2015,passed by the Australian parliament on Thursday as part of the overall Australian Border Force legislation to create a "single front-line operational border control and enforcement entity" in the department.
The amendment was slammed by Greens communications spokesperson Scott Ludlam, who stated that it would be used by the agency to track down leaks of information from Australia's offshore detention centres to journalists.
"[Attorney-General George] Brandis made a great show of narrowing the range of agencies that would be able to access this collected material. And here we are in parliament, on the very next sitting week after that mandatory data-retention Bill passed, and the first example of scope creep lies on the table today. Of course, the Australian Border Force wants to be able to scrape people's home and email records and find out who they have been talking to and where they were," he said.
"This is the first instance of scope creep. It gives me absolutely no pleasure to say 'we told you so', but we did; we said at the time of the data-retention debate that the Bill has scope creep written into it."
Ludlam said that the Bill side-stepped the approval of the Parliamentary Joint Committee of Intelligence and Security to get added to the list of approved agencies.
"That is done by the turn of a switch: We will call them a criminal law-enforcement agency, and now they are added to the list of agencies that can go through our phone and email records -- not just those of employees, not just asylum seekers, but anybody in the country," he said.
The Department of Immigration itself has had two data breaches over the last few months, including accidentally publishing the private details of 10,000 asylum seekers on its website, and one employee accidentally emailing the personal information of world leaders who attended the G20 conference last year to a member of the Asian Cup Local Organising Committee.
Ludlam said that the leak of asylum seeker details had put lives at risk.
"That is why that data breach was such a disgrace -- and now, the successor agency to the one that let that material walk out the door and remain on a public website for days is asking to be able to access all Australians' private records as well," he said.
Additionally, the Australian Federal Police has had referrals to investigate the sources of leaks to journalists covering immigration matters, Ludlam said.
"They will have access -- and anyone who is contemplating employment in this agency needs to be aware of this -- to the personal private records of every one of their employees, their families, everyone they come into contact with, and everyone they talk to. Whether they are accused of committing a crime or not, they can access that material by rubber stamping a single piece of A4 paper and submitting it to the telecommunications provider -- no warrants needing to be entered into," Ludlam said.
A spokesperson for the attorney-general had not responded to a request for comment at the time of writing.