Data retention hinges on Labor's support

Behind closed doors, Labor MPs are busily negotiating with the government over exactly how much, and for how long, Australians' personal telecommunications data will be stored, and how it can be accessed.
Written by Josh Taylor, Contributor

At this point, the fight to stop mandatory data retention in Australia seems all but defeated. It is now less about whether the legislation will pass, and more about whether there will be any meaningful amendments to water down the most intrusive aspects of it.

It has taken a long time to get here. Law-enforcement agencies have been pushing for the government to force Australian telecommunications companies to store customer data in one form or another since at least 2008.

The argument is this: Agencies, in investigating a person for a breach of the law, need to know who that person has been talking to, and where they have been. Telecommunications data provides that in a very simple way through call records, tower locations, and IP addresses. The agencies claim that it forms the basis of almost all investigations, and that without access to the data, most cases would not get off the ground.

They also access the data so frequently that if they were required to get a judge to approve access to the data before a telco hands it over, that would apparently "grind to a halt" most investigations, although they offer little evidence to support this claim.

Agencies already access this data over half a million times a year in Australia, that we know of, and -- despite Telstra, Optus, and Vodafone saying that they have no intention of reducing the amount of data they keep -- law-enforcement agencies claim that telcos are beginning to stop keeping the data for as long as police need it.

Every single time there is a new attorney-general, agencies would make the case for why they need mass amounts of customer telecommunications data stored for a long period of time.

As former Internode employee Mark Newton noted in his submission to the inquiry into the legislation before parliament, Australians have no way of voting against data retention when both sides of Australian politics that form government are being pushed by law enforcement to implement the policy.

After the 2013 election, the law-enforcement agencies finally found a sympathetic ear in George Brandis QC, and the legislation made its way out of the whispers deep in the Canberra bureaucracy into the public debate late last year under the banner of fighting terrorism.

It was pitched as an "already compromised" piece of legislation, where the agencies helpfully agreed to "just" two years of retained data, although that was a compromise that the agencies seemed to make among themselves without any public consultation.

International comparisons show that the retention period for such data in places where mandatory data retention is legislated is for a much shorter time. It is usually between six months and one year.

Where this two-year "acceptable compromise" came from is anybody's guess, but in pitching it as an acceptable compromise, the agencies are clearly trying to ensure that the parliamentary committee doesn't reduce the length of time that the data is stored for.

The second privacy gesture was to limit the number of agencies that have access to the stored data under the legislation. Today, pretty much any state, federal, or local government agency from the Australian Federal Police down to the RSPCA can get access to stored telecommunications customer data.

The new legislation would limit it to a defined set of "law-enforcement agencies", with one major exception: The attorney-general of the day can approve other agencies to be given access to the data. Some agencies have already indicated that they will seek to be re-added to the list once the legislation is passed.

The third privacy gesture is over the data set. Victoria Police admitted publicly that if privacy is of no concern, the history of every single website, Google search, and other personal information about the sites a person visits would be retained.

Instead, we have a compromise that excludes browsing history -- but doesn't prevent telcos from keeping it, and law enforcement from accessing it -- and a set of data that we don't exactly know what will include, and neither does the parliamentary committee investigating the legislation.

It is assumed that the data will include call records, assigned IP addresses, and billing information, but we won't know the precise data set until industry and the government have settled on a set of data. Even then, this data is defined within regulation, not the legislation, meaning the attorney-general of the day can change it at their whim without needing the approval of parliament.

The committee had not been provided with the data set, or the estimated costs of the scheme prior in the lead up to its reporting later this month, so it will not have a clear view on exactly what it is recommending.

At a glance, a good majority of the 194 published submissions to the inquiry overwhelmingly argued against the legislation in its current form, while the police agencies and the Attorney-General's Department have presented very little concrete evidence as to why the benefits of mandatory data retention outweigh the cost to the privacy of every Australian citizen.

Not to mention the millions of dollars that telcos and the government will spend to store the data.

The law-enforcement agencies also haven't been able to quantify exactly how many convictions have been obtained, or terrorist plots averted, through data retention. When pushed, they resort to anecdotes about specific investigations that were hindered due to a lack of access to the data.

When the prospect of needing a warrant or some sort of external judicial approval to gain access to the data has come up, the agencies complain that it would bring their work to a halt, again without any evidence as to where this has happened elsewhere in the world.

As Greens Senator Scott Ludlam told the department: It's "anecdote-based policy", rather than evidence-based policy.

The problems with the scheme have been laid out plainly before the committee. Telstra has warned that a centralised stored server for data would be very attractive to would-be hackers. Journalists, lawyers, and other professions where private communications are key to the job would be exposed; it would likely have a chilling effect on journalism.

The Attorney-General's Department even admitted that many people being investigated for crimes would turn to encryption technology and other methods to hide their tracks.

In most other situations, given the amount of evidence and public opposition, the parliamentary committee should reject the legislation offhand. For a government that came into power vowing to repeal legislation that they claimed would have no impact on what it was trying to achieve, and would just hurt one of Australia's biggest industries, it seems contradictory that it would now be implementing legislation that will have that exact impact, as well as the added effect of reducing the level of privacy in Australia.

To co-opt its phrase, the mandatory data-retention legislation "won't work, and will hurt".

But data retention is likely to be brought in, not because it is an example of "good government", but because of "national security".

Coalition MPs on the committee, like Andrew Nikolic and Philip Ruddock, were essentially cheerleading for law-enforcement agencies during their testimonies before the inquiry, and admonished any privacy advocates who raised the implications of mass surveillance on the entire Australian population by stating that "right to life" trumps "right to privacy".

The committee chair Dan Tehan has already endorsed the swift introduction of the legislation, so it is difficult to see the committee, with a Coalition majority, recommending anything other than the passage of mandatory data-retention legislation.

Labor MPs on the committee, Shadow Attorney-General Mark Dreyfus and Shadow Communications Minister Jason Clare, were asking the right questions during the hearings, and ZDNet understands that they are now busily negotiating with the Coalition members over the contents of the report, due to be tabled by February 27.

Whatever the outcome of the report, Labor's vote in the Senate will ultimately determine whether mandatory data retention becomes law in Australia.

Crikey reported this week that the legislation is likely to pass, with Labor pushing for amendments that are presumably to include protections for journalists and whistleblowers. This needs to be through external oversight and an approval process before agencies get access to telecommunications data, rather than the police or government judging after the fact whether a source is a "legitimate" whistleblower.

Otherwise, when the agencies get access to the data, they will know exactly who journalists or whistleblowers have been talking to. Game over.

It is unfortunate that Labor, since 2001, has tried its best to avoid being wedged on the issue of "national security", and has supported most legislation no matter how intrusive it may be. It is a futile bid to avoid appearing weak on national security, despite the fact that no matter how much Labor has supported Coalition legislation on national security, the government will still accuse the party of being "weak" on national security.

The most recent example came on Thursday, when Prime Minister Tony Abbott in Question Time blamed Labor for a man being allowed to leave Australia to fight for IS, despite the fact that it occurred during his government, and after Labor had supported the passage of foreign fighter legislation.

If Monday's Liberal Party spill motion against Abbott had been successful, it could have been a circuit breaker for data retention. Abbott's likely replacement, Communications Minister Malcolm Turnbull, expressed reservations about mandatory data retention when it was proposed by Labor.

Additionally, Labor would have to play a more progressive game than the party does against Abbott. For now, Labor is running a small-target campaign waiting for the PM to self-destruct before the next election, and doesn't want a wedge issue over national security. For that goal, Australians are about to sacrifice a great deal of personal privacy.

This week, the New South Wales Council of Civil Liberties held a viewing in Parliament House for Citizen Four, the Laura Poitras documentary covering eight days in Hong Kong in 2013 when Edward Snowden began revealing the true extent of the US surveillance regime.

It should be mandatory viewing for all MPs voting on the legislation. Sadly, according to reports, only a handful of Labor MPs showed up to the screening, and there were no Liberal MPs at the event.

Which is odd, given that some MPs are deeply worried about a hypothetical threat to free speech, rather than the actual threat to free speech that they're about to willingly vote in.

Editorial standards