Data retention needed to police the police: Integrity Commission

The Australian Commission for Law Enforcement Integrity has said that requiring telcos to retain customer data for a set period of time will help investigate law enforcement corruption.
Written by Josh Taylor, Contributor

A lack of clarity around how long telecommunications companies are required to retain customer phone records has already cost the law enforcement watchdog one investigation, it has said, and setting a mandatory retention period is crucial to maintain the investigative ability of the agency.

As debate rages over whether government agencies in Australia should continue to have the level of access to telecommunications customer billing information, addresses, and other such information without a warrant, law enforcement agencies have often said that their ability to complete investigations would be hindered were additional judicial oversight measures put in place. The law enforcement agencies have in the past been reluctant to detail specific cases where data retention was crucial to break a case.

But according to the Australian Commission for Law Enforcement Integrity (ACLEI), a recent investigation into the corruption of officers in Customs and Border Protection was only successful on the back of being able to use phone records obtained under the Telecommunications (Interception and Access) Act.

The 2011 investigation (PDF) into allegations that officers at Sydney International Airport were in contact with a person suspected to be importing pseudoephedrine and other chemicals used in the manufacture of MDMA used dozens of warrants obtained under the Surveillance Devices Act and the Telecommunications (Interception and Access) Act.

The case led to the arrest of 24 people, and the seizure of 54 kilograms of pseudoephedrine, worth AU$237,000.

As part of the parliament's review of law enforcement agency access to telecommunications metadata and surveillance, the ACLEI said in its submission that telecommunications data was used to trace and connect people connected to the conspiracy, which then allowed the agency to track those people and catch them in the act.

"The Integrity Commissioner considers that telecommunications interception was critical to the successful outcomes of the investigation. Operation Heritage illustrates how both data and content are used to support corruption investigations, and demonstrates the value of this tool for anti-corruption agencies," the ACLEI said.

Currently, telecommunications companies have no obligation to keep billing data any longer than they require the data for billing purposes. This means that the amount of data that telcos have on their customers can vary from telco to telco, and law enforcement agencies have argued that setting a mandatory period — often floated at two years — would provide more certainty for officers conducting investigations.

The ACLEI agreed on this point, highlighting a recent case where the commission attempted to trace an IP address of a computer that had been used to leak information out through a web form, but when the commission approached the ISP, the ACLEI found that the ISP no longer held the data.

"If the service provider had been under an obligation to keep its telecommunications data for more than a few months, the data might have been available to ACLEI for the purposes of the corruption investigation," the commission said.

The cost and obligation put on the telecommunications companies to retain customer data under a mandatory scheme has been a dividing issue between the industry and the government. The inspector-general of Intelligence and Security, Dr Vivienne Thom, drew attention to this issue in her submission to the inquiry, stating that proposed changes to the law to narrow the type of interceptions allowed under a particular warrant could place a greater burden on telcos, and lead to more errors.

"A further issue is the technological capacity to actually undertake this type of 'characteristic'-based interception — including whether the carriers should be responsible for collecting, processing, and delivering the communications of interest or whether the agencies should be permitted to collect and retain large amounts of information in order to find the communications of interest," she said.

"It is outside my area of focus to comment on the technology, cost, or burden-sharing aspects of the proposal, but I would note that any significant change to the current regime could, at least initially, result in more errors by carriers."

Telstra today released its first transparency report detailing the requests for information it had received from all non-national security-related government agencies in the last six months of 2013.

Editorial standards