Knowledge of four state-level agencies requesting metadata access could damage state-federal relations: AGD

The names of four state-level agencies that have requested to gain authorised access to telecommunications metadata will be withheld by the Australian Attorney-General's Department (AGD) from a Freedom of Information (FOI) request, with the department stating that knowledge of such requests could damage working relationships.

Initially filed in November, the FOI request originally asked for correspondence from organisations seeking to gain access to stored telecommunications metadata. The department denied this request on practical grounds, stating that 2,661 pages spread across 288 documents were related to such a request, and that 45 third parties needed to be consulted before the information could be released.

Eventually, the request was narrowed down to merely a list of agencies looking to be declared as an enforcement agency as defined under the Telecommunications (Interception and Access) Act.

"Agencies objected to disclosure on the basis that it would compromise the trust they place in the Commonwealth," AGD said in its decision on the FOI request on Friday.

"During consultation, these four agencies clearly indicated that disclosure of this information would damage the relationship between the department and the relevant agencies, and could affect any future cooperation with the department."

AGD said that disclosing the names of the agencies would be contrary to public interest.

A similar request was made by privacy advocate Geordie Guy, for which the department requested a fee of AU$424 to complete the request -- a fee that Guy was able to raise through crowdfunding.

An identical fee was issued to ZDNet for its request -- which the department reduced by 75 percent on appeal, and said the release of such documents is in the public interest, as it would provide background on how the metadata legislation is operating.

In October, the ACMA said in its annual report that more than 820,000 customers had their account details revealed to law-enforcement, emergency services, and national security agencies by telecommunications providers during 2014-15.

During 2015, 3,926 telecommunications interception warrants were issued, a 2 percent fall from the year prior, and 365,728 authorisations for the disclosure of historical telecommunications data were made by agencies.

Agencies and departments given access to existing information or documents to enforce a criminal law over the 12-month period included the Australian Securities and Investments Commission; the Australian Financial Security Authority; the Australian Fisheries Management Authority; the Civil Aviation Safety Authority; the Clean Energy Regulator; Customs; the Department of Agriculture; the Department of Defence; the Department of Health; the Department of Immigration and Border Protection; the Department of Social Services; the Department of the Environment; SA Consumer and Business Services; Corrective Services NSW; the WA Department of Commerce; the Vic Department of Economic Development, Jobs, Transport and Resources; the WA Department of Environmental Regulation; the Vic Department of Environment, Land, Water and Planning; Corrections Victoria; the NSW Environment Protection Authority; the Vic Legal Services Board; the NSW Office of Environment and Heritage; Roads and Maritime Services NSW; RSPCA Queensland; RSPCA Tasmania; RSPCA Victoria; The Hills Shire Council; the Vic Transport Accident Commission; Workcover NSW; and Worksafe Victoria.

It is already known that the Victorian Department of Racing and Civil Aviation Safety Authority are seeking to be granted access to stored metadata.

The Australian data-retention laws allow the nation's approved law-enforcement agencies to warrantlessly access two years' worth of customers' call records, location information, IP addresses, billing information, and other data stored by telcos.

The Joint Parliamentary Committee on Intelligence and Security recommended in February 2015 that Australia have data-breach notification laws in place before the end of 2015, prior to the implementation phase of the data-retention laws.

No data-breach notification laws are in place, despite the start of the metadata retention regime, and the earliest that Australia will now have a working data-breach notification scheme is set to be sometime in 2017, after the AGD has released its exposure draft of amendments to the Privacy Act.