Tech groups welcome Labor's call for data-retention review

Electronic Frontiers Australia (EFA) and Internet Australia have applauded Labor's move to call for a review of the recently passed data-retention legislation, saying the retention period, cost, and provision of warrantless access all need to be revisited.

At the 2015 ALP National Conference held on the weekend, the party passed an amendment to its Draft National Platform to include a review of the law, saying it creates "a culture of fear" and invades the privacy of Australian citizens.

"These laws help create a culture of fear, a culture where we are all under suspicion and subject to heightened mass surveillance," New South Wales Labor MP Jo Haylen said.

"The challenge for lawmakers is to strike the right balance ... between privacy and security, between transparency and strength, and between the power of government and the rights of citizens. The government's data-retention laws do not strike the right balance, and neither does Labor's support of these laws."

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, passed by the Australian government in March thanks to the votes of the Labor opposition, will see customers' call records, location information, IP addresses, billing information, and other data stored for two years, accessible without a warrant by law-enforcement agencies.

While the attorney-general is obliged to make annual reports on the general operation of the scheme, and the Parliamentary Joint Committee on Intelligence and Security (PJCIS) is required to undertake a mandatory review after three years of the scheme being fully implemented, or within four years, Labor has now raised particular concerns that it wants amended in a review of the legislation.

Specifically, Labor is moving to review the regulation of warrants and the list of agencies that can access the communications data.

"Labor wants to ensure that the types of agencies with access to the data and purposes for which the data is available are appropriate. We want to ensure that the current warrants scheme and the threshold conditions on warrantless access are appropriate and that freedom of the press is protected," the amendment says.

"We do not need laws that empower the attorney-general to add more agencies to that list on a whim and forever expand the government's access to our digital lives," Haylen added.

EFA welcomed this, adding that the protection of privacy and of journalists' sources is paramount. A provision was added to the Bill in March that requires agencies to obtain a warrant in order to access the communications data of journalists, although Attorney-General George Brandis disagreed that this was necessary.

"It's reassuring to see that within the wider ALP, there remains an understanding of the importance of meaningful protections for individual privacy, and for the protection of whistle-blowers and other journalists' sources," EFA chair David Cake said on Monday.

"It's unfortunate, however, that the party leadership chose to allow this badly flawed legislation to pass the parliament despite these concerns. EFA looks forward to the opportunity to participate in a review of this legislation, should the ALP form government after the next election."

Late last year, EFA was involved in a "Stop Data Retention" event at Parliament House, along with Greens communications spokesperson Senator Scott Ludlam, Independent Senator Nick Xenophon, Liberal Democrat David Leyonhjelm -- all of whom ultimately voted against the data-retention legislation in the Senate -- and more than a dozen organisations including the Communications Alliance, iiNet, and the Institute of Public Affairs.

EFA is now also calling for amendments to the legislation to shorten the "unjustifiably long" two-year retention period, and the lack of necessity to obtain warrants for all non-journalist metadata.

Internet Australia, meanwhile, has pointed to the high cost of implementing the scheme and storing the data, saying that it will likely be passed on to consumers.

"The amount of funding allocated by the government to reimburse service providers is simply inadequate. What's more, we still have no information about how it will be allocated among the hundreds of ISPs," CEO Laurie Patton said on Monday.

The government announced in its 2015 Budget in May that it would allocate AU$131.3 million to the scheme; however, Comms Alliance CEO John Stanton said this amount was predicted to cover between only one-third and half of the estimated cost to ISPs.

While these technology industry groups have applauded Labor's proposition, however, Ludlam, who has historically fought against data retention, said it is "too late" for Labor to oppose the legislation.

"Too late to try and reinvent ‪data-retention history, Labor," Ludlam said on his Facebook page on Sunday. "You already voted for it."

Ludlam has previously drawn comparisons between the data-retention legislation and the ASIO Bill, in that the backlash against each seemingly occurred only after the passing of the laws.

"I found it an immensely curious phenomenon, that in the aftermath of the ASIO Bill ... there was this weird outpouring of betrayal in the media and online of 'how on earth could we have let this happen?'," Ludlam said in October last year.

"Yet, the backlash, and the campaigns, and the counterarguments weren't really put into the field until it was too late, and after the Bill had passed the parliament.

"Please, can we not let that happen with data retention? Seeing this one coming, I'm hoping to prevent this from happening in the first place. This is a dumb idea. This is not necessary, and the case has not been made."

The United Kingdom High Court this month struck down its rushed data-retention legislation, ruling various elements of it to be unlawful, as it is incompatible with the rights to privacy and the protection of personal data under the EU Charter of Fundamental Rights.

The Data Retention and Investigatory Powers Act 2014 was passed as emergency stop-gap legislation in order to fill the void after the European Court of Justice in April 2014 ruled against a European Union directive mandating that telecommunications operators retain all customer communications data for up to two years.

The UK legislation mandated that all ISPs and telcos retain customer communications data -- including the time and duration of a communication, phone numbers and email addresses involved in the communication, and location data -- for a period of one year, and granted access to police and intelligence agencies without the need for a warrant.