We don't have any pre-existing metadata laws: Brandis

While on the one hand, the Australian government is claiming that security agencies will not get access to any new data under mandatory data retention, Attorney-General George Brandis has claimed that the legislation is required because there aren't any existing metadata laws.

New mandatory data-retention legislation forcing telecommunications companies to retain customer data for two years is needed because there aren't any pre-existing metadata laws, according to Australian Attorney-General George Brandis.

In making the case for forcing telecommunications companies to retain customer call logs, billing information, assigned IP addresses, and other data for access without a warrant by law-enforcement agencies, both Brandis and Communications Minister Malcolm Turnbull have insisted that the law is about preserving the data that the agencies already access today.

"There's nothing new in these gentleman and their agencies accessing metadata. So this is, in effect, a measure designed, in large measure, to preserve the status quo," Turnbull said last week.

Access to the data is provided under the Telecommunications (Interception and Access) Act, and the agencies that have access to the data, apart from the Australian Security Intelligence Organisation (ASIO), report on the number of times they have accessed customer data without a warrant. According to the last report from the 2012-13 financial year, those agencies accessed the data on more than 300,000 occasions.

Read this

Metadata: What we know and who wants it

While the Australian government has yet to provide a set definition of "metadata" it wants telecommunications companies, this is what we know so far.

Read More

Speaking on ABC's Q&A program last night, however, Brandis said that the legislation is needed because there are no metadata laws in place currently.

"We're not insisting on new metadata laws, because we don't have any pre-existing metadata laws," he said.

The legislation introduced by the government is designed to force the telecommunications companies to retain the data for two years, something that they weren't previously required to do. The legislation also moves to limit access to the data to just agencies investigating serious crime, according to Brandis.

"The mandatory data-retention regime applies only to the most serious crime. Only to crime, and only to the highest levels of crimes."

The legislation (PDF) does, however, leave it open to the attorney-general of the day being able to add agencies to the list of those that can access the data. On pages 23 to 25 of the legislation, the government is also leaving it open for the government to allow agencies tasked with enforcing not only criminal law, but also laws with pecuniary penalty, or those protecting public revenue to get access to "prospective data" from telcos under the legislation.

This would potentially mean that agencies such as Centrelink would also be able to access prospective data.

After the publication of this article, a spokesperson for the Attorney-General's Department admitted that access to the collected telecommunications customer data may be widened to include other agencies including the Department of Foreign Affairs and Trade, and ASIC.

On Thursday, Australian Federal Police Commissioner Andrew Colvin said that the mandatory data-retention legislation could be used to track down those who illicitly download films , TV shows, and music online. However, on Friday, Colvin moved away from those remarks and Brandis said that Colvin "did not mean" to say that the AFP would be chasing copyright infringers, because copyright infringement is a "civil wrong", and not a criminal offence.

The Copyright Act does, however, outline that copyright infringement can be a criminal offence if it is done on a commercial scale.

On Friday, Turnbull also revealed that rights holders could get access to the data through the courts as part of a discovery process aimed at finding out which IP addresses tracked on downloads matched customer records. Dallas Buyers Club LLC has taken this course of action against iiNet and several smaller ISPs, with the first directions hearing now expected to be held on 10 November.

Show Comments