Data retention laws: Experts warn against opening up metadata to civil cases as telcos renew bid to change laws
- Telco industry says metadata legislation “riven by inconsistencies”
- Deadline for data collection compliance is April 13, 2017
- “Grave concerns” over move to allow data to be used in civil cases
The data retention scheme was announced in 2014 as part of the Abbott government’s efforts to combat terrorism.
It requires internet service providers and phone companies to retain their customers’ metadata for a period of two years, including a range of phone, email and internet records.
The Government has launched a review into whether to allow the information collected to be used in civil cases, not just terrorism-related investigations.
This could potentially mean the data could be used in divorce cases.
The president of the Law Council of Australia, Fiona McLeod, said she had “grave concerns” about the possible extension of the powers.
“The regime that’s in place is one of the most intrusive regimes in the industrialised world,” she told 7.30.
“If they are to extend that use to civil proceedings, it goes well beyond the justification of those laws.”
Senator Nick Xenophon said the laws should not be used as a Trojan horse.
“This is not so much a case of mission creep as a new mission altogether,” he said.
The Attorney-General’s Department said the review was a recommendation of the Parliamentary Joint Committee on Intelligence and Security (PJCIS).
It said from April 13 there would be a prohibition on courts authorising access to data for civil proceedings, however regulations could be approved by Parliament to allow exceptions.
“The focus of this current stage of consultation is testing whether there is a case for regulations to be made,” a department spokesperson said.
“The PJCIS gave examples of family law proceedings involving violence or international child abduction cases as potential appropriate exceptions to the prohibition.”
Currently, civil courts can issue subpoenas for telecommunications data, but only if the data is being collected for operational reasons by the service provider, rather than under the national security-related mandatory data retention scheme.
Telcos renew fight to change laws
The Communications Alliance, which represents major providers including Telstra and Optus, has meanwhile written to the Government requesting several changes to the laws.
CEO John Stanton said vital elements of the scheme remained unclear as the April 2017 compliance deadline approached.
“It’s a piece of legislation that really is riven by internal inconsistencies and lack of clarity,” he told 7.30.
Among his concerns were how to collect data from the so-called “internet of things”, such as parking meters and smart meters in homes and businesses.
“It will require service providers to retain records of when the coin tin in a local vending machine is full, or what parking meters are doing on a daily basis,” he said.
“That’s really a crazy piece of overreach that we think ought to be corrected.”
The requirement for stored data to be encrypted is another industry complaint.
“The Government has confused encryption with security. What matters is how well you protect the information that you retain, not whether or not it’s encrypted,” Mr Stanton said.
The non-profit group Internet Australia has called for a fresh inquiry into the entire data collection system.
“It is a mess,” CEO Laurie Patton said.
“The only way out of it now is to go back to the beginning, back to the parliamentary inquiry that looked into it in the first place and get them to run the ruler over it.”
Attorney-General George Brandis was unavailable for an interview.
In a statement his spokesperson said “metadata is the basic building block in nearly every counter-terrorism, counter-espionage and organised crime investigation”.
“Telecommunications companies have always retained metadata and law enforcement agencies have been permitted access to these records for decades,” the spokesperson said.
“The data retention obligations simply standardise the type of data telecommunications companies are required to retain and the length of time they are required to retain it.”