|

Australia on verge of passing new data retention bill

sydney_see_ming_lee

This guest post was written by Amy Denmeade.

On March 19, the Australian House of Representatives passed a new data retention bill. The bill — formally called the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 — requires companies providing telecommunications services in Australia to keep a prescribed set of telecommunications data for two years, and was introduced to the Parliament in October 2014 by the Minister for Communications, Malcolm Turnbull. According to Turnbull, the bill is intended to introduce common industry standards for data retention practices and to “prevent the further degradation of the investigative capabilities of Australia’s law enforcement and national security agencies.” It followed two earlier tranches of national security legislation.

Advisory report

The draft bill on data retention had been referred to the Parliament’s Joint Intelligence and Security committee, which presented its advisory report on February 27.  The unanimous bipartisan report was the product of an inquiry that included public and private hearings, more than 200 submissions from interested members of the public, and written questions for selected law enforcement agencies and industry organisations.

The advisory report recommended the bill be passed by the Parliament, and made 38 further recommendations “aimed at strengthening the regime and improving oversight and safeguards.” The recommendations included:

  • maintaining the two year retention period specified in the bill;
  • amending the bill to include the proposed data set in primary legislation, rather than prescribing it in regulation;
  • amending the Explanatory Memorandum to the bill to it make clear that service providers are not required to keep web-browsing histories or other destination information, for either incoming or outgoing traffic;
  • the government making a substantial contribution to the upfront capital costs incurred by service providers in implementing their data retention obligations;
  • listing in legislation all criminal law enforcement agencies and enforcement agencies that can access stored data;
  • amending the bill to require service providers to encrypt retained telecommunications data and the introduction of a mandatory data breach notification scheme;

The impact of the proposed legislation on press freedom and the protection of journalists’ sources were highlighted as areas of particular concern. The report recommended the “authorisation of a disclosure or use of telecommunications data for the purpose of determining the identity of a journalist’s source be the subject of a separate review.”

The Government supported all the recommendations and agreed to amend the bill accordingly. The Labor opposition sought a further amendment to strengthen the protection of journalists’ confidential sources. The Prime Minister said he did not believe such an amendment was necessary but agreed to support it in order to expedite the bill.

Journalists and fundamental rights at risk

This amendment requires the creation of a “journalist information warrant.” Law enforcement agencies will be required to seek a warrant before accessing the telecommunications data of a journalist, or their employer, for the purpose of identifying a source. A “journalist” is defined as “a person who is working in a professional capacity as a journalist.” Public interest advocates, appointed by the Prime Minister, will be permitted to make submissions to the authority determining whether such a warrant should be issued. The warrants will not be contestable by media companies and disclosure or use of information about them can attract a penalty of two years imprisonment.  The journalists’ union, the MEAA, has “condemned the deal” to create the warrants.

The inclusion of this amendment secured the Labor Party’s support for the bill; however, significant questions remain about the appropriateness of limiting warrant protections to one group of citizens, data security, compliance costs, and the overall privacy implications of the legislation. And there are fundamental questions about whether the bill is an effective, necessary, and proportionate response to the threats identified by law enforcement and security agencies?

The government is keen to see the bill passed before the current session of Parliament ends and it will be debated in the Senate this week. With Labor support, the Government has the votes required to pass the legislation. The Greens have expressed serious concerns about the substance of the bill and conduct of the debate, and are likely to propose further amendments together with a number of cross-bench senators.

Amy Denmeade is a Sydney-based strategy consultant working with media and technology companies and not-for-profit organisations.

photo credit: See-ming Lee