SECOND READING SPEECH

Telecommunications Interception and Access Amendment (Data

Retention) Bill 2014
The Bill contains a package of reforms to prevent the further degradation of
the investigative capabilities of Australia's law enforcement and national
security agencies. The Bill will require Australian telecommunications
companies to keep a limited, prescribed set of telecommunications data for
two years. The Bill amends the Telecommunications Interception and
Access Act 1979 (Interception Act), and the Telecommunications Act 1997
(Telecommunications Act).
Modern communications technologies have revolutionised the ability of
people to communicate, collaborate and express themselves. Sadly,
however, these same technologies are routinely misused and exploited by
serious criminals and people engaged in activities prejudicial to security as
a core part of their modus operandi.
Telecommunications data (often described as metadata), which is
information about a communication, but not its content, therefore plays a
central role to almost every counter-terrorism, counter-espionage, cyber-
security and organised crime investigation. It is also used in almost all
serious criminal investigations, including investigations into murder, serious
sexual assaults, drug trafficking and kidnapping.
The use of this kind of metadata is not new. Telephone companies have
always kept call records showing the numbers of both the A and B parties,
time of call, duration of call and often the location of both parties. These
records have been kept for billing purposes and generally still are. They are
Page 1 of 7
usually kept for periods longer than two years and have been accessed by
law enforcement and other agencies for many years without a warrant and,
of course, are regularly subpoenaed in civil proceedings as well.
However, service providers are keeping fewer records, and are keeping
those records for shorter periods of time. In June 2013, the Parliamentary
Joint Committee on Intelligence and Security (PJCIS) concluded that these
changes are harming law enforcement and national security capabilities,
and that these changes are accelerating.
Existing powers and laws are not adequate to respond to this challenge.
Preservation notices under the Interception Act can require carriers to
'quick freeze' records that they hold, but these notices cannot create
records that have never been kept, and cannot bring back records that
carriers have deleted days, weeks or months before a crime is brought to
an agency's attention.
Simply put, investigations are failing.
For example, in a current, major child exploitation investigation, the AFP
has been unable to identify 156 out of 463 potential suspects, because
certain providers do not retain the necessary IP address allocation records.
These records are critical to link criminal activity online back to a real-world
person.
These impacts are not limited to law enforcement agencies.
Last year, a major Australian ISP reduced the period for which it keeps IP
address allocation records from many years to 3 months. In the 12 months
prior to that decision, the Australian Security Intelligence Organisation
(ASIO) obtained these records in relation to at least 10 national security
investigations, including counter-terrorism and cyber-security
investigations. If those investigations took place today, vital intelligence and
evidence would simply not exist.
No responsible government can sit by while those who protect our
community lose access to the tools they need to do their job. In the current
threat environment, we cannot let this problem become worse.
Data retention
As such, this Bill will allow regulations to prescribe a consistent, minimum
set of records that service providers who provide services in Australia must
keep for two years.
A two year retention period is based on the advice of our law enforcement
and security agencies, as well as the experience of a number of foreign
jurisdictions. While many cases are solved within a few months,
investigations into serious and complex crimes and threats to security often
span many years, requiring access to older records.
The Government recognises that data retention raises genuine concerns
about privacy. We are committed to addressing these concerns.
As a starting point, the Government will release the draft data set and refer
it, along with this Bill, to the PJCIS for review and public inquiry. The draft
data set is, of course, not final, but it is already strictly limited. For example:
service providers will not be required to retain the content or
substance of any communication, including subject lines of emails or
posts on social media sites
the Act will expressly exclude a person's web-browsing history, and
providers will not be required to keep detailed location records that
could allow a person's movements to be tracked, akin to a
surveillance device.
The Government will carefully consider any recommendations made by the
PJCIS about the data set, or the broader regime provided for in the Bill.
There has also been a great deal of conjecture about how much data
retention may cost. As I have previously stated, the Government IS
committed to ongoing, good faith consultation with industry.
This consultation will continue over the coming weeks, in parallel with the
PJCIS inquiry, through a joint government/industry working group, headed
by the Secretary of the Attorney-General's Department and deputy chaired
by the Director-General of Security, Major General Duncan Lewis AO,
DSC, CSC (ret'd) and Australian Federal Police Commissioner Mr Andrew
Colvin APM OAM. These consultations will focus particularly on settling
technical aspects of the data set and the costs of meeting the obligation.
Until industry consultations are complete, any speculation about the cost of
this scheme is premature and ill-informed.
What I can say is that, to date, our consultation with industry has been
highly productive. For example, based on industry advice, the Bill allows
individual service providers to develop an implementation plan that
provides a pathway to compliance over up to 18 months. These plans will
allow industry and Government to prioritise the retention of data that is
most critical to investigations, while allowing service providers to
significantly reduce their. costs by aligning any system changes with their
internal business cycles.
Access arrangements
This Bill does not provide agencies with new powers to access
communications data; the Bill simply ensures that data will continue to be
available to agencies as a part of legitimate investigations, subject to the
same, strict limits that currently apply.
In fact, the Bill will strictly limit the range of enforcement agencies permitted
to access telecommunications data.
The Bill will allow 'traditional' law enforcement agencies, such as the police,
customs, crime commissions and anti-corruption bodies to access this
information.
The Bill will also grant the Attorney-General the power to declare, v1a
legislative instrument subject to Parliamentary oversight, additional
agencies. Before making such a declaration, the Attorney-General will be
required to consider a range of strict criteria, including whether the agency
is subject to a binding privacy scheme.
Safeguards
The Bill will also introduce a range of new and enhanced safeguards. In
particular, the Bill:
introduces, for the first time, independent and comprehensive
oversight of access to telecommunications data by enforcement
agenc1es
requires the PJCIS to review the effectiveness of the scheme no more
than 3 years after the end of its implementation phase, and
requires the Attorney-General's Department to report annually on the
operation of the scheme.
The Government is considering reforms to strengthen the security and
integrity of Australia's telecommunication infrastructure by establishing a
security framework for the telecommunications sector. This will provide
better protection for information held by industry in accordance with the
data retention regime. The Government expects this reform will be finalised
well before the end of the data retention implementation period.
Concluding remarks
This Bill is critical to prevent the capabilities of Australia's law enforcement
and national security agencies being further degraded.
More broadly, this Bill demonstrates the Government's commitment to
ensuring that access to sensitive and personal information by such
agencies is strictly controlled through robust accountability processes.
ENDS
1,293 words
(Approx. 13 minutes at 100 wpm)