Telecommunications Interception and Access Amendment (Data
Retention) Bill 2014 The Bill contains a package of reforms to prevent the further degradation of the investigative capabilities of Australia's law enforcement and national security agencies. The Bill will require Australian telecommunications companies to keep a limited, prescribed set of telecommunications data for two years. The Bill amends the Telecommunications Interception and Access Act 1979 (Interception Act), and the Telecommunications Act 1997 (Telecommunications Act). Modern communications technologies have revolutionised the ability of people to communicate, collaborate and express themselves. Sadly, however, these same technologies are routinely misused and exploited by serious criminals and people engaged in activities prejudicial to security as a core part of their modus operandi. Telecommunications data (often described as metadata), which is information about a communication, but not its content, therefore plays a central role to almost every counter-terrorism, counter-espionage, cyber- security and organised crime investigation. It is also used in almost all serious criminal investigations, including investigations into murder, serious sexual assaults, drug trafficking and kidnapping. The use of this kind of metadata is not new. Telephone companies have always kept call records showing the numbers of both the A and B parties, time of call, duration of call and often the location of both parties. These records have been kept for billing purposes and generally still are. They are Page 1 of 7 usually kept for periods longer than two years and have been accessed by law enforcement and other agencies for many years without a warrant and, of course, are regularly subpoenaed in civil proceedings as well. However, service providers are keeping fewer records, and are keeping those records for shorter periods of time. In June 2013, the Parliamentary Joint Committee on Intelligence and Security (PJCIS) concluded that these changes are harming law enforcement and national security capabilities, and that these changes are accelerating. Existing powers and laws are not adequate to respond to this challenge. Preservation notices under the Interception Act can require carriers to 'quick freeze' records that they hold, but these notices cannot create records that have never been kept, and cannot bring back records that carriers have deleted days, weeks or months before a crime is brought to an agency's attention. Simply put, investigations are failing. For example, in a current, major child exploitation investigation, the AFP has been unable to identify 156 out of 463 potential suspects, because certain providers do not retain the necessary IP address allocation records. These records are critical to link criminal activity online back to a real-world person. These impacts are not limited to law enforcement agencies. Last year, a major Australian ISP reduced the period for which it keeps IP address allocation records from many years to 3 months. In the 12 months prior to that decision, the Australian Security Intelligence Organisation (ASIO) obtained these records in relation to at least 10 national security investigations, including counter-terrorism and cyber-security investigations. If those investigations took place today, vital intelligence and evidence would simply not exist. No responsible government can sit by while those who protect our community lose access to the tools they need to do their job. In the current threat environment, we cannot let this problem become worse. Data retention As such, this Bill will allow regulations to prescribe a consistent, minimum set of records that service providers who provide services in Australia must keep for two years. A two year retention period is based on the advice of our law enforcement and security agencies, as well as the experience of a number of foreign jurisdictions. While many cases are solved within a few months, investigations into serious and complex crimes and threats to security often span many years, requiring access to older records. The Government recognises that data retention raises genuine concerns about privacy. We are committed to addressing these concerns. As a starting point, the Government will release the draft data set and refer it, along with this Bill, to the PJCIS for review and public inquiry. The draft data set is, of course, not final, but it is already strictly limited. For example: service providers will not be required to retain the content or substance of any communication, including subject lines of emails or posts on social media sites the Act will expressly exclude a person's web-browsing history, and providers will not be required to keep detailed location records that could allow a person's movements to be tracked, akin to a surveillance device. The Government will carefully consider any recommendations made by the PJCIS about the data set, or the broader regime provided for in the Bill. There has also been a great deal of conjecture about how much data retention may cost. As I have previously stated, the Government IS committed to ongoing, good faith consultation with industry. This consultation will continue over the coming weeks, in parallel with the PJCIS inquiry, through a joint government/industry working group, headed by the Secretary of the Attorney-General's Department and deputy chaired by the Director-General of Security, Major General Duncan Lewis AO, DSC, CSC (ret'd) and Australian Federal Police Commissioner Mr Andrew Colvin APM OAM. These consultations will focus particularly on settling technical aspects of the data set and the costs of meeting the obligation. Until industry consultations are complete, any speculation about the cost of this scheme is premature and ill-informed. What I can say is that, to date, our consultation with industry has been highly productive. For example, based on industry advice, the Bill allows individual service providers to develop an implementation plan that provides a pathway to compliance over up to 18 months. These plans will allow industry and Government to prioritise the retention of data that is most critical to investigations, while allowing service providers to significantly reduce their. costs by aligning any system changes with their internal business cycles. Access arrangements This Bill does not provide agencies with new powers to access communications data; the Bill simply ensures that data will continue to be available to agencies as a part of legitimate investigations, subject to the same, strict limits that currently apply. In fact, the Bill will strictly limit the range of enforcement agencies permitted to access telecommunications data. The Bill will allow 'traditional' law enforcement agencies, such as the police, customs, crime commissions and anti-corruption bodies to access this information. The Bill will also grant the Attorney-General the power to declare, v1a legislative instrument subject to Parliamentary oversight, additional agencies. Before making such a declaration, the Attorney-General will be required to consider a range of strict criteria, including whether the agency is subject to a binding privacy scheme. Safeguards The Bill will also introduce a range of new and enhanced safeguards. In particular, the Bill: introduces, for the first time, independent and comprehensive oversight of access to telecommunications data by enforcement agenc1es requires the PJCIS to review the effectiveness of the scheme no more than 3 years after the end of its implementation phase, and requires the Attorney-General's Department to report annually on the operation of the scheme. The Government is considering reforms to strengthen the security and integrity of Australia's telecommunication infrastructure by establishing a security framework for the telecommunications sector. This will provide better protection for information held by industry in accordance with the data retention regime. The Government expects this reform will be finalised well before the end of the data retention implementation period. Concluding remarks This Bill is critical to prevent the capabilities of Australia's law enforcement and national security agencies being further degraded. More broadly, this Bill demonstrates the Government's commitment to ensuring that access to sensitive and personal information by such agencies is strictly controlled through robust accountability processes. ENDS 1,293 words (Approx. 13 minutes at 100 wpm)