.png?width=5850&height=716&name=5%20(1).png "5 (1)")
Oct 28, 2015
The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 came into force this month. This law requires Australian telecommunication companies and internet service providers (ISPs) to retain certain types of data on customer activity for a period of two years. This has been justified on the basis of preserving national security and prosecting serious crimes. There has been notable hysteria amongst the Australian public in reaction to this legislation. The extent to which this concern is warranted is the question for this article to consider.
What information is being collected?
The Act allows for the collection of ‘metadata’. This has proved to be a notoriously difficult concept to define; even the Attorney General had some problems. Put simply, metadata is not the content of communication. Rather, it is information about the communication. For example, if you were to make a phone call, the metadata would include:
- The phone numbers of the caller and receiver;
- The identity of the callers; and
- The length of the conversation.
Similar information can be collected in relation to mobile phone texts, email correspondence and internet searches.
Importantly, because the Act only applies to Australian services, this information will not be available for detection if you use foreign-operated services such as Gmail, Hotmail or Facebook messenger. That said, intelligence agencies can still see that you are actually using these services. Also, this information is readily available to the United States based National Security Agency (NSA).
Despite these restrictions, metadata provides a substantial amount of information on an individual. It has been recognised that such data can inform the searcher as to “the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environment."[1] As such, despite the distinction between content and metadata, the effect of collecting the latter is largely the same as collecting the former.
Who is accessing my data?
The Act provides that only criminal law-enforcement agencies are able to access stored communications. Interestingly, the term criminal law enforcement agency has been given a broad definition so as to include all agencies that are able to obtain warrants to intercept communications under the (Telecommunications Interception and Access) Act 1979. These include not only the Australian Security Intelligence Organisation (ASIO) and the Australian Federal Police (AFP), but also the Australian Customs and Border Protection Service, the Australian Securities and Investments Commission and the Australian Competition and Consumer Commission. Additionally, the Federal Minister for Communications can also declare that a particular law enforcement or national security agency is an ‘enforcement agency’ for the purposes of the Act.
When can they access my data?
While the law is predicated on a desire to prevent serious crimes and breaches of national security occurring, an authorised agency need only establish that such access is reasonably necessary to an investigation. Notably, the type of investigation is not specified. Nor does the Act significantly regulate
The most important thing to note is that no warrant is required for the collection of data, unless the agency is attempting to access the content of a communication or identify a journalistic source. You will not be informed if your information has been viewed by an agency. Moreover, disclosing information about authorised access to data carries a two year prison sentence. As such, these searches will be carried out in almost complete secrecy. The information discovered from a search of your metadata can be used against you in court.
While the scheme does not encompass conduct such as phone tapping, a warrant may be granted for this activity based on an examination of your readily available metadata.
Should I be worried?
Given the above, it seems clear that the aforementioned government agencies have a significant amount of access to a wealth of information about people’s professional and personal lives. This is particularly concerning for those who work in professions where privacy is particularly valued, such as the legal profession. Whilst clients expect that their personal information will be kept confidential, the new legislation allows authorised agencies to subvert these rules.
Nevertheless, it is possible for people to avoid detection under the new scheme through downloading anti-surveillance technology, such as a Virtual Private Network (VPN), or using an anonymous browser such as Tor. Communicating through foreign-operated services also provides a degree of protection, as mentioned above.
If you require legal advice regarding Data Protection please contact Frank Legal on 02 9688 6023.
Written by Manny Kanellis, Law Clerk
This is not to be taken as legal advice.
[1] Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources & ors (C-293/12); Kärntner Landesregierung ors (C-594/12)
