David Gillespie (Lyne, National Party) Share this | Hansard source

The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 has generated much controversy. But, in essence, I think a lot of the controversy is because of a misunderstanding of what metadata actually is. I will commence my comments by just clarifying what metadata is. Metadata is not the content of a conversation on a digital device. It is not the content of a phone conversation. It is not the content of an email message. It is not the content of a web page when people are web browsing. It is IP numbers. Every individual digital bit of equipment has its own IP number. It is actual phone numbers that are recorded. This sort of data has been recorded for decades. You only have to look at your own telephone bill that you get from your telephone provider. It will show where your mobile phone called from, what cell it went through, what digital mobile phone tower it went through and for how long. But it shows nothing about the content of your phone conversation.

So, that is the first essential, important difference. A lot of the conversation against this legislation is based on the inference or the implication that it is the content that is being stored—as though it were phone taps, wire taps or internet sabotage, or reading live content or stored content. As I have alluded to, it has been done for ages. But this legislation is important in that, because of the efficiency of the digital era, records that most telecommunications people have been keeping at some state eventually become digital. The billing processes and all the things you need to succeed in business in this space have been so efficient that these days some of these records are only kept for up to a week before they are entered into a billing system, and then they are no more.

That phenomenon is what has driven this bit of legislation. Metadata is like a digital fingerprint. Can you imagine the police or the AFP or our intelligence agencies being able to investigate without the humble fingerprint? It would set back justice and investigation of crime by decades. Well, in the digital world, metadata and the patterns of connections—not the actual IP number or the phone number—give the intelligence services, whether police, AFP, ASIO or ASIS, a pattern of behaviour so that they can use that to investigate serious crime, such as child abuse, sexual assault, exploitation and kidnapping, as well as counterintelligence matters. These are all very essential things that the community relies on our security services to look into and prosecute. That is why it is so essential. In fact, the figures that were mentioned at a committee meeting today were that 85 or 90 per cent of all the recent serious crime and terrorism investigations involved the use of metadata to assemble a direction for investigation about who is involved in these serious crimes or who is conspiring to commit serious crimes.

So, that is the first thing. There is a reason. This has not come out of thin air. The other matter is that all this metadata has been accessed for decades as well, by up to 80 separate bodies. This legislation and the Parliamentary Joint Committee on Intelligence and Security has whittled that down to 20 bodies. People like the RSPCA—just about anyone—could get hold of this metadata. We are putting some appropriate limits on it. Other issues that come up in conversation about this rather heated issue are parliamentary oversight, storage and security of the data, allusions to limiting the freedom of the press or invading privacy, and whether it compromises legal privilege. There is also the issue that has been brought up about notifying those who have had their data accessed, either after the event or, as some have recently argued, at the time or before the access happens.

I will go through each of those. There is parliamentary oversight of this process. There are senior-level officers with the Inspector-General of Intelligence and Security, the Commonwealth Ombudsman, state ombudsmen and the security forces who have to meet criteria before this data can be accessed. There is extensive and long-term parliamentary oversight through these processes. It is not as though we are just putting this out there on to the Australian people. Metadata has been stored for decades, but it is vanishing because of changes in technology. We need to provide a system so that the security services, the police and all the appropriate financial regulatory bodies, like ASIC, ACCC and the tax office, can establish a case to prosecute serious crime—child abuse and counterintelligence matters.

One of the previous speakers this evening mentioned concern about the limitation of the freedom of the press. I would just like to say that this does not limit the freedom of the press. The press in Australia has a very well established and frequently used ability to say just about whatever they like, even skirting into libel. Having metadata is not going to limit that. I think they are concerned that one of their sources might be identified. That is a pretty long extrapolation. Unless they are dealing with people involved in serious crimes or they are the innocent so-called B party when the metadata is linked up, they should have nothing to fear. If they are not involved in counterintelligence, espionage, plotting terrorism, serious fraud and crime, child abuse and all those networks involved in paedophilia—all the things that the criminal investigation and national intelligence services need to be interested in to do their jobs—they should have no concern. And, as I mentioned, there is oversight of the system at the level of the Ombudsman and the Inspector-General.

Regarding the issue of privacy, I have come from a meeting today where this very issue was discussed at length. There are many basic rights that we run our society by, including the right to privacy and also the right to expect our security and our wellbeing to be protected by the state—whether it is the state government police, the federal police or our security services. This metadata has historically been used in a proportionate manner, and it would be under this legislation, because the people accessing the data do not do so on a whim. There have to be firm indications.

You could ask the people in my electorate: 'Would you like investigations into very serious matters up to and including terrorism, where there is a risk to life and multiple lives? Would you mind if the appropriate officers checked if certain people or bodies had connections via frequent internet traffic or frequent phone messaging, or gaining information about building bombs, or committing terrorism acts by frequenting terrorism websites?' And I think 99.9 per cent of the people in the Lyne electorate would say, 'Yes, that's not an infringement of our rights; that's protecting our rights'. They expect to be safe and secure in their own country. It is a matter of judgement and balancing the proportionate risk. Some of our commitments on the human rights treaties and agreements that we have committed to as a country are engaged in this process, but it is proportionate—the actions are proportionate to the risk.

The issue of legal privilege being compromised by access to metadata was raised, but I think it would be very hard to argue that metadata alone would be enough to make a case. Whether it is financial crime, violent crime, paedophilia, child abuse networks or conspiracy for terrorism acts, it is not the metadata alone that is enough to convict a person. That is just part of the armamentarium in the investigative process. The content is the bit that could be used as evidence. The use of metadata is like the entree to making a legal case, or applying for a control order or applying to interrupt serious crime.

The other issue that has been raised around this legislation is whether or not it is appropriate to notify people who have had their data accessed. There are some practicalities that have to be taken into account. If an investigation for any matter is underway and you notify the people that you are investigating, you do not need to be a rocket scientist to work out that the investigation will be compromised. By their very nature, a lot of these investigations by the appropriate authorities into these serious matters have to be discrete otherwise there is no point investigating because the suspect is notified.

I do not think the proposals to notify people who are about to have their metadata accessed are appropriate at all. The practicality of notifying everyone who has had their IP address picked up in a random search for connections to these crimes would not be appropriate either, because the volume of applications and instances of searching amount to thousands and thousands per year. Any one IP address interacts with lots of other IP addresses, so it is like a cascading, viral list of IP addresses. It is only the patterns that help in these investigations. If everyone had to be notified, there would be hundreds of thousands of people who would have to be notified every year. If it had to go through a court process to get a warrant to look at these things, you would have to be notifying hundreds of thousands of people a year. You would have to have hundreds of thousands of courts to deal with it—just the practicality of it. The important thing is the proportionality of the principle of privacy being interrupted on a valid, justified basis. There are many issues, but the most important issue is that our law enforcement agencies require this ability. They have had it for years. It is vanishing rapidly. If we do not secure it, the Australian investigating bodies will be compromised. It is not mass surveillance. Unless you are involved in one of these suspected activities, it should be of no consequence to you. It is for all of our security— (Time expired)

See this speech in context