Sharon Claydon (Newcastle, Australian Labor Party) Share this | Hansard source

I rise to also add my voice to this important debate on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. It is vital that we have these discussions and debates in this place as we work to set up a new legislative framework aimed at balancing the often competing needs of law enforcement agencies—who, as we all do, need to keep citizens safe—and protecting the rights of people's privacy and liberties.

It is important to note at the outset that this is controversial legislation, and I can understand why there has been widespread discussion in our communities regarding its purpose. It has, after all, been very poorly explained by the government, and the bill, as first introduced, was grossly inadequate. This is why Labor has insisted that the legislation undergo a rigorous process of review and amendment to reach the point of debate that we have today.

Constituents in my electorate have rightly contacted me with a range of questions and concerns regarding various aspects of the legislation, from differing points of view. Not everyone supports the bill, and some may never believe the reasons for it are valid. The status quo, however, is that the bill is bereft of privacy protections and lacks real oversight over the use and potential misuse of data.

When the data retention scheme was first introduced in the previous parliament, the now Minister for Communications, who introduced the current bill before the House, had his own reservations and questioned the premise of data retention himself. People in all political parties have concerns about the mandatory retention of telecommunications data. Legislation like this raises legitimate and serious privacy issues, and it is important that they are addressed.

The bill being debated today establishes a mandatory data retention scheme where, for the first time ever, telecommunication companies will be required to standardise the type of data they collect and the amount of time they hold it. More importantly, in my view—given that the law enforcement agencies are already accessing our telecommunications data right now, with very few rules and oversights in place—the recommendations of the Parliamentary Joint Committee on Intelligence and Security, if adopted, will place tighter rules and, for the first time, proper oversight of the agencies that access our data and the way it is used. These are important protections and they are sadly lacking from the existing regime.

What is the situation with data retention? As the committee heard, in evidence, the retention of very large volumes of telecommunications data by private companies, such as telecommunication and internet-service providers, has been occurring in Australia in a largely unregulated manner for many years. This data is currently accessed under the Telecommunications (Interception and Access) Act by a very large number of agencies. It is accessed hundreds of thousands of times per year without the need of a warrant. Our data has been harvested, retained and accessed for many years. Data retention is not new in Australia.

The 2012-13 data was accessed by some 80 different agencies with criminal-law or revenue-protection functions. These agencies included federal, state and territory police, Medicare, local councils, the RSPCA, the Australian Taxation Office, Australia Post, ASIC and ASIO. In 2012-13 metadata was accessed 330,640 times. That is an 11 per cent increase on the previous year and a jump of 31 per cent over the last two years. Fast forward 12 months to 2013-14 and this number increased to more than 550,000.

As referenced by Mike Seccombe in The Saturday Paper, last weekend, the magnitude of these figures invites a number of observations, chiefly that this bill is not substantially about counter-terrorism. Despite assertions from the Prime Minister that the data retention bill is the vital next step in giving our agencies the tools they need to keep Australia safe, access to these tools is already available. This was referenced by the Minister for Communications when introducing this bill and is detailed in the bill's explanatory memorandum. The minister said that this bill does not expand the range of telecommunications metadata currently being accessed by law enforcement agencies, it simply ensures that metadata is retained for a period of two years.

The dramatic increase in data access is in line with the fact that we are creating an ever-greater caucus of data for authorities to access. More data and more companies equals greater risk of misuse. More care and increased oversight is therefore needed. Arguments that retention is pointless—because ill-doers and criminals can use encryption programs to hide their identities or because the regime will not capture all of the overseas data—really ignore the need to address our unregulated open-slather access for data that we currently have.

Whilst this bill is not in a form that Labor would have drafted if it had been in government, and while the bill will not stop terrorism or protect citizens against all crimes, it will ensure that data access is regulated and subject to privacy laws, for the first time ever.

As referenced earlier, when this bill was introduced it was a skeleton of the draft legislation before the House today. Earlier this year, the Leader of the Opposition wrote to the Prime Minister outlining a number of serious concerns Labor had with the original legislation introduced by the Minister for Communications. Labor insisted the bill be subject to scrutiny by the PJCIS before being debated by the parliament in full. The parliamentary joint committee received hundreds of submissions from concerned citizens and organisations and held several days of public hearings. After considered scrutiny and substantial amendment of the original legislation, and having secured support for 38 recommendations, we are now in a position to support this bill. I acknowledge the work of the committee in coming to these recommendations—in particular, the work of the shadow Attorney-General and the shadow minister for communications.

Through the rigorous process of the parliamentary joint committee, Labor achieved a number of very substantial amendments to the bill. The bill, as amended in response to the committee's recommendations, is of a wholly different character from the original bill. As the Liberals now concede, albeit reluctantly, it was a bill that was manifestly inadequate. Key features of the proposed data retention scheme were not settled, and the government's proposal to give these over to executive regulation was not acceptable to Labor. Oversight was inadequate. Safeguards were too limited. We remedied these problems through the committee process. The bill today is a very different creature from what was originally presented to this House, and it is only in its current form that Labor is able to offer its support.

I remind the House that the committee made 38 substantive recommendations. I focus now on some of those key recommendations that Labor achieved through its work with the parliamentary joint committee process. In its original form, the bill left the definition of dataset to be retained to regulation. It set only very loose parameters on matters that the prescribed information must relate to. That is to say, the government's bill barely addressed the central detail of its own proposed scheme. Labor demanded, however, that the dataset be fixed in the legislation. Labor has made sure that parliament and the Australian people are able to properly consider the scheme. This will ensure that business has certainty and that consumers know what information is being stored. The government will not be able to expand this scheme without returning to parliament.

In its original form, the bill limited access to retained data to a list of agencies. The government made a lot of noise about this change, claiming it limited the scope of the scheme; however, the bill also gave the Attorney-General a very broad discretion to add further agencies, by regulation, without the full oversight of the parliamentary process.

Labor insisted that only agencies specifically listed in the legislation would have access. The Attorney-General cannot add further agencies without legislation, subject to an emergency power to add agencies for a very brief period of time ahead of that the legislation being brought on in the parliament. It is Labor's position that only agencies dealing with national security and serious law enforcement, such as the Australian Federal Police and the state police, should have access to data under the scheme, and we should have proper parliamentary and public debate if the government proposes to extend access to other agencies. Labor also pushed for the inclusion of ASIC and the ACCC—agencies which presently use telecommunications data to investigate white-collar crime.

The government's bill did not prevent retained data being accessed in ordinary civil litigation. Labor again pushed to close this loophole. Private information retained for the national security and serious criminal law enforcement should be used for just that. This amendment to the bill will ensure that data retention cannot be used for copyright enforcement—an assurance the government has been unable to give convincingly.

The original bill did not provide for individuals to access their own data. Labor asked that the bill be amended to make it clear that individuals can access their retained data. Labor believes that this is an important application of privacy law principles. Australians should always be able to access personal data that companies keep about them. The original bill did not provide any way of individuals knowing if the security or the privacy of their data had in fact been breached, even though this had been recommended by the Parliamentary Joint Committee on Security and Intelligence in an earlier report in 2013. Labor ensured that the government fix this by implementing mandatory data breach notification legislation—legislation which Labor has called for long before the data retention proposal. Australians have a right to know when the security of their data has been compromised, Mandatory data breach notification gives individuals some comfort about the security of their data and, when there is a breach, allows them to take protective action.

The government's bill made no provision for the encryption of data—again, even though this had been recommended in 2013. Labor pushed for the bill to require encryption. Australians should have assurance that their data is protected, and encryption is currently the best means of ensuring that Australians' data is kept secure and private under this scheme.

The government's bill provided an oversight for the Ombudsman; however, Labor was not satisfied with this. Again, through the committee, we have made the government commit to fully funding the Ombudsman to undertake this new expanded role. Crucially, as recommended by former Senator John Faulkner, we have pushed for the very first time for the parliamentary joint committee to itself have oversight of operational matters. Through the committee we demanded a full, considered and informed review of the scheme by the parliamentary joint committee two years after the scheme is fully implemented. Labor ensured that agencies will be required to collect and retain relevant statistical information to support this review. Documentation of all access requests must be retained until that review.

We were not able to resolve all of our concerns through the committee process, however. As the opposition leader has said numerous times during the public debate about this bill, Labor holds serious concerns about the effect of the government's bill on freedom of the press. We know that working journalists fear the data retention scheme will compromise the identity of their sources. Labor has also been clear that we share this concern. In principle, Labor believes that the relationship between a journalist and their sources should be protected by warrant. This is why we made our support for this bill conditional on an additional amendment. While the government has resisted this—in fact, the Prime Minister and the Attorney-General have said they do not believe it is necessary—Labor will not offer its support for the bill without this condition being met.

Another point of contestation which has not been resolved within the committee relates to the obligation that companies stores their data here onshore in Australia. Former Director-General of ASIO, David Irvine, said at a recent defence and national security roundtable that he would be concerned about the security of retained data if it were stored overseas because it would be governed by someone else's sovereign legislative system. (Time expired)

See this speech in context