Matt Thistlethwaite (Kingsford Smith, Australian Labor Party, Shadow Parliamentary Secretary for Foreign Affairs) Share this | Link to this | Hansard source

When I concluded last night, I was making the point that the Telecommunications (Interception and Access) Amendment (Data Retention) Bill, which we are debating here today, is vastly different and, in my view, superior to the one that was introduced by the Minister for Communications in October last year, and this is principally because of the amendments that the Labor Party has been able to secure through the negotiation process and also the work of the Parliamentary Joint Committee on Intelligence and Security. I would like to go through some of those amendments.

Firstly, this bill now fixes the dataset that agencies can access. The dataset will not be left to later regulation as was proposed in the original bill but will be fixed in the current legislation. It is a vastly superior amendment, and it can only be expanded with the consent of the parliament.

Secondly, the list of agencies that can access the metadata will now be limited. Only those agencies dealing with national security and serious law enforcement will be able to access metadata from ISPs, so we will not have the situation of this legislation authorising local councils and the RSPCA and the like to access people's metadata. The list of agencies is now limited. and that list can only be expanded, once again, with the consent of the parliament. This has tightened up the legislation. Far fewer agencies will be able to access people's metadata under this proposal than is currently the case.

Thirdly, the original bill did not limit data access for civil litigation. The metadata that was accessed by agencies could have been used in civil litigation against customers of ISPs. This amended bill limits the access to serious criminal law enforcement. Also, the original bill provided no right for individuals to access their own metadata. This amended bill, as a result of one of the recommendations of the PJCIS inquiry, does allow people to access their own metadata. This bill implements a mandatory data breach notification system which protects the rights of, and provides information for, customers of ISPs.

The cost is yet to be fully disclosed by the government, although it is estimated that the capital cost of the scheme will be anywhere between $188 million and $300 million. Labor has very, very clearly insisted from the beginning that the cost of this scheme should not be borne by small businesses, households and customers. The cost should not be borne by those individuals. The cost should be borne by the government. Yesterday, in this parliament, we had the next round of the political stunt that is the government's red tape repeal day. If the government is serious about repealing red tape and about reducing costs on small businesses in this country, it will not impose the cost of this scheme on consumers and on small businesses in this country.

Fourthly, the Ombudsman is given an oversight role under this legislation. Originally, the government was proposing that the Ombudsman play this role but without the additional resources to perform what will be an additional task for the office of the Ombudsman. So Labor has secured not only the oversight role of this legislation but also the additional funding for the Ombudsman to perform that role.

Fifthly, I would like to make a point is in respect of freedom of the press and protection of journalists and their sources. This is a principle that Labor sees as very important, fundamental, to the strength of good democracy. The original bill did not propose any protection for journalists and their sources. Labor has recommended amendment of the bill such that a warrant process is put in place to ensure that a judge, an independent judicial officer, makes a decision on whether or not access can be granted to metadata in respect of journalists and their sources. An additional layer of protection of that principle of freedom of the press is something that Labor is serious about. We have insisted that the government, through a further inquiry of the Parliamentary Joint Committee on Intelligence and Security, look at this issue and that the government should amend the bill to ensure that that warrant process is undertaken.

The final point to make is that this is a vastly different bill to the original one that was proposed by the Minister for Communications in October last year. It has gone through a process of careful consideration and investigation by the Parliamentary Joint Committee on Intelligence and Security. Labor has insisted on improvements that guarantee protection of privacy for individuals and protection of freedom of the press. It is on that basis that Labor is offering support for this amended bill.

The new bill and the new law will introduce a better scheme into Australia when it comes to the storing and accessing of metadata, the privacy rights of individuals and who can access that information. There will be more protections for citizens and their privacy, clearly defined datasets, restricted access by government agencies—most notably those involved in investigating serious crime—access to data by citizens in respect of their own metadata and protection for journalists. Importantly, Labor has secured amendments to ensure that the operation of the bill will be reviewed two years after the commencement of the bill.

In conclusion, I am pleased that Labor was able to make such important changes to what is a very important law, and one that has generated quite a bit of interest, not only in my community but also in the wider Australian community. I thank those constituents of Kingsford Smith who have contacted me and given me their views on this very important issue. I appreciate the concerns that have been raised. I have considered those concerns. I have consulted with experts. I have consulted with Labor's representatives on the Parliamentary Joint Committee on Intelligence and Security. I have read the report thoroughly, and it is on that basis that I have made the decision to support this bill. But Labor's job is not done yet. We will maintain a vigilant eye on the content and passage of this bill to ensure that the government is held to its word, and that this law operates in a way that protects the privacy and rights of Australian citizens.

Stephen Jones (Throsby, Australian Labor Party, Shadow Parliamentary Secretary for Regional Development and Infrastructure) Share this | Link to this | Hansard source

The starting point for all MPs in considering matters such as this is that national security is the first obligation of any sovereign government. As such, it should transcend the day-to-day rancour of partisan politics. Of course, that does not obviate the need of all members of this place to carefully scrutinise the details of every piece of legislation. It does not mean that you merely need to attach the words 'national security' to a policy proposition or a bill to ensure bipartisan support for that proposition.

Indeed, on this side of the House we reflect upon the words of the great Ben Chifley who said to Prime Minister Menzies, in the midst of our nation's greatest challenge when the war in the Pacific broke out, that he offered full support to our troops and to the government in the support of the security of our nation, but that did not mean that he would not offer patriotic criticism when he believed the details of the government's strategy, or the implementation of that strategy, had gone wrong. We, on this side of the House, offer the government patriotic criticism when we believe that they have mishandled either the debate, the drafting of the legislation or the process of that legislation through the parliament.

This is one of those circumstances where patriotic criticism is needed because from the beginning of this matter—when in August last year the Prime Minister and the Attorney-General announced their intention to introduce into the parliament legislation which would mandatorily require the retention of data—they mishandled it from beginning to end. We saw the disastrous press interview with the Attorney-General, who struggled over an excruciating 30 seconds that felt more like 30 minutes to define what metadata was all about, only to be rescued by the communications minister about a week later. At no point between then and now has the government regained its composure when attempting to deal with the public debate around this matter.

It has fallen to Labor, in many respects, to do the right thing by the parliament and by the country—to look at this legislation on its merits, to point out the obvious short fallings and to ensure that we can improve it where it needs to be improved. Had the government not mishandled the debate so tragically, they could have pointed out a raft of things which we believe need to be injected into the public debate. For example, the original proposal sought to mandate the retention of data but not the regime for accessing it. It was only after stern advocacy of Labor members of parliament that the bill was widened in its scope.

Throughout that debate, and over the last nine or 10 months when we have been gripped by this issue, at no point in time was the government able to clearly articulate to the Australian people the amount of data that is currently stored by telecommunications companies, including internet service providers and others. At no time during the debate have they pointed out that in many respects this data is already stored. What their original proposal was trying to do was to put in place a standard regime for the storage of that data. At no point during the debate did they point out that at the moment there are thousands and thousands and thousands of applications per year to access the details of that metadata. I am advised that in 2012-13 alone over 320,000—that is right, over 320,000—applications were made by law enforcement agencies and other government authorities for access to the data which is the subject of this debate before the House today. Some of those applications for data, indeed over one-third of them I am advised, came from the New South Wales Police Force.

Some of those applications were for a good cause. I do not think that there is any right-thinking member of this House or in this country who would disagree with that. For example, when the Victorian police force were trying to track down the person who was responsible for the grisly murder of the ABC journalist Jill Meagher, nobody—no right-thinking person—would have criticised the Victorian government for using metadata to be able to match up the location of the perpetrator and the location of the victim in the one vicinity, and therefore being able to relatively quickly track down the man who was subsequently found guilty of that horrible murder. No right-thinking person would say that is an inappropriate use of a law enforcement agency's access to that metadata. That was not explained sufficiently, and as a result there has been enormous misunderstanding about it. I pointed this out as a very valid access by a law enforcement agency to metadata.

Many of us can point to equally dubious requests or attempts to access that metadata. We have heard of examples of the Queensland police spying on its own employees, trying to find their location when they were not reporting for duty, for example. We have seen councils using metadata to spy on their staff.

Michael Danby (Melbourne Ports, Australian Labor Party, Shadow Parliamentary Secretary to the Leader of the Opposition) Share this | Link to this | Hansard source

Bankstown.

Stephen Jones (Throsby, Australian Labor Party, Shadow Parliamentary Secretary for Regional Development and Infrastructure) Share this | Link to this | Hansard source

The member for Melbourne Ports reminds me that this was something that occurred at the Bankstown City Council, where I believe that they were using access to metadata to find out whether people were dropping their McDonald's wrappers and other litter around the streets of the municipality. I am sure a lot of people would look at those sorts of examples, scratch their heads and say, 'Is this the intention? Where is the national security imperative in allowing access to data for these sorts of purposes?'

The completely cack-handed mishandling of this debate has allowed a misunderstanding to occur, and it has also meant that the focus has been on the wrong issue. I have had a long history of dealing with telecommunications companies in this country in many different capacities. I know that for billing reasons, for example, and for resolving disputes between wholesalers and retailers and between customers and the telecommunications companies, they do keep this data, sometimes for two years; sometimes for much in excess of two years. Much of that data is kept, not always in a standard form. The inability of the government to clearly articulate these issues and what it was trying to do and then put a proper set of constraints around its proposal has meant the debate has completely gone off the rails. Labor has had to do the right thing by the country and the parliament to try and bring the debate back and the legislation back to a sensible proposition. We have put in a lot of effort, through the PJC process amongst other processes, to ensure that the obvious defects in this legislation have been remedied. I have to say that that is consistent with the approach that we have taken in this place with the foreign fighters bill when that was brought before the House and the counterterrorism legislation amendment bill—an approach that we have continued to follow.

If I take you through some of the concerns that we had had with the original bill and the action that has been taken by Labor members, both in the PJC process and in our discussions with the government, you will see where the obvious deficiencies in the bill have, in some part, been remedied and why more work is yet to be done. For example, in its original form, the bill left the definition of metadata and the datasets to be retained in regulation, setting very loose parameters on the matters which were to be prescribed. We thought that this was not good enough and that there needed to be a definition of metadata—what was metadata and what was not metadata—in the bill itself, and that has to some extent been remedied by the legislation before the House today. In its original form, the bill limited access to retained data to a list of agencies. The government have made a lot of noise about this change, saying that access was not going to be granted willy-nilly to a whole range of agencies—and we reflect upon the Bankstown City Council example that the member for Melbourne Ports reminded me of just now—but it left a huge back door by allowing the Attorney-General a broad discretion to add to that list of agencies or individuals who may have access to that metadata. We thought that that was not good enough. If the data is to be stored in a mandated form, this is an opportunity for us to put more protections into the existing deficient regime around who and under what circumstances a person can have access to that metadata.

A third deficiency was that the government's bill did not prevent retained data from being accessed in ordinary civil litigation. If the purpose of this bill is to provide our law enforcement agencies, and particularly our national security agencies, with another arrow in their quiver, then we must put some fences around this, and that does not extend to every civil litigant or defendant in this country having access to metadata for God knows what purposes in whatever litigation. That is not a proper purpose for accessing this sort of information.

The original bill did not provide for individuals to access their own data. It has been a consistent principle of privacy legislation since it was first introduced into Australia that citizens have a right to know the information that is being recorded and is being stored when that information pertains to them. That is an issue that has been remedied by amendments pursued by Labor members. In particular, I want to point out the importance of ensuring that individual citizens are notified if there has been a breach that affects their data. If there has been a security breach and their data has been impacted, the very least obligation that the government has in this respect is to ensure that the individual is notified of such a breach.

The original bill made no provision for encryption of data, even though it had been recommended in an earlier inquiry. The bill was silent on who would bear the costs of the regime—that needs to be remedied—and the government's bill provided no sufficient oversight and no guarantees that the ombudsmen having an oversight role would be sufficiently funded to perform that oversight function.

Many who have followed the national security debates and the relationship between national security agencies and this parliament would know that, on the Labor side of parliament, we have long advocated for a greater role in scrutiny by parliament and the committees of this parliament of national security agencies. We take the opportunity of this matter being before the parliament to say that we will introduce a bill to enhance the oversight powers of the PJCIS in respect of operational matters, because we think it is right and proper that the citizens of Australia, through their elected representatives, have oversight of our security agencies.

In the time left to me I want point to two issues that are of continuing concern. Firstly, press freedom. In the last parliament we saw the champions of the free press, in response to the Finkelstein report, thick on the ground from the coalition parties. They have been absent in defending the freedom of the press. Labor takes a different view: if there is to be metadata mandatorily stored, access to a journalist's metadata must be by warrant. That must be a feature of the legislation if we are to support it in the Senate.

As the former Director-General of Security, David Irvine, said last year: unless you deal with the issue of where it is stored, we do not have confidence that this regime can protect the data that we are requiring to be stored. (Time expired)

Michael Danby (Melbourne Ports, Australian Labor Party, Shadow Parliamentary Secretary to the Leader of the Opposition) Share this | Link to this | Hansard source

The most popular novel on espionage ever written was John Buchan's The Thirty-Nine Steps. We are taking 38 steps recommended by the Parliamentary Joint Committee on Intelligence and Security to amend this legislation. In my view this amended legislation is a victory for those who value privacy, the regulation of security services and the protections of the supremacy of an elected parliament over the agencies of government. In my 15 years in parliament, I have never seen legislation so intensively amended or improved through the process of consultation with all sides of parliament and with parliamentary committees. In my view it is a paradigm of social democratic mentality: pragmatic and committed to freedom, but not lily-livered in the defence of democracy.

This legislation, which began when a report was sought by the previous Labor government, addresses a clear and present danger the Australian people are facing—circumstances not of our making. Labor is aware that many Australians have legitimate concerns about our rights being compromised. Data that would be retained under this scheme does not include the content of communications. Metadata includes the internet identifier, assigned to the user by the provider, for the customer's email address. For mobile services it would be the number called or texted. The time and date, duration and location would be retained, but not the content of emails or private blog posts, the history of websites visited or the content of text messages or phones. The second category of information about the parties communicating includes details about the person who owns the service being used such as the billing address, name and contact details.

Currently, as a number of speakers have pointed out, 500,000 existing requests for metadata are made by the police or authorised agencies. To give this more context, over 100 people in Australia have had their passports revoked. There are 90 Australians who are fighting with the barbarians of Daesh—terrorists who we saw recently cut off the heads of Coptic workers in Egypt with blunt knives; who desecrate churches, plough up the graves of priests, engineer the mass rape of women and violate their own children by getting them to murder Muslim prisoners or hold up the severed heads of innocent journalists, Christians or civil society volunteers.

We have nearly 40 Australians who have been arrested, charged, tried and convicted under our democratic laws for involvement in terrorist crimes that are so grave they include attempts to kill tens of thousands of Australians at the MCG on grand final day. Australia is spending hundreds of millions of dollars with its police and security services to prevent mass casualty attacks in Australia, as happened in the US on 9/11, in the UK on 7/7 and in Spain, France and other democratic countries. In my electorate, and across the country, certain schools are fortified and have armed guards to prevent the replication of this kind of terrorism, particularly against school children, so cruelly perpetrated by the barbarians from Daesh in Toulouse, Copenhagen, Brussels, Paris and Canada recently.

The cause—the source— of this problem is not of our choosing. By the day it becomes more dangerous and diffuse. The prominence of internet and mobile phone usage has greatly increased the reach and capability of terrorists. Use of telecommunications interception is the principal way we have so far been successful in preventing mass casualty attacks in Australia by the use of metadata. As the member for Throsby valuably pointed out, it has been incredibly valuable in terrible cases of crimes like the crime against Jill Meagher in Melbourne. The Australian Federal Police Commissioner, Andrew Colvin, has said that between July and September last year metadata was used in 92 per cent of counter-terrorism investigations, 87 per cent of child protection investigations and 79 per cent of serious organised crime investigations. So far this access has been unaccountable—not balanced by privacy considerations, properly supervised by parliament or monitored by the Inspector-General of Intelligence and Security or the Commonwealth Ombudsman.

The profusion of technology and technology service providers risks the security services going dark and not being able to intercept or use this metadata as they might have in the past. The last thing we want is for this parliament to be reacting to an incident in our country, on the mainland, that might otherwise have been avoided by the judicious use of this metadata. Many of the provisions of the ASIO Act and the Telecommunications Act have not been amended since 1979, long before the information and communications revolution.

Evidence presented by the Parliamentary Joint Committee on Intelligence and Security has further established that telecommunications data is used in law enforcement at all levels, not just for espionage and terrorism threats.

At Labor's insistence, the parliament referred the draft metadata legislation to the intelligence and security committee for consideration. The committee, of which I was a member, has since provided parliament with 38 recommendations. Labor's recommendations and amendments that we fought for in the committee provide protections for individuals that were missing from the draft legislation as it stood, such as requiring telcos to provide customers with access to their own metadata that is being stored and to notify them if the security of their data is breached, and a provision that metadata may not be accessed for civil proceedings. Labor's recommendations also called for the legislation to have better definitions and descriptions of what data is to be retained and a clarification of what data is not to be retained. The government has also accepted Labor's insistence that we reduce the number of agencies, as the member for Throsby valorously pointed out, with the RSPCA and Bankstown Council having access to this material. We have reduced the number from 80 to 20 agencies.

A recommendation of key significance that Labor fought for is improved oversight of the scheme by two independent government agencies—the Inspector-General of Intelligence and Security and the Ombudsman. In addition Labor argued for the significant reform of assigning operational oversight of security agencies under the data retention scheme to the intelligence committee in accordance with measures proposed by Senator Faulkner. Senator Faulkner is a vehement advocate for government transparency, the value of well-run security and intelligence agencies, and the need for the federal parliament to prescribe safeguards against abuse by security powers. Furthermore, Labor has convinced the government to agree to a change the bill to require the intelligence committee to conduct ongoing reviews of the entire scheme on a biannual basis, the so-called sunset clauses.

The committee has examined security issues pertaining to the storage of retained data in response to concerns that the data would be a honey pot for hackers. Labor has argued that the bill needs to be amended to enforce strict standards for data security, including a requirement for stored data to be encrypted, and a system of mandatory notifications of data breaches or privacy alerts, which is something I have been advocating since I was a member of that committee. One of the collateral benefits of the changes sought and agreed to in this bill is based on the right to know when the security of personal information has been compromised. Initially, the government's redraft of the bill did not include such a scheme.

Security concerns remain relating to whether companies will be compelled to store data within Australia. David Irvine, the extremely capable, former Director-General of ASIO, raised this issue at a recent defence and national security roundtable and expressed apprehension at the prospect of data being stored overseas as it then might be governed by someone else's sovereign legislative system. This matter is being assessed as part of the telecommunications sector security reform, a process initiated while Labor was in government. Consistent with the comments of the former head of ASIO, during the review of any TSSR legislation Labor will insist on a requirement that retained telecommunications data be stored onshore.

Labor's view is that finding the right balance between security and freedom is an ongoing task, and the government needs to respond to national security risks in a flexible manner as they arise or diminish. This is very clearly outlined in the contribution of my friend the member for Isaacs, the shadow Attorney-General. In recognition of this, Labor established the office of the Independent National Security Legislation Monitor. Despite the Abbott government's misguided determination to abolish the monitor under so-called 'removal of red tape', Labor fought consistently for its retention. Thankfully the government woke up, listened and has reinstated it, and has finally appointed someone.

Labor have achieved considerable success in having these recommendations accepted. Just yesterday the Prime Minister backed down on our insistence on more protection for journalists. Now security agencies will need to obtain a warrant to access metadata to identify a journalist's source. There is still much more work to be done. It is important to note that Labor have yet to agree to this legislation and will not do so until we have evaluated the final redraft.

Data retention is a complex, global issue and must be dealt with in this age of technology. Looking for an international precedent, Britain has recently rushed new emergency laws through their parliament making data retention mandatory. In Europe a similar scheme was ruled invalid by the Court of Justice in response to complaints. I believe various European governments now see the peril of the court's recommendations and will be making their own rules, appealing and doing various things to ensure that they have the ability to access the metadata while, at the same time, protect people's privacy. The real crux of the data retention debate is how to strike the balance between preserving the privacy of individuals and enhancing our ability to protect this nation from the genuine threat of terrorist attacks. Of course, as a nation we value freedom, but without effective security measures in place to protect us from imminent danger, we will live in peril, not freedom.

Labor has maintained a sensible, bipartisan approach to national security, and I pay tribute in particular to the shadow Attorney-General Mark Dreyfus, the Deputy Chair of the Intelligence and Security Committee; Anthony Byrne; a minister who is present in the chamber, the shadow minister Jason Clare; and our leader Bill Shorten who has been back and forth, in and out, of Mr Abbott's office, again and again, forcing changes that would improve this legislation out of sight. It now has the balance of security and privacy and, I am proud to say, has a real Labor stamp. The shadow Attorney-General, the member for Isaacs, summed it up best in his concluding remarks when he said:

Labor will always work to keep Australians safe and, at the same time, to uphold the rights and freedoms enjoyed by all Australians. Getting this balance right can be a challenging task, but with the addition of the numerous amendments to the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 that Labor has fought for, and with the government's agreement to further amendments to protect freedom of the press, we believe that the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 strikes the right balance.

This process shows the value of parliamentary committees. It also shows that the importance and rights of the parliamentary Labor Party in fighting for reforms is constantly a paradigm of our behaviour. We do not believe that leaving important issues like this to the hysteria of press commentary, particularly commentary in social media, is the way to deal with these things. With the threat of terrorism coming to this country, this is a real and present danger to Australian citizens. We have seen two terrible incidents. One was in my friend's, the member for Holt, electorate at the police station where officers were attacked and the perpetrator shot dead, most terribly, in Sydney.

It is not sufficient for members of parliament to come into this place and say nothing about these things and just appeal to a narrow sector of the Australian public, who are rightly concerned with the effect on their social media, on their privacy and on their personal blogs. We do not want to troll through some teenager's email to see if they are looking at pornography. That is not the idea of this bill. The idea of this bill, with the amendments that Labor has forced through, is to protect the security of the Australian people. This is a very serious task. We have approached it very seriously, and I am very pleased to see that, both in government and in opposition, the Labor Party has stuck to its mission of reforming Australia to make it a better place, in this case in the most serious of issues: the security of the Australian people.

Clare O'Neil (Hotham, Australian Labor Party) Share this | Link to this | Hansard source

It is a pleasure today to make a contribution to the debate about the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, known in the community as the data retention legislation. What I want to do today with this opportunity is explain why I am supporting the legislation. I am doing so with a great deal of thought and reflection because the truth is that legislation like this raises some very difficult and important questions for us, as a parliament, and for the Australian community. We are being asked constantly, as technology improves and as our world changes, to make difficult trade-offs between privacy and civil liberties and the use of data, which is now routinely collected about us and our online activities. For those who are listening in the gallery and for those who are watching at home, I would just ask all of you to greet with a degree of caution anyone who is putting the debate about this legislation forward as a kind of ridiculously obvious point or question on one side or the other, because the truth is that I think anyone who shares broadly Australian values, who has looked at this legislation, who has understood the issues and who has read the parliamentary report that looked into the detail of the legislation would agree that it is complex. But I believe the legislation before us does strike the right balance, and I will explain in detail why I have that view.

I want to start this conversation where it ought to begin, not with wildly overstated claims but with an understanding of the situation about data retention today. The first important point to note here is what data is under this legislation that we are debating today. It is not detailed information about emails that you send and the content of those emails. The data that is being defined under this legislation is quite tightly defined. It is about the fact of communications and the fact that they occurred. It is not about the data that was contained in those communications. Of the confusion about this bill, this is really where we have seen a lot of discussion and debate, and I want people to be clear about that. For example, with mobile phone communications, the data that will be retained under this legislation, should it pass the parliament, is the fact that a person made a call, who the call was to and the time of that call. There is no audio recording or text recording of the call. For online communications, for example, email content will not be kept, but the time that you logged on to the internet and logged off is the sort of data that will be retained.

There is a second important point to note about this: is this data being retained at the moment? What we know is that such data—and, in fact, volumes of data and more detailed elements of data—is being retained by some telecommunications companies but not by others. What we see with the current regulatory regime around data retention is that both the retention of data and the access to the data are not being well regulated. We do not have a law which has kept up to date with the ability of telecommunications companies to keep this data. For example, some telecommunications companies in Australia are keeping this data for seven years and others are saying that they do not want to keep it for longer than a few weeks. The purpose of this law is to clarify what the obligations are on telecommunications companies to retain data. I think when you understand the situation as it is today—the very hazy and quite poorly regulated or unregulated, in other respects, nature of this environment—you see that the best thing we can do is have a discussion, as a community, about what principles we should apply to these decisions and then create a new regulatory environment for it.

Something that I think is important to note is the access. I have talked a little bit about the retaining of the data by different telecommunications companies, but what we also have learned through this process is that the access to this data is not well regulated. There are some 80 bodies that are able to request access to telecommunications data. This includes organisations like local councils and the RSPCA who are using this data for reasons that this parliament has come to view as not appropriate for this type of monitoring of people's online behaviour. What we also know is that over the financial year 2012-2013 there were 331,000 authorisations for different organisations to use telecommunications data, which resulted in almost 550,000 disclosures of telecommunications data. In this kind of broadly unregulated or poorly regulated environment, half a million records were accessed. Just that fact alone illustrates a very clear need for us to tighten up what is going on out there in the world of data retention.

It is also an important place to start, in this conversation, talking about the other values. Obviously, there are these issues of being an unregulated environment. But what we have heard from the Australian community, I think quite rightly, is that there are concerns, from a civil liberties perspective, with how the data is being regulated and accessed at the moment. We know that privacy is an important right of ordinary Australians, and, as a starting point, we should say that no-one should have access to anything that anyone does in their personal lives unless there is some other countervailing principle that we are weighing against it. Privacy is not just important because it is a private right. We know that privacy is critical to the functioning of our democracy. Journalists need to be able to protect themselves and protect their sources. We know that activists and dissidents are perfectly entitled to organise to criticise security agencies and other sorts of things, and I very much respect those things and they must be protected. This is what we are balancing against the need to potentially access this data. From that starting point, we have got these very valuable private rights and civil liberties. We need to understand whether there is a clear need, in that case, for those types of principles to be balanced against another need.

Should the right to privacy be modified in this instance? I think that the PJCIS, which looked at this bill in an incredible amount of detail, had an excellent chapter on this very question, and I would really encourage those in the community who have shown an interest in this issue to have a look at the chapter.

What we know is that telecommunications are creating new types of crimes and they are also creating a means for us to resolve very old types of crimes. We have seen that very much in criminal investigations and criminal activity of recent years. We know, for example, that data retention can be an essential tool in fighting online paedophilia and online sex crimes. We know that terrorism is often organised online, so there is obviously going to be an element of metadata being used to resolve those crimes. The member for Melbourne Ports raised the issue of Jill Meagher, the woman who was tragically killed in Melbourne. We know metadata was essential in tracking down the person who committed that crime. The member for Blaxland said in his speech on this subject that one of the first things police want to do when someone is found to have committed a crime is work out who the person has recently spoken to and try to piece together the elements. So for anyone who knows anything about how police pursue crimes these days, there is a very clear and obvious need here.

In the submissions to the inquiry into the bill we saw very clearly that a wide range of people acknowledge the need to curtail the right to privacy in order to assist us in fighting crime. I do not want to overstate that; a lot of people do not believe there is any need to take any interventions, but there are a lot of people who do. For example, Gillian Triggs, the President of the Australian Human Rights Commission, in her submission spoke about the need to update the law to reflect the fact that there is an obvious new tool to fight crime and that it is a good reason in some instances to curtail the right to privacy. Even Timothy Pilgrim, the Australian Privacy Commissioner, in his submission said the right to privacy is not absolute and there are some clear needs to curtail that right given what we know about the importance of metadata in fighting crime. Reading some of these submissions has helped me come to the view that it is very important that we try to better regulate this area and that access to metadata does need to be allowed under some conditions.

Other speakers have talked about the role Labor has played in making this legislation into what we believe is a good and decent piece of legislation. There has been broad acknowledgement that where we started with this bill was not a great place to start. I think even the people who proposed the bill acknowledged that there was a real need for the parliament to look closely at the legislation and improve on it. I am very proud of the work Labor has done through the parliamentary process. There are some in the community who would have liked to see a stand-up fight on this. But we see this as a serious issue that needs serious consideration and that is why we have used the parliament to make this bill into something that we feel strikes the appropriate balance.

I would like to explain briefly some of the things that Labor has pushed to change in this bill that I believe have allowed it to strike that right balance. The first thing is that, under the legislation we are debating now, the definition of 'data' is included in the substantive legislation itself. That sounds very technical, but what it really means is that, under the previous version of this legislation, the Attorney-General could through legislation change the definition of 'data'. This is important because, as I have explained, the definition does not include things such as the websites you have visited or the text of emails. We believe that should be enshrined in legislation. If anyone in Australia wants to have a discussion about whether that should change, we believe that discussion should take place here in this chamber and that we should all get to have a say in it rather than allowing the Attorney-General to make that change on his own.

The second thing is limiting the list of agencies who can access that data. Again, under the previous version, this was not in the substantive bill. What we have said is that, if the government of the day wishes to make a change to the agencies that are allowed to access metadata under the legislation, they will now have to come back into the parliament to do that and the Attorney-General is not going to be allowed to add agencies as he or she sees fit.

The third thing we have done, which I think is tremendously important, is to allow a provision in the legislation so that individuals can now access their own metadata. If we are going to infringe on the right to privacy to a degree, I think it is only fair that people understand what it is that other agencies might have access to. So we have made sure that is enshrined in the legislation.

Another thing is how this data is protected. Because of Labor's actions, the data that is being retained by telecommunications companies will now be encrypted. We have added an oversight mechanism into the bill so that after two years of operation the PJCIS, which is the committee that considered this legislation in detail, will have the chance to go through and look at how it has been operating and consider how the data has been accessed and whether the use of such data is appropriate. To all of those in the Australian community who have a strong view about how this legislation has panned out and the version that has gone to the parliament, I say that you will get another chance to talk about this when we see how in practice the legislation is used and whether there are any improvements to it.

Through the committee process Labor was able to ensure that metadata can now only be accessed for criminal matters. This is quite important because, as I have said, it has been difficult to strike the right balance between the right to privacy and the benefits to crime fighting that we see in the use of metadata. We believe that the right to privacy should only be infringed to this degree when there are criminal matters at stake. For example, there is the Game of Thrones problem; people were concerned that through this process they might be apprehended for online piracy. Because of Labor's intervention, that is not what this this legislation is about; we are not trying to oversee people's activities to that degree. But where there is a criminal matter to be answered and a criminal matter to be considered, we believe it is fair that the right to privacy be curtailed in this instance.

I do not want to state that this is a perfect piece of legislation, and I hope that the remarks I have made give the indication that we have thought about it and there are remaining issues. The way the legislation treats journalists is a remaining issue. That was not an issue on which the committee process could reach an agreement. Labor has pushed this very hard, and we are continuing to push very hard on this. Those who have been following the debate closely will know that Bill Shorten, the member for Maribyrnong and Leader of the Opposition, is continuing to push this with the Prime Minister—and I hope to see that matter resolved.

We should not see this piece of legislation in isolation. Something else that the Labor Party is interested in pursuing, as we give security agencies more powers, is how we can ensure that there is appropriate parliamentary oversight for those different agencies. That is something Labor will be pursuing in the coming months. I am pleased to support the bill which I believe strikes the right balance.

Tony Zappia (Makin, Australian Labor Party, Shadow Parliamentary Secretary for Manufacturing) Share this | Link to this | Hansard source

I am pleased to follow the member for Hotham in this debate on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. I well understand the many legitimate concerns that people have about this legislation. The Labor Party understands those concerns. Many of the concerns raised do not arise as a result of this legislation, but equally apply with respect to the current process we have for the management of metadata.

Were it not for this legislation and the processes the parliament has gone through in recent months, the existing flawed, insecure and unaccountable practices would continue. They would continue without any discussion whatsoever. The public debate leading to this legislation and the work of the Parliamentary Joint Committee on Intelligence and Security have exposed the existing flaws in the data retention system that we have, allowed the community to have input into the changes and created a much greater community awareness about the realities of the cyberworld we live in.

The protection of rights and liberties is at the core of our national values. It is inscribed in the Australian citizenship pledge, and those rights and liberties should indeed be defended. But rights and liberties can take many forms. Each of us places different values on different rights, and there are times when one right has to be given up in order to protect another. That is why there is no absolute right or wrong view about protection of our freedoms, why there is a diversity of views about this issue and why our laws must strike the right balance. Striking the right balance implies that some people will not be satisfied with the outcome.

We live in a cyberworld with limited knowledge as to who has access to data, how it is being stored, where it is being stored, how that data is being used and how secure it is. We simply do not know. What has been made clear by the inquiry and through the public contribution is that, as reported in the Australian Communications and Media Authority's 2013-14 annual report, there were over 582,000 requests for access to metadata. There were some 80-plus agencies that were being granted access to data, and for much of that data there were no warrants being issued at all. Much of the data is already held for two years or more. The very concerns that are being raised about this legislation are occurring right now, even without it.

Simultaneously, we live in a rapidly changing cyberworld where criminal activities are flourishing because of cybertechnology, globalisation and growing populations. Financial fraud, identity theft, drug trafficking, human trafficking, illegal pornography, paedophilia and terrorism have all heavily relied on cyberuse. Whilst this legislation may have been triggered by growing concerns about terrorism, and is being talked up as a national security issue, the reality is that it has a much wider application in law enforcement than simply being about national security.

The objections to this legislation come down to this very simple proposition: as a result of this legislation, in future all metadata, not just some, will be retained for at least two years. Currently the length of time that metadata is held varies between each carrier. Each carrier chooses how long they keep that data. Data is already being held for two years—what we do not know is how much of it—and in some cases it is being held for longer. This legislation, in simple terms, means that all data will be retained for at least two years.

The first question that then arises is: what is an acceptable period of time that data should be retained for? Should it be one month, three months, a year, five years? At some point we have to make a judgement about that very question. In exchange for all data being retained for two years this legislation provides limitations and oversights that are currently not in place and are badly needed. Let me outline what some of those oversights are, albeit that my colleagues and others who have contributed to this debate have already done so.

Firstly the Commonwealth Ombudsman will have oversight of the data retention scheme and will, for the first time, have the power to inspect the records of enforcement agencies to ensure that they are complying with their obligations under the Telecommunications (Interception and Access) Act. Right now the truth of the matter is that very few people would know what is really going on, who is accessing the data or for what purposes.

Requiring warrants for access to the telecommunications data of journalists is an issue that I know has also been the subject of extensive community debate. If you are going to access the data of journalists, ensuring that there is a warrant required makes reasonable sense. There is good reason for it. Whilst some people have said that if we can apply the warrant process for journalists we should do so for all others, my response to that is simply this: there is a difference between journalists and others. More importantly, if we were to apply a warrant process for all data access that is required—and looking at last year's figures there were over half a million requests—the system and the process would simply be unworkable, not to mention the cost to society of having to process half a million warrants or more each year.

Thirdly, the Parliamentary Joint Committee on Intelligence and Security will have oversight of the data retention scheme. Again, this is the first time ever that the parliamentary joint committee—or any parliamentary committee—has had this power and this authority. It is consistent with the work that parliaments in both the USA and the UK are already doing; their committees have similar oversight provisions. They may not be identical, but they are similar, and this is the first time that the Australian parliament has given that committee the authority to have oversight over any government operation.

I will also note that the data retention cannot be used for ordinary civil litigation. This was another concern raised in the public discussion. For example, you cannot use data access for the purpose of copyright enforcement. I also note that the data stored will be encrypted to ensure that it too has better security. There will also be a mandatory data breach scheme to notify consumers if security of their metadata is being breached, and individual consumers will have access to their own data. Again, these are all measures that are simply not available at the moment. Importantly, the number of agencies that can access the metadata will be reduced from around 80 at the moment to just over 20, I understand. And, importantly, no additional agencies can be added to the list by the Attorney-General, other than in emergency situations, without the agency and the relative legislation going to parliament and being approved by parliament.

Most importantly, this whole process, this scheme, will be reviewed, I understand, after two years by the Parliamentary Joint Committee on Intelligence and Security—again, enabling the parliament and the people of Australia to have oversight of it, which means we have a review process in place to ensure that it is working well and working in the national interest. None of these measures are currently available with respect to the current data retention process. It should be acknowledged that the retention of data can also be used to clear innocent people of false accusations, and I understand from my discussions with law enforcement agencies that defence lawyers frequently access the data for that purpose, as do our law enforcement officers themselves. So, the retention of data is not all bad. There are many occasions when it is actually used for good reason and good purposes.

It is true that many crimes would not be prevented by the retention of more data for longer periods, as some speakers have said. Conversely, though, it is also true that the retention of data has been invaluable to security agencies in their pursuit of criminals and has been used for good public purposes. Again, it is a matter of weighing one issue up against the next. The real issue, in my view, is not that data is being stored but that communication and cyber use now control our life in a way that it has never done before. It exposes everything we do. We are tied to a system that indeed does monitor and track us in every aspect of life. I note an article about serious computer hacking late last year, which detailed an attack in which 13,000 passwords and credit card details relating to gaming consoles and online stores were released. I would be much more worried about the security of the systems we have than about the storage of data, and it is those kinds of concerns—the hacking of data, the hacking of the systems we currently use—that I believe should be of greater concern to the broader public.

In the few minutes I have left I just want to turn to some matters that I do have some reservations and concerns about, and they have been raised by other speakers in this debate. The first is with respect to the storage of the data. As I said earlier in my remarks, we do not know how much is being stored, where it is being stored or how safe it is. My view supports other speakers who have made this point, and that is that the data should all be stored in Australia. We should know where it is being stored and by whom, and I believe people of this country would feel much more secure if it was stored in Australia. I understand that that may come at a cost, and I understand that ultimately the consumer pays for it. But I suspect that the retention of data, wherever it is, comes at some cost, and until I have seen the final figures on that I reserve my own views about whether it ought to be done or not, because I do not know what the costs are and the government is not releasing the costs that they have. Yes, it may come at a cost, but my view is that ultimately it should be stored here in Australia.

The second point I make is with respect to the Ombudsman, and indeed the Inspector-General of Intelligence and Security and their offices and their roles in securing the rights, liberties and freedoms of the people of this country. They can carry out their roles and do their work only if they are properly resourced and funded. I would like to think that complementary to this legislation the government will provide assurances that both of those offices will be properly resourced, properly funded into the future, to enable them to carry out the oversight role they have been tasked to do.

The third point is one I mentioned earlier, and I want to touch very briefly on the issue of warrants again. My understanding is that currently there is no requirement for warrants to be sought in order to access metadata in most cases, and I have heard the argument time and time again about the fact that if it is good enough for journalists then it ought to be applied to every other application. I have also heard the argument—and I believe there is some truth to it—that if that were the case we probably would not have 500,000 requests and more each year and that it would in fact reduce the numbers. That may well be true. But nevertheless, to argue that we should ensure that everyone who accesses data needs a warrant would simply bring the system to a grinding halt and make it unworkable.

In summing up, I believe we have a choice. We have the choice to do nothing and leave the system as it currently stands, or we can support this legislation. If we do nothing and leave the system as it currently stands, it is a system with no limits on who can access the data, no understanding of who keeps the data or where it is kept, no oversight over it, no knowledge about what is being kept, no certainty that it is secure, no accountability by those agencies that have access to it, and no parliamentary oversight whatsoever. That is the choice. In my view, the choice is quite clear: we support this legislation and we improve an already badly flawed system.

Malcolm Turnbull (Wentworth, Liberal Party, Minister for Communications) Share this | Link to this | Hansard source

I thank all honourable members for their contributions to this debate. Access to metadata plays a central role in almost every counter-terrorism, counterespionage, cyber security and organised crime investigation. It is used in almost all serious criminal investigations, including investigations into murder, serious sexual assaults, drug trafficking and kidnapping. The use of this kind of metadata, therefore, is not new.

I would like to reconfirm, for the benefit of honourable members and anyone watching this at home or at work, what we are talking about when we talk about metadata. We are talking about the traditional information about telephone calls that we used to get on our telephone bills. We are all familiar with it. It shows the caller, the A-party; the B-party, the called number; the time of the call; the length of the call; and, in a mobile network operator's situation, the location of the call—the nearest base station to which it was connected. That information has been available—it has been kept by telcos often for very long periods, well in excess of two years—and it has been accessed from time immemorial.

In terms of the IP world, the internet world, we are talking about what we can call the customer IP address. When a device is connected to the internet its internet service provider will allocate it an IP address, which is a unique number. That IP address is connected, obviously, to the account holder. That IP address may become apparent in some other context where it is important for law enforcement to know which account holder that IP address was allocated to. Again, those records have been kept, in some cases, for a very long time. They have been accessed for a long time by law enforcement, but, as I will describe a little later in these remarks, there is now the risk that they will not be kept at all or will be kept for very brief periods—and there are consequences for that.

What we are talking about here is not storing what people are doing online—what they are saying and what websites that are visiting. This is about retaining classes of data for two years that are being retained now, and where there is a concern that, because business practices have changed, they will not need to be retained in the future. This is very important. This is not a question of the government requiring telcos to retain a record of what websites you visit or the content of your emails—let alone your telephone calls—and so forth.

The deficiency and inconsistency of current data records was highlighted in June last year when the AFP received information from Interpol about a suspect who had made a statement online that they intended to sexually assault a baby. Interpol provided IP address details belonging to an Australian carrier. As the Australian carrier only retained data—that is to say, customer IP address data—for a maximum of seven days, no results were available and the suspect was unable to be identified. That example is not isolated. The police advise us they have dozens of examples. The bill, as I said a moment ago, will establish a common industry standard for data retention practices that will assist agencies to protect the Australian public. Importantly, it will prevent the further degradation of the investigative capacities of Australia's law enforcement and national security agencies.

I note that the measures in the bill have been formulated, and will be further refined, with the benefit of two bipartisan inquiries undertaken by the Parliamentary Joint Committee on Intelligence and Security. The committee's first inquiry was completed in 2013 under the chairmanship of the member for Holt, the Hon. Anthony Byrne MP. It recommended a number of reforms to Australia's national security legislation, including how a data retention scheme should be shaped, should the government of the day decide to introduce such a scheme. This bill represents the government's response to chapter 5 of that report. Following my introduction of the bill on 30 October, the Attorney-General referred it to the committee, now under the chairmanship of the member for Wannon, Mr Dan Tehan.

The committee recommended the passage of the bill in its advisory report. The committee's support was subject to 38 recommendations. Twenty-six of these recommendations relate to amendments to the bill or the explanatory memorandum. A further 11 recommendations relate to additional administrative measures, including additional resourcing for the committee, the Commonwealth Ombudsman and reviews. The committee also recommended the proposed two-year retention period be retained. We accepted the recommendations of the committee and will move amendments, where required, to implement them. The government will be tabling a replacement explanatory memorandum elaborating on the justification for various measures in the bill in line with the committee's recommendations. I note that many honourable members have expressed their support for the implementation of the committee's recommendations, and we look forward to working constructively with members of this committee on the relevant amendments to the bill when we reach the committee stage.

Now, in addition, the government has announced that it will move amendments to require a warrant to access data for the purpose of identifying a journalist's confidential source. It will also establish a public interest advocate, who will have a role in making submissions in respect of those warrants. This is a very important protection. I see that the honourable member for Isaacs, the shadow Attorney-General, is now in the chamber. I want to note the cooperation that he and his colleague the member for Blaxland, the shadow communications minister, has given me in the course of this week in settling the terms of these amendments and reaching agreement on them.

I will deal with some aspects of the debate. The member for Melbourne, who has an amendment, has suggested that this bill is being rushed. My response to the honourable member is simply that the committee has conducted not one but two inquiries on this. Data retention has been the subject of a public inquiry by the Senate Legal and Constitutional Affairs References Committee since December 2013. This is not a new issue by any means.

As far as the opposition's contribution is concerned I want to thank those opposite for their expression of support for both the bill and the government's proposed amendments, which will be moved shortly. There have been many important issues raised in the debate but in the time available—and given the central focus of discussion in recent days on this—I want to focus on the question of the treatment of journalists.

This raises very important and legitimate questions around the power of law enforcement agencies to investigate journalists' sources. All of us understand that the work that journalists do is just as important in our democracy as the work that we do as legislators—or, indeed, the work that the Public Service does in undertaking and executing the policies of government.

I think it was Jefferson who said that if he was given a choice of a government without newspapers or newspapers without government he would choose the latter. Fortunately, we do not have to make that choice, but our democracy depends absolutely, fundamentally on a free press and journalists being able to do their work. But journalists are subject to the law, like everybody else.

There was a concern that the bill, by introducing an ability, so it was argued, for law enforcement and security agencies to obtain journalists' metadata to investigate sources suspected of illegally disclosing information—for example, checking which telephone numbers had called a journalist's number or vice versa—this ability might have a chilling effect on sources cooperating with journalists, who would be fearful of investigation or prosecution. Those concerns are misguided, in our submission. The bill does not grant law enforcement or security agencies any new powers in the way they access metadata of journalists or anyone else. In fact, agencies have been able to access this type of data for more than 20 years.

What it does, as I said earlier, is simply ensure that the types of data that are currently being retained will be retained for a consistent period. In a number of cases, particularly with telephony metadata, some of the larger carriers now retain metadata for very long periods—for seven years in one case. There is nothing in the bill, therefore, that should concern journalists about their right to do their jobs—their duty to do their jobs—and to deal confidentially with their sources. Obviously, journalists should take care to protect their sources. Like the Prime Minister, I am a former journalist. Both of us have had a rake's progress. We started off as honest journalists, and here we are as politicians—'What's next?' you may think; 'It can only get worse!'—so we understand the importance of this work.

The bill provides several new and strengthened safeguard and oversight measures—all of which are directly relevant to journalists and their sources. It reduces the number of agencies which automatically qualify for access to metadata from about 80 down to 20. It introduces, for the first time, comprehensive oversight by the Commonwealth Ombudsman for any Commonwealth, state or territory law enforcement agency accessing metadata.

The bill sets up a new oversight mechanism, where any request by an agency to access data to identify a journalist's source must be provided to the Inspector-General of Intelligences and Security in the case of ASIO, and the Ombudsman in the case of the AFP. Further, the Attorney-General will also notify a parliamentary committee of each authorisation to identify a journalist's source. In addition, and very significantly, we are proposing additional amendments to require agencies to obtain independent pre-approval in the form of an new journalist information warrant to access a professional journalist's metadata, or that of their employer, for the purpose of identifying a confidential source.

These warrants will be issued by judges and members of the AAT—the Administrative Appeals Tribunal—in the case of law enforcement agencies, or by the Attorney-General in the case of ASIO. The warrant would relate to a single journalist named on the face of the warrant. It would require the issuing authority to consider, among other things, the public interest in protecting the confidentiality of the particular source in question. To assist in this last point the amendments will also see the establishment of a public interest advocate—or persons who will be public interest advocates—who will be able to make submissions in response to the application for a warrant on the matters of public interest that the warrant-issuing authority should consider. These are the amendments that have been negotiated with the opposition—and, again, I thank them for their cooperation in that. I also thank the media companies and journalist organisations for their contributions to this debate. This has been a very good legislative process, with the combination of public discussion, engagement between government and opposition and, above all, the work of the committee.

I want to thank the committee for its work—under the chair, the member for Wannon, and the deputy chair, the member for Holt—and for its thorough, constructive and bipartisan review of the measures in the bill. The work of the committee and the constructive, thoughtful contributions of honourable members to this debate is a reflection on the very high quality of parliamentary scrutiny that is applied to Australia's national security legislation. We should always be approaching these matters of national security in a thoroughly bipartisan way and, where there are differences of opinion and differences of approach, we should be able to resolve them in the very constructive way we have here. Naturally I want to thank my colleague the Attorney-General and his team both in his office and in his department for all of their hard work on this bill.

Don Randall (Canning, Liberal Party) Share this | Link to this | Hansard source

The original question was that the bill be now read a second time. To this the honourable member for Melbourne has moved as an amendment that all words after 'That' be omitted with a view to substituting other words. The immediate question is that the amendment be agreed to.

A division having been called and the bells having been rung—

As there are fewer than five members on the side for the ayes in this division, I declare the question negatived in accordance with standing order 127. The names of those members who are in the minority will be recorded in the Votes and Proceedings.

Question negatived, Mr Bandt, Mr Katter and Mr Wilkie voting aye.

The question now is that the bill be read a second time.

A division having been called and the bells having been rung—

As there are fewer than five members on the side for the noes in this division, I declare the question resolved in the affirmative in accordance with standing order 127. The names of those members who are in the minority will be recorded in the Votes and Proceedings.

Question agreed to, Mr Bandt, Mr Katter, Ms McGowan and Mr Wilkie voting no.

Bill read a second time.