Mitch Fifield (Victoria, Liberal Party, Assistant Minister for Social Services) Share this | Link to this | Hansard source

I table the revised explanatory memorandum relating to the bill and I move:

That this bill be now read a second time.

I seek leave to have the second reading speech incorporated in Hansard.

Leave granted.

The speech read as follows—

TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) AMENDMENT (DATA RETENTION) BILL

The Bill contains a package of reforms to prevent the further degradation of the investigative capabilities of Australia's law enforcement and national security agencies. The Bill will require companies providing telecommunications services in Australia, carriers and internet service providers to keep a limited, prescribed set of telecommunications data for two years. The Bill amends the Telecommunications Interception and Access Act 1979 (Interception Act), and the Telecommunications Act1997 (Telecommunications Act).

Modern communication technologies have revolutionised the abilities of people to communicate, collaborate and express themselves. Sadly, however, these same technologies are routinely misused and exploited by criminals, including those who threaten our national security.

Historically, telephone companies have kept call records showing the numbers of both the A and B parties, time of call, duration of call and often the location of the parties. These records have been kept for long periods and were used for billing purposes. Under existing and long-standing legislation, a range of law enforcement and other agencies have had the ability to access this information without a warrant.

The type of data referred to in the Bill as telecommunications data, more often described as metadata, is information about a communication but not its content. So, in the telephone world, it reveals that one number belonging to a particular account was connected to another number at a time and for a duration, but does not reveal what they discussed. In the IP world it reveals that a particular IP address, which may have been observed to have been engaged in some unlawful activity, had been at the relevant time allocated to a particular account. In the context of messaging—email, for example—it reveals the sender, recipient, time and date, but again not the content. Access to the content of communications requires a warrant.

Access to metadata plays a central role in almost every counterterrorism, counterespionage, cybersecurity and organised crime investigation. It is also used in almost all serious criminal investigations, including investigations into murder, serious sexual assaults, drug trafficking and kidnapping. The use of this kind of metadata, therefore, is not new.

However, as the business models of service providers are changing with technology they are keeping fewer records. And they are keeping those records for shorter periods of time because they do not need them any longer, in many cases, for billing. Many of the records that are still kept are kept because of legacy systems put in place years ago. In June 2013, the Parliamentary Joint Committee on Intelligence and Security concluded that this diminution in the retention of metadata is harming law enforcement and national security capabilities, and that these changes are accelerating.

Existing powers and laws are not adequate to respond to this challenge. Preservation notices under the Interception Act can require carriers to 'quick freeze' records that they hold, but these notices cannot create records that have never been kept, and cannot bring back records that carriers have deleted days, weeks or months before a crime is brought to an agency's attention.

Simply put, because of businesses' changing practices investigations are failing.

For example, in a current major child exploitation investigation, the AFP has been unable to identify 156 out of 463 potential suspects, because certain internet service providers do not retain the necessary IP address allocation records to enable the resolution of the IP address to the particular account number the person in question was using. These records are critical to link criminal activity online back to a real world suspect.

These impacts are not limited to law enforcement agencies in Australia. During a recent Europol child exploitation investigation, child exploitation investigations relied heavily on access to telecommunications data as perpetrators primarily shared information online, meaning that physical evidence was rarely available. Three hundred and seventy-one suspects were believed to be in the United Kingdom. Using retained telecommunications data, UK authorities were able to positively identify 240 suspects, leading to 121 arrests and convictions. In contrast, of the 377 suspects believed to be in Germany, which does not have a data retention regime in force, German authorities were only able to identify seven and were unable to obtain sufficient evidence to arrest or convict a single person.

I can also give a clear example of how a simple business decision can undermine the national interest. In 2013, a major Australian ISP reduced the period for which it keeps IP address allocation records from many years to three months. In the 12 months prior to that decision, the Australian Security Intelligence Organisation (ASIO) obtained these records in relation to at least 10 national security investigations, including counter-terrorism and cybersecurity investigations. If those investigations took place today, vital intelligence and evidence would simply not exist.

No responsible government can sit by while those who protect our community lose access to the tools they need to do the job. In the current threat environment in particular, we cannot let this problem get worse.

Data retention

As such, this Bill will allow regulations to prescribe a consistent, minimum set of records that service providers who provide services in Australia must keep for two years.

A two-year retention period is based on the advice of our law enforcement and security agencies, as well as the experience of a number of foreign jurisdictions. While many cases are solved within a few months, investigations into serious and complex crimes and threats to security often span many years, requiring access to older records.

The Government recognises that data retention raises genuine concerns about privacy. We are committed to addressing those concerns.

The dataset that has been endorsed by the PJCIS, and inserted into the bill as recommended by that Committee, is strictly limited. For example:

1. service providers will not be required to retain the content or substance of any communication, including subject lines of emails or posts on social media sites

2. the Act will expressly exclude a person's web-browsing history, and

3. providers will not be required to keep detailed location records that could allow a person's movements to be tracked, akin to a surveillance device.

There has also been a great deal of conjecture about how much data retention may cost. I can advise the Senate that the cost, both up front and ongoing, of data retention in its first ten years will average out to $73 million per year. This is a remarkably small impost on an industry that generates over $42 billion in revenue each year. It is in fact well under 0.1% of the industry's revenue.

That low cost must be measured against the immeasurable benefit to the victims of crime who will be much better protected by our agencies than without data retention.

As has been previously stated, the government is committed to ongoing, good faith consultation with industry and will make a substantial contribution to the cost of implementing the scheme. In terms of the ongoing costs, it is important to recognise that providers will be able to recover from law enforcement and security agencies the financial cost incurred in providing requested data. Those ongoing costs will be recoverable on a no-profit/no-loss basis. These cost recovery arrangements already apply to agency requests for telecommunications data collected by industry for its own purposes. This practice will not change.

I can say that, to date, our consultation with industry has been very productive. For example, based on industry advice, the Bill allows individual service providers to develop an implementation plan that provides a pathway to compliance over up to 18 months. These plans will allow industry and government to prioritise the retention of data that is most critical to investigations, while allowing service providers to significantly reduce their implementation costs by aligning any systems changes with their internal business cycles.

The PJCIS Report into the Bill

I draw to the Senate's attention the concluding remarks of the Parliamentary Joint Committee on Intelligence and Security in its inquiry into this Bill:

Through the process of this inquiry, the Committee has considered the current utility of telecommunications data to law enforcement and national security investigations. The Committee has noted the inconsistency and degradation of current retained telecommunications data, possible future reductions in retained data and the serious impact this may have on national security and public safety.

Accordingly, the Committee considered carefully the rationale for a mandatory data retention scheme, and has concluded that such a regime is justified as a necessary, effective and proportionate response. The Committee therefore supports the intention of the Bill.

The Committee's support is subject to thirty-eight recommendations. Twenty-six of these recommendations relate to amendments to the Bill or Explanatory Memorandum.

A further eleven recommendations relate to additional administrative measures (including additional resourcing for the Committee and Commonwealth Ombudsman), reviews, and further reform (including telecommunications sector security reform and data breach notification).

The PJCIS also recommended that the proposed two-year retention period be maintained.

The Government supports all of the recommendations to amend the Bill and so moved amendments to implement them. The other place has passed the Bill with those amendments.

Access arrangements

This Bill does not provide agencies with new powers to access communications data; the Bill simply ensures that data will continue to be available to agencies as a part of legitimate investigations, subject to strict limits that currently apply and additional safeguards.

In fact, the Bill will significantly reduce the range of enforcement agencies permitted to access telecommunications metadata without a warrant.

The Bill will allow what we might call 'traditional' law enforcement agencies, such as the police, Customs, crime commissions and anticorruption bodies, to access this information.

The Bill will also grant the Attorney-General the power to temporarily declare, via legislative instrument subject to parliamentary oversight, additional agencies. Before making such a declaration, the Attorney-General of the day will be required to consider a range of strict criteria, including whether the agency is subject to a binding privacy scheme. Any permanent additions to the list of agencies with these powers will require an Act of Parliament.

Safeguards

The Bill will introduce a range of new and enhanced safeguards. In particular, it:

The Government has also committed to reforms to strengthen the security and integrity of Australia's telecommunication infrastructure by establishing a security framework for the telecommunications sector. This will provide better protection for information held by industry in accordance with the data retention scheme.

Concluding remarks

This Bill is critical to prevent the capabilities of Australia's law enforcement and national security agencies being further degraded. It does not expand the range of telecommunications metadata which is currently being accessed by law enforcement agencies. It simply ensures that metadata is retained for a period of two years.

More broadly, this Bill demonstrates the Government's commitment to ensuring that access to sensitive and personal information by these agencies is strictly controlled through robust accountability processes.

Jacinta Collins (Victoria, Australian Labor Party, Shadow Cabinet Secretary) Share this | Link to this | Hansard source

The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 is a complex and controversial piece of legislation. Regrettably, the Abbott government has done an exceptionally poor job of explaining why these laws are necessary and how they will work. The government announced its intention to introduce this legislation in the middle of last year. The political agenda at that time was dominated by the Australian people's violent reaction to the Abbott government's unfair budget, and the Prime Minister and his colleagues were in a state of panic. It was in this chaotic and dysfunctional environment that the government foisted the data retention bill on the Australian people.

There is one particular element of this botched sales job that it would be remiss of me to fail to mention. I am talking about Senator Brandis's shambolic attempt to explain the terms 'metadata' and 'internet browsing' in his humiliating interview with David Speers on Sky TV in August of last year. I congratulate David Speers on winning a Walkley award for that interview. While the interview may have been an outstanding achievement in terms of journalism, it was not the high-water mark of public policy. Senator Brandis's performance was emblematic of the government's failure to persuade the Australian people of the importance of data retention.

Senator Ludlam interjecting—

I do not mention the government's failings or Senator Brandis's embarrassing blunders gratuitously, as much as Senator Ludlam might like. I do so to illustrate how the Abbott government has failed to take the Australian people with it and win their support for the data retention bill.

This parliament has no greater duty than keeping Australia safe from the threats of crime and terrorism. Maintaining public confidence in our national security and law enforcement agencies is an essential element of this duty. It is incumbent upon the government to reassure the Australian people that national security and law enforcement concerns are being appropriately balanced with the importance of upholding fundamental democratic freedoms. The government must satisfy the people that additional power is not conferred on our security and law enforcement agencies unless it is necessary to do so and only where matched with robust oversight and accountability mechanisms.

The Australian people must be satisfied that in seeking to defend ourselves from crime and terrorism we do not trample upon the very rights and freedoms that characterise Australia as a free and open democracy. The Abbott government has failed this test. This failure has left the Australian people vulnerable to a scare campaign about data retention. Senator Ludlam, interjecting earlier, and the Greens Party have exploited this vulnerability ruthlessly. They have deliberately and irresponsibly misrepresented the facts for their own cynical political purposes. The Labor Party has found itself stuck between a rock and a hard place on this legislation: stuck between the failure of the government to take the people with it on the one hand and a hysterical campaign of misinformation by Senator Ludlam and the Greens Party on the other. Remember the YouTube interview, everyone? This is an invidious position. Nobody in the Labor Party is happy about once again being forced to rescue this government from its own incompetence.

Honourable senators: Oh!

And listen to the shrieks down at the end of the chamber. But, as the alternative government, unlike you, it is incumbent upon us, the Labor Party, to take a responsible, bipartisan approach to national security and law enforcement. We in the Labor Party believe that our law enforcement and national security agencies should have the power they need to protect Australians from the threats of crime and terrorism. However, we also believe in the importance of protecting the fundamental freedoms that define Australia as a democratic nation. It is critical that we get the balance right between keeping people safe and protecting the liberties we hold so dear.

The incompetence of the government and the hysteria of the Greens party have made it very difficult to have an open and honest conversation about data retention with the Australian people. Let me take this opportunity, though, to put some facts on the table. I have been astounded by the number of people who have responded to me in the last few days as we have been able to clearly elucidate these facts, so let me do so again. First fact: private companies have been retaining very large volumes of metadata in largely unregulated ways for many years. This data has been accessed by many dozens of federal and state and territory government agencies hundreds of thousands of times each year—with, in my view, insufficient safeguards to protect personal privacy. This is the status quo. This would be the consequence of no change.

Second fact: this legislation simply governs access to metadata, not content data. This is an important distinction to make. Metadata is data about a communication, not the content of that communication. Access to data under this scheme will allow an agency to determine the time a telephone call was made, the number dialled and the duration of the call, but it will not allow the agency to listen to the telephone call. It will allow access to the date and time an SMS message was sent and the number it was sent to, but it will not allow the agency to read the content of that message. It will allow access to the date and time an email was sent, but reading the content of that email will not be permitted. Importantly, access to a person's internet-browsing will not be permitted, despite the confusion caused—or perhaps it was a backflip subsequently—by Senator Brandis's remarks during his now infamous interview on Sky. Agencies wishing to access content data will still need a warrant, which must generally be sought from a judge subject to the usual oversight and accountability mechanisms.

Labor approached parliamentary consideration of the data retention bill as an opportunity to regulate and improve the use of metadata for law enforcement and counterterrorism purposes, while at the same time introducing safeguards that will greatly improve the transparency and accountability of storage and access to that data. Another fact: access to metadata is a legitimate tool used by security and law enforcement agencies and it plays a vital role in preventing, investigating and prosecuting crime, including terrorism. It is not some grand conspiracy—and those who say it has no role simply have it wrong. The joint parliamentary committee received evidence of 21 cases in which access to metadata was critical to the investigation, prevention and prosecution of serious wrongdoing.

Technological change and changing business practices of telecommunication providers means that less data will be retained by some companies in the future. This is the problem for law enforcement agencies. There is a significant risk that this will hamper the important work of security and law enforcement agencies and lessen their ability to keep Australians safe. It would be irresponsible for the Labor Party as the alternative government to pretend that these risks do not exist.

The bill was introduced into parliament by Malcolm Turnbull before Christmas last year and it was nowhere near good enough. The safeguards were inadequate and the detail was vague. This is why Labor insisted that it be sent to the joint parliamentary committee for proper scrutiny and to allow the public to have their say. The Labor members of the joint parliamentary committee listened very carefully and forced the Abbott government to accept 74 amendments to improve this bill, to better balance the importance of upholding fundamental democratic freedoms with national security and law enforcement concerns. And remember: the status quo is not good enough in terms of upholding fundamental democratic freedoms. As I previously mentioned, we have been particularly focused on oversight and accountability mechanisms. We believe these improved safeguards are essential to protecting the privacy of Australians and to giving the community confidence that personal data collected under the scheme will not be compromised or misused in the future.

Labor strongly believe that freedom of the press is one of the most fundamental elements of our democracy, and we will always fight to protect it. Labor forced the Abbott government to implement a regime whereby it will be illegal for agencies to access metadata for the purpose of identifying a journalist's source unless they first obtain a warrant, generally from a court. There will be a statutory presumption against issuing the warrant and agencies will be required to prove that the public interest in obtaining the metadata outweighs the public interest in protecting the confidentiality of a journalist's source, which is central to the freedom of the press. A public interest advocate will be appointed to stand in the shoes of the journalist and argue against the issuing of the warrant.

These changes will mean much stronger protections for journalists and their sources, certainly much stronger than what Malcolm Turnbull originally proposed. It has been very frustrating that it has taken so long for the Liberal Party to agree to support better protections for journalists. It is even more frustrating that the government still refuses to acknowledge that the stronger protection secured by Labor needed to occur. It took Bill Shorten writing to the Prime Minister insisting on defending the freedom of the press to force the government to back down in this area. I am told that the Prime Minister still does not see what the fuss is about. Nobody was worried about metadata when he was a journalist back in the early eighties, we heard. Somebody might like to tell the Prime Minister about the advent of the internet and mobile phones.

Barry O'Sullivan (Queensland, National Party) Share this | Link to this | Hansard source

Metadata was kept by telcos for decades.

Stephen Parry (President) Share this | Link to this | Hansard source

Order on my right.

Jacinta Collins (Victoria, Australian Labor Party, Shadow Cabinet Secretary) Share this | Link to this | Hansard source

I will come to that point. We do need to better regulate this area. The old envelope versus content distinction does not encapsulate the intrusion involved in accessing metadata today. We can trace people's locations with these things now, Senator O'Sullivan, and you should understand that better.

The data retention bill will limit access to metadata to a much smaller number of core law enforcement and national security agencies. Corporate and competition regulators will retain access to metadata to help them crack down on serious white-collar crime and other wrongdoing. But it is also important to point out that security and law enforcement agencies will use metadata in a targeted fashion to investigate specific subjects. It will not be part of some mass surveillance dragnet that is being suggested by some.

Labor members of the joint parliamentary committee insisted that the authorisation requirements for access to metadata be tightened. Before approving access, the authorising officer must be satisfied on reasonable grounds that any interference with the privacy of persons that may result from the access is justifiable and proportionate. In making this decision, the authorised officer should be required to have regard to: the gravity of the conduct being investigated, including whether the investigation relates to a serious criminal offence, the enforcement of a serious pecuniary penalty, the protection of the public revenue at a sufficiently serious level or the location of missing persons; the reason why the disclosure is proposed to be authorised; and the likely relevance and usefulness of the information or the documents to the investigation.

The data retention bill will also significantly strengthen the Ombudsman's powers to supervise access to information under the TIA Act. The Ombudsman will be empowered to comprehensively assess agency compliance with all of its obligations under the TIA Act, including the use of and access to metadata. Oversight of this category of data would also extend to auditing the use of and access to data retained as a result of the data retention obligation. This is a significant win for oversight and accountability. There is currently no independent oversight of the use of and access to metadata. Neither the TIA Act nor the predecessor arrangements in the Telecommunications Act included an independent oversight arrangement in relation to metadata. Labor has insisted that the Ombudsman be given additional resources to fulfil this important role.

Labor has been consistent in our belief that we must strike the right balance between keeping people safe and protecting the rights and liberties we value as Australians. Parliament has no greater responsibility, and it is essential that we take a mature and bipartisan approach to these issues. I am confident that the hard fought improvements won by the Labor Party achieve the right balance. As I have already said, Labor has pushed for comprehensive amendments to this bill. But there also remains some unfinished business.

Labor remains concerned about whether companies should be obliged to store retained data in Australia. Former Director-General of ASIO, David Irvine, said at a recent Defence and National Security round table that he would be concerned about the security of retained data if it was stored overseas because it would be:

… governed by someone else's sovereign legislative system.

This matter is currently being examined as part of the Telecommunications Sector Security Reform—TSSR—a process commenced by Labor while in government and which the Abbott government has stated will be completed well before the end of the data retention scheme implementation period. When completed, any TSSR legislation will come before the Parliamentary Joint Committee on Intelligence and Security. Consistent with the comments of the former head of ASIO, during the review of any TSSR legislation Labor will insist on a requirement that retained telecommunications data be stored onshore, an extra protection needed for people even today under the status quo.

There also remains unfinished business relating to the oversight of the entire architecture of Australia's national security agencies. My former colleague Senator John Faulkner, who retired from the parliament in February this year, was a fierce advocate of this cause. No one should doubt that Senator Faulkner believed that Australia is served by professional and well-run intelligence and security agencies. But Senator Faulkner also argued that effective safeguards against the abuse of security powers cannot depend and should not depend on the personal integrity and quality of the leaders of our agencies. If we are to have full confidence in our security agencies, we must have a suitable level of transparency built around them. It was Senator Faulkner's view that it is the parliament to which those agencies are accountable, and it is the parliament's responsibility to oversee their priorities and effectiveness, and to ensure agencies meet the requirements and the standards parliament sets. I agree.

Senator Faulkner developed a set of reforms designed to ensure that the effectiveness of parliamentary oversight of intelligence and security agencies keeps pace with any enhanced powers given to the agencies. One key reform was for the intelligence committee to have oversight of some operational matters of the security agencies. Progress towards that reform is evident in some ways in this bill, which Labor pressed be amended so that the committee could oversight the data retention scheme. But there is more to be done.

So Labor will bring forward legislation this year to give effect to the reforms proposed by a Senator Faulkner to build better oversight of the whole national security framework. It is in this context that the bill was first presented. The bill now, as heavily amended, sits— (Time expired)

Scott Ludlam (WA, Australian Greens) Share this | Link to this | Hansard source

I am here today on behalf of the Australian Greens to oppose this bill in the strongest possible terms. In the course of the debate over the next few days, we will spend a lot of time considering elements of the bill in detail: its impact on journalists, the unknown costs, the inevitable mass breaches of privacy that will follow and the technicalities of how the bill will actually work. But, before we disappear into the weeds and the technical detail, I want to state plainly why I believe that this bill is unamendable and why it should be rejected.

This legislation, the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, betrays a mindset that inverts the power relationship between the state and the individual. It provides for the mass collection of private information of 23 million people who are neither suspected nor accused of having committed a crime. It entrenches the ability of dozens of government agencies to access these private records hundreds of thousands of times a year without a warrant and it normalises the fiction that this information is nothing more than billing records or the envelope that surrounds substantive communications.

Over a period of many decades, democracy has evolved, developing ways to protect citizens from the power of the state. These are some of the foundation principles of liberalism, from which the hollowed-out entity that proposed this bill takes its name. One of these points of balance is the judicial warrant: if the state wants to violate your privacy, there needs to be a good reason. These reasons include corruption; serious organised or violent crime; crimes against children; or genuine national security threats, including terrorism. In Australia, around 4,700 such warrants are issued every year, and, in a country of 23 million people, that does not seem like an undue amount. The police surveillance scandal in New South Wales has exposed the fact that even these judicial checks and balances sometimes fail, but it is a system which has worked tolerably well for the most part.

The act that we are amending today was written in 1979, under the prime ministership of the recently passed Malcolm Fraser. Mobile phones only existed in Star Trek. The internet was unthinkable for all but a handful of researchers and futurists. Fast-forward to 2015: there are more mobile phones than people in this country and the internet is busily infusing nearly every corner of our lives. Every one of these devices, seen and unseen, generates a cloud of information in the course of its ordinary operation. One single tweet 140 characters long is the tip of a small iceberg of code that runs to about a page and a half. Your phone handset is essentially a tracking device that allows you to make phone calls. Our relationships and our social lives are increasingly mediated by digital tools. Collectively, these devices and apps silently generate billions of records of place, time, contact, data type and volume, all of it aggregated under this loose concept of 'metadata'. Anyone who tells you that these are simple billing records or the innocent envelopes surrounding substantive communications is either technically illiterate or lying to your face.

In 2012-2013, agencies made around 340,000 demands for this information from Telstra, Optus and the rest of the telecommunications industry, without the trouble of having to apply for a single warrant. Now, I do not have more recent numbers than that because the Attorney-General's Department is refusing to publish the report for the last financial year. Telecommunications regulator the ACMA reports 748,000 warrantless authorisations were received by carriers in 2013-14. Why do agencies do this? Here is NSA contractor Edward Snowden:

… metadata is extraordinarily intrusive. As an analyst, I'd prefer to be looking at metadata rather than content because it's quicker and it's easier and it doesn't lie.

Former General Counsel of the NSA, Stewart Baker, said:

If you have enough metadata, you don't really need content.

And, just in case we were not completely clear, consider former CIA Director Michael Hayden's memorable boast of last May:

We kill people based on metadata …

This is a bill to entrench a system of passive mass surveillance. It is corrosive of the very freedoms that governments are elected to protect and it has no place in a democracy. Yet it is a democratically elected parliament that is probably about to enact it, and nothing I say in here this afternoon is likely to change the minds or the votes of the senators from the Liberal, National or Labor parties, who will file in here later this week and vote the way they have been told to vote. Many of them strongly disagree with the bill, and a small handful have spoken out; and a few—we will pay attention to who—will no doubt be absent when the vote is finally taken.

The Liberal Party: if you go to their website, under 'About' and then 'Our Beliefs'—I wonder when was the last time you checked this out, Senator Fifield—here is what it says:

We Believe:

In the inalienable rights and freedoms of all peoples; and we work towards a lean government that minimises interference in our daily lives; and maximises individual and private sector initiative

That is why you have imposed a $400 million surveillance tax on the whole country! Well done!

The Labor Party: how apt that this week we are debating the return of the Australian Building and Construction Commission. Presumably you are aware that this entity, which treated the blues as though they were something worse than terrorists, was doing warrantless metadata surveillance of trade union organisers in its previous incarnation—somewhere between a dozen and 30 warrantless requests per year until we closed it down. I am sure that those union members had nothing to hide and they therefore had nothing to fear from the ABCC.

And so it falls to the Greens and the crossbench to stand up and provide the opposition that this reckless and vicious government so desperately deserves. In this, we represent views that are entirely mainstream. Guess who described metadata retention as a 'sweeping and intrusive new power' when the Labor Party was toying with the idea in 2012?

Richard Di Natale (Victoria, Australian Greens) Share this | Link to this | Hansard source

Was it Malcolm?

Scott Ludlam (WA, Australian Greens) Share this | Link to this | Hansard source

Senator Di Natale has it in one. Who said the following?

Leaving aside the central issue of the right to privacy, there are formidable practical objections. The carriers, including Telstra, have argued that the cost of complying with the new data retention regime would be very considerable with the consequence of higher charges for their customers.

Yes, that was the Liberal member for Wentworth, Mr Turnbull, basically demolishing the case for this proposal—probably more eloquently than I am today. Who said: 'I think that this proposal is akin to tactics that we would have seen utilised by the Gestapo'? Well, that was the Liberal member for Moncrieff, Mr Steve Ciobo. When Labor does it, it reminds him of the Nazi secret state police; when Prime Minister Abbott and Senator George Brandis pick it up, it is just to keep us all safe and there is nothing to see here. The President of the Law Council of Australia, Mr Duncan McConnell, was a little less strident but still believed the following:

They propose that the bill be withdrawn, amended and released as exposure draft legislation for public consultation.

He goes on to explain why: because of 'concerns about the proportionality of the data retention regime, security of the retained data and the impact on privacy and confidential communications.' That is the Law Council. The CEO of the Media, Entertainment & Arts Alliance, Paul Murphy, put it this way:

Any system with the capacity to go after confidential sources has a chilling effect on journalism because it targets whistleblowers who seek to expose wrongdoing, illegality, dishonesty, fraud, waste and corruption. If you are going after sources, then you are going after journalism.

This government appears to be enjoying something of a habit of going after journalists to find out who they are talking to when they print unpopular stories about things like the horrors of the prison camps that we maintain on Pacific islands. Nobody on that side of the chamber appears willing to make eye contact at the moment.

Do not say you were not warned: industry has been raising the flag, and so has the former Director-General of ASIO, Mr David Irvine. Telstra's chief information security officer, Mike Burgess, put it this way:

If [you were] that way inclined as a hacker, you would go for that system because it would give you the pot of gold, as opposed to working your way through our multitude of systems today to try and extract some data.

Of course, this $300 million or $400 million surveillance tax is going to build new data centres to store all this excess material that industry has not had to store before. But it is not just that, and I am not sure that it is well understood. It is about the systems that would allow the telcos on demand to very rapidly withdraw the material from their servers and provide it to these agencies on the basis of the rubber-stamped request, which means matching names and address types across all the various systems. It creates a huge new pool that will be entirely attractive for people with malicious intent. Do not say that you were not warned.

In the end it will be the Greens and the independent crossbenchers who provide the opposition—just as it was in the House of Representatives when this was committed to a vote last week—but anyone who can count understands that there will not be enough of us. We have seen this before—most vividly last year when the Australian government criminalised national security reporting. When Prime Minister Abbott wraps himself in the flag—no matter how much an object of desperate ridicule he has become—that is the signal for the Australian Labor Party to say something earnest about finding the balance and then to cave in. Those two words, 'national security', are all it takes for the Australian Labor Party to flop into defeated bipartisanship because they are terrified the Daily Telegraph will say mean things about them.

If the bill passes, we know this will be just the beginning. It has scope creep written into its DNA. The Attorney-General can add new categories of data and new agencies to the list of people who can look through your stuff any time he likes. They propose that parliament should to ratify the Attorney-General's decision within 40 sitting days. Depending on the time of year, 40 days could be anything up to six months; and parliament will be expected to rubber-stamp the decision that the Attorney-General makes. The Victorian police wanted five years. There is no secret among some of the agencies pushing for this proposal that two years was the minimum, even though that is the maximum that has been applied anywhere else in the world. They will be pushing for five years, next time something awful happens somewhere in the world; then they will be pushing for it not to be deleted at all, because it has proven to be so valuable. Then they will be pushing for web traffic and session logs. Scope creep only operates one way: once you legislate this kind of system, it is immensely difficult to claw it back.

The saddest thing about this policy debacle is that nobody can provide any evidence that it will reduce crime or make people safer. There are any number of anecdotes about the importance of metadata for investigations—I understand that it is used in slightly less than 100 per cent of investigations. I understand that it is valuable and I have no reason to believe that the anecdotes that are flipped out by people pursuing this policy are untrue. But where is the evidence that blanket surveillance of millions of innocent people helps reduce crime? In Europe, where a data retention regime was briefly implemented before being thrown out by the European Court of Justice as an abuse of human rights, the evidence is crystal clear in its absence—data retention had no impact whatsoever. President Obama's high-level panel on the NSA's surveillance abuses came to the same conclusion: targeted surveillance of criminal suspects and networks helps prevent and solve crime; mass surveillance of millions of innocent people does not. What an immense surprise that must be to all of us.

When I asked Senator Brandis last week in question time to provide evidence of how indiscriminate collection of the private phone and internet records of millions of innocent people helps make the country safer, instead of evidence, he referred me to an ASIO press conference—simply because ASIO says so, because they want it. Chair of the Parliamentary Joint Committee on Intelligence and Security, Mr Tehan, has done much the same thing on many occasions. Of course, clandestine agencies and police authorities want more power. It is the job of the Attorney-General to keep them in check. If the Attorney-General ends up being too compliant to uphold this responsibility, then it falls to parliament. The Abbott-Shorten mass surveillance unity ticket sets this parliament up to fail. Instead we fall back on the dismal logic of 'nothing to hide, nothing to fear'. That is the logic of the police state: if you have done nothing wrong, then the police have no need to go through your stuff. Can anyone in here recall a bill passing where the government and opposition did not know to within the nearest $100 million how much it would cost? Last week an extraordinary letter was signed by the CEOs of the nation's major telecommunications providers, and I seek leave to table that letter now. It was circulated earlier with the consent of the whips.

Leave granted.

This is a letter that has been signed by the nation's telecommunications providers—from Telstra, Optus, Vodafone Hutchison, the M2 group, iiNet, Macquarie Telecom and a whole page of others—demanding to know who is going to pick up the tab for the 300 to 400 million dollars surveillance tax that the Liberal Party and the Labor Party are introducing today. They say in part:

We note that the Government has variously indicated it will make a "reasonable" or "substantial" contribution to these costs—

that is, out of taxpayers' money—

which might exceed $300 million—

but they do not know; they are guessing; they are as much in the dark as the rest of us—

according to estimates provided by the consultants commissioned by the Government.

They have seen that document; this parliament has not, and neither has anybody in the public, because the government refuses to table it. The letter continues:

Our request to you is, we believe, relatively simple and reasonable.

It is that the Government provide to industry, the Parliament and the wider community a degree of certainty as to the size of the Government's planned contribution—

and how they plan on cutting up these funds. This is going to drive some of the smaller telecommunications carriers in this country to the wall. Telstra is not wild about this proposal, but it will be able to adapt and upgrade its systems—and it has said as much—which are very large and complex. But, of course, Telstra has pretty deep pockets and it is going to be able to accommodate a proposal such as this. What about the smaller providers, who are suddenly being forced to participate in the building of new data centres to help host this stuff or to farm it offshore to cloud providers who knows where?—maybe China. Best of luck hanging on to that material once it has left this country.

Having tabled that letter, I would also like to move my second reading amendment. The amendment adjourns the debate until after the matters raised in the letter by the CEOs have been resolved. I move:

At the end of the motion, add :

and, noting concerns about a lack of clarification from the Government about costs associated with this bill as strongly addressed in a letter to the Government signed by the chief executives of Telstra, Optus, Vodafone, iiNet and a number of other major telecommunications companies, further consideration of the bill should be made an order of the day for the day after the Government tables its response to the industry's concerns on cost.

On the understanding that the Abbott-Shorten surveillance unity ticket will override the better judgement of individual senators, who I know hold their own private misgivings about this bill, what happens next?

My words today are essentially for those outside the building, because, as it happens, there is plenty we can do: when the parliament fails in its fundamental job of constraining executive power, we can take our power back as citizens, as Australians, in many other ways. I want to thank everyone who called their Labour senators or who melted opposition leader Bill Shorten's phone over the last couple of weeks and everyone who hit up the Labor Party on social media. The injured tone of Senator Collins in introducing her remarks was readily apparent—I almost felt sorry for her. Forgive us for not expressing our gratitude to the Labor Party for caving in to Prime Minister Tony Abbott. It was very apparent from Senator Collins's tone that it has only just sunk in that the very medium that you are compromising with mandatory data retention is the same medium that you need to sell the rest of your agenda—and you wonder why people are not listening to you and why they are so angry.

It is entirely lawful—in fact, it is built into the bill—to circumvent mandatory data retention just by using overseas providers. If you do not want your email records kept under mandatory data retention, go with an overseas provider like Gmail or Yahoo! or Hotmail, if that is still around. Use Facebook Messenger. Use Twitter direct mail. I am not advocating that, of course, because that is extremely bad news for Australian telecommunications providers—that effectively the government is incentivising people to use offshore services. Well played; very, very smart; nicely supportive of Australian industry there! The government have had to do that, because of course there is no way of compelling overseas providers to hand over their records to an Australian data retention scheme. So, if you do not want your email records kept by this scheme, use Gmail or Hushmail or an overseas email provider. That is entirely legal. Any over-the-top service provider circumvents this bill: bravo, and well played!

Encryption is not illegal. The United States went through a very damaging variant of this debate in the 1990s during the so-called crypto wars, which fundamentally established that everything from the global financial system to global diplomacy, business and global civil society actually depends on strong encryption, depends on privacy. That was a lesson that was only learned at some cost. Encryption is not illegal. Private-key cryptography—including the very phone apps that Mr Turnbull is using to orchestrate his takeover of the Prime Minister's office—keeps no metadata. These systems keep no metadata; they leave no trace. They will be completely beyond the reach of this data retention scheme—as Mr Turnbull, who introduced this bill, so helpfully explained a couple of weeks ago. Free services like TOR, the onion router, which allow you to use the internet anonymously, completely defeat the purpose of a mandatory data retention scheme—and everybody knows this. Virtual private networks, available at a very reasonable subscription rate, make it impossible to tell where in the world who are when you are using the internet—also not illegal. Anonymity is not illegal, circumvention is not illegal and cryptography is not illegal.

So what I am proposing now is that we take our power back from a government that quite clearly has drunk the surveillance Kool-Aid, even though there is abundant evidence that it will do nothing at all to keep people safe or to reduce crime. If you are unhappy, perhaps most of all, with the dismal arithmetic of this place, then change the balance of numbers in your parliament in 2016, and replace major party politicians with people who have the capacity to think and vote independently on issues like this, rather than just sucking it up from the leader's office. If you have a few moments to spare, call opposition leader Bill Shorten. His number is (02)62774022. Maybe just make that call now—you will feel better; I can guarantee it.

We will not forget what the major parties have done this week and we will not forgive them when the inevitable privacy breaches occur down the track. This measure will be repealed at some stage in the future, either repealed or rendered obsolete as technology marches forward. If you are listening to this debate and you wish it were to end differently, change the way parliament operates and help break the two-party system once and for all.

Penny Wright (SA, Australian Greens) Share this | Link to this | Hansard source

I rise to speak against the passage of the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. As my colleague Senator Ludlam has so eloquently and persistently demonstrated, this bill poses an unprecedented invasion of the privacy of all Australians, and it comes at an unjustified and horrendously large financial cost. By shepherding in a new age of mass surveillance, this bill looks set to go down in history as the moment when Australia lost sight of some its most fundamental values and freedoms—and it greatly regrets me to have to say that.

As the Australian Greens spokesperson for legal affairs, and a lawyer myself, I want to use this opportunity to talk about the broader impact this bill will have on the legal rights and freedoms that, until now, Australians have largely taken for granted. To borrow the words of refugee advocate David Manne, this bill takes 'the law out of the law'. It sets up a framework that requires telcos to keep everyone's personal data and authorises law enforcement and intelligence bodies to collect, use and share this data without us knowing and without seeking approval from any court or independent authority.

The Attorney, with his opaque descriptions of metadata, has tried in vain to convince the community that this bill is about the collection of benign, depersonalised computer-speak. But make no mistake: this bill will require the storage of personal, private information about where you are and who you communicate with. As the Parliamentary Joint Committee on Human Rights describes the effects of this bill, metadata can reveal quite personal information about an individual even without the content of the data being made available by revealing who a person is in contact with, how often and where. This in turn could reveal, for example, the person's political opinions, sexual habits, religion or medical concerns. As my colleague Senator Ludlam has said, it is a map of your social life—who you are close to, who you are fond of and who you contact a lot. And it is a map of your physical movements—everywhere you take your phone.

The implications of this scheme for individual rights are truly disturbing, and not just in terms of the disproportionate impact on our recognised right to privacy—a right that is recognised in domestic law and international law. For example, the right to be presumed innocent is a basic principle of common law and an internationally recognised human right. But by requiring telcos to store everyone's data for possible access by law enforcement and intelligence agencies, regardless of whether or not a person is suspected of any criminal offence at all or is a risk to national security, the bill undermines this fundamental notion of the presumption of innocence. Instead of presuming innocence, this sets up a system where everyone is a potential suspect.

This is an issue which has also been of grave concern to other countries around the world. We need look only at the very substantial body of law in Europe, where courts have consistently said that treating everyone as a suspect is profoundly disproportionate to the needs of law enforcement and national security, to see that. This concern has also given rise to the recommendation of the Parliamentary Joint Committee on Human Rights of this parliament that access to data should only be available if it can be shown to be necessary for the investigation of a serious criminal offence. Unfortunately, this recommendation has not been adopted by the government.

As a result, under this bill, everyone's data will be retained for two years. This data will be able to be accessed by a range of law enforcement agencies where it is 'reasonably necessary' for a legitimate investigation—very broad terms, indeed. Although privacy concerns and the seriousness of the offence can be taken into account, there is no requirement that such access be limited. In fact, the bill allows the minister to add new agencies to the list of those who can access data, which makes it difficult to predict where the boundaries on access will be drawn in the future. There is a need to ensure the bill limits access, and this is reflected in amendments which will be moved by my Greens colleague Senator Ludlam.

This bill also extends the system of authorisation for data access in a way that offends traditional notions of the separation of powers. In Australia we have a concept enshrined in the Australian Constitution of three separate branches of government—the courts, the parliament and the executive. This is designed to provide important checks on the use of government power and the concentration of power in any one institution. This system guards against the unjustified intrusion into the rights of individuals—something that we have previously long held dear in Australia. This is called 'the separation of powers' and is fundamental to a legal system that respects the rule of law. Over recent times, there has been a very disturbing trend away from these rule-of-law principles. This has been evident in many other recent government reforms. This bill is an example of that trend.

The power given to the executive government—the Prime Minister and his or her ministers and their agencies—to interfere with the rights of individuals should be subject to oversight by the second arm of government, the courts. But this bill allows law enforcement and intelligence agencies to effectively authorise themselves to have secret access to our highly sensitive personal information. The frightening and risky result is a system at constant risk of overuse, misuse or arbitrary use by the executive branch of government and its agencies. There is absolutely no independent check that happens before data is accessed under this bill, and this should be of grave concern to all of us. It certainly was of concern to the Parliamentary Joint Committee on Human Rights. In its recent report, which included an examination of this bill, the committee made it clear that the human right of privacy is seriously at risk here and that this bill will limit that right significantly

People might be asking, 'Why is privacy so important?' Clearly, for some people, the right to privacy—to not have your movements, your contacts, your associations and your communications tracked by someone else, someone potentially in government and in a position of great power—is hugely important on its own. But it is important to understand, too, that privacy actually underpins other extremely important human rights, such as the right to freedom of religion, the right to freedom of association—the people you mix with, meet with and associate with of your own choosing—and the right to freedom of political expression. These fundamental human rights are so much more easily undermined or threatened if the state is able to breach our privacy and potentially know about these aspects of our lives. It does not take much imagination or paranoia, given world history, to understand that totalitarian states elsewhere have benefited or would benefit hugely from regimes like this.

The Australian Greens agree with many others who understand the implications of data surveillance that this bill should be amended so that access to retained data can be granted when there is a warrant approved by a court or independent administrative tribunal. In other words, it should be required that a judge or tribunal member has to give the okay before data is accessed by law enforcement or intelligence bodies. This requirement is also reflected in an Australian Greens amendment to the bill.

It is astonishing that both the old parties agree that this type of rule-of-law protection should be available to journalists under the bill but would deny the same protection to ordinary Australians or anyone else, even members in this place. That means that my data and the data of all my colleagues—and all of us, potentially—will be stored and accessed without a warrant, except in circumstances where doing so would impact on the work of a journalist. Even where a journalist is involved, the protections offered by this bill are hollow. For example, in a case where ASIO has access to data, the protection is limited to the granting of a warrant being made by the minister rather than by an independent court or tribunal. This gives rise to ongoing concerns about a lack of independent oversight of this access.

In addition, under this new part of the bill, the journalists themselves will not be informed of, or be able to challenge, the warrant application. Instead, the issuing authority will be left to make a decision on the basis of information provided by the very agency seeking access and by public-interest advocates who have been chosen by the Prime Minister. The result is a bill that not only fails to adequately protect whistleblowers and journalists' sources but also openly acknowledges that the conventional safeguards for this kind of intrusive invasion into individual rights are only available to a very limited category of people.

That is not the end of the incongruent amendments made to this bill by the government and the opposition, however. By seeking—largely unsuccessfully—to appease journalists, it has become even more clear just how these amendments fail to include other confidential communications that should be protected from the data retention and access scheme contemplated by this bill: those sorts of confidential communications that have been traditionally highly protected under our common law and legislative systems in Australia. Communications between doctor and patient, or lawyer and client, also fall within a category that has historically attracted the protection of the law—protections that have been wholesale abandoned under this bill.

As the Law Council of Australia has explained, under this law, data will be retained under this scheme even if it relates to communications that are protected from use. This is a grave concern because of the special relationship between lawyers and their clients, which is protected by legal professional privilege. It is a relationship which is rightly regarded as a critical protection of the rule of law and which must not be put in any way at risk.

We have had a last-minute deal struck between the old parties to amend this bill. Responding to news of the deal, the Law Council's president, Mr Duncan McConnel, noted:

There is no apparent public policy basis for recognising the need to safeguard confidential journalists' sources, while not also protecting confidential and privileged information between lawyers and their clients.

Indeed, the selective protection of a journalist's interests gives rise to a range of concerning questions, such as these questions posed by Mr McConnel:

… what would happen if a whistle-blower seeks legal advice prior to, or during communication with a journalist? Under the proposed amendments, the journalist's communication may be confidential, but what of the communications between a journalist or the journalist's source and the lawyer?

Data could allow inferences to be drawn from whether a lawyer has been contacted; the identity and location of the client, lawyer and witnesses; the number of communications and type of communications between a lawyer and a client, witnesses and the duration of these communications.

That was set out in the Law Council's media release of 20 March this year, clearly delineating their grave concerns about the effect on legal professional privilege of this bill.

Like the Law Council, the Australian Greens recognise the confidentiality of client-lawyer communication as a long held common law right and a right recognised under international human rights law. This was also recognised by the Parliamentary Joint Committee on Human Rights—a committee of this parliament. While views differed on how this right should be protected in the bill, it is my view that the protection of legal professional privilege can only be assured if the bill is amended to ensure that all content of communications that may be subject to legal professional privilege is excluded from the proposed data retention scheme.

When it comes to privileged communications, it is critically important that the community can have confidence that they will remain confidential.    It is not enough to cross our fingers and hope that this is not the type of thing that the Attorney means when he talks about data. As we know, the Attorney-General has been infamously confused about the meaning of metadata in the past. No amount of assurance that legal professional privilege will be protected in the bill is sufficient to alleviate these concerns. The law must clearly and explicitly protect these communications and, as currently drafted, this bill fails to do this. There is no excuse for that. These concerns are reflected in the amendments that will be moved by the Australian Greens.

As well as being the Australian Greens' spokesperson for legal affairs, I am also the spokesperson for mental health. This bill also gives rise to serious concerns in that portfolio area. More and more people around Australia are accessing health services, including mental-health services, online. The benefits of online support and information are very well known: it enables access for people in rural, regional and remote areas who do not have access to face-to-face services; it also allows access to those wanting confidential support and assistance; and it is often free. There is increasing evidence of the number of young people who access online mental-health services from the privacy of their own bedroom late at night when they do not feel able to reach out to other people at that time. With that increasing use of online services for mental health, there is a serious risk that this bill will undermine people's trust in these online services, with a flow-on risk to access to mental-health services and to mental health generally.

Under this bill, people cannot have confidence that where they go, what they say and who they talk to online will remain private. It may be that content of communications is intended to be excluded from retention under this bill. But, unless and until this term is comprehensively defined in the act, the community cannot have confidence about precisely what it is that authorities in Australia will be storing and collecting. Indeed, regardless of the definitions of 'content' and 'data', the fact that data can tell so much about a person's online activity means that this bill will have a chilling effect on whether and how people access confidential services online.

Of course, these concerns are not just confined to mental health services; they relate to any online activity that a person engages in that needs to be kept private. This could include any activity that people listening to or reading this debate can imagine being involved in. It could involve accessing information or joining in discussions about sex, sexual identity, gender diversity or getting advice about how to escape domestic violence. It is too early to see what impact this Bill will have on Australians' online activity and on their interaction with online services, but in my view any measure that risks turning those most in need away from potentially lifesaving services should not be pursued.

These are just a few of the very serious problems the Australian Greens have identified with this bill. Like my colleague, Senator Ludlam, I lament the deal done between the old parties that has truncated parliamentary debate on this bill. It has also ignored the concerns based on evidence which have been expressed by a broad cross-section of the community.

When future generations look back to see how and why mass surveillance became legal in Australia, I believe the Australian Greens will stand out as the only party that was prepared to fight for the privacy and legal rights of ordinary Australians. I urge the Senate not to pass this bill and, if this course of action is rejected, to at least adopt the amendments to make the bill safer proposed by the Australian Greens.

Stephen Conroy (Victoria, Australian Labor Party, Deputy Leader of the Opposition in the Senate) Share this | Link to this | Hansard source

I rise today to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. I would like to address some of the more general arguments and accusations that have been made by some members of this chamber.

I would like to talk first about what the philosopher John Locke called the social contract. It is a philosophy that underpins many democratic governments, particularly those in Europe and here in Australia. Locke's view is that the preservation of the security and the safety of the citizenry is not only a primary obligation of government; it is the source of its legitimacy. Under the social contract citizens notionally agree to forsake certain freedoms in exchange for the government assuring their security and safety on the basis of mutually acceptable moral principles. This is described as the consent of the governed.

In the Second Treatise of Civil Government, John Locke wrote:

The great end of men's entering into society, being the enjoyment of their properties in peace and safety, and the great instrument and means of that being the laws established in that society …

The government is there to support society in peace and safety. Even more so: as John Locke says, a government's legitimacy rests on its ability to secure the conditions for society to flourish freely and safely. This is what we are debating here today.

Our great country can only be so if we are safe. Our great country can only be so if we ensure as best we can a peaceful place for our citizens to flourish. There is a balance between freedoms of the individual and the freedom to live in safety. This is a balance that all government's and responsible oppositions must weigh up when it comes to questions of national security. It is easy for some in this place who sit outside government and the responsibilities it holds to pursue the populist route. It is also easy to quote Benjamin Franklin and claim that if somehow there is a balance between freedom of the individual and the safety of society then the terrorists win. To do so does this place a disservice.

Australia is not the United States. Unlike in the United States, the right to bear arms, thankfully, is not written into our Constitution. In Australia there is agreement that the primary role of government is to keep a society safe, whether it is the environment, whether it is labelling laws to ensure that we are not poisoned by foods, all of which get debated in this chamber on a regular basis. National security issues, the safety of people to go about their business in the streets or buy a coffee in a cafe in Sydney—all of these issues deserve to be and should be debated in this chamber. But to assert that the prime obligation is the freedom of the individual at the expense of all else is to walk away from the Lockean social contract, to walk away from the consent of the governed. There is always a balance between freedom and safety. It is a balance that all democratic and responsible governments have to grapple with.

So this bill comes to the Senate having been—and I stress this—heavily amended in the other place. It was the subject of a rigorous inquiry and report by the Parliamentary Joint Committee on Intelligence and Security. It is fair to say that this bill is wholly different from what the government originally proposed. The opposition is determined to ensure that our national security and law enforcement agencies have the powers that are necessary to keep Australians safe.

In recent times the Senate has dealt with three bills concerning national security. Like with the other bills relating to national security, Labor supports this bill, continuing our bipartisanship on national security matters. As well as defending our nation's security, Labor also strongly believes in the importance of upholding the rights and freedoms that define us as a democratic nation living under the rule of law.

This bill, it should be stressed, goes beyond matters of national security, though it does have an important national security dimension. Data retention is a tool used, in the main, for the ordinary enforcement of criminal law. It is essential that in passing these laws designed to protect the Australian community, we strike that balance between these freedoms, and Labor has approached this bill on that basis. Labor is determined to ensure that our national security and law enforcement agencies absolutely have the powers that are necessary to keep Australians safe. I will say that over and over again.

We understand, however, that this is controversial legislation. I understand why some people are concerned about it. But we need to be clear that data retention is not new. Data retained by private companies is already accessible without a warrant by a range of agencies under a scheme that has not been significantly reformed since 1979. Meta data has been collected and stored by telecommunications companies for many years. The fact is that many of the organisations that hold and manage our data for us already keep it. Some keep it for a week and others for up to seven years. They keep it in an environment that is loosely regulated with few rules and little oversight.

Also, there has been concern expressed by law enforcement agencies that technological changes and changing practices are seeing less data retained by telcos over time. This bill looks to resolve that by regulating the storage and access of metadata, including for our security agencies. As I have stated, access to metadata is currently allowed under the Telecommunications (Interception and Access) Act 1979. Police and other organisations access this data right now. The Parliamentary Joint Committee on Intelligence and Security heard evidence that last year Australian telcos had received more than half a million applications by law enforcement agencies to access metadata. The committee also heard that less data may be retained by some companies in future. We want to ensure that telecommunications data remains a reliable tool available to law enforcement and national security agencies where appropriate.

But we also want to tighten the regulation and supervision of that access ensuring Australians' safety is an objective that everyone in this parliament shares. Typically this means that proposals regarding national security are addressed in the spirit of bipartisanship. This does not mean, however, that the opposition will simply agree with all of the government's proposals no matter what. Instead, bipartisanship means the opposition will engage constructively with the government to ensure their proposals meet national interests. By way of example, while the opposition ultimately supported the National Security Legislation Amendment Bill (No. 1), the Counter-Terrorism Legislation Amendment (Foreign Fighters) Bill 2014 and the Counter-Terrorism Legislation Amendment Bill (No. 1) 2014 last year, it was Labor that insisted that these bills be referred for scrutiny to the Parliamentary Joint Committee on Intelligence and Security.

The very substantial amendments agreed to by the government on the foreign fighters bill are an example of this proper scrutiny. On this bill, Labor has argued for and achieved a number of significant improvements to the original bill. For example, Labor argued for improved oversight of the scheme by two independent Commonwealth agencies: the Inspector-General of Intelligence and Security and the Commonwealth Ombudsman. Labor also argued that the bill should provide for the intelligence committees to have an operational oversight of security agencies under the data retention scheme.

Further, Labor argued for amending the bill so that an agency must be satisfied on reasonable grounds that interference with the privacy of any person is justifiable and proportionate. All of these are the recommendations from the committee that the government has accepted. In all, the committee made 38 substantive recommendations to the original bill. Labor insisted the government implement each and every one of them, and the bill was amended as required in the other place. As a result, the bill that we debate in this chamber is of a wholly different character to that introduced into the House last October.

Scott Ludlam (WA, Australian Greens) Share this | Link to this | Hansard source

That is rubbish.

Stephen Conroy (Victoria, Australian Labor Party, Deputy Leader of the Opposition in the Senate) Share this | Link to this | Hansard source

Most notably, the committee recommended and successfully implemented changes—

Peter Whish-Wilson (Tasmania, Australian Greens) Share this | Link to this | Hansard source

Order!

Stephen Conroy (Victoria, Australian Labor Party, Deputy Leader of the Opposition in the Senate) Share this | Link to this | Hansard source

It is like you actually think you live in the United States. You guys are an offshoot of the Republican Party nowadays—seriously. You are up there with the GOP.

Peter Whish-Wilson (Tasmania, Australian Greens) Share this | Link to this | Hansard source

Order! Senator Conroy, I remind you to address your comments through the chair.

Stephen Conroy (Victoria, Australian Labor Party, Deputy Leader of the Opposition in the Senate) Share this | Link to this | Hansard source

My apologies. I am being harangued by your colleagues in your party—

Peter Whish-Wilson (Tasmania, Australian Greens) Share this | Link to this | Hansard source

I am aware of that.

Stephen Conroy (Victoria, Australian Labor Party, Deputy Leader of the Opposition in the Senate) Share this | Link to this | Hansard source

But I did not notice you mentioned them in that little admonishment that I received.

Peter Whish-Wilson (Tasmania, Australian Greens) Share this | Link to this | Hansard source

I would ask you to come to order, Senator Conroy.

Stephen Conroy (Victoria, Australian Labor Party, Deputy Leader of the Opposition in the Senate) Share this | Link to this | Hansard source

Most notably, the committee recommended and successfully implemented changes to the bill that gave journalists and their sources some protection from this bill. The committee recommended that the Ombudsman, the Inspector-General of Intelligence and Security and the committee itself be notified where retained data was accessed to identify a journalist's source. This was a worthy measure, but it was not enough. It took Labor writing to the Prime Minister to force the government into creating a warrant regime to protect journalists and their sources. I am not standing here to score points. I welcome this change of heart, and I hope that it gives the media and the broader community some reassurance.

This amendment includes the creation of a Public Interest Advocate, the PIA, which is likely to be a senior barrister or barristers, that must be notified whenever an application for a warrant is made. The PIA will be empowered to stand in the shoes of the journalist and argue why it is contrary to the public interest to issue the warrant. These changes mean much stronger protections for journalists and their sources, certainly much stronger than the government originally proposed. This is a crucial improvement on the bill as originally introduced.

While this bill is largely different from what was originally put forward by the government, there remains some unfinished business. For instance, Labor remains concerned about whether companies should be obliged to store data in Australia. The former director-general of ASIO, David Irvine, recently said that he would be concerned about the security of retained data if it were stored overseas—because it would be 'governed by someone else's sovereign legislative system'.

Senator Ludlam interjecting—

This matter is currently being examined as part of the Telecommunications Sector Security Reform process. This is a process that Labor started in government and which the Abbott government says will be completed well before the end of the data retention scheme implementation period. This is an issue that Labor will have strong views on and will continue to watch with interest.

Our security agencies have requested changes to these laws to support their work in fighting terrorism and organised crime. Labor has held the government to account during this process, as is appropriate—and the bill we debate today is, despite the protestations from my left, of a wholly different character to that which was first introduced into the House in October. Labor will always work to keep Australians safe and, at the same time, to get the balance right in upholding the rights and freedoms enjoyed by all Australians. Getting this balance right can be a challenging task, but it is a task that Labor undertakes seriously and diligently.

It may come as a surprise to some of those in the chamber who have been interjecting, but I when I opened by referring to 'some of the more general arguments and accusations that have been made by some members of this chamber', I was not actually talking about them—until they self-selected by intruding into my contribution. I was referring more to one of our New South Wales colleagues. But by interjecting you have emphasised the stark contrast between your position and that of the Labor Party on this legislation. I commend the bill to the Senate.

Sarah Hanson-Young (SA, Australian Greens) Share this | Link to this | Hansard source

The Australian Greens oppose the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. Several of my Greens colleagues have already commented on this piece of legislation: on how risky, unnecessary and dangerous it is for everyday Australians—not to mention for Australian journalists. This bill is an unnecessary, disproportionate and ineffective means of achieving its stated objective of protecting Australia's national security.

I know that national security is the hot topic in this place—it always is when a Prime Minister is polling badly. It staggers me that the Labor Party has reached the point where they are prepared to stand here and try to sell a position that we all know is more about wanting to show that there is not a glimmer of difference between them and the government on national security issues than it is about proper scrutiny of the legislation—a piece of legislation that is going to fundamentally change the way we assess and manage people's personal data.

This bill risks undermining fundamental aspects of our free society. It jeopardises the ability of journalists to protect their sources from intimidation, from blackmail and from being hunted down because the government of the day does not like the fact that they have blown the whistle. It also provides easy access for hackers to treasure troves of the most private details of people's everyday lives. In the name of protecting them, this legislation is actually putting Australians more at risk. These risks are very real and very serious.

This bill will turn all Australians into suspects by forcing telecommunications companies to store data pertaining to all Australians' telephone calls, emails and other data for two years. The legislation will not require the storage of the content of phone calls and emails—calls will not be recorded, the content of emails will not be recorded and the content of SMS messages will not be recorded—however, the legislation will require telecommunications companies to store the so-called metadata. For example, the legislation will require the storage of details of who you called, when and from where—the physical location and which mobile phone you used at that place. It will store details of who you emailed and when. Make no mistake: if this bill becomes law, it risks fundamentally changing what we understand today to be a free society.

Australians' private lives will become, to a large degree, public. This bill makes a disingenuous distinction between metadata and the substance or content of communications. As experts have made abundantly clear throughout the committee process for this bill—my colleague Senator Ludlam has participated wholeheartedly in that process; he is probably the leading expert on these issues in this place—this is a false dichotomy. Metadata may have been a useful term in the days when telephony made up the lion's share of electronic communication, but, in an age when most Australians live their lives on smartphones, tablets and PCs, that is no longer the case. The details that can be obtained by examining the so-called metadata on a person's electronic device, particularly if you can look at all the metadata from a continuous two-year period, are extraordinary. It is intrusive, it may be embarrassing for some people and it may risk—if that information were to fall into the wrong hands—damage to the person. It may affect their friendships, their working relationships, their employment, their employment prospects and their standing in Australia's online and real-life communities. Evidence of current metadata requests under the current regime shows that a massive number have nothing to do with solving serious crime but instead relate to petty requests by agencies such as the Australian Taxation Office and the Department of Human Services to track what ordinary Australians—people not suspected of any serious crime—are doing.

So, why the red flag on national security?—because that, of course, pushes buttons. But knowing where a Centrelink recipient is at a particular time when they make a phone call, and knowing who they make it to, is the type of information that we are talking about. And that type of exposure of individuals' private lives is at risk.

Under the new legislation, the Attorney-General will be able to add agencies to the list of agencies able to access metadata. Further, history shows that the data will be hacked and leaked to the internet—there is no way that the government can pretend that they can guarantee that that would not happen—leading to massive privacy breaches. The Department of Immigration and Border Protection have been involved in one of their own scandals of breaching privacy of data, when they accidentally released the names, the numbers, the addresses, the ages and the nationalities of over 10,000 asylum seekers here in Australia.

Who, overwhelmingly, accessed that data?—governments and sources with international IP addresses. That put those 10,000 people who were seeking asylum and protection from their own countries at even more risk because it revealed that they were in Australia seeking protection. That is just one example of a current system that has gone wrong, not to mention what will happen when every single Australian will be subjected to having their metadata stored for two years. Just imagine the risk there would be if that type of information fell into the wrong hands.

There is a real risk—there has been some talk about this recently—that this legislation will lead to undermining the anonymity of journalists' sources. In this context, I am particularly concerned about the effect that this legislation will have on the vital work being done by whistleblowers in Australia's detention centres, including our offshore detention centres. As recently as last week, the Moss review demonstrated that the Australian government cannot be trusted to protect asylum seekers and refugees from abuses; nor can the government be trusted to tell the truth about what is going on. This government have already proven that they are more interested in shooting the whistleblower and covering up the crime than in dealing with the issue at hand. This government cannot be trusted with this level of sensitivity of information and data.

The government cannot be trusted to be transparent and accountable with what goes on within government departments. They cannot be trusted—at least, from what we know from the Moss review—to know about and to be in control of what is going on in their own detention centres. Employees working in our abusive and shambolic detention centres, both here and offshore, are already subject to very tight employment contracts and to confidentiality clauses gagging them from disclosing the truth.

The government system forces those people, even when they see wrongdoing, to be quiet about it—to shush and not to speak up—and the only way through this cloud of secrecy is to blow the whistle. And what happens when you blow the whistle? The government puts the AFP onto you and you start being investigated for blowing the whistle—for example, for blowing the whistle on abuse claims in detention centres. That is what we have seen happen as recently as the last few weeks. This government has proven themselves already to be obsessed with secrecy and cover-up. They cannot be trusted to tell the truth. Even when they have the information they cannot be trusted to keep it secure.

If Australian expats working in offshore detention centres cannot be safe from the abuse of surveillance and cannot be protected when they blow the whistle or stand up and report crimes, how on earth can we trust that this government is going to treat the Australian public here on the mainland properly with this type of invasive collection of personal data? These risks are simply unacceptable. They are disproportionate to achieving the bill's objectives. This is because, while ordinary Australian's will be subject to the draconian intrusion into their private lives created by this bill, those who set out to do Australia harm—who really want to talk about national security—will easily remain undetected because they will be able to avoid this type of surveillance.

It staggers me that this piece of legislation is an unsafe and risky joke of the government's. They set out to say that it is about protecting the Australian people. We have no trust that they are able to do that. In fact, the very people that the Australian government tells us we need to be protected from are going to be able to work their way around this legislation in seconds. It is a false dream that is being sold by this government. There is no protection of ordinary Australians from the awful things that somebody might want to unleash on our communities. This does not keep us protected, but it weakens not only the freedoms in our society but the protections for people who have legitimate reason for leaking information, blowing the whistle and calling out bad government decisions.

We know that the Australian government—the immigration department in particular—has already got a number of witch-hunts underway in relation to whistleblowers who work in Australian detention centres. Why on earth they are spending energy on that rather than on the people that the government suggests we need to be protected from is beyond me. This bill does not make Australians safer. This bill puts Australians' lives at further risk. It weakens our ability to have an independent, robust and free society that is underpinned by the ability of journalists, in particular, to keep their sources private, protected and free of intimidation.

Debate adjourned.