Philip Ruddock (Berowra, Liberal Party) Share this | Hansard source

I rise to support the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 and I will support the amendments necessary to secure its passage. My view, as a former Attorney-General of this country and as a person who has taken very considerable interest in these matters, is that this legislation is absolutely essential. There was an urgent need for it some time ago, and that need remains very precipitant now. It has been said by the previous speaker, the member for Blaxland, that there are half a million requests for access to metadata now. He suggests that that means the scheme is working perfectly well and is adequate for the purpose, but nothing could be further from the truth.

I do not think we have been given accurate evidence, because that would undermine public confidence in the nature of our legal system, were it to be put in the public arena. I suspect we have seen a very significant degrading in our capability and capacity to be able to deal with terrorist threats and organised criminal activity, because those people who pose a threat to us know that there are some communications that can be accessed through the existing metadata regime and there are other communications that are not the subject of scrutiny because there is no legislation requiring people to keep the data. It is very clear. If you were a terrorist and you wanted to ensure that nobody was aware that you were engaged in those activities and whom you might be talking to, you would simply identify those agencies who supplied a service but did not keep the information because they were not required to keep the information.

It is certainly the case that information has been kept by Telstra and by Optus, because that has been part of their commercial models over a long time. It is the case that there are others who have said: 'Aren't we smart? We've found a way of providing a cheaper service and undercutting their model by not doing all the things that they do. If we don't keep the data, we can be more competitive. Aren't we smart?' To my way of thinking, that commercial model is not in the national interest. The legislation that we are dealing with will require those organisations to keep that data now, and we are going to pay for it. We may not pay for it directly, in its entirety, but we will pay for it through subsidy and through the increased costs of services. It may mean that some of those organisations who thought they had a very good commercial model are going to lose it.

We need to understand, when a lot of the media coverage on these issues raises all sorts of fears—and they do—that there are commercial reasons why certain organisations are putting that into the public arena. I open the Media section of The Australian on 9 March. Under the headline 'Rivals unite against data retention', an article dealing with metadata says:

JOURNALISTS and their sources could be tracked down in witch-hunts reminiscent of the Stalin era under the new metadata legislation, Australia's most powerful media bosses have warned.

I go to another article. Under the headline 'Poll highlights business fears over metadata', it says:

Australians don't trust government departments to correctly handle their personal information once controversial new data retention legislation is implemented.

An article headed 'Phone, internet spying "violates human rights"', quotes somebody who wants to get into the business:

Wikipedia co-founder and influential technology entrepreneur Jimmy Wales has slammed the … plan to make telcos store the metadata of every phone and internet use as a 'human rights violation' …

If these 'human rights violations' have been there over the last 30 years, why wasn't this an issue in this parliament every day as it was brought to our notice, as people who were concerned about it were identifying the abuse? You would think you would have heard about it. I have been here all that time and I have never heard about it. It was not raised by the opposition, not raised by the newspapers, until there was a commercial reason why some people needed to undermine putting in place a comprehensive regime.

If you think I am strongly convinced that this is necessary: you bet. I am concerned about people's right to privacy; of course I am. I recognise the arguments about the protection of privacy needing to be proportional. I want to weigh it up against other rights that I have, and one of those rights that I believe I have is the right to life. If I were going to have to give up a little bit of privacy to continue living, I would be very prepared to accept that. Where I do get concerned about privacy issues—but I never hear this raised—is with those commercial organisations who think they can make a profit out of selling information they get about my use of particular products or where I might shop. They sell it on to somebody else to make money. I do not hear anybody complaining about that.

I would like to think that members want to inform themselves. I cannot inform them of what I might know from agencies who have to be careful about identifying potential weaknesses in their own operations, where they might not be able to adequately fulfil the role that we are expecting of them. I do not think that data is going to be out there in the public arena or given in evidence before parliamentary committees. It is very difficult to get the arguments about the threats that we face. But I would encourage members to read TheEconomistof 17 January. I found quite a fascinating article. For copyright reasons, I had better say it is published in TheEconomist but there is no by-line. I do not know who wrote it but I regard TheEconomistas very authoritative. Under 'Getting harder', it deals with counter-terrorism. With the introduction 'Western security agencies are losing capabilities they used to count on', it says:

ONCE the shock that a terrorist outrage generates begins to fade, questions start to be asked about whether the security services could have done better in preventing it. Nearly all the perpetrators of recent attacks in the West were people the security services of their various countries already knew about.

It speaks about the recent attacks in France, saying of the terrorists:

… France's internal security agency, and the police knew them to be radicalised and potentially dangerous. Yet their … plots, which probably involved more people and may have been triggered either by al-Qaeda in Yemen or the so-called Islamic State (IS) in Syria, went undiscovered.

There … may have been a blunder, and there will undoubtedly be lessons to be learned, just as there were in Britain after the 2013 murder of Fusilier Lee Rigby …

The parties involved there, the article says, were known to MI5. It goes on:

But it is worth reflecting on the extent to which Western security agencies have succeeded in keeping their countries safe in the 13 years since September 2001. And it is worth noting that their job looks set to get harder.

Europe has suffered many Islamist terrorist attacks in recent years, but before the assault on Charlie Hebdo, only two of them caused more than ten deaths: the Madrid train attack in May 2004 and the London tube and bus bombings 14 months later. This was not for want of trying; intelligence sources say they have been thwarting several big plots a year. Sometimes this has meant arresting the people involved: more than 140 people have been convicted of terrorism-related offences in Britain since 2010. But often plots have been disrupted in order to protect the public before the authorities have enough evidence to bring charges.

Three factors threaten this broadly reassuring success.

The article goes on to talk about these factors and the second problem that we are facing now:

A second problem for the security forces is that the nature of terrorist attacks has changed. Al-Qaeda, and in particular its Yemeni offshoot al-Qaeda in the Arabian Peninsula, is still keen on complex plots involving explosions and airliners. But others prefer to use fewer people, as in commando-style raids such as the one on Charlie Hebdo and "lone-wolf" attacks that are not linked to any organisation. IS has called for attacks on soft targets in the West by any means available—one method is to drive a car at pedestrians, as in Dijon on December 21st last year.

At any one time MI5 and DGSI will each be keeping an eye on around 3,000 people who range from fairly low-priority targets—people who hold extremist views that they may or may not one day want to put into practice—through those who have attended training camps or been involved in terrorist activity in the past to those who are thought likely to be actively plotting an attack. But only a small number at the top are subjected to "intensive resource" surveillance.

These are pretty simple issues. We have an agency that is meant to be protecting us which has around 1,500 people. Could they put 3,000 people thought to be posing a risk under scrutiny? It is obvious that they cannot. They have to have other ways of finding out how they should target their activities more appropriately. This is why, as the article goes on:

Even when there are identified co-conspirators, though, it is getting harder to tell what they might be up to. This is because of the third factor that is worrying the heads of Western security agencies; the increasing difficulty they say they have in monitoring the communications within terrorist networks. The explosion of often-encrypted new means of communication, from Skype to gaming forums to WhatsApp, has made surveillance far more technically demanding and in some instances close to impossible.

The article continues:

The tech firms are very different from the once-publicly owned telephone companies that spooks used to work with, which were always happy to help with a wire tap when asked. Some, especially some of the smaller ones, have a strong libertarian distrust of government. And technology tends to move faster than legislation. Although the security agencies may have ways into some of the new systems, others will stymie them from the modern equivalent of steaming open envelopes.

It is an article worth reading to give you an idea of the difficulty in which the agencies who have a responsibility to protect us are working. This legislation is important because it is about giving these agencies the tools that they once had.

I think that the legislation is absolutely prudent, appropriate, measured and responsible. I know that we are amending it. I suspect that those amendments, which are going to be agreed to ensure the passage of the legislation, are not necessarily required and are going to impose significant and additional costs upon the Australian taxpayer. I hope that people will look at these issues in the context of where the problems of the past have been, because I can assure you that there is no need for the sort of scrutiny that people are demanding.

See this speech in context