Jane Prentice (Ryan, Liberal Party) Share this | Hansard source

Previously when I spoke on the Counter-Terrorism Legislation Amendment Bill, I began by noting that in an ideal world nobody wanted the bill. It was a difficult but, regrettably, a necessary bill to strengthen Australia's ability to intercept and respond to the threat of global terrorism reaching Australian soil.

The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 is another bill that would not be necessary in an ideal world, but unfortunately we do not live in an ideal world. We live in a world in which paedophile rings use the internet to share images of child exploitation and abuse, a world in which traffickers use anonymously obtained SIM cards to coordinate international drug smuggling networks and a world in which terrorists use the internet and mobile networks to attract and indoctrinate potential recruits and to command them to carry out acts of indiscriminate mass murder. This is an unfortunate reality of today's world, to which Australia is not immune.

It is the job of law enforcement agencies to intercept and disrupt these operations to the best of their ability using the tools at their disposal. And it is the job of parliamentarians, as representatives of law-abiding residents, to provide them with these tools in a manner which best maintains the safety and security, but also the privacy, of the innocent.

It is this concept of privacy that I wish to now address, as it has dominated much of the public debate surrounding this bill. Colleagues in this place will know already of my strong commitment to individual rights. In my maiden speech, I spoke of my core belief that government must provide the environment to give individuals the opportunities to create and succeed but not unreasonably interfere or restrict the freedoms and rights of individuals.

Critics of this bill may argue that it is unreasonably restrictive on these individual rights and freedoms. To them I make this simple point: in a free society, freedoms and rights do not extend to infringing the freedoms and rights of others. They do not extend to misusing the internet to defraud the elderly, to abuse children or to orchestrate terrorist attacks in public places. Most reasonable people accept that there need to be limits on freedoms. We therefore do not object to law enforcement agencies obtaining warrants to conduct surveillance, access email accounts and obtain phone records of individuals reasonably suspected of engaging in criminal activity.

What many people do not understand, and what the public debate about data retention has largely ignored, is that changing technology has made data retention, for the purposes of criminal investigation, more difficult, not easier. It may seem counterintuitive for this to be the case, but I will explain with two examples. In decades past, phone calls were point to point, from fixed phone lines with fixed phone numbers, for which extensive records were kept for billing purposes. In criminal investigations, authorities were able to easily access these records with a warrant in order to pursue suspected criminality. Now, with the widespread use of mobile phones, and increasingly the use of disposable prepaid SIM cards purchased anonymously and changed frequently, authorities are finding it more difficult to use phone records to identify and track suspected criminals. There is evidence that organised crime networks are routinely using this tactic to avoid detection. Similarly, in recent years, the growth in the number of internet users and the range of devices with which the internet can be accessed has accelerated the use of static rather than fixed IP addresses. What this means is that IP addresses are constantly changing user, and it is increasingly difficult to identify a user purely by their IP address. Law enforcement agencies must therefore rely on the records of internet service providers to know who was using a particular IP address at the particular time it was associated with a suspected criminal act.

There are many real-life examples of instances in which data retained by service providers has been used to disrupt networks of individuals engaging in serious sexual, financial, drug related or violent crime. However, there is perhaps no more compelling case for mandating data retention than that identified in a recent Europol investigation into child exploitation. The investigation uncovered a vast network of online information shared by hundreds of users across several countries. Investigators uncovered evidence of up to 371 suspects believed to be in the UK and 377 suspects in Germany. Of the 371 suspects in the UK, authorities were able to positively identify 240, leading to 121 arrests and convictions. In Germany, however, only seven of the 377 suspects were able to be identified, and none were able to be arrested or convicted—not one. The difference? In the UK, investigators were able to use metadata to identify many of the suspects, whereas in Germany there is no data retention scheme in place. Dozens if not hundreds of perpetrators in Germany were able to evade arrest and conviction for child exploitation due to a lack of retained data.

This is where the need for this bill arises. In the past, records of phone and internet connections were kept for many years. Now, due to changes in billing practices and advancing technology, telecommunication companies are no longer seeing a business need to retain the information. Many are making a rational and legitimate business decision to no longer retain this information or to do so for a shorter period of time. At the same time, there remains compelling law enforcement reasons for the information to be retained. This bill strikes a balance between these competing business and law enforcement imperatives to require the retention of data for a period of two years. Residents in my electorate of Ryan have taken a keen interest in this bill. That is understandable, as many residents of Ryan work in professional or 'knowledge' jobs for which use of the internet and mobile technology is a daily part of their work as well as their social lives. They have followed the public debate on data retention closely. Unfortunately, it has been a debate in which a genuine discussion about the evolving challenges of modern law enforcement has been obscured by a misunderstanding of the scope of the bill. In a sense, that is understandable, as until recently the concept of metadata would have been foreign to many.

It is perhaps best to define metadata not by what it is but by what it is not. Metadata is not the substance of a communication. So, it is not the subject line or indeed content of an email. Nor is it what has been said in a telephone conversation. It is not web browsing history. It is not private social media posts. Metadata is merely information about a communication. In the case of phone calls, it may include the time of the call, the length of the call and the phone number called. For an email, it may include the recipient email address and the time the email was sent. It is the conflation of metadata and content that has led to confusion about the scope of the bill. So I want to be absolutely clear: access to the content of communications by law enforcement agencies has previously and will continue to require a warrant.

What this bill will ensure is that records of minimal details of time, length and recipient of communications are kept by providers for a two-year period in case they are required for the purposes of a criminal investigation. Nevertheless, it is prudent for legislation that broaches issues of privacy to be subject to thorough public scrutiny. I note that this bill has been subject to an inquiry by the Parliamentary Joint Committee on Intelligence and Security. The committee has released a unanimous, bipartisan report that makes 39 recommendations. Most importantly, the committee recommends that this bill be supported. And all 39 recommendations are supported by the government.

I will now speak to several of the recommendations as they address many of the contentions that have been raised about the scope of the bill. I will start with recommendation 2, which recommends that the proposed dataset be included in the primary legislation. This will ensure that it is absolutely clear in the legislation as to the data that is required to be retained by service providers.

Recommendation 5 is that the bill be amended to make clear that service providers are not required to collect and retain customer passwords, PINs or other like information. It is sensible and appropriate that retention of this information be specifically excluded, and the government has agreed to amend the explanatory memorandum accordingly.

Similarly, recommendation 7 is that the bill be amended to make clear that service providers are not required to keep web-browsing histories, or other destination information, for either incoming or outgoing traffic. The government will amend the explanatory memorandum to make this clear.

In recognition that there will be some cost to service providers in implementing data retention obligations, recommendation 16 is that the government make a substantial contribution to the up-front capital costs of implementation. It also recommends—and I paraphrase—that, in doing so, government appropriately balances the varying services, business models, sizes and financial positions of industry participants. In response, the government has reiterated its commitment to make a reasonable contribution to up-front capital expenditure required to implement data retention obligations. It will do so in a considered way, taking into account the wide range of participants in the telecommunications industry.

Importantly, recommendations 17 and 21 suggest clarification and specific listing of agencies that can obtain warrants and access telecommunications data in the Telecommunications (Interception and Access) Act 1979. They also recommend that the Attorney-General retain the power to list additional agencies for a time limited period in emergency circumstances. These recommendations have set clear boundaries around who can seek access to retained data and are supported by government. It is worth noting at this point that the effect of the bill will be to substantially reduce the number of agencies who are able to access telecommunications data from around 80 to 20.

Recommendation 24 is that the bill be amended to make clear that individuals have the right to access their personal telecommunications data retained by a service provider under the data retention scheme, under a provision similar to that already existing under the Privacy Act 1988. Access by individuals to their own information is an important safeguard in a free and fair society, and the government has amended the bill to cross-reference existing mechanisms under the Privacy Act 1988.

Recommendation 26 addresses the issue of press freedom and protection of journalists' sources. The committee considers that this matter requires further consideration in a separate review to report back in three months. This has been agreed to by the government.

Recommendation 27 proposes further committee and Commonwealth Ombudsman oversight of instances in which authorisations are made for the purpose of determining the identity of a journalist's source. This is also supported, and the office of the Commonwealth Ombudsman will be resourced accordingly.

In the time left, I want to touch on a few of the committee's recommendations. As a whole, they are considered, sensible and appropriate. I commend all committee members, and particularly the member for Wannon as chairman and the member for Holt as deputy chair, for their bipartisan and constructive contributions in what is a very sensitive area of policy. The full set of recommendations and government responses are publicly available. I encourage all members in this place, and indeed any listeners or followers of this debate, to read them in their entirety.

The end product of this process is a bill that is a fair and proportionate legislative response to a worrying and growing gap in the knowledge available to law enforcement agencies—a gap in knowledge that we know is currently, and will increasingly be, exploited by a small minority in our society to commit serious crimes to the detriment of the rest of us. I am confident that this bill returns to law enforcement agencies some of the tools they need to continue to protect the safety and wellbeing of all Australians. I commend this bill to the House.

See this speech in context