David Coleman (Banks, Liberal Party) Share this | Hansard source

I am very pleased to have the opportunity to speak on this extremely important legislation, dealing as it does with the security of our nation—the security of the people in my electorate of Banks and across the country more generally. I start by summarising the essential question when dealing with these matters of national security: does the benefit of addressing matters of security through legislation, enabling law-enforcement officers to do their jobs better, outweigh any perceived or potential cost to civil liberties? The answer with respect to this legislation is: absolutely. That benefit far outweighs any perceived cost.

Metadata has been around for a long time. This is not a new category of information that has been created through the passage of this legislation. The central point of this legislation is to ensure that material that has been accessed historically continues to be accessed. That is the central point. This is not a regime of materially expanding the capacity of government to access metadata, it is to make sure that we can continue to access metadata in a way that enables our law-enforcement officers to stop acts of terrorism or crime before they occur. That is entirely appropriate.

It is very important to understand that under this legislation no content of any information can be accessed without a warrant. As is the case now, in order to access the content of information—be that the content of a phone call, web-browsing session or email—a court warrant will be required. A court warrant is not easily acquired and the courts, rightly, have high standards that must be met before a warrant is granted. It is also worth noting that under this legislation the number of agencies that can access metadata will reduce from the current number of about 80 to about 20, with a sharp focus on law-enforcement and terrorism-prevention agencies. This is the most important use of this material. This is sensible, measured legislation, which will help keep Australians safe. It is very important that it becomes law.

We need to back up a moment and focus on the issue of why this legislation is important now. One of the key reasons is that commercial practices in the telecommunications industry are changing. Historically, in this industry, a range of data—generated through phone calls, internet and email usage—was kept by telcos and generally kept for an extended period of time. That information was often used in things like analytics, within the business of how customers are using particular services and for billing purposes on occasion. As software becomes more and more sophisticated the commercial requirement to maintain that information reduces.

Telecommunications companies, being ultimately commercial entities, would say that if there is a cost associated with retaining this information, and if it is not essential to their commercial operations, there would be a tendency for less of that information to be retained over time. That is the essence of this legislation. What we as a government are saying—and we are supported by the opposition—is that it is very important for this material to be maintained for up to two years. This is the material that time and again has been used by our law-enforcement agencies to stop crime and acts of terrorism and to investigate crimes after they have occurred. The ideal use of metadata is for it to pre-empt any terrorist or other action before it occurs. We also should not discount its use as a means of solving crimes after they have occurred. Both are important, but prevention is the most important.

We know that metadata works. There is very little controversy about this point. We know that metadata, on many occasions, has helped to stop acts of crime and terrorism before they occur and allowed agencies to address the sources of crime after they have occurred. The AFP said recently that between July and September last year 92 per cent of cases relating to terrorism involved the use of metadata. For 92 per cent of the time that our agencies sought to investigate potential acts of terrorism—in the most recent quarter they published—metadata was used. So we know that this material is extremely important.

One of the best examples was of course Operation Pendennis, which was back in 2005. Under that operation, agencies were able to use metadata to identify a previously unknown terrorist cell that was operating largely in Victoria and planning to stage a major attack on the MCG and other institutions within Victoria. By being able to access the metadata, agencies were able to detect a series of relationships and a series of ongoing interactions between individuals who were a known concern to them. Through the use of that metadata, they were in fact able to stop the attack from occurring and it led to significant convictions of people who aimed to do us harm. Thirteen men were convicted on terrorism charges, with sentences of up to 28 years in jail. So the attack on the MCG did not occur and those people were taken off the street, which was entirely the right thing to occur. We also have another example where the provision of a single phone number by a foreign government to Australia, expressing their concerns about a particular individual and the potential for that individual to cooperate with others in acts of terrorism, allowed ASIO to identify a cell that was indeed planning terrorist attacks. So it is extremely important information.

It is also important in the context of cybercrime and cyberterrorism. What we are seeing now, unfortunately, is a rise in the use of internet networks to breach the security of nations, including ours. Sometimes that is done by rogue organisations and sometimes it is done by states. The accessing of metadata in the context of cyberterrorism enables our agencies to detect an IP address. As we know, an IP address is an identifier which an internet service provider will be able access for different individuals at different times. Metadata analysis allows the agencies to talk to that ISP about linking the IP address to a specific individual or organisation. Once you have been able to match an IP address to an individual, you can then, through the analysis of metadata, determine who that person is interacting with online and, if any disturbing patterns emerge, seek further investigation. Of course, that is the point at which our agencies would seek warrants to conduct further investigations.

We need to understand very clearly what the information is and what it is not. Frankly, there is a lot of misguided analysis in this area, where there is not always a clear description in the media of what metadata is and what it is not. The way I think of it is that it is about the interactions between individuals but not about what actually occurs within those interactions. If a phone call is made from A to B the metadata will track that that call was made but it will not say what A said to B or what B said to A. If an individual emails somebody, the metadata will track that interaction occurred but it will not track what actually happened inside the email. The only scenario in which that information can be provided is when the agencies obtain a court warrant for that purpose, and that is an appropriate protection. Of course web browsing is not metadata. It is very important to understand that. If somebody visits 50 websites tomorrow, the information as to what sites they visited is not metadata and is not in a form that can be accessed by agencies under this legislation. In order to access that information they would need to seek a more detailed warrant.

We know that metadata works and we know that, as a nation, we do face significant threats. We cannot pretend that is not the case. We have seen tragedies in recent times. We saw them in my own city, in Martin Place, and in Melbourne at Endeavour Hills Police Station. There is absolutely nothing to be gained by pretending that a problem of this seriousness does not exist. We all know it exists. The question is: what can the government do about it? One of the things that we can do about it is addressing this legislation.

There are significant protections in the legislation. I want to commend the Parliamentary Joint Committee on Intelligence and Security, which was so ably led by the member for Wannon. They went through this legislation in great detail over summer and around Christmas and they came back with 39 recommendations where they thought there could be certain subtle changes and improvements to the legislation. The government adopted all of those improvements. It was very pleasing to see—and is worthy of commendation—that the opposition and indeed the member for Holt, who served as the deputy on that committee, worked in a very constructive fashion with the government, so that we as a parliament can come to a largely agreed view on this legislation. That is very important, because we want to send a message to those who would do us harm that we as a nation are united in ensuring that we have the protections in place to stop them from doing what they want to do.

One of the protections in this legislation is that the circumstances in which metadata can be accessed will not change. So, effectively, what was available five years ago in metadata analysis by the agencies will continue to be available and will continue to be kept for up to two years. That is the central point here. We are not talking about a new category of information; we are talking about ensuring that the information is retained so that the commercial imperatives of the telecommunications companies do not disrupt the operation of national security.

One of the points that has been raised in the context of the commercial operations of the telcos is the cost of implementing this legislation. The government certainly acknowledges that there is a cost involved. It has been estimated at between $189 million and $319 million. That is a capital cost and, as such, is a cost that can be spread over a number of years. This is not something that would hit the profits of a company all in one year. It would be spread over a number of years, probably five to 10 years, depending on the depreciation approach the telco takes. Indeed, the government is willing to contribute to those costs. Discussions are continuing in that area.

What we can never do is allow a relatively modest cost to stop us from implementing something that is so important for the security of the nation. We have seen time and time again that metadata can be used to stop acts of terrorism before they occur. We must do everything we reasonably can to ensure that continues to be the case. By passing this legislation, this parliament will be sending a very clear message that we are going to be very vigilant in protecting the people of Australia.

See this speech in context