Andrew Hastie (Canning, Liberal Party) Share this | Hansard source

On behalf of the Parliamentary Joint Committee on Intelligence and Security, I present the committee report, incorporating a dissenting report, entitled Review of the mandatory data retention regime:a review of the mandatory data retention scheme as prescribed by part 5-1A of the Telecommunications (Interception and Access) Act 1979.

In accordance with standing order 39(e) the report was made a Parliamentary Paper.

I am pleased to present the Parliamentary Joint Committee on Intelligence and Security's Review of the mandatory data retention regime, the MDRR, as required by section 187N of the Telecommunications (Interception and Access) Act 1979, the TIA Act.

In 2015, the coalition government inserted part 5-1A of the TIA Act in order to enact new obligations on telecommunications and internet service providers to retain prescribed metadata for a period of two years for the purposes of access by national security authorities, criminal law enforcement agencies and enforcement agencies. It also requires service providers to encrypt the retained metadata, subject to certain exemptions, and outlines which enforcement agencies have access to the information and documents available under the scheme.

In its report, the committee noted:

… the technical difference between the mandatory data retention regime … allowing access to metadata and access to telecommunications data as provided for in sections 280 and 313(3) of the Telecommunications Act. In practice telecommunications data kept under the mandatory date retention regime can, after the two year retention period has expired and as long as it is still being kept, be accessed by a wide range of agencies under section 280 and 313(3) of the Telecommunications Act.

Therefore, in addition to reviewing the MDRR, the committee also looked at access to telecommunications data under the Telecommunications Act.

The committee's report makes 22 targeted recommendations that increase transparency around the use of the MDRR and increase the threshold for when data can be accessed under the MDRR and, importantly, does so in a way that does not have a great effect on law enforcement's and ASIO's ability to do their very important work. In addition, the committee makes recommendations that reduce the currently very broad access to telecommunications data under the Telecommunications Act.

We as the committee take our job very seriously. Our first priority, always, is the safety of the Australian people and making sure that our operational agencies have what they need for our national security. But we're also a parliamentary committee, and foremost in our minds in this review were the principles of transparency and accountability. It may be that the government and operational agencies advise us that some of the recommendations in our report pose difficulties for ongoing operations; we accept this. We're a parliamentary committee, as I said. We don't pretend to have detailed expertise or insight into operations, but we strive for accountability and transparency. That's our job as an oversight committee, particularly when dealing with the accessing of personal data of Australian citizens. We want to strike the right balance between national security and personal liberty, so we look forward to ongoing discussions and engagement on these questions and to working out the best possible balance, upholding national security and personal liberty with the government and the relevant agencies.

After reviewing the evidence, the committee had no major concerns over ASIO's access to data under the MDRR. For that reason, most of the committee's concerns were around access to data under the MDRR by law enforcement agencies. Importantly, the committee did not recommend any changes to the current two-year retention requirement. What the committee would like to see is more reporting on this access, and, as mentioned, an increased threshold for that access. To this end, the committee has recommended that the Department of Home Affairs should, within 18 months of this report, develop guidelines for data collection to be applied across the mandatory data retention regime to achieve the intended outcome of facilitating better oversight, including an ability for enforcement agencies and Home Affairs to produce reports for oversight agencies or parliament when requested. This should include the section of the TIA Act used to access the data; the case number associated with the authorisation; the specific offence or offences that the investigation is related to; if the authorisation related to a missing person case, the name of the missing person; and brief reasons why the authorised officer was satisfied that the disclosure was reasonably necessary. In addition, the committee has made recommendations that the law enforcement access to data kept under the MDRR will only be available in the following circumstances: voluntary disclosure, locating a missing person or the investigation of a serious offence or an offence against a law of the Commonwealth, a state or a territory, that is punishable by imprisonment for at least three years.

I mentioned the access to the telecommunications data under the Telecommunications Act. This was a matter to which the committee gave great thought. In order to reduce the number of agencies accessing telecommunications data in this manner, the committee has recommended the repeal of Section 280(1)(b) of the Telecommunications Act which allows for access where, 'disclosure or use is required or authorised under law'. It is the exceptionally broad language in this subsection that has allowed the access that has concerned the committee. I hasten to add that Section 280(1)(a), which requires disclosure where telecommunications data is required in connection with the operation of enforcement agency, is a section that the committee has made no recommendation on. Law enforcement will still be able to access telecommunications data via the Telecommunications Act when it so requires.

As I'm sure the House will appreciate, in this speech it's difficult to go through all 22 recommendations, that's why we have a report. It's good reading. Suffice to say, the recommendations all strive towards increased transparency and accountability with the accessing of telecommunications data of Australian citizens, whilst not affecting the important work of those agencies who are tasked with protecting and keeping Australians safe.

Before I close, I would like to acknowledge, as always—up there on the screen—the member for Holt, my deputy chair. He is always great counsel and helpful in getting these reports out of the committee, also the member for Isaacs, who has just popped up as well. I want to make, on my side, a particular mention of Senator Fawcett, who was around for the last report and provided a lot of insight and help with this report.

See this speech in context