Lisa Singh (Tasmania, Australian Labor Party, Shadow Parliamentary Secretary to the Shadow Attorney General) Share this | Hansard source

I rise to speak to the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015. The current bill has brought deep concern to many Australians—and rightly so, because it raises complex and concerning issues, especially in relation to privacy, freedom of expression and media freedom.

I have had my own deep concerns about this legislation and I know some of my Labor colleagues—such as the member for Chifley, the member for Fremantle, the member for Charlton and other Labor colleagues as well—have had similarly deep concerns. I have wrestled with these issues, because data retention is a complex global issue but an issue that has to be dealt with in this era of advanced technology.

It is not a surprise that these are concerning issues. Communications data can reveal quite personal information about an individual. Without the content of the data being made available, it can reveal who a person is in contact with, how often and where. But we are informed that this bill is needed to ensure that our law enforcement agencies can keep pace with the rapidly evolving telecommunications technology and services.

I agree wholeheartedly with the comments of former Senator John Faulkner who said:

The Australian Parliament’s … must ensure our intelligence and security agencies have the necessary powers and resources to protect Australian citizens and Australian interests. However, these powers can impinge on the values and freedoms on which our democracy is founded … which Australian citizens rightly expect Parliament to protect.

So Parliament must strike a balance between our security imperatives and our liberties and freedoms.

Key to achieving this balance is strong and effective accountability.

Therein lies the essence of what this debate is all about and what we as parliamentarians must try and strive to achieve.

So what we have before us now follows amendments that were brought through the work of the Parliamentary Joint Committee on Intelligence and Security. They have done a great deal of work to improve the bill the government presented last year—which I think can be regarded as a shell of a bill—making it into something which now is trying very hard to get that balance right.

On that, I would like to thank my Labor colleagues for their work. They have closely reviewed and rewritten this legislation. After months of work, their approach to the issue has led to a much improved piece of legislation being presented for debate, and that is what we have currently before us here in the Senate: significant minor, technical and consequential amendments to clarify the intent of the bill; limiting the dataset required to be retained under the scheme to that which is prescribed in the bill itself, rather than allowing the dataset to be prescribed by regulation. These are just some of the things my Labor colleagues achieved through that joint committee.

Labor has insisted on significant improvements to oversight and transparency through the PJCIS inquiry into this bill, and the work of that Parliamentary Joint Committee on Intelligence and Security has led of course to the 38 recommendations for inclusion in this legislation. These amendments, including protections for journalists, have been absolutely crucial to the substance of this bill.

The work of the Leader of the Opposition, the shadow minister for communications, the shadow Attorney-General and my Labor colleagues in pursuing the government for these amendments to be included has meant that today we are debating legislation of a much greater quality than what we saw last year. So I thank them wholeheartedly for the work they have done but also for their consultative approach to this issue, which has been part of our Labor caucus.

Looking at the substantive matter of this bill, examining the issues seriously and exploring all the options available to achieve a balance between the public interest in granting access to metadata and the protection of privacy rights, has been critical. In fact that is the critical factor when we debate this bill. That has been the focus from the outset for the Labor opposition.

The storage of data onshore, protections for journalists to ensure freedom of speech is preserved, the inclusion of privacy alerts and the importance of oversight have helped shape my position from one of having great concern to one where I am comfortable with the outcomes that have been now delivered through that process and into this legislation. As I said at the outset, it was a difficult issue at the beginning, but what we have before us now is a much more substantial bill than that which was provided to the parliament last year.

Sitting suspended from 18:30 to 19 : 00

I return to highlight the important factors that have helped to shape my position on this piece of legislation, and I want to list the improvements that have been made through Labor's input and through the process of the PJCIS inquiry. They include: listing of dataset in the bill so that we know what data is retained; limiting access to telecommunications data to those enforcement agencies specified in the bill; oversight of the operational use of this legislation by parliament's intelligence committee, the first time that committee has been given this power; authorising ASIC and the ACCC to access telecommunications data to assist in the investigation and prosecution of white-collar crime; requiring telecommunications companies to provide customers access to their own telecommunications data upon request; requiring stored data to be encrypted to protect the security and the integrity of personal information; prohibiting access to telecommunications data for the purpose of civil proceedings, such as preventing its use in copyright enforcement; requiring the mandatory data breach notification scheme to ensure telecommunications companies notify consumers if the security of their telecommunications data is breached—I currently have a private senator's bill in this place on this very matter. Other improvements are: increasing the resources of the Ombudsman to strengthen the oversight of the mandatory data retention scheme; and a mandatory review of the data retention scheme by no later than four years from the commencement of this legislation. All these factors are improvements that have helped to shape my position.

I do want to go into some further detail on a number of those issues, and the first of them relates to data storage. Protecting the cloud of data collected under this legislation is critical to the privacy of individuals. The storage of data needs to remain under Australia's jurisdiction to ensure that it is regulated by Australian law. On the eve of the data retention changes being reintroduced into the parliament, the former Director-General of the Australian Security Intelligence Organisation, Mr David Irvine, voiced his concerns clearly about where Australians' data should be stored in the cloud. He described himself as a 'cyber nationalist' when it came to the position of the cloud. He is correct: metadata provides knowledge of an individual whom this country has a duty to protect. In that sense I also describe myself as a 'cyber nationalist'. The issue of the location of stored data is one of concern not just to myself or not just to Labor, but to the broader Australian public as well. I am pleased that this matter is currently being examined as part of the telecommunications sector security reform, TSSR.

Mr Irvine said there had to be awareness in government, business and with private individuals of the fact that the internet world had brought huge benefits but it had created all sorts of vulnerabilities. He said:

We should be trying to develop for Australia, particularly for government and industry, the ability to manage national data on a national basis, with international hook-ups of course, but then it can be subject to national law, which can be privacy law and national security considerations.

He also said:

Our ability to use metadata is just as important in eliminating people from suspicion as it is from incriminating them.

I think that really highlights the importance of onshore data storage.

We are informed that this bill is going through another process to address that important issue. This bill raises another issue—which may come as a surprise to many Australian citizens—about who has access to data. There are currently more than 80 agencies, including many local councils and other organisations that can already access data without a warrant, and that is of quite grave concern. My understanding is that access to this data has grown over the years and now the types of agencies which can apply to access this data include Centrelink, the RSPCA and even Harness Racing New South Wales. Not many Australians would be aware of that. This bill addresses the issue and confines access to law enforcement agencies, and that is an important improvement that has been made in this bill. Having such a broad definition of the agencies that can authorise themselves to access your metadata, my metadata, I think is a problem. This bill very much deals with that issue. Limiting access to criminal law enforcement agencies specifically prescribed in the bill, rather than by an open-ended definition, and authorising ASIC and the ACCC to access metadata to facilitate the prosecution of white-collar crime I think is a better outcome. As I have said, Labor's position is that there should be onshore data storage of that metadata.

Another improvement made to this bill is in relation to the protection of journalists. The protection of journalists and their sources along with freedom of the press have been issues of particular concern to Labor. The Australian Federal Police have confirmed for the first time that they have accessed journalists' telecommunications metadata in the past 18 months, but said that the requests were 'rare'. Under the new laws, a public interest advocate, who will be able to contest police applications for warrants to identify a journalist's source, will be created. That is a great improvement to the current regime. Allowing a list of security-cleared barristers to argue the public interest case before judges deciding whether government agencies should be allowed to access journalists' metadata is important—and to argue the public interest case as a judge weighs that consideration against national security interests in deciding whether to issue such a warrant is the substance of it. Of course, there will be a presumption against issuing the warrant, and agencies must prove that the public interest in issuing the warrant outweighs the public interest in protecting the confidentiality of the identity of the journalist's source.

One other issue I want to highlight is that Labor has advocated for the inclusion of a system of mandatory notifications of data breaches or privacy alerts, a system of mandatory notifications similar to those contained in the Privacy Amendment (Privacy Alerts) Bill, which I introduced into the Senate in 2014 on behalf of the Labor Party. I am pleased that that system, introducing a new consumer privacy protection for Australians that will keep their personal information more secure in this digital age, forms part of this bill. Time and time again, we have heard examples of data breaches like that by the immigration department, where some 10,000 asylum seekers' details were accidentally breached as far as their security was concerned. It is important that, following the recommendations of the Law Reform Commission in 2008, those changes will finally be addressed in this bill. At the time we were debating my private senator's bill in this place, I was disappointed that it seemed that government senators were not going to support it. I am glad that they have seen the light.

I have raised a number of other aspects of this legislation that are great improvements. But, overall, regardless of those improvements—and they are very good—this bill was introduced very speedily and the government showed too little concern for the substance of the bill and the importance of getting it right. That is clearly on record with the bill that the government first introduced late last year. The government should have taken a different approach to this important piece of national reform dealing with security, privacy and our freedoms. There should have been a review of the data access regime, for example. Investigation should have been undertaken into whether warrantless access should have been allowed to continue at all. There has not been time to debate and go further into those issues because this government rushed this legislation into the parliament last year and has continued to rush it through the parliament this week. What we do have has gone through a very careful improvement in its design, due to the fact that my Labor colleagues on the PJCIS put in the effort and paid it the concern that was needed.

I will finish with a comment by former Senator John Faulkner, a former defence minister and someone who has very strong values in relation to freedom and privacy issues. He said that parliament must always strike the right balance between our security imperatives and our liberties and freedoms. That is what this bill should achieve. With any review in the future, that must always be at the forefront.