David Leyonhjelm (NSW, Liberal Democratic Party) Share this | Hansard source

I rise to oppose passage of the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. I do so despite the fact that there are 10 amendments circulating in my name. These amendments will do the following: (1) require a warrant not just for access to journalists' metadata but also for access to the metadata of lawyers and medical professionals—lawyers have expressed particular concern about threats to legal professional privilege; (2) use the definition of 'journalist' in the Commonwealth Evidence Act so that freelancers are protected by Labor's warrants regime; (3) reduce the period of data retention from two years to three months, consistent with commercial practice among ISPs; (4) limit the use of retained data to serious criminal offences; (5) remove ASIC and the ACCC from the list of law enforcement agencies; (6) provide for a warrants regime that protects members of the general public; (7) ensure a definition of 'content' is included in the bill; (8) ensure that the most invasive parts of the bill will sunset rather than being merely reviewed by a committee that includes no crossbenchers or Greens; (9) prevent the addition of further agencies to the list of law enforcement agencies in order to halt creeping government overreach; and (10) provide that the penalty for disclosure of a warrant is reduced significantly from the current two years imprisonment and subject to a public interest test.

I wish to make it very clear that even if all my amendments were to pass—in addition to those proposed by Senators Ludlam, Xenophon and Wang—this would still be bad law. I recognise that I am on the losing side in this matter, so I propose to do two things here. First, I want to explain why one does not protect a free society by legislating liberty away. Secondly, since so few people seem to understand what this bill purports to do, I will explain exactly what it means in practical terms. Everyone has something to hide, and something to fear, from mandatory data retention. It is one thing to require monitoring of certain individuals where there is reasonable cause; but the idea that the government needs to store everyone's metadata without cause, including my 84-year-old mother's, should not be countenanced.

Data retention will do nothing to save us from terrorists. Paedophiles are already canny enough to use the 'dark net' and avoid it. Data retention instead places the entire population under surveillance no matter who they are or how blameless their lives. And thanks to its sheer volume, it will make terrorism harder, not easier, to track. This emerged in the wake of the Charlie Hebdo attacks in France; in fact, even real-time collection of targeted metadata was of no benefit to France's police. For the record, I have no problem with data retention when it comes to genuine suspects. But what the attacks in France show is that sifting through data is difficult. It places a significant burden on law enforcement. In France the perpetrators were dropped from watch lists. Finding a needle in a haystack is not made any easier by adding more hay to the stack.

ISPs such as iiNet, TPG and iPrimus, along with Telstra and Optus, will also be liable for hundreds of millions of dollars in storage costs, which raises the obvious question: who pays? This bill, as amended—thanks to the PJCIS report—now provides for the Commonwealth to make financial assistance available to ISPs to help pay for this wretched scheme. When you hear the word 'Commonwealth', remember, it really means 'taxpayer'. Wonderful—we will pay for the privilege of being spied on through our phone bills and through our taxes! And we really are talking about everyone—Air Chief Marshal Mark Binskin, Chief of the Defence Force; Duncan Lewis, the head of ASIO; and Prime Minister Tony Abbott. And unless the bill is amended to ensure data is retained in Australia, it may be simpler to bundle up two years worth of all our personal information and send it directly to the Chinese. After all, cloud storage is cheaper over there and access will not be subject to Australian law.

Then there is the basic reality that the government already has substantial powers to deal with terrorists and paedophiles. Apart from the fact, as Bret Walker SC often points out, that violence and conspiracy to commit violence have always been crimes, Australia's security agencies have extensive surveillance powers. They can, for example, obtain data preservation orders, ensuring metadata is retained and an individual's activities on the internet are examined. They can obtain warrants to intercept phone calls. People can be held and compelled to answer questions. Preventative detention orders and control orders, without any crime having been committed, restrain people from leaving their homes, if it is suspected they may commit a crime in the future. Passports can be cancelled. These powers are already so over the top that there is a serious case to be made that they are incompatible with the rule of law in a liberal democracy. Preventative detention orders and control orders, for example, are a direct assault on the presumption of innocence. They allow people to be locked up without a finding of guilt. And this in 2015, the 800th anniversary of Magna Carta, the source of the presumption of innocence at common law!

In preparing these remarks I tried to avoid references to George Orwell's Nineteen Eighty-Four. Too often banal developments are equated to this depressing future world. But in trying to describe the pervasive impact this law will have on our lives, there really is no better reference. In 1949, Orwell wrote of CCTV listening to our every word, in every room and alleyway. Had he imagined the advent of the internet and smartphones and the concept of metadata he would surely have written of the 'Ministry of Retention', tracking every step and every conversation with every device we use.

Government agencies already exploit the information they have about us in disturbing ways. In the year to June 2013, there were almost 320,000 authorisations to access telephone records, including 375 by Australia Post and 15 by Wyndham City Council, in Victoria. Stored data is a honeypot for intrusive snoops and bullies. And those are only the legal ones. That is why it is important to be aware that these immense data retention powers will not be used to fight terrorism. They are not really suited to that. As happened with the UK's Regulation of Investigatory Powers Act, RIPA, it is likely they will be used for minor welfare fraud, unpaid parking fines and catching petrol stations engaging in the heinous crime of comparing petrol prices. The latter is especially likely now that the ACC and ASIC have been added to the list of law enforcement agencies.

The idea for data retention of this type came from Europe, which is why Europeans were the first to appreciate that its record in crime clear-up is poor. Germany's parliamentary research unit, for example, surveyed that country's crime statistics, between 2005 and 2010, and found no evidence to suggest that data retention helped solve serious crimes. It was marvellous, though, for catching people who did not pay their rates or who evaded road tolls.

In April last year, the European Court of Justice overturned the EU's Data Retention Directive, in large part because data retention makes life miserable for law-abiding citizens, while criminals dodge it.

This bill shows government and opposition alike view ordinary people as criminals in waiting. Similar thinking in the past led to proposals for a national identity card to prove we officially exist and for national fingerprint and DNA databases to track us down when we inevitably offend.

What has been forgotten in all this is the fact that it is the state that poses the greatest threat to our freedom, not criminals and terrorists. It is the state that requires watching, not the people. We, the people, should hold the government to account. It is not a legitimate role of government to require us to account for ourselves, unless there is a reasonable suspicion that we have committed or are about to commit a crime.

For police forces across the land to so strongly support mandatory data retention, as their submissions to the PJCIS made clear, suggests they have all forgotten Peel's principles of policing, where the police are the public and the public are the police. ASIO's claim that data retention is justified, thanks to Edward Snowden's exposure of massive US government encroachment on privacy, is Orwellian.

And the claim by our own secret police, the Australian Crime Commission, that not having access to data is equivalent to having two hands tied behind their back, suggests the ACC is ineffectual and should be abolished. This would, of course, represent a considerable saving to the taxpayer.

It is high time that police and security agencies alike rediscovered their erstwhile status as public servants, not public masters. It would be helpful if they returned to real police work. It is legitimate to monitor the data of actual suspects, subject to appropriate oversight, as with traditional phone tapping, but it is not legitimate to treat every Australian as a potential criminal.

Now to my second point: what does mandatory data retention look like in practice? It has become clear to me that many people do not grasp just what this bill involves. Senator Ludlam has explained many of the technical aspects, and I mean no disrespect to him when I say that we need to better understand how it will work. Maybe what follows will convince a few brave souls to join those of us voting against this bill. And remember: mandatory data retention will apply to everyone, not just individuals of interest.

Late last year I undertook a controlled experiment. With the assistance of Mark White, of The Sydney Morning Herald, I had a technical firm record my metadata for a month to see what it revealed. This process deliberately avoided anything to do with my role as a senator. Before entering parliament I ran an agribusiness consulting company; I still have it. Data-monitoring equipment was installed in my business office and connected to the router. Because it only collected data relating to office traffic—my smartphone is tied to my job as a senator—there was no geographical information. This is important to bear in mind, because it was still spectacularly invasive. Without knowing any more than the company's name, in less than a day metadata revealed the business sector in which it operates. It was possible to work out which bank it uses, a record of its purchases, and a record of its staff's purchases—everything from furniture to renovations to compulsory third party insurance. Metadata also revealed how often and for how long staff used social media like Facebook, where they planned to go on holiday, what they wanted to buy for Christmas, and—chillingly—when a female member of staff knocked off early. As an employer, I have never been interested in monitoring people in this way. I have always taken a dim view of bosses who time their employees' loo and cigarette breaks. But at least a worker has a fighting chance of telling that person or company where to get off. Trying to tell the government—which is far more powerful than any employer, union, or professional association—where to get off is another kettle of fish completely.

Despite my desire to keep politics and business separate, metadata also revealed my membership of the Inner West Hunters Club and the subjects I and other members discussed in group emails, including gun law reform. I was not the only person identifiable, either—everyone who corresponded with me also had their identities revealed. It was possible to establish who was publicly in favour of gun law reform, and who was in favour of it privately but unwilling to say anything about the issue in public for, say, employment reasons. The possibilities for blackmail are obvious. Had the analysis included a smartphone, it would have been easy to leap to conclusions based on my location. What would a telephone call or Google search placed in front of a brothel, gay bar or abortion clinic reveal? That will be known from the metadata. Imagine if the caller were not me—with my classical liberal views—but a conservative Christian politician. What mischief could be had at his or her expense?

Yes, it is true that mandatory data retention is relatively easy to evade. My company could start using proxy servers, for example, and its staff could communicate with each other using wickr—which encrypts messages and destroys metadata—instead of normal text messaging. I have no doubt that many people—both criminal and not—will respond to passage of the bill in this way.

But why should a company concerned with the business of keeping animals healthy and crops productive be treated as though its employees are all potential criminals? Among other things, it has an interest in fertilisers. Terrorists use fertiliser. Do you see where this is leading? That is the nub of this issue. Mandatory data retention forces all of us to evade our own government. This is not how the system is supposed to work. What sets liberal democracies apart from authoritarian regimes of every stripe is the relationship between the citizen and the state. The citizen does not just enjoy the ability to 'kick the bums out' at election time. The citizen also has the capacity to hold the government to account, to reject its meddling in his or her life, to come and go as he or she pleases, to tell it where to get off, all subject to few or no controls. When we legislate those capacities away—allowing the state to hold the citizen to account, subjecting the citizen to state control—we then come to resemble the authoritarian regimes we are fond of criticising. Do we really wish to be spoken of in the same breath as Indonesia or Malaysia, whose citizens are monitored extensively and where there are widespread constraints on press freedom? And, make no mistake, these laws will persist, ripe and ready for future misuse by governments of every stripe.

This is bad law—law that compromises our rights and freedoms, treats us all as criminals-in-waiting, and invites abuse and overreach. It is wrong on every level. This bill should not be entertained in a liberal democracy such as ours.