David Shoebridge (NSW, Australian Greens) Share this | Hansard source

I rise, on behalf of the Greens, to indicate that the Greens won't be opposing the Telecommunications Legislation Amendment (Information Disclosure, National Interest and Other Measures) Bill 2022, and I note the work of my colleague Senator Hanson-Young both on the committee and on the substantive work in relation to this bill.

The Greens have longstanding concerns about the history, within a variety of law enforcement agencies, of noncompliance with key reporting and record-keeping requirements with regard to telecommunications intercepts and other secretly obtained information. That includes repeated failure to properly store and properly protect, or to destroy, as required under legislation, sensitive data. Whilst we accept that with this bill there is an intention to use these powers in strictly limited circumstances—those relating to serious threats to life—there is the possibility of the powers being used for broader law enforcement measures, and that will require real and ongoing oversight to prevent mission creep.

I've read the report from the deputy coroner and I understand the circumstances that led to that recommendation. Implementing that recommendation is a public good. Hopefully, this will give a power to the AFP and state police to, where there is a serious threat to life, find somebody and help them. I think we are all on board with that as the overall objective in this bill, and those of us who have read the deputy coroner's report understand the rationale behind it.

That being said, this parliament has previously passed laws that have put in place constrained powers for telecommunications intercepts, and clear reporting measures, and the AFP and state and territory police have routinely ignored those legislative bounds. They have routinely breached privacy laws and routinely breached the laws of this parliament and the restrictions they have. This isn't simply my assertion. I say this having read repeated reports from the Ombudsman, who has an obligation to oversight telecommunications intercepts. The Ombudsman, in a series of reports, has found that the AFP, amongst other law enforcement agencies—including, as I said, state and territory police—repeatedly break data protection laws, including by wrongly accessing personal communications data and failing to properly store, protect or destroy it. Those breaches are reported year in and year out by the Ombudsman. The Ombudsman's reports have also found, repeatedly, that police across the country aren't even aware of their legal obligations for data collection, of the steps they have to undertake when they make the requests or of the key provisions that you'd think would ring warning bells with them, like recordkeeping for journalists' information warrants. The Department of Home Affairs has been woefully inadequate here, because it has provided no materials or guidelines for authorised officers when making requests. And this hasn't been in just one Ombudsman's report; this has been in Ombudsman's report after Ombudsman's report, going back years.

So, yes, when we read this legislation we can see that there are checks and balances in it. But, whatever we put in the legislation, the Green's fear is that the people who are meant to enforce the law will just ignore it—particularly the Australian Federal Police. Whatever we put in the law they will just ignore and use the powers regardless. And we have that fear because that's what they have done repeatedly in the past. Given the evidence that police and other agencies routinely break the existing laws to protect our private data, we have a very real concern about how they will use these laws going forward, so we will keep a close watching brief on how these laws will be used going forward. There is a serious lack of transparency in this country in how police gather and manage people's data, and we will examine how these laws are operating closely and critically to ensure that further infringement on people's privacy—unlawful infringement by law enforcement agencies, particularly at a time of unprecedented cyberattacks and other attacks on our personal data—will not be part of the landscape.

I'm sure we've all been concerned about how our private data is being accessed unlawfully through cyberattacks by unlawful operators, criminal gangs and people who want to use our data for their own financial advantage or to blackmail corporations or governments. But we should be even more concerned when our law enforcement agencies are accessing our data and breaching our privacy unlawfully. Tragically, they have a real documented and repeated record of doing that.

Yes, let's pass these laws and let's put the protections in place. It's right to put these protections in place, but let's not pretend that by passing the laws the police will comply with them. They probably won't. We should commit collectively to holding the police and other law enforcement agencies to account for the laws that this place passes.