Data Retention Bill - Second Reader

8/10/2019 Data Retention Bill - Second Reader

1/7

SECOND READING SPEECH

Telecommunications Interception and ccess mendment (Data

Retention) Bill 2014

The Bill contains a package

of

reforms to prevent the further degradation of

the investigative capabilities of Australia s law enforcement and national

security agencies. The Bill will require Australian telecommunications

companies to keep a limited, prescribed set of telecommunications data for

two years. The Bill amends the

Telecommunications Interception and

Access Act 1979

(Interception Act), and the

Telecommunications Act 1997

(Telecommunications Act).

Modern communications technologies have revolutionised the ability of

people to communicate, collaborate and express themselves. Sadly,

however, these same technologies are routinely misused and exploited by

serious criminals and people engaged n activities prejudicial to security as

a core part of their

modus operandi

Telecommunications data (often described as metadata), which is

information about a communication, but not its content, therefore plays a

central role to almost every counter-terrorism, counter-espionage, cyber

security and organised crime investigation. It is also used

n

almost all

serious criminal investigations, including investigations into murder, serious

sexual assaults, drug trafficking and kidnapping.

The use of this kind of metadata is not new. Telephone companies have

always kept call records showing the numbers of both the A and B parties,

time of call, duration of call and often the location of both parties. These

records have been kept for billing purposes and generally still are. They are

Page 1 of 7


2/7

usually kept for periods longer than two years and have been accessed by

law enforcement and other agencies for many years without a warrant and,

of course, are regularly subpoenaed in civil proceedings as well.

However, service providers are keeping fewer records, and are keeping

those records for shorter periods of time.

n

June 2013, the Parliamentary

Joint Committee

on

Intelligence and Security (PJCIS) concluded that these

changes are harming law enforcement and national security capabilities,

and that these changes are accelerating.

Existing powers and laws are not adequate to respond to this challenge.

Preservation notices under the Interception Act can require carriers to

quick freeze records that they hold, but these notices cannot create

records that have never been kept, and cannot bring back records that

carriers have

deleted days, weeks or months before a crime

is

brought to

an agency s attention.

Simply put, investigations are failing.

For example, in a current, major child exploitation investigation, the AFP

has been

unable to identify 156 out of 463 potential suspects, because

certain providers do not retain the necessary

P

address allocation records.

These records are critical to link criminal activity online back to a real-world

person.

These impacts are not limited to law enforcement agencies.


3/7

Last year, a major Australian ISP reduced the period for which it keeps IP

address allocation records from many years to 3 months.

In

the 12 months

prior to that decision, the Australian Security Intelligence Organisation

ASIO) obtained these records in relation to at least 10 national security

investigations,

including counter-terrorism and cyber-security

investigations. If those investigations took place today, vital intelligence and

evidence would simply not exist.

No

responsible government can sit by while those who protect our

community lose access to the tools they need to do their job.

In

the current

threat environment, we cannot let this problem become worse.

ata retention

As such, this Bill will allow regulations to prescribe a consistent, minimum

set of records that service providers who provide services

in

Australia must

keep for two years.

A two year retention period is based on the advice of our law enforcement

and security agencies, as well as the experience of a number of foreign

jurisdictions. While many cases are solved within a few months,

investigations into serious and complex crimes and threats to security often

span many years, requiring access to older records.

The Government recognises that data retention raises genuine concerns

about privacy. We are committed to addressing these concerns.

As a starting point, the Government will release the draft data set and refer

it along with this Bill, to the PJCIS for review and public inquiry. The draft

data set is of course, not final, but it is already strictly limited. For example:


4/7

service providers will not e required to retain the content or

substance of any communication, including subject lines of emails or

posts on social media sites

the Act will expressly exclude a person s web-browsing history, and

providers will not e required to keep detailed location records that

could allow a person s movements to e tracked, akin to a

surveillance device.

The Government will carefully consider any recommendations made

y

the

PJCIS about the data set, or the broader regime provided for

in

the Bill.

There has also been a great deal o conjecture about how much data

retention may cost. As I have previously stated, the Government IS

committed to ongoing, good faith consultation with industry.

This consultation will continue over the coming weeks, in parallel with the

PJCIS inquiry, through a joint government/industry working group, headed

y

the Secretary of the Attorney-General s Department and deputy chaired

y

the Director-General of Security, Major General Duncan Lewis AO,

DSC, CSC (ret d) and Australian Federal Police Commissioner Mr Andrew

Colvin APM OAM. These consultations will focus particularly on settling

technical aspects of the data set and the costs of meeting the obligation.

Until industry consultations are complete, any speculation about the cost of

this scheme is premature and ill-informed.

What I can say is that, to date, our consultation with industry has been

highly productive. For example, based on industry advice, the Bill allows


5/7

individual service providers to develop an implementation plan that

provides a pathway to

compliance over up to

18

months. These plans will

allow industry and Government to prioritise the retention of data that

is

most critical to investigations, while allowing service providers to

significantly reduce their. costs

by

aligning any system changes with their

internal business cycles.

ccess arrangements

This Bill does not provide agencies with new powers to access

communications data; the Bill simply ensures that data will continue to

be

available to agencies as a part

o

legitimate investigations, subject to the

same, strict limits that currently apply.

In

fact, the Bill will strictly limit the range of enforcement agencies permitted

to access telecommunications data.

The Bill will allow traditional law enforcement agencies, such as the police,

customs, crime commissions and anti-corruption bodies to access this

information.

The Bill will also grant the Attorney-General the power to declare, v a

legislative instrument subject to Parliamentary oversight, additional

agencies. Before making such a declaration, the Attorney-General will

be

required to consider a range of strict criteria, including whether the agency

is subject to a binding privacy scheme.


6/7

afeguards

The Bill will also introduce a range of new and enhanced safeguards. In

particular, the Bill:

introduces, for the first time, independent and comprehensive

oversight of access to telecommunications data by enforcement

agenc es

requires the PJCIS to review the effectiveness of the scheme no more

than 3 years after the end of its implementation phase, and

requires the Attorney-General s Department to report annually on the

operation of the scheme.

The Government

is

considering reforms to strengthen the security and

integrity o Australia s telecommunication infrastructure by establishing a

security framework for the telecommunications sector. This will provide

better protection for information held

by

industry in accordance with the

data retention regime. The Government expects this reform will be finalised

well before the end of the data retention implementation period.


7/7

oncluding remarks

This Bill

is

critical to prevent the capabilities of Australia s law enforcement

and national security agencies being further degraded.

More broadly, this Bill demonstrates the Government s commitment to

ensuring that access to sensitive and personal information y such

agencies is strictly controlled through robust accountability processes.

ENDS

1,293 words

Approx. 13 minutes

t

100 wpm)

Documents

Data Retention Bill - Second Reader