Australia to get spooks charter at cost of at least AU$188m

Multi-party committee adds modest privacy enhancements to metadata retention scheme

Parliament House Canberra by Flickr user OzMark17 used under CC Share and Share alike licence

Australia's Parliamentary Joint Committee on Intelligence and Security (PJCIS) has recommended that the nation adopt a telecommunications metadata retention regime.

The Committee's report report (PDF) does recommend changes to the current Bill, including the proposed dataset being enshrined in legislation and therefore subject to Parliamentary scrutiny. The current Bill proposes the data set be defined by the Attorney General as a regulation, which could mean changes on ministerial whim.

There's also a call for mandatory breach reporting and funding assistance to ensure the regime does not disproportionately hurt small carriers and ISPs.

But opponents of the regime won't find much else to like in the report's recommendations, among which is a chance for the Attorney-General to add to the data set in emergencies, with declarations of such additions expiring after 40 sitting days of the Parliament. A similar recommendation suggests the Attorney-General be able to require new classes of service provider to collect metadata, again with a 40-day expiration and review.

Elsewhere., the AG's department says the capital cost of establishing a metadata collection regime will be “between AU$188.8 million and $319.1 million”. Those costs, the committee's report says, should be the subject of a “substantial contribution to the upfront capital costs of service providers implementing their data retention obligations.”

“Substantial” is left undefined, but the Department notes the figures quoted represent “less than 1 per cent of the $43 billion in revenue generated by the telecommunications industry annually” and that “ This estimate will inform the Australian Government in delivering on its commitment to make a reasonable contribution to the capital costs of implementation of the data retention regime.”

Another recommendation in the report calls for “criminal law-enforcement agencies, which are agencies that can obtain a stored communications warrant, [to] be specifically listed” in the eventual Act. But again the AG of the day will be able to add agencies to the list with 40-day expiration. There's also recommendation that the Australian Securities and Investments Commission (ASIC) and Australian Competition and Consumer Commission (ACCC) be classified as criminal law-enforcement agencies, making them able to access metadata.

The proposed dataset

  1. The subscriber of, and accounts, services, telecommunications devices and other relevant services relating to, the relevant service
  2. The source of a communication
  3. The destination of a communication
  4. The date, time and duration of a communication, or of its connection to a relevant service
  5. The type of communication or relevant service used in connection with a communication
  6. The location of equipment, or a line, used in connection with a communication

No requirement to obtain a warrant is evident in the report, other than the current regulations that insist law enforcement agencies must feel they are pursuing serious crimes before asking to see metadata.

Individuals will be able to access their own metadata if the report's recommendations are accepted, and telcos and ISPs will be able to charge them for the privilege of doing so. Encryption for retained data is to be mandatory.

The issue of whistleblower and media protection has been parked, with an additional inquiry suggested as the way to address those matters. For now there's a recommendation that if metadata is used to determine a journalist's sources, the Commonwealth Ombudsman or Inspector General of Intelligence should be informed of the request.

There's a strong recommendation that future scrutiny of the metadata retention regime's effectiveness should be conducted in public and a call for extra funding for the Ombudsman so that office can handle disputes about the scheme. But that review is many months into the future.

The Committee's members come from both Australia's government and opposition. The report's final recommendation - “ that, following consideration of the recommendations in this report, the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 be passed” - therefore means the nation will soon have a snooper's charter.

+Comment That the committee does so is a clear victory for the nation's law enforcement agencies and the government. Australia's opposition doesn't oppose national security measures in order to avoid being made to look disinterested in the nation's defence. The inclusion of a breach disclosure requirement and encryption are therefore very small wins for the scheme's opponents. ®




Biting the hand that feeds IT © 1998–2019