The contentious data retention laws passed by the Federal Parliament in 2015 which allowed Telecommunications companies and Internet Service Providers until April 2017 to fulfil their implementation plans are now in effect.
The data retention laws require telecommunications companies and Internet Service Providers to keep records of consumer metadata for a minimum period of two years.
Law enforcement agencies have publicly identified the lack of availability of data as a key and growing impediment to the ability to investigate and to prosecute serious offences.
The changes to the data retention laws provide additional tools which reflect the level of change in the telecommunications environment in the last 15 years.
To better understand the laws we have provided an overview below of some of the key issues.
The type of data which must be retained includes phone numbers, length of phone calls, general location information (such as cell tower data), information about the duration of the communication, email addresses and the time a message was sent, but not the content of phone calls or emails and internet browsing history is excluded.
A simple example of what constitutes metadata is when you make a phone call, what you say is the content. The metadata is the technical information about the phone call. Information like the phone that you used, the number you dialled, and when and what the phone connected toare all recorded as metadata.
The retention of the data will allow security agencies to access the records, assisting to support Australian law enforcement and security agencies in the performance of their functions.
Prior to the changes, the law did not specify any types of data the telecommunications industry should retain for law enforcement and national security purposes or how long that information should be held.
Individual carriers retain information based on their own business requirements meaning there are significant variations across the telecommunications industry in the types of data available to law enforcement and national security agencies and the period of time that information is available.
Security agencies (there are 21 agencies that can gain access to the metadata) can be given access to the data when they can make a case that it is “reasonably necessary” to an investigation.
The data retention laws still require security agencies to obtain a warrant before accessing the actual content of messages or conversations.
Safeguards have been established to protect privacy by providing for an independent oversight mechanism, allowing the Commonwealth Ombudsman access to agency records.
Specific protections for the phone and internet records of journalists have also been introduced, in a bid to protect anonymous sources and whistleblowers.
Similar data retention schemes overseas have been condemned and invalidated for their interference with privacy and civil liberties and are currently under challenge in various countries causing civil libertarians to raise their concerns.
Arguments against the data retention laws include that:
On the other hand proponents of metadata retention laws say that in a connected world metadata is central to virtually every organised crime, counter-espionage, cybersecurity and counter-terrorism investigation, and has also used in almost every serious criminal investigation, such as murder, rape and kidnapping.
The data retention laws do not provide new powers or access to telecommunications data, the number of agencies permitted to access metadata has been reduced and the government will not be retaining the data, the industry will continue to do so.
The Joint Committee on Intelligence and Security, who conducted a review of the need for the data retention laws and proposed amendments that were included in the final laws, consider that the data retention laws were “a necessary, effective and proportionate response to the serious threat to national security and public safety caused by the inconsistent and degrading availability of telecommunications data”.
For consumers, this means those agencies which have access will be able to access metadata relating to their personal computer, work computer, mobile phone, landline, tablet, laptop or any other communications device.
For journalists, extra protection will be provided in order to protect confidential sources, but for other professionals who might handle confidential information, the data retention laws will provide no exemption.
For more information on the data retention laws or for advice on how you or your business could be affected contact us on(02) 9274 8820 or email email@example.com.