On 26 March 2015, the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 (Bill) passed Federal Parliament. The Bill, which amends the Telecommunications (Interception and Access) Act 1979 (TIA) and the Telecommunications Act 1997(Telecommunications Act) was introduced in October 2014 and later redrafted on the advice of the Joint Committee on Intelligence and Security (JCIS).

Operation of new laws

The Bill introduces statutory obligations on Australian Internet Service Providers and telecommunications carriers, who will be required to retain prescribed consumer metadata for a minimum period of two years. Currently, this data is retained for varying durations in an unregulated environment.

The measures contained in the Bill will ensure the retention of basic data, such as the time, date and location of a communication, as distinct from its content, that can assist to support Australian law enforcement and security agencies in the performance of their functions.

The Bill also establishes safeguards to protect citizens' rights and liberties, by providing for additional oversight of security and law enforcement agencies, including:

  • new oversight powers to the Commonwealth Ombudsman
  • a reduction in the number of agencies accessing metadata from over 80 to 21
  • specific protections for journalists and their sources.

Security agencies will be given access to the metadata when they can make a case that it is "reasonably necessary" to an investigation, but will remain subject to the requirement of obtaining a warrant before accessing the actual content of communications.

Basis of new laws

The Government believes data retention laws are crucial to thwart terrorism attacks and prevent serious crime. It identifies metadata as central to many counter-terrorism, organised crime, counter-espionage and cyber-security investigation, as well as many serious criminal investigations, such as murder, rape and kidnapping.

The JCIS considers the Bill to be "a necessary, effective and proportionate response to the serious threat to national security and public safety caused by the inconsistent and degrading availability of telecommunications data".

While the right to privacy and the principle of freedom of the press are fundamental to the Australian democracy, the Government justifies the laws by recognising that access to telecommunications data infringes less on personal privacy compared with other covert investigative methods, as it does not include the content or substance of the communication.

Criticism of the new laws

Critics have expressed their dissatisfaction with the Government's position, raising concerns that the metadata could be used to abuse their rights and undermine their freedom. Such critics argue that these laws effectively entrench a form of passive surveillance over 23 million people.

Critics consider that the ability to investigate illegal downloads, piracy and cyber crimes may mean that these laws could be employed with an additional focus on individual copyright infringement.

Also, critics note that the cost of implementing these new laws is expected to be up to $300 million per year, which amount is likely to be passed on to the end user of internet services. Critics consider such amount will represent a "surveillance tax" payable on internet bills.

Application of technology

It has been suggested that persons seeking to evade the data retention measures may take steps such as installing a foreign-based Virtual Private Network (VPN). VPN's make a secure, encrypted connection from a computer, through its ISP to a foreign VPN server. The only observation an enforcement agency would be able to make is that the individual is using a VPN. There is nothing the Government can do to stop Australians using VPNs in this way, unless attempts are made to block all VPN traffic, which would cause major disruption to legitimate business users.

Communications Minister, Malcolm Turnbull, has also indicated a number of other means in order to avoid the data retention by utilising applications such as Skype, Viber, Whatsapp or Wickr.

Business application

Despite the Bill's passage, the data retention obligations do not begin immediately. Telcos and ISPs will have until 2017 to fulfil their implementation plans, at which time the effects of these laws will become wide-reaching.

For consumers, this means eligible agencies will be able to access metadata relating to their personal computer, work computer, mobile phone, landline, tablet, laptop or any other communications device. For journalists, extra protection will be provided in order to protect confidential sources, but for professionals such as doctors and lawyers who regularly handle confidential information, the laws will provide no exemption.

This publication does not deal with every important topic or change in law and is not intended to be relied upon as a substitute for legal or other advice that may be relevant to the reader's specific circumstances. If you have found this publication of interest and would like to know more or wish to obtain legal advice relevant to your circumstances please contact one of the named individuals listed.