Why is it important for the Australian Government to lawfully access metadata?
Metadata plays a central role in almost all serious criminal and national security investigations, which is why it’s so critical that our law enforcement and security agencies continue to have the ability to lawfully access this kind of data in connection with their investigations. For example, child exploitation investigations rely heavily on access to metadata as perpetrators primarily share information online.
Why does Australia need a data retention scheme?
Changing business models and technology mean that many telecommunications companies are no longer retaining some types of data, or are not retaining it for a useful period of time for law enforcement and security investigations. Inconsistent retention and unavailability of data has hampered investigations and prevented perpetrators from being brought to justice.
Is the Australian Government asking industry to retain the content of communications?
The Australian Government is asking industry to keep a limited range of metadata, which is information about a communication (the who, when and where)—not the content or substance (the what) of a communication. For phone calls, metadata is information like the phone numbers of the people talking to each other and how long they talked to each other— not what they said. For internet activity, metadata is information such as an email address and when it was sent—not the subject line of an email or its content
Of particular importance to investigations is the IP address allocated to a user’s device (eg mobile phone or computer) by their internet service provider. This is a critical piece of data for law enforcement and security agencies because it enables them to match a device to a name. For example, an overseas police service may find a computer server that provides child pornography and was accessed by IP addresses in Australia. In this case, the Australian Federal Police would seek information about which customer was using that particular IP addresses at that particular time.
Is the Australian Government asking telecommunications companies to keep web-browsing histories?
No. The government is not asking internet service providers to retain a person’s web-browsing history or any metadata that would amount to, or reveal web-browsing history.
Will data retention be used for copyright enforcement?
The Telecommunications (Interception and Access) Act 1979 only allows access for limited purposes, such as criminal law enforcement matters. Breach of copyright is generally a civil law wrong. The Act will preclude access to telecommunications data retained solely for the purpose of complying with the mandatory data retention scheme for the purposes of civil litigation.
Will social media be included in the retention scheme?
No. Australian law will apply to entities that provide telecommunications services based in Australia. Social media providers (such as Facebook, WhatsApp, Viber, Twitter and Instagram) will not be covered by this scheme, although they may be subject to similar obligations in other countries, either now or in the future.
Australian internet service providers will not be required to keep data about what a person does on social media in the same way they will not be required to retain browsing history.
Who will be covered by exemptions?
Exemptions or variations may be available to industry participants where their services are of limited national security or law enforcement interest, or where the cost of compliance would be unusually high. Exemptions may be tailored to cover various types of services, retention periods, or entire individual service providers.
Who can access the data?
The government will reduce the number of agencies permitted to access metadata. Only agencies that have a clear need for such access and well-developed internal systems for protecting privacy, such as law enforcement and intelligence agencies will be able to access the data. Data must be reasonably necessary for the purposes of investigating criminal offences and other permitted purposes.
Why does the metadata need to be retained for two years?
Law enforcement and national security agencies suggest that a data retention period of two years is necessary to maintain our agencies’ investigative capabilities. The majority of requests relate to data less than six months old because they are straightforward and simple cases. Serious and complex cases—such as terrorism, espionage, organised crime, financial crime and public corruption—often involve lengthy investigations that require data older than six months.
Why are warrants not required to access metadata?
Warrants are typically reserved for the most intrusive powers, such as the power to use force to enter a home, to intercept phone calls, or to arrest a person. Many powers, including access to metadata, simply do not rise to that level. However, the government will introduce comprehensive, independent oversight of any enforcement agency that accesses metadata by the Commonwealth Ombudsman.
ASIO and enforcement agencies are required to obtain a journalist information warrant prior to authorising disclosure of telecommunications data to identify a journalist’s source.