[6] It was supported by law enforcement and national security agencies, including the Australian Federal Police and ASIO, who argued telecommunications data is critical to criminal investigations and that it is only through legislation that they can be assured that it will be available.
[7] Their objections were made on a number of grounds, such as the consequences for journalism and journalistic practice, the non-proportionate and increasing encroachment of the privacy of Australia's population, and the effectiveness of the regime as a tool to combat crime.
[15] On 4 May 2012, the Gillard government announced plans to review a range of national security legislation, including that covering "lawful access to telecommunications… to ensure that vital investigative tools are not lost as telecommunications providers change their business practices and begin to delete data more regularly."
Though the paper contained eighteen proposals and forty-one individual reforms, the suggestion that carriage service providers (CSPs) be required to retain information on the way Australians use the internet and mobile phones elicited much consternation and comment from the community.
This was a point the Committee highlighted in its final report to the Government:"The potential data retention regime attracted a large amount of criticism and comment from organizations and concerned individuals.
According to the Memorandum, section 187AA ensures the ‘legislative framework gives service providers sufficient technical detail about their data retention obligations while remaining flexible enough to adapt to future changes in communication technology’.
Paragraph 187A(4)(b) puts beyond doubt that service providers are not required to keep information about subscribers' web-browsing history For internet sessions, this is when a device or account connects to a data network, and ends when it disconnected.
Section 187LA requires service providers to 'take such steps as are reasonable in the circumstances to protect (personal) information from misuse, interference and loss and from unauthorised access, modification and disclosure'.
These privacy safeguards are in addition to pre-existing obligations under clause 4.6.3 of the Telecommunications Consumer Protection Code which require service providers to have 'robust procedures to keep its customers' personal information in its possession secure and restrict access to personnel who are authorised by the Supplier'.
This scheme, requires ASIO and other law enforcement agencies to obtain a warrant prior to authorising the disclosure of telecommunications data for the purposes of identifying a journalist's confidential source.
Section 180X creates the role of Public Interest Advocate, who considers and evaluates journalist information warrants made by ASIO and law enforcement agencies pursuant to s 180L and s 180T respectively.
According to the Memorandum, this section ensures only bodies or authorities with a demonstrated need for access to telecommunications data can authorise service providers to disclose information.
The Memorandum claims that this means the retention of specified dataset under s 187AA, while an interference with privacy, is reasonable and is proportionate to and necessary for the legitimate aim of ensuring law enforcement and intelligence agencies have the investigative tools to safeguard national security and prevent or detect serious and organised crime.
The CJEU considered that the extent of interference proposed by the EU Data Retention Directive was disproportionate to the objective being achieved, and more broadly, was not compatible with applicable human rights instruments.
According to the Memorandum, this oversight model promotes the right to privacy by confirming the Ombudsman's ability to audit an agency's use of its powers to access stored communications and telecommunications data under the original Act.
According to the Memorandum, the Act could potentially restrict the right to freedom of expression, as some persons may be more reluctant to use telecommunications services to seek, receive and impart information if they know data about their communication is stored and may be subject to lawful access.
Telecommunications data accessed during the initial stage of an inquiry assists law enforcement officials to understand the lives of victims, identify potential perpetrators, and construct pictures of their networks.
The narrower margin is particularly evident in relation to lone wolf threats: such persons have limited, if any, contact with other known extremists, giving authorities fewer opportunities to detect their activities and intentions.
The APF, quoting the decision of the Court of Justice of the European Union in Digital Rights Ireland, stated that metadata, ‘taken as a whole may allow very precise conclusions to be drawn concerning the private lives of the persons who data has been retained’.
Further, while the Memorandum to the Bill recognised that ‘text messages and e-mails stored on a phone or other communications device are more akin to content than data’, the LCA claims it did not adequately explain how this is so.
In particular, the LCA was concerned that it was unclear in the Memorandum and Bill how the content and substance of communications would be separated and filtered from the non-content by service providers in the course of meeting their data retention obligations.
The LCA, however, argued these amendments allowed the Government to expand the list of agencies that can access retained data without parliamentary scrutiny and that this was an example of another inappropriate delegation of power in the Bill.
[59] In its submission, the LIV considered these functions as incredibly broad and a reflection of the pre-existing and problematic situation under the original Act, where an unknown number of diverse federal, state and even local government entities can access telecommunications data.
In support of the Bill, Representative Sensenbrenner and Democrat Patrick Leahy stated that ‘it is simply not accurate to say that the bulk of collection of phone records has prevented dozens of terrorists’ plots’ and that their position was bi-partisan.
[61] The CCLS and the APF concluded that the available evidenced-based research suggested a high degree of uncertainty as to the effectiveness and legitimacy of mass data retention regimes in preventing terrorism and other serious crime.
On 9 March, the chair of the Australian Press Council, Professor David Weisbort said that if the Bill was passed into law as it stood the field of journalism would be adversely affected as whistleblowers would no longer be willing to come forward.
Alarmed by growing criticism from the media, and committed to passing the Bill before the scheduled Easter recess of both Houses of Parliament, the Government assembled a team of high-ranking public servants including national security adviser, Andrew Shearer and Australian Federal Police Commissioner, Andrew Colvin, to meet with executives from News Corporation, Fairfax, the Australian Broadcasting Corporation (ABC) and representatives from the Media, Entertainment and Arts Alliance (MEAA) to discuss their concerns.
[75] Law enforcement and other agencies seeking to view the metadata of journalists can only do so where a judicial officer or a legal member of the Administrative Appeals Tribunal has issued a warrant.
[79] The Attorney General's Department commissioned consulting firm Price Waterhouse Coopers (PWC) to provide high level costs for the initial implementation of the data retention scheme.
"When designing the funding arrangements to give effect to this recommendation, the Government should ensure that an appropriate balance is achieved that accounts for the significant variations between the services, business models, sizes and financial positions of different companies within the telecommunications industry."