Data retention: EFA calls for govt to reject orgs seeking ‘metadata’ access

Civil liberties advocacy group Electronic Frontiers Australia has called on Attorney-General George Brandis to reject the majority of the organisations that have sought ongoing authorisation to access telecommunications data without a warrant.

After the data retention regime came into effect in October last year, the number of organisations authorised to obtain warrant-free access to the data retained to comply with the scheme was significantly reduced.

The list of authorised organisations was restricted to state and federal police forces, the Australian Crime Commission, state and federal anti-corruption organisations, Border Force, and a number of other organisations including the Australian Competition and Consumer Commission, and the Australian Securities and Investments Commission.

Prior to the data retention legislation taking effect, telco metadata could be accessed by any agency that met the definition of "enforcement agency" under the Telecommunications (Interception and Access) Act 1979.

That definition included any organisation that enforced a criminal law, a law imposing a pecuniary penalty or a law that protected public revenue.

The data retention legislation allows the government to temporarily authorise further organisations. The list can also be expanded permanently through parliament.

Documents released yesterday after FOI requests by Future Wise privacy analyst Geordie Guy and online publication ZDNet revealed 61 organisations are seeking to be added to the list of authorised agencies.

In a statement the EFA highlighted a number of organisations that in its view have no place seeking to be added to the list, including Bankstown City Council, Australia Post, the National Measurement Institute, South Australian Department of Primary Industries and Regions, the WA Department of Mines and Petroleum, Greyhound Racing Victoria, and the Victorian Taxi Services Commission.

“The restricted list of agencies able to access telecommunications data is the first and only meaningful limitation on the previously unfettered access to this information by any public or quasi-public agency,” said EFA executive officer Jon Lawrence.

“If the Attorney-General is serious about the integrity of his legislation and about protecting the civil liberties of all Australians, then he must act swiftly to reject the majority of these applications.”

Lawrence said that a warrant should be required before accessing individuals’ metadata. Currently the only instance in which an authorised organisation must obtain a warrant before accessing historical telco data is if it seeks to scruitinise the ‘metadata’ of a journalist in order to identify the source of a story.

"About the only justification for the Data Retention Act from Senator Brandis that was universally accepted is the fact that it significantly reduces the number of agencies that can unilaterally access our personal and private data," Internet Australia CEO Laurie Patton said.

Patton said that in Internet Australia's view, a “fringe agency” that wants to access data covered by the scheme should do so via the Australian Federal Police or a state police force and be required to prove it has a "serious and justifiable reason".

"If the government expands the list of agencies with access under the Data Retention Act it will bring into further disrepute a piece of legislation that many lawyers and security professionals continue to call into question,” Patton said.

Copyright © 2016 IDG Communications, Inc.

Shop Tech Products at Amazon