Vic Police want warrant-free access to MAC addresses, destination IP details

Wishlist for data retention regime revealed

network abstract smaller
Dell EMC

Victoria Police have used a parliamentary review of Australia’s data retention regime to call for greater access to a range of data relating to IP traffic.

As part of Australia’s data retention regime, ‘enforcement agencies’ can access a range of ‘historical’ telecommunications data without obtaining a warrant. ‘Criminal law enforcement agencies’ such as the state and federal police forces can also authorise the disclosure of prospective data; that is, telecommunications data that is created during the period covered by an authorisation issued by the relevant agency.

An authorisation for prospective data can only last for 45 days or less and must be considered reasonably necessary for the purposes of investigating an offence that can lead to a jail sentence of at least three years.

Only certain data types are covered by the metadata regime, and accessing the ‘content’ of a communication requires a warrant.

In a submission (PDF) to the review, being conducted by the Parliamentary Joint Committee on Intelligence and Security (PJCIS), Victoria Police argued: “Metadata such as date/time, media access control (mac), source and destination internet protocol (IP) addresses, user agents, domain information, and ports and protocols used in IP sessions would provide value in knowing what IP-based communication is occurring on a targeted subscriber’s internet session.”

Accessing the “metadata” using a prospective information authorisation issued under Section 180 of the Telecommunication (Interception and Access) Act would be “less intrusive” than obtaining a call interception warrant, Vic Police argues.

“Victoria Police requests the Review explore whether carriers have the capacity to filter the metadata from the content with a view to providing this metadata to law enforcement agencies under section 180 of the TIA Act,” the submission states.

Currently, the data retention regime covers a range of subscriber information, as well as data about the source and timing of a communication and the destination of a communication, although it specifically excludes web-browisng history, including IP addresses.

Victoria Police has also called for government regulations to standardise the formats of the data it obtains from telcos.

“It is reassuring to Victoria Police that specified information is available to law enforcement agencies under the mandatory data retention regime,” the submission states.

“However, disparate datasets are received from providers including different format and content. This creates an administrative burden for Victoria Police members who spend large amounts of time re-formatting data in order to firstly make sense of the data and then utilise it to develop an accurate depiction of the links between parties involved in the offending.”

The government should also consider regulations governing how much telcos can charge for fulfilling data requests, Victoria Police believes.

“Cost considerations are taken into account by authorised officers before approving requests for data and this can occur to the detriment of the investigation,” the submission states.

Both ASIO and Queensland Police have used the inquiry to argue the government should consider increasing the existing 24-month period of the data retention regime. Victoria Police said that the existing retention period should be maintained, noting that the current legislation does not prevent carriers retaining data for longer .

Related:

Copyright © 2019 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon