Data retention proposal still hazy, even within Govt


news The Federal Government’s data retention proposal was still largely incomplete and being internally evaluated as of late 2011, new documents released under Freedom of Information laws have shown, despite the fact that the controversial plan is several years old and has become part of a concrete package of reforms aimed at increasing surveillance powers.

Bear with this article; it will get a little complex at times ;) These are murky waters. But it’s worth sticking with it to understand what is going on here.

The proposal — known popularly as ‘OzLog’ — first came to light in June 2010, when the Federal Attorney-General’s Department confirmed it had been examining the European Directive on Data Retention (PDF) to consider whether it would be beneficial for Australia to adopt a similar regime. The directive requires telcos to record data such as the source, destination and timing of all Australian emails and telephone calls – even including internet telephony, meaning that it would be a relatively simple matter for Australian law enforcement agencies to gain access to a great deal of extremely detailed data regarding communications between Australians suspected of breaking laws.

Further details of the plan were revealed in October that year in a tense session of the Senate’s Environment and Communications References Committee, where Greens Senator and Communications Spokesperson Scott Ludlam was able to coax a group of nervous bureaucrats from the Attorney-General’s Department into discussing the proposal at length.

In early May, it was revealed that the data retention proposal would become part of a major new package of reforms which would deliver Australian law enforcement agencies a wide tranche of new and modernised surveillance and telecommunications interception powers. However, the Federal Government has never detailed what the proposal precisely entails, and the Greens and digital rights groups have described the proposal as representing an “unjustified paranoia” that all Australians are potential criminal suspects.

Since January, Delimiter has been seeking information on the proposal under Freedom of Information laws, specifically targeting information held by senior AGD bureaucrats such as Catherine Smith, assistant secretary of AGD’s Telecommunications and Surveillance Law Branch, and Wendy Kelly, director of the same branch.

In general, the department has consistently signalled that there was too much information on the issue of data retention as a whole to easily be able to respond to the wide-ranging FoI requests which Delimiter had filed, seeking to ascertain what the Government is actually proposing with the scheme. However, several weeks ago Delimiter was successful in retrieving the Government’s proposed response to a series of criticisms outlined by the Senate’s Environment and Communications References Committee, in a recent report the committee produced into the adequacy of protections for the privacy of Australians online.

That report, published last year, was strongly critical of the data retention idea.

It recommended that before any such scheme was initiated, the Government should undertake an extensive cost/benefit/risk analysis into it; justify the collection and retention of personal data by demonstrating the necessity of that data to law enforcement activities; quantify and justify the expense to ISPs of the data collection and storage; assure the nation that data retained under any such scheme will be subject to appropriate accountability and monitoring mechanisms; and consult with a range of stakeholders about it.

The Government has not yet published its response yet to that privacy inquiry, although documents released by the Attorney-General’s Department under FoI show that the Government’s response, being coordinated by the Department of Prime Minister Julia Gillard, was expected to be finalised by October 2011.

However, the FoI request has retrieved the response by the Attorney-General’s Department to the recommendations of the Senate report regarding data retention. You can download that response in full by clicking here (PDF).

According to the Department, at that stage (September 2011) it remained in “evaluation phase” with respect to data retention proposals, despite the fact that the issue had been being investigated for several years — and despite the fact that in May 2012, data retention would form a core part of a wide-ranging modernisation proposed to telecommunications interception legislation. The Department also noted that should these proposals advance, it would undertake a cost/benefit/risk analysis into the proposal, and would also assess the accountability and monitoring mechanisms contained within the current telecommunications interception legislation and their accountability to a data retention regime.

However, despite the fact that new data retention legislation is currently being proposed, the Attorney-General’s Department has not publicly detailed any such cost/benefit/risk analyses or assessments. They would have needed to have been carried out in the time between September 2011 and May 2012, when the legislative reforms were proposed.

Secondly, the Department noted that it had not made any decision as to “a public consultation process or details of any future data retention proposal”. If a data retention proposal was “sufficiently developed”, the Department noted, it would undertake “broad consultation” with a range of stakeholders, including “the broader community”. At that stage, the Department was already consulting with “industry” — believed to mean Internet service providers — to seek their views on the impacts of such a proposal.

The Department wrote that — as eventuated in May this year — the concept of data retention was being progressed as part of a wide-ranging package of telecommunications interception reforms. “It is intended that options for data retention regime will be put forward in the public discussion paper produced as part of the reform process,” the Department wrote in September 2011. However, no public discussion paper has been published by the Attorney-General’s Department into the matter — and neither has the final proposed form of the data retention proposal.

In May, when the Attorney-General’s Department signalled its intention for a wide-ranging package of telecommunications surveillance reforms, Attorney-General Nicola Roxon said that the “potential” reforms would be examined by the Parliamentary Joint Committee on Intelligence and Security through public hearings, noting that this was “the beginning of the process”, and that the Government was seeking “diverse views” before determining which legislative reforms it would pursue.

That Committee has broadly consented to examining the matter. However, it has also already reportedly knocked back the terms of reference which the Government has given it.

OK, let’s sum up for those that got lost during this article.

The Government, specifically, the Attorney-General’s Department, wants Australian ISPs to keep records on all phone calls made and all emails sent in Australia, for law enforcement purposes. Despite the fact that this proposal has been floating around for years, as recently as September 2011, that proposal was still being evaluated, with significant work needing to be undertaken, including a cost/benefit/risk analysis before it could be finalised. Just seven months later, the data retention proposal was introduced as part of a package of wide-ranging reforms to law enforcement surveillance powers.

However, the final form of that proposal has never been published, no public consultation has been undertaken into it, no cost/benefit/risk analysis has been published into it, despite the Attorney-General’s Department stating that it would do one, and the Federal Government has delayed for six months its response to a Senate Committee report strongly criticising the idea of data retention as a whole. In addition, the only reason we know about any of this is because the basics of the proposal were leaked in June 2010, because several bureaucrats were hauled before a Senate Committee by Greens Senator Scott Ludlam a few months later, and because of Freedom of Information requests like this one.

Sound fishy to you? Sounds fishy to me. If you care at all about Australians’ right to privacy and the presumption of innocence, I recommend that you write to your MP, requesting that:

  • The data retention proposal as currently proposed be made public
  • There be a public consultation into it
  • Any costs/benefit/risk analysis into it be made public
  • The Government publish its response to the Senate Environment and Communications References Committee’s report into the adequacy of protections for the privacy of Australians online

If Australia doesn’t get more information about this proposal soon, it is very likely, given the Coalition’s regular support for the Government on matters of law enforcement, that we will all soon be having all of our phone calls and emails logged, without our consent, without our knowledge and without any semblance of transparency. Welcome to 1984, redux.


      • Probably because Renai has been one of the very few people to pursue this issue (and the associated FOI requests) consistently. One does not get the impression from that long and arduous process that they actually wanted to tell him anything.

        Thank God for Scott Ludlam, as well. I really don’t get how supposedly democratic governments can get away with pushing copyright-enforcement and police-data-collecting work and costs onto local ISPs. If there are any small ISPs left (our regional ISP just went under), this will sink them.

        If the justification is that anyone can become a criminal, then we need to factor into the severity and scope of surveillance the actual probability of that happening. 0.00001?

        Unless our government plans to legislate against normal life in the future, OzLog bills us, and comprehensively invades our privacy, based on law-breaking we’re overwhelmingly not doing. Why not address the actual causes of criminality, especially in communities where some decent social investment would have immediate and significant results?

        Why assume a whole population intends to break the law, when we have a very low criminality index compared with other developed countries? Trust in government is a fundamental part of a successful democracy. How can we trust a government which invests huge amounts of our money into demonstrating how little it trusts us?

        Basically, laws succeed when people agree with them. In general, nobody thinks it’s OK to bash a grannie or hurt a child. We know it’s stupid to drive on the wrong side of the road. We’re not so sure about being blocked from buying ebooks, movies, TV shows or music. We’re quite willing to buy them, so we don’t understand why so much effort goes into stopping us. We don’t accept that our privacy should be systematically invaded, just in case we decide to change a lifetime of behaviour and become criminals.

        If YOU – the government – want community support for OzLog, you’re going to have to convince us that we have adequate privacy protection, that our information is not going to be misused (or simply handed over on request to thinly-disguised European dictatorships like Azerbaijan), and that our lifetimes of responsible civilian behaviour add up to more than “Yeah, but you might do something”.

        Trust goes both ways. Let’s see you earn some from us. Stop hiding things which affect us. Respect our skills and experience: really listen to what we say. Work with us to create responsible communities, rather than treating us as the enemy.

        The U.S. may have 49 million people living in poverty, but we still have a functioning democracy. Use it.

  1. I see Germany is lagging with introducing data retention which is common in Europe
    So it would appear we’re introducing the same policy by stealth.

    Germany in trouble with EC over lack of ISP, telecom data retention
    by Cyrus Farivar

    The European Commission is preparing to refer Germany to the European Court of Justice in Luxembourg, for failing to introduce a new law that would put it in line with the European data retention directive, according to a new report from Reuters.

    In 2006, the EU passed a directive in the wake of the London and Madrid terrorist attacks that compels ISPs and telecommunications companies to retain all e-mails, phone calls, and related data. These directives, while mandated from Brussels, must be written into the law of each of the 27 member states at the national level. However, since the directive, Germany, Romania, and the Czech Republic have had their national laws overturned by their courts.

    Many online activists have long complained against the data retention directive.

  2. Hey! Isn’t it nice that we are all so predictable and that our outcomes can be written about decades in advance.
    I must make note to vote Independent next Federal election no matter what the smoke and mirror game dish up. At least with too many different voices squabbling about anything and everything in the Parliament, it will at least hand us some breathing space before the 1984 type prognosis happens.
    That would be a very good thing.

  3. It could simply be that they are carefully considering how they proceed before coming forward to the public with a plan. Just because it is considered part of a raft of reforms, doesn’t mean that raft is about to set sail.

    Don’t know if it’s true, just playing devil’s advocate.

  4. Goodness how they will be able to store all this information. However what worries me more is the thought of allowing any information into the hands of the totally incompetent Federal Police.

    • They already have access to our phone records which the phone companies keep, credit card records, all sorts. I don’t see how this is so different.

      • HI Karl,
        There are a few differences:
        – one is that a log of phone calls made (ie what number, what time, how long) is kept by the telephone companies for the purposes of billing. The cost of this system is already in the billing structure. However your ISP does not keep a record of where and how long you do anything online…all they track is upload/download. If they were required to keep a log of all e-mails/chats/IP phonecalls their systems would have to undergo some pretty big changes and would need a huge datastore…which costs money…which will be passed on to the consumer.
        – second is that if the government go “the whole hog” (which is what the law enforcement folk want because only tracking IP telephone and e-mail is soooo last decade) and get a full 2 year history of your online activity they will be getting waaaay too much information. An old fashioned phone log only tells you what number, what time, and how long. It doesn’t tell you who was speaking to who and it doesn’t record the conversation in any form. An online log may contain that info.
        – “but if I am doing nothing wrong, why should I care?” As the internet becomes more and more intertwined with our lives it will be all too easy to build profiles of people. What newspaper do you read? What websites do you subscribe to? How often do you check your bank balance or share portfolio? What music do you listen to? What political party do you like?
        I have nothing to hide, but I certainly would be worried if that info fell into the hands of tele-marketers or worse ID theives. Or as the case was here in Victoria just recently where a policeman was giving details to debt collectors…..

  5. I don’t think there would be a physical problem with data retention. As the new 51st state of America we should be able to tap the resources of the Department of Homeland Security (despite their failure so far to steal the megaservers from Big Kim D) and Julian should soon be available to provide clerical services from his windowless cell in the G Bay.

Comments are closed.