analysis Earlier this month the Hon Nicola Roxon asked the Parliamentary Joint Committee on Intelligence and Security (PJCIS) to conduct an inquiry into the Government’s proposals for a major revamp of Australia’s national security regime, including the long-term retention of information about SMS, voice calls, web searches and internet downloads.
The terms of reference and accompanying discussion paper for the inquiry featured stronger powers for the Australian Security Intelligence Agency (ASIO) and a “one step forward, two steps backwards” proposal involving fewer government bodies directly accessing private information but more being able to share. The proposals also featured mandatory retention by telecommunication providers – and presumably internet hosts and social network services such as Facebook – of “traffic” data for a period of two years.
The data would identify that communication had taken place (for example that an SMS had been sent from a specific number to another number at a particular time and place or that an ISP customer had visited a specific site) but would not include the content of the communication such as a transcript of what was said during a conversation. Building a “mosaic” does, however, offer a picture of relationships and activities and it is accordingly sought by bodies that range from police to the ATO and Centrelink.
The past decade has seen a succession of proposals for business to retain all traffic data for a period of two, five or seven years in a form that is readily searchable by a range of law enforcement and national security agencies. One of the more absurdist proposals of the late 1990s saw the Australian Federal Police request weekly or monthly printouts of all traffic. This was rebuffed by leading telcos with a simple question: where did the AFP propose to park the semi-trailers that would be needed to deliver the tonnes of paper each month? Traffic data retention has not found favour with several parliamentary committees and has been damned by a range of legal and industry bodies. Unfortunately, like the undead, it persists in reappearing when governments want to seem strong.
Under the heading “Roxon doubts over security plans to store web history” the Attorney-General was quoted on Friday as stating that “the case has yet to be made” for retention.
Roxon reportedly acknowledged the financial and privacy costs of such a scheme, commenting that she had some sympathy for the view of national security agencies but is “not yet convinced that the cost and the return – the cost both to industry and the [civil liberties] cost to individuals – that we’ve made the case for what it is that people use in a way that benefits our national security”.
If the Attorney-General is not persuaded of the merits of her proposal, at a time when she has recently claimed to be strengthening the national Privacy Act, why should we support a major erosion of the Australian privacy regime?
If she does not regard the proposal as convincing, why was the time allowed for public comments so short? Speed-dating may be fashionable but speed-policy making is abhorrent in a liberal democratic state. It is particularly abhorrent given the lack of rigour in the discussion paper, replete with statistics that bear no relationship whatsoever to the proposals. (Recitation of the number of homicides and assaults is irrelevant, given that no Australians have been clubbed to death with mobile phones or USB sticks.)
One answer may come from comments by retention-advocate Neil Gaughan of the Australian Federal Police High Tech Crime Centre. He is reported as saying that “if we don’t have a data retention regime in place we will not be able to commence an investigation in the first place” and that opposition to retention in Germany has left the German federal police agency a laughing stock. That claim appears to be inconsistent with the fact that German law enforcement agencies are still obtaining warrants, prosecuting alleged offenders and securing convictions. (Laughter is more likely to come from misbehaviour by keystone spooks.)
We should not confuse bureaucratic convenience with a fundamental need or allow the laudable enthusiasm of law enforcement personnel to override concerns regarding civil liberties and regulatory burdens. Several years ago the Law Institute of Victoria commented that neither government nor community would tolerate proposals to place telephone intercepts on all phone lines in Australia and record all conversations, or to open all mail, in case such information may be of use to law enforcement agencies. Such proposals would be unacceptable in a democratic society. There is no demonstrable reason why internet communications should be treated differently to other communications.
Contrary to utopians such as Julian Assange, there is a place for secrecy in national security. But we need to be able to trust the spooks and police. Proposals that are vague, extraordinary and unsubstantiated do not induce trust. Neither does an Attorney-General who confuses kite-flying with an own goal.
Bruce Arnold has no affiliations with telcos or other enterprises potentially affected by the proposed data retention regime. Submissions about data retention have been cited by past parliamentary inquiries. Mr Arnold is general editor of Privacy Law Bulletin, the national privacy and confidentiality law practitioner journal