Parliament’s Intelligence and Security Committee has finally released the report original commissioned by former Attorney-General Nicola Roxon in May 2012.
Although chaired by an ALP member it is extraordinarily critical of the Attorney General’s Department (AGD) for not giving it important information about the sensitive issue of data retention – the practice of carriers and other organisations of retaining the content of emails and other electronic communications for possible later use.
While endorsing the Government’s use of various electronic surveillance practices, it also strongly recommends a number of safeguards to ensure excesses to do not occur and privacy is respected.
Roxon had asked the Committee to consider a number of national security reforms. The deadline for its recommendation has been extended twice as it has tried to gain more direction on exactly what it was to enquire into, and more information about the Government’s own considerations about one of its key points of reference, data retention.
"This lack of information from the Attorney-General and her Department had two major consequences. First, it meant that submitters to the Inquiry could not be sure as to what they were being asked to comment on.
“Second, as the Committee was not sure of the exact nature of what the Attorney-General and her Department was proposing, it was seriously hampered in the conduct of the inquiry and the process of obtaining evidence from witnesses.
"Importantly the Committee was very disconcerted to find, once it commenced its Inquiry, that the AGD had much more detailed information on the topic of data retention. Departmental work, including discussions with stakeholders, had been undertaken previously. Details of this work had to be drawn from witnesses representing the AGD.
"In fact, it took until 7 November 2012 for the Committee to be provided with a formal complete definition of which data was to be retained under the data retention regime proposed by the AGD."
The committee is chaired headed by the ALP’s MP Anthony Byrne and includes ALP stalwart John Faulkner, leadership pretender Kevin Rudd, shadow Attorney General George Brandis and former Attorney General Phillip Ruddock, and independent MP and former intelligence analyst Andrew Wilkie.
There 44 proposals before the Committee included such matters as giving intelligence and law enforcement agencies the power to wiretap social media, access people's computers, and giving intelligence officials immunity from crime.
“The Committee received 240 submissions and 29 exhibits. Three submissions were received in largely identical terms from some 5,300 individual members of the public. These submitters expressed opposition to the reform proposals, particularly the proposed mandatory data retention proposal.
“At the outset the Committee was faced with three key difficulties. Firstly, the terms of reference were very wide ranging as they contained 18 specific reform proposals containing 44 separate items across three different reform areas.
Secondly, the lack of any draft legislation or detail about some of the potential reforms was a major limitation and made the Committee’s consideration of the merit of the reforms difficult. This also made it hard for interested stakeholders to effectively respond to the terms of reference.
“Thirdly, that one of the most controversial topics canvassed in the discussion paper —data retention—was only accorded just over two lines of text.” This strong wording is unusual in a report of this nature, particularly one chaired by a member of the Government of the day.
The Committee makes 43 recommendations, in the areas of telecommunications interception, telecommunications security, Australian intelligence community legislation reform and data retention. It is essentially in favour of the Government’s powers, but recommends a range of safeguards to ensure invasions of privacy do not occur.
A summary of its recommendations on data retention:
There is a diversity of views within the Committee as to whether there should be a mandatory data retention regime. This is ultimately a decision for Government. If the Government is persuaded that a mandatory data retention regime should proceed, the Committee recommends that the Government publish an exposure draft of any legislation and refer it to the Parliamentary Joint Committee on Intelligence and Security for examination. Any draft legislation should include the following features:
- any data retention regime should apply only to metadata and exclude content.
- the controls on access to communications data remain the same as under the current regime.
- Internet browsing data should be explicitly excluded.
- Where information includes content that cannot be separated from data, the information should be treated as content and therefore a warrant would be required for lawful access
- The data should be stored securely by making encryption mandatory.
- Save for existing provisions enabling agencies to retain data for a longer period of time, data retained under a new regime should be for no more than two years.
- The costs incurred by providers should be reimbursed by the Government.
- A robust, mandatory data breach notification scheme.
- An independent audit function be established within an appropriate agency to ensure that communications content is not stored by telecommunications service providers.
- Oversight of agencies’ access to telecommunications data by the ombudsmen and the Inspector-General of Intelligence and Security.
The Committee also recommended that, if the Government proceeds with a mandatory data retention regime there should be a mechanism for oversight of the scheme by the Parliamentary Joint Committee on Intelligence and Security, that there should be an annual report on the operation of the scheme, and that the effectiveness of the regime be reviewed by the Parliamentary Joint Committee on Intelligence and Security three years after its commencement.
The full report is at: http://www.aph.gov.au/Parliamentary_Business/Committees/