Paul Fletcher MP speaks on the Telecommunications Data Retention Bill, March 18 2015
Articles Blog

Paul Fletcher MP speaks on the Telecommunications Data Retention Bill, March 18 2015

January 6, 2020

I am pleased to rise to speak on the Telecommunications
(Interception and Access) Amendment (Data Retention) Bill 2014, a bill which amends
the Telecommunications (Interception and Access) Act and the Telecommunications Act. It contains
a package of reforms to ensure the continuing investigative capabilities of Australia’s
law enforcement and national security agencies. This bill has generated a fair amount of community
debate. In the time available to me, I would like to make three points. Firstly, I would
like to emphasise what this bill is not about. Secondly, I would like to cover what the bill
does. Thirdly, I would like to respond to some of the concerns that have been raised
as part of the debate and address the measures that are included in response to those concerns. Let me come, firstly, to the question of what
this bill does not do. I should say that I bring to this debate a perspective from having
worked in these areas for quite a number of years. In a previous life I was director of
corporate and regulatory affairs at Optus, the second largest telecommunications company
in Australia, and dealt regularly with the kind of matters that this bill addresses.
At Optus, as is the case at the other large telecommunications companies, there is a law
enforcement liaison unit which deals regularly with state and federal police and other agencies
in relation to requests under the Telecommunications (Interception and Access) Act for information
and content, in each case compliant with the various requirements under that act. I want to emphasise that this bill does not
provide law enforcement organisations and security agencies such as ASIO and the Australian
Federal Police with new powers to access metadata. The powers that they have to access metadata
are set out in the Telecommunications (Interception and Access) Act 1979, particularly in division
4 of chapter 4. There are no new powers to access metadata granted by this bill. Nor
does the bill expand on the range of telecommunications metadata which the police and security agencies
are able to access. Again, that is not something which is contained in this bill. Indeed, I want to highlight just briefly some
of the points made in the report of the Parliamentary Joint Committee on Intelligence and Security
about the existing law in relation to police and security agency access to metadata. The
report highlights the point that I have just made, that today so-called enforcement agencies
as well as ASIO are permitted to access telecommunications data under an internal authorisation which
is issued under part 4-1 of the Telecommunications (Interception and Access) Act. I hasten to
add that enforcement agencies are defined to include the Australian Federal Police,
state police and a range of other agencies, including state crime commissions and so on. I will come to what telecommunications data
includes under the terminology of the existing act before I go to the bill. Telecommunications
data includes such matters as: the time, date and duration of a communication; the identifiers
of the services and devices involved; certain information about the location of the respective
devices, such as, for example, which mobile base station a mobile phone was connected
to; and information about the parties to the communication, such as their name, address,
contact details, billing and transaction information, and so on. I want to emphasise again that I am speaking
here about the current law which is contained in the Telecommunications (Interception and
Access) Act 1979. This is law which has been in place for many years. It is worth bearing
that in mind when you consider some of the things that are being said in this debate
about what people are concerned that the bill before the House today may do. A number of
the comments that have been made appear to have been made from a lack of knowledge on
what the law presently says on this matter and has said for many, many years. I also want to emphasise that this bill does
not deal with the content of a communication. It deals with information about a communication,
which is referred to by the term ‘metadata’, which we have all now come to know and love.
It is referred to in the existing legislation as ‘telecommunications data’. I want to make
it clear that there is nothing new in this bill in relation to the scope of metadata.
In fact, as I will come to, in some ways the scope is narrowed. I again want to emphasise
that the bill does not change the grounds on which metadata can be obtained by enforcement
agencies and security agencies. I also want to make the point that large amounts
of this data is today stored by telecommunications companies and internet service providers for
their own business purposes. In the day-to-day operation of a telecommunications network,
enormous amounts of information are generated. For example, each time a mobile phone is connected
to a particular base station, that generates a piece of information. That information may
be kept for some time or it may be kept for very short period of time. But it is information
that is generated in the ordinary operation of a telecommunications network, and so are
many other kinds of information. Information is generated and retained, for example, for
billing purposes. All of this is done for the ordinary operational
purposes of running a telecommunications network. Let me turn, secondly, to the question of
what this bill does. This bill deals with specific categories of metadata�that is,
certain classes of information about telephone calls and so on. The primary purpose of this
bill�and let us be very clear and specific on this, because again there has been a lot
of confusion in the commentary�is to standardise the approach for how long metadata is retained.
Let me make this point: today the law says, as I have sought to explain, that if the security
agencies and police comply with the processes set out in the Telecommunications (Interception
and Access) Act, they can obtain metadata from telecommunications companies and internet
service providers. That is not information about the content, for example, of a telecommunications
call, but certain information in relation to the call�the name of the A party, the
name of the B party, the time of the call, the duration of the call and so on. The law
as it stands today gives those powers, but it does not impose any particular requirement
on the telecommunications companies and internet service providers as to the length of time
for which they retain that data. That is what is new about this bill. That is the essence
of the bill before the House today: it will impose on the telecommunications companies
and internet service providers an obligation, which they hitherto have not faced, to retain
the classes of metadata specified in the bill for a period of two years. We need to be very
clear about what this bill does do and what it does not do. A lot of the public commentary
about the effect of this bill misunderstands that fundamental point. If we come to the policy intention behind
imposing this new obligation on telecommunications companies and internet service providers,
it is, firstly, that metadata is a vital investigative tool. Many speakers before me have quoted
the statistics as to the very high proportion of particular kinds of investigations in which
telecommunications data is used�for example, in 87 per cent of child protection investigations.
But at the moment the position is that the success or failure of a particular investigation
by the police or the security agencies can depend upon a random factor�that is, which
telecommunications carrier or internet service provider happened to provide the service which
was used by the person of interest to the police or to the security agencies and, in
turn, what the particular business practices of that company are with regard to the retention
of metadata. At the moment, the success or failure of an investigation�which could
well be an investigation into a matter that goes to the physical safety and security of
large numbers of Australians, depending upon the nature of the threat being investigated�can
depend upon the random outcome of which particular network is used and the particular business
practices of the relevant telecommunications company or internet service provider. A desire
to systematise the retention requirements is the policy purpose and intent of this bill,
and it is very important to be clear that that is what this bill does. It does not,
for example, change the law as to the circumstances in which metadata is authorised to be obtained
by the police or by the security agencies. Let me turn, lastly, to some of the concerns
that have been raised and the ways in which the bill before the House seeks to address
those concerns. I note that the Parliamentary Joint Committee on Intelligence and Security
conducted a very detailed examination of the bill and presented its report on 27 February.
The government said that it would carefully consider recommendations made by the committee.
The report makes 39 recommendations, including the recommendation that the parliament should
pass the bill, and the government has supported all of the committee’s recommendations. The
recommendations in the committee’s report focus largely on specifying the dataset in
the primary legislation instead of regulations, specifying the agencies in the primary legislation
instead of regulations and increasing oversight mechanisms and privacy protections. The government
agrees that the bill should be amended to include the proposed dataset in primary legislation
and also agrees that enforcement agencies be specifically listed in the legislation.
The bill will also implement additional oversights for the new data retention regime and particularly
will significantly reduce the number of agencies that are permitted to access metadata. The point I want to make to the House this
afternoon is that, if you listen to some of the commentary, you might think that this
bill creates new powers for information to be accessed, that it greatly widens the scope
of information that can be accessed and that it widens the range of people who can access
that information. In fact, as I have sought to explain, it makes no change to the circumstances
in which information can be accessed. It will limit the range of agencies that can access
information and, indeed, by giving a specific definition of metadata, it makes quite specific
what the obligations will be on the telecommunications companies and internet service providers. A key issue is the cost of implementing these
arrangements, because clearly there are costs incurred in storing data. PricewaterhouseCoopers
has been retained to look at this question. Evidence was provided to the committee on
the conclusions drawn by PricewaterhouseCoopers, which were that the up-front capital cost
across industry was going to be between $188 million and $319 million. The government has
consistently said that it will make a reasonable contribution to these costs, recognising of
course that the industry participants are private sector companies and that there is
a public policy purpose in imposing this data retention obligation. The government also acknowledges the reality
that it takes time to put in place new IT systems and processes, and therefore the bill
allows individual telecommunications companies and internet service providers to develop
an implementation plan to allow a pathway to compliance over a period of up to 18 months. That is very important, because what typically
happens in telecommunications companies is that there is an annual IT upgrade cycle.
This will allow the relevant information technology work to be accommodated within that annual
IT upgrade cycle. I conclude by reiterating the point that what
this bill is about, despite some of the confused commentary, is the imposition on telecommunications
companies and internet service providers of a uniform period for which they must retain
metadata. That data is already extensively retained, but the key issues are that the
period for which it is retained varies materially between different companies and that there
is an underlying public policy purpose in retaining data, which is to ensure that the
agencies and police are best equipped to do their work of seeking to maintain the security
of Australians. It is a very important public policy purpose.

Only registered users can comment.

  1. My speech in Parliament on the Telecommunications Interception and Access Amendment (Data Retention) Bill 2014

Leave a Reply

Your email address will not be published. Required fields are marked *