What is this Data Retention Bill all about?

In brief - Telcos and ISPs to be required to store customer metadata for two years

The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 (Cth) ("the Bill") will require Australian telecommunication companies ("Telcos") and internet services providers (ISPs) to confirm that they store a broad range of customer "metadata" for mandatory periods (currently two years). 

Proposed legislation to affect professionals who collect information

In particular, the proposed legislation intends to clarify when law enforcement can access metadata, (which includes information as to the time and location of a communication) without a warrant and when a warrant for the same information is required. 
 

While the proposed legislation impacts anyone doing business in Australia, professionals like lawyers and journalists who collect information will be particularly impacted. 

What exactly is metadata?

The Bill does not provide a definition of metadata. Metadata is information about data, but not the data itself. Metadata can include:

• type of communication (i.e. telephone calls, mobile phone messaging, email correspondence etc.)
• who the communication was with (creator and recipient)
• the date, time, duration, source and destination of the communication
• the location of the equipment that was used during the communication

Who can access the stored metadata?

The short answer is: "criminal law enforcement agencies".
 

The long answer includes the organisations listed below. Please note that this is not an exhaustive list.

• the Australian Federal Police
• a police force of a state
• the Australian Commission for Law Enforcement Integrity
• the Australian Customs and Border Protection Service
• the Australian Securities and Investments Commission (ASIC)
• the Australian Competition and Consumer Commission (ACCC)
• the Australian Crime Commission (ACC)
• the Independent Commission Against Corruption (ICAC)
• the Australian Security Intelligence Organisation (ASIO)
• any other agency the Attorney-General declares to be a criminal enforcement agency for the purposes of the Telecommunications (Interception and Access) Act 1979 (without parliament scrutiny)

The above organisations will have the right to access the metadata on demand and without a warrant (an exception applies to information held by or related to journalists). 

How can law enforcement and other authorised agencies access the metadata?

In the current draft of the Bill, law enforcement agencies will be able to access metadata related to their function of enforcing offences at law.
 

The Bill does not currently provide any safeguard which would ensure that the data collected for law enforcement purposes would not be later accessed or used for other purposes.
 

Law enforcement agencies will be able to access any metadata held by ISPs and Telcos, except journalist information, on demand, without any constraints on access (no process similar to subpoenas or warrants provided).
 

The Ombudsman will be tasked by the legislation to review government agency records detailing what data has been accessed and how it was used. However, by its nature, the review would only occur after the metadata has been collected.

What about legal professional privilege?

The Bill contains no safeguards to protect confidential and privileged information, such as communications sent by lawyers that would be otherwise be subject to client legal privilege.
 

Lawyer-client legal privilege is founded on the longstanding legal principle that effective advice between lawyers and clients can be maintained only if there is open unfettered communication between the lawyer and the client. The privilege has shielded communications between lawyers and their clients from being subpoenaed or consequently used as evidence against the client in related proceedings.
 

What the data retained by the Bill could do, depending on how broadly the definition is read, is disclose information exchanged by email or telephone between the lawyer and associates of the client, experts or other relevant parties about potential witnesses. A defence case, a litigation strategy or a case theory could be identified based on witnesses or experts contacted by the lawyer.
 

The Bill raised the issue of how lawyers will be able to protect their clients' privileged information when the metadata created by the lawyer and the client may be systematically collected and accessed by law enforcement. 

Information held by journalists and whistleblowers will require a court order or warrant

The new legislation requires law enforcement agencies to seek a court order to give permission for police to use a journalist's telephone or email log as a source, or when a whistleblower may be identified. 

Who will decide whether to issue the warrant?

In general, law enforcement agencies will be required to apply to an issuing authority appointed by the government, which may be a judge or a magistrate or a member of the Administrative Appeals Tribunal. In the case of ASIO, the Director-General of Security will apply to the Attorney-General outlining the grounds for a warrant.
 

The legislation requires that the decision maker be satisfied that “the public interest in issuing the warrant outweighs the public interest in protecting the confidentiality of the identity of the source”. Prior to making a final decision, the decision maker must consider numerous factors including “the gravity of the matter” and “whether reasonable attempts have been made to obtain the information or documents by other means”.

Will the warrant application be contestable?

Journalists, and their employers, will not be notified that an agency is seeking their metadata, and will not be able to challenge the request for information before a decision is made on issuing the warrant.
 

The legislation includes a new “public interest advocate” to make submissions that would be taken into account to protect freedom of the press and freedom of speech.
 

In the event of matters related to public safely and terrorism, warrants can be issued with expedited review.
 

The legislation creates a new offence to disclose or to use information about journalist information warrants, including “the existence or non-existence of such a warrant". Violations of this offence can attract a penalty of up to two years in jail.

Who is a journalist?

The proposed legislation provides only a loose definition of journalist as "a person who is working in a professional capacity as a journalist”. As "professional capacity" is not defined, the definition may not include casual bloggers or other content creators.

What is a source?

A source is currently defined as a person who provides information “to another person who is working in a professional capacity as a journalist” in the normal course of the journalist’s work “in the expectation that the information may be disseminated in the form of: (i) news, current affairs or a documentary; or (ii) commentary or opinion on, or analysis of, news, current affairs or a documentary”.

Who is a public interest advocate?

Public interest advocates are intended to be appointed by the prime minister. They may make submissions to the decision maker about any matters that are relevant to issuing or refusing a journalist information warrant. The advocates can also advise on any conditions or restrictions that are to be specified in such a warrant.