Surprise! The Government Is Proposing A Worrying Change To Those Data Retention Laws
Here's everything you need to know.
But another scandal has gone largely under the radar: the government is also currently considering whether or not Australia’s data retention scheme should be expanded for use in civil proceedings, rather than just criminal ones. It’s a move that massively widens the scope in terms of who can access your metadata.
Just days before Christmas last year, the Attorney-General’s Department opened up submissions for a review of our data retention laws, looking at which civil cases, if any, should get access to the data. The consultation period was originally due to end on January 13, and yes, you’d be absolutely right in thinking that seems a little sneaky. At the very least, running a review over the silly season doesn’t indicate a strong desire for meaningful consultation.
Thankfully, in what is the smallest of silver linings, the consultation has now been extended to Friday, January 27. In the interests of spending that time well, let’s consider what this means.
What’s This All About?
In 2015, after a long history of data retention being explored and proposed, the Coalition (with the help of the Labor Party), managed to pass the Telecommunications (Interception and Access) Amendment (Data Retention) Bill, This legislated that ISPs and telecommunications carriers have to store Australian’s metadata for two years. The data includes information like who you call or text, when you contacted them, cell tower data approximating where you contacted them from, email addresses in some instances, and more.
Certain government departments and agencies — like the Australian federal and state police, the Independent Commission Against Corruption, and the Australian Security Intelligence Organisation — can access this data without a warrant. Doesn’t sound too awful, you might think. They’re fighting important crime. But the exact uses and scope of this information has always been a little unclear.
Former Prime Minister Tony Abbott’s metaphor of choice described the data as the information on the front of an envelope, but that’s misleading at best. And simply framing it as ‘data about data’ doesn’t do it justice in this context either. The data being stored is incredibly revealing — dangerously so, for some — and when put together in the aggregate, as this metadata from ABC reporter Will Ockenden reveals, it becomes just a little scary.
When you throw in legitimate concerns for individual privacy, the legislation’s insufficient (or non-existent) protections for the data of journalists, medical professionals, and lawyers, and the chilling effect such legislation can have on speech, association, and personal exploration, there’s a lot to think about when it comes to expanding access to the scheme.
So What Exactly is Being Reviewed?
The AGD’s review is consulting the public and stakeholders about potentially opening up this data for use in civil proceedings.
There is a prohibition (set to come into effect on April 13) in the data retention bill which stops data retained solely for the purposes of the retention scheme from being used in civil proceedings. The Parliamentary Joint Committee on Intelligence and Security recommended this restriction, which the government supported. However, the PJCIS also recommended granting the government a regulation-making power to create exceptions to this rule, using potential examples of “family law proceedings involving violence or international child abduction cases”. The committee didn’t want to prescribe how this regulatory power might work or which cases might be given access, and recommended a review of the measure — which is what this consultation is for.
At this stage, it’s hard to say what it will mean should the government choose to expand data access to civil proceedings. These matters cover a broad range of issues, and until the review is complete and reported on, we really can’t say. However there are a number of potential outcomes that lawyers, academics, and civil liberty groups are warning against.
One of the most significant and long-held concerns is that everyone’s personal data could be made available to rights holders, so that they can come after individuals for infringing copyright. This is a prescient concern given co-CEO of Village Roadshow, Graham Burke’s recent comments indicating their plans to sue copyright infringers and the Federal Court ruling for ISPs to block numerous sites associated with piracy. Many experts and rights bodies are warning that there’s a solid possibility such exemptions could be made.
Others have noted that it could render our data available for use in divorce proceedings, child custody, business and employment disputes, and challenges to wills. Considering how revealing our data is, this is a significant cause for concern. Fiona McLeod, the president of the Law Council of Australia, told ABC’s 7.30 that this change could make retained data available to parties in a family law proceeding, for example. An individual could build up information to quite accurately track someone’s everyday movements and use it in court.
This isn’t the first time this has been considered. In the Australian Privacy Foundation’s submission to the review, they highlight a number of other instances. For example, the Court of Justice of the European Union was considering an application for data retained by an ISP regarding the identities of their customers, who were allegedly involved in copyright infringements. The CJEU ended up ruling that EU law didn’t require governments to oblige ISPs to turn over data. They aimed to ensure a ‘fair balance’ between different rights, like those of intellectual property and data privacy.
Similar cases have stressed the importance of a proportionate and fair balance, and the privacy of ISP subscribers as being of significant value. They’ve also noted the risks of rights holders engaging in ‘speculative invoicing’, which is the last thing anyone needs happening.
The Dangers of Scope Creep
What the review more concretely reveals at this stage is a willingness to engage in scope creep. This occurs when the boundaries, functions, and definitions of legislation shift, expanding its scope and power. It’s important to remember that scope creep rarely happens all at once — it is often incremental. A little bit of expanded access here, some more data next year, and on it goes. Each ‘minor’ change downplays its own significance, often allowing serious changes to be snuck through with little exposure or media attention.
According to Bruce Arnold, Assistant Professor in Law at the University of Canberra, expansion of data access to civil proceedings is “a fundamental creep of the original proposal, it’s disproportionate, [and] it’s entirely inappropriate.”
“What we’re seeing now is a proposal that would extend a fundamental erosion of privacy into civil law,” he says. “No one has made a persuasive case about why that is necessary.” What’s more, he notes, is that there is “a frightening silence from the ALP about this proposal.”
We should also be concerned because scope creep with this legislation is not new — it’s happened before. Mere months after the original amendments were passed, legislation was passed which added the Department of Immigration and Border Protection to the group of agencies that can access the retained data. Greens Senator Scott Ludlam said that this was to be expected, and more importantly, pointed out how the move sidestepped the checks and balances of the data retention bill to make the change.
The Art of the Political Backflip
If you’re still not sold on why this is such a problem, consider the rhetorical and political backflips we’re seeing from those who sold voters the scheme in the first place. The data retention amendments were originally said to be passed for national security purposes and to prosecute the “highest levels of crime”. Former Prime Minister Tony Abbott used the example of prosecuting child abuse to justify the regime, and much of the discussion in 2015 framed it as being used to combat terrorism. This is hardly comparable to the civil matters that could now be put on the table.
In 2014, Australian Federal Police Commissioner Andrew Colvin flagged a data retention scheme as being important to investigating “illegal downloads” and “piracy”, before Colvin and then Communications Minister Malcolm Turnbull distanced themselves from the comments.
“The Government’s introducing this to address vital needs of national security and law enforcement, not copyright,” Colvin said. This was echoed by Attorney-General George Brandis in 2014, when he said that the data retention laws would not be used to chase piracy or copyright infringement cases. “Breach of copyright is a civil wrong,” he said. “Civil wrongs have nothing to do with this scheme.”
But that’s precisely what could change. Even Malcolm Turnbull, in his 2012 Alfred Deakin lecture, was highly critical of the data retention scheme being proposed at the time, highlighting many concerns still relevant with today’s legislation. Yet here we are.
All this, while telcos and industry bodies reckon with a piece of legislation riddled with issues, like how to retain data from internet-capable devices like parking meters and vending machines . Internet Australia — the peak organisation representing Australian internet users — has even called for a review of the entire data retention scheme to happen sooner rather than later, describing the legislation as a “monumental stuff-up”.
Bruce Arnold says that it’s only when putting these amendments and consultations within their broader context that we really get a proper idea of what’s going on and where lines need to be drawn.
“It’s what’s happening under the waves,” he says. “All that we’re seeing at the moment is the occasional flash of a fin, a bit of silver above the waves. But really the action is underneath.”
What You Can Do About This
If you’re worried about this potential creeping expansion of power, or the deceptive rhetoric being bandied about by politicians, you have a few options.
First, you can contribute a submission to the review. It closes on Friday, January 27. You don’t have to work in the industry or be part of a civil liberties group to do this, and it doesn’t have to be long. Electronic Frontiers Australia has an excellent guide to putting together a submission that canvases some of the key issues.
EFA also has advice on contacting your parliamentary representatives. Email is okay, but phone calls or, better yet, a visit to their office tend to get the message across best.
Most importantly, keep paying attention and look outside of the immediate news. Don’t become dissuaded or desensitised. If we want to make 2017 a better year than the last, we have to be prepared to hold politicians properly to account, and we can’t afford to let amendments, consultations, and changes like this slip us by under the waves.
Jeremy Stevens is a freelance writer. He tweets at @jeevens.