Data retention - does the government know what it's legislating?

The Coalition Government is looking to push laws through the House of Representatives and Senate that would pave the way for vast swathes of data to be retained by certain agencies to either aid the detection of crime or to support criminal cases so that bad guys can be prosecuted and incarcerated.

But what are these laws and what's the evidence that they will aid crime detection and clearance rates? Senator Scott Ludlam is the Greens' spokesperson for Broadband, Communications & the Digital Economy and Chair of the Senate's Legal and Constitutional Affairs References Committee. He has been asking some deep questions of the coalition and has not, to this stage received any satisfactory answers.

In a recent meeting of that committee, Senator Ludlam asked Ms Katherine Jones of the Attorney-General's department whether she knew that "law enforcement hasn't ground to a halt in Belgium, Bulgaria, Denmark, Greece, The Netherlands, Latvia, Portugal, Romania and Serbia". These are all countries that according to a coalition paper have some form of judicial oversight of telecommunications authorisations.

Under the proposed laws, law enforcement would have access to this data - which has not been defined - faster as the need to gain a warrant or other legal instrument would not be needed. The Attorney-General's paper pointed to the experience of law enforcement agencies in the United Kingdom where the delay between requesting access to data and getting access was impacting investigations.

Ms Jones noted that her agency had spoken with law enforcement officials with regards to their operational experience and the importance of accessing data as early as possible.
"We are focussed on the experience in the Australian context, talking with agencies in Australia and this is an issue that we've discussed with the parliamentary sub-committee for intelligence and security," said Ms Jones.

Senator Ludlam also pushed the committee, asking if there was any evidence that data retention laws had made any difference to crime clearance rates. He noted that Germany had a retention regime that it has abandoned.

Despite asking for any metric that pointed to data retention aided either crime detection or clearance, coalition representatives on the committee were unable to point to any measure that substantiated their claim that data retention would make a material difference.

It's the opposite of evidence-based policy," said Senator Ludlam. "It's anecdote-based policy".

Ms Jones countered that it was policy based on advice from law enforcement agencies - agencies that Senator Ludlam pointed out wanted more power.

What data will be retained?

The committee discussing the bill have a working definition of the data that the legislation proposes to retain. However, that definition is not included in the bill being put to Parliament.

Anna Harmer, from the Attorney-General's department, told the committee "The level of detail in the data set is of a nature that is typically for regulation. It is the case that putting the data set in regulations provides that ability to update the regulations in the event that it is necessary in response to changes in telecommunications technology".

Senator Ludlam noted that this level of flexibility in what data might be collected and held might be what raises "alarm bells" in the eyes of privacy advocates and other parties.

By placing the definition outside legislation, it's possible for changes to be made without "recourse to parliament", said Ludlam, which would change the nature of what data is collected.

Although the proposed legislation mentions six broad categories of data to be retained, by placing the detail into regulations, it may be possible for the scope of that is collected to be expanded. The legislation, as it's currently proposed, covers:

  • account or subscriber details
  • source of communication
  • destination of communication
  • date and time of communication
  • type of communication
  • location of the device

Read more: Australian Cyber Security Centre deemed new government hub

Interestingly, if the regulations are not supported and passed then the legislation becomes inoperative.

Where does encryption fit in?

As we've mentioned before, some countries are considering a ban or placing limits on the use of encryption in some communications.

Ms Jones, noted in answering questions regarding the use of encryption by ordinary citizens, told the committee that the intent of the proposed legislation was on thwarting the activities of criminals.

Senator Ludlam responded to this assertion strongly.

"No it's not. It's rolled across the entire Australian population. That's why people are so pissed off," he said. "It's not targeted or discriminate at all. It's engaged at everybody".

What's next?

The Prime Minister has sent a letter to the leader of the Opposition urging Labor to expedite the new legislation through the parliament by March. He has used the recent Sydney siege and the Charlie Hebdo attacks as evidence that we need these new laws quickly.

However, Senator Ludlam and the Legal and Constitutional Affairs References Committee are not due to meet to discuss the matter again until 16 March 2015.
Amongst the bill's opponents are telecommunications companies who would bear the financial burden for retaining the data.

"Even if the costs are in the order of a couple of hundred million, you've got to remember that this is a AU$40 billion-plus sector, so the costs involved are comparatively modest, and obviously, we the government are prepared to work with the sector to ensure that we bear our fair share of the costs as well," the Prime Minister recently said.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Upcoming IT Security Events

March 3rd, March 5th, March 9th 2015

Join CSO for the day@#csoperspectives and hear from @kimzetter @LeviathanSec

3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today

Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)

Tags broadbandgovernment legislationprime ministerScott Ludlamdata retentionlaw enforcementMs Katherine JonesCoalition GovernmentAnna Harmer

Show Comments