this product is unavailable for purchase using a firm account, please log in with a personal account to make this purchase.

Law Council of Australia: Security v freedom

Every Issue

Cite as: Jan/Feb 2015 89 (1/2) LIJ, p.87

The recent debate over mandatory telecommunications data retention raises important questions that apply to each of us regarding privacy, freedoms and security.

If passed, the proposed Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 will force telecommunication companies to keep telecommunications data (or metadata) for two years. While potentially a more limited number of agencies will have access to this data, they will be able to obtain it without a warrant.

The Telecommunications (Interception and Access) Act 1979 (Cth), to which the amendments are being proposed, is now 35 years old and, in an increasingly virtual climate, clearly requires updating to effectively detect crime and prevent threats to national security. However, the Law Council of Australia (LCA) argues that the changes must be made with proper analysis and necessary safeguards to protect individual freedoms.

Any laws requiring data retention beyond the business needs of an organisation must be reasonable, necessary and proportionate to a legitimate purpose. It is here where the current data retention Bill’s shortcomings emerge – it does not clarify for what purpose the data is being held. The full nature and scope of the retained data is also unclear and subject to change by the government through regulations.

Although the public is assured that the content of the data will not be retained, metadata can still reveal personal information such as who a person contacts, how often and where, thus raising privacy issues. This has implications for client legal privilege and professional confidentiality, because telecommunications data may disclose some detail about when, where and how often a client seeks legal advice.

The LCA is calling on the government to maintain the existing warrant process for telecommunications content and to develop a new warrant process to access metadata. The LCA believes that a warrant is required as a necessary protection of privacy because of the personal information that metadata can reveal. A warrant would ensure that information is only collected where there are sufficient grounds for doing so.

The LCA notes that efforts have been made in the proposed Australian data retention scheme to address a number of concerns raised by the Court of Justice of the European Union (CJEU). The Court declared the EU Data Retention Directive invalid on the basis that it did not contain sufficient safeguards to ensure that it was a necessary, proportionate and legitimate response in accordance with obligations under the Charter of Fundamental Rights European Union. For example, the proposed Australian scheme seeks to limit the nature of the data to be retained and to exclude web-browsing history.

However, the power of the Minister to alter by regulation the telecommunications data set and the range of agencies that have access to such data may not address the concerns of the CJEU. Furthermore, the scheme does not provide for any exception to persons covered, with the result that it applies even to persons whose communications are subject to the obligation of professional secrecy, such as the communications of a lawyer and client, a journalist and source, or a doctor and patient.

The experience with the EU Directive demonstrates that specific safeguards need to be developed for the proposed laws to be reasonable, necessary and proportionate. One such safeguard is to isolate and identify the nature of the telecommunications data to be retained. The LCA believes that a nexus must be established between the retention and access to such data and an identified intelligence and law enforcement objective. Additional safeguards include a robust warrant process; strict limitations on secondary disclosure of retained telecommunications data and on the ability of retained telecommunications data to be used for civil matters; specific oversight and reporting requirements; and appropriate destruction of telecommunications data obtained or retained.

The Bill would also need to be altered to accord with a number of the Parliamentary Joint Committee on Intelligence and Security’s recommendations in its Report of the Inquiry into Potential Reforms of Australia’s National Security Legislation (http://tinyurl.com/nkpjpbp) from June 2013. For example, to ensure that the mandatory telecommunications data retention regime should apply only to metadata, not content, and that internet browsing data be explicitly excluded. While the Bill attempts to exclude such data, there are real questions as to whether it does so effectively. In addition, by leaving the technical implementation of the definition of metadata to the regulations, what is included can be varied from time to time as directed by the Minister, subject to disallowance by Parliament.

The LCA has made a submission to the Parliamentary Joint Committee on Intelligence and Security on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 and will continue to monitor this important issue as it seeks to uphold an appropriate balance between a secure state and a free nation.


DUNCAN MCCONNEL is president of the Law Council of Australia.

Comments




Leave message



 
 Security code
 
LIV Social
Footer