There comes a point, when the safety of the Australian people is at stake, that the Government is obliged to step in – when the Government has no choice but to make firm decisions to help safe-guard our country against those who would destroy our free, democratic way of life.
We are blessed with having incredible communications technology – technology that lets us speak instantly with family across the world; technology that lets us download our favourite movies and music in mere minutes; technology that crosses national, and cultural boundaries, and lets us ‘tweet’ or ‘blog’ about our lives to a potential audience of billions.
But not everyone is using it for good. There are groups out there who use this same technology to commit crimes – to steal personal information, to distribute child pornography, and to plan terrorist attacks.
These aren’t just pie-in-the-sky, far-off fantasies – they are happening on our shores and in our own backyards.
Against such a faceless attack, national security becomes everyone’s responsibility. Every Australian man, woman and child, every business owner, every company, every agency has to play their part.
The resources of our national security agencies – ASIO, ASIS, and the AFP – are limited. It would take obscene amounts of money, time and other resources for them to cover every base.
We need a ‘whole-of-country’ effort and, against these threats, we need metadata.
Metadata is the who, when and where – not the content – of communication. It’s information such as an email address or telephone number and the time the email was sent or the call was made.
It does not include the content of the communication – not even the email subject line.
The Government already works with our major telcos – Telstra, TPG, Vodafone and the like – to fight crime on an international, electronic level using metadata.
In fact, the amount that metadata is used in investigations already would probably surprise you.
Between July and September last year it was used in:
- 92 per cent of counterterrorism investigations,
- 100 per cent of cybercrime investigations,
- 87 per cent of child protection investigations, and
- 79 per cent of serious organised crime investigations.
I rise today to say: we support this amendment; we support data retention; and we will support our country to fight against those who will technology to commit crimes against us.
Data retention and EUROPOL’s Operation RESCUE
The value of data retention was seen most recently in a EUROPOL child exploitation investigation called Operation RESCUE.
The perpetrators involved shared much of their information online, and so physical evidence was hard to get.
In the UK, which has data retention laws, authorities were able to identify 240 of 371 suspects – two thirds of them –using telecommunications data. The police stings that followed led to 121 arrests and convictions.
Compare that to Germany, which has no data retention laws. In the very same operation, 377 suspects were believed to be living in Germany, but German authorities were only able to positively identify seven…less than 2 per cent! They also weren’t able to gather enough evidence to arrest or convict a single person.
The same situation was repeated in Austria, Sweden, the Czech Republic and Norway which, at the time, did not have data retention laws.
Had these countries had legislation in place, they would have been able to potentially convict hundreds of child molesters.
But, because police could not access the metadata they needed, those predators are still out there.
Do we want to find Australia in a similar situation? I think not.
We need to have the foresight to support our law enforcement authorities in fighting against crime, espionage, cyber-attacks, and terrorism.
We need to learn from the experience of our European friends…not repeat their mistakes.
Paedophile rings in Australia
Our law enforcement heroes depend heavily on data retention and metadata for catching paedophiles.
Just last year the AFP received a tip-off regarding a person suspected of uploading child pornography to an image-sharing website.
The AFP sent the IP address to the relevant Telco and were able to identify the subscriber and their location.
With that information, they gained a search warrant of the individual’s home where they found a large amount of child pornography material AND information indicating possible abuse.
That man is now behind bars – thanks to our police being able to use metadata.
Now consider this: Again last year, the AFP received information from Interpol about a suspect who had made a statement online that they intended to sexually assault a baby.
Interpol provided the IP address details to our police BUT because the Australian carrier only kept their metadata for seven days, the suspect was able to disappear into the dark depths of the web.
This is precisely WHY data retention is a vital asset. It is a front-line defence against criminals, and an invaluable tool to hunt them down.
Data retention is needed against terrorism
If we don’t make these amendments to enforce that metadata be kept for two years, our own law enforcement agencies will no longer be able to do their job effectively.
The NSW Police Commissioner recently said: “there’s not a terrorism investigation since 9/11 that hasn’t relied on metadata.
He said: “This information is available RIGHT NOW. All we’re saying is keep it for a little longer.”
We need to accept that there IS a risk out there. We’ve already seen that, despite our physical distance from other countries, terrorists are targeting Australians.
It happened in Bali in 2002 and 2005. But it’s happening on our own soil, too, and now.
We know of at least 90 Australians actively involved with terrorist groups in Iraq and Syria, and another 140 on-shore actively supporting them.
We can’t afford to stick our heads in the sand, and block our ears. We can’t vainly hope that our distance from other countries will always protect us. We can’t continue to believe – when all the evidence indicates otherwise – that “she’ll be right, mate”.
There have been some very specific concerns by the public about our push for data retention.
One of my constituents from Cairns, Mr Trent Yarwood is a member of the organisation Future Wise. He argues there is: “…no provision for the privacy of the data in the bill, and no provision for the law enforcement agencies to fund storage of this…data, or to securely delete it once access is no longer required.”
Mr Yarwood says he and the Future Wise team are concerned about the “Effectiveness of the proposed…regime” as well as a number of “Secondary impacts of the Bill” which he says include:
- The impact on personal privacy and presumption of innocence;
- Warrantless access to personal data;
- Cost implications for internet service providers and end users; and
- That the length of retention period is not necessary or proportionate.
I certainly appreciate Mr Yarwood’s comments, and have forwarded them to the Minister’s office. But, in the meantime, I want to make a few points in response to his concerns.
Personal privacy and the cost of the regime
The Government is not asking internet service providers to keep any data that would reveal their web-browsing history. We are also not asking for the content or substance of emails or social media posts. We’re only asking telcos to keep certain, specific metadata – the ‘who…when…and where’ of communications – for two years to assist with criminal or national security investigations.
My constituent Mr Yarwood talked about the cost. I can tell you the estimated upfront capital cost of this regime to all of business is less than $319.1 million… less than one per cent of the $43 billion in revenue generated by the telecommunications industry each year. This government has also constantly said that we will make a reasonable contribution to this.
Mr Yarwood talked about personal privacy. It’s our top priority… which is why this Bill proposes several safeguards:
- Firstly, the data will continue to be held by the industry.
- Secondly, only specific government agencies will be able to request access, and only in specific circumstances.
- Thirdly, there will be multiple oversight bodies in place to make sure that agencies respect those controls.
We also recognise that the principle of freedom of the press is fundamental to our democracy. That’s why the Government is open to further measures to protect journalist sources, and I’m aware that these conversations are continuing. We’ve decided that a further amendment will be moved, that will require agencies to obtain a warrant in order to access a journalist’ metadata for the purpose of identifying a source.
But most importantly, this legislation is not about identifying journalist’s sources. It’s about making sure our security and law enforcement agencies continue to have access to metadata.
Who can access the metadata, and how are they held accountable?
The Telecommunications Interception and Access Act 1979 already provides a framework that governs who can access the data. But we’re going further. We’re reducing the number of agencies that can actually apply to access this data from 80 down to around 20.
Our law enforcement officers can’t just trawl through telecommunications data whenever they like – that would be a criminal offence, and they could be charged.
Data has to be ‘reasonably necessary’ – not just ‘helpful’ or ‘expedient’ – for investigating criminal offences and other permitted purposes. Our federal law enforcement agencies are subject to Ministerial oversight, Senate Estimates, Parliamentary Committee inquiries, and the Australian Commission for Law Enforcement Integrity.
Finally, requests for information by law enforcement agencies from telcos are:
- reported annually,
- released publicly,
- and subject to oversight by the Commonwealth Ombudsman.
Having these layers of independent oversight means any agency that accesses the data is subject to intense scrutiny. So as you can see, we aren’t taking ANY risks with this telecommunications metadata.
We need it to conduct criminal investigations, but the data will be held behind lock-and-key and only accessed when absolutely necessary.
Before I finish, I want to acknowledge the recent inquiry into this Bill by the Parliamentary Joint Committee on Intelligence and Security. As you know, this committee was bipartisan. Both Liberal and Labor came together to unanimously create a Bill that protects Australians from those who would harm us while also protecting our privacy.
The Committee’s inquiry made 39 recommendations, and I am pleased to say we will be supporting ALL of them moving forward.
This amendment is a string in our law-enforcement bow that will require telcos to keep specific metadata for two years. It is a vital measure to help us, as a country, stop online criminals. Not the petty pirates who illegally download Game of Thrones or the latest Hobbit movie, but the hard-core criminal organisations who engage in child exploitation, identity theft, and terrorism.
We cannot wait until a major crime occurs – against an Australian child, against an Australian family, or against our country. We need to put processes in place so that we have a strategic defence against tech-savvy terrorists, and so that our law enforcement agencies can respond quickly and effectively against threats to our Australian way of life. The law has strong safeguards in place to protect our own citizens, and measures to ensure only those who need access to the data, for major law enforcement activities, can see it.
The only people who need to be concerned about these amendments are major criminals. And to them I say “Australia will be ready.”
To view the official Hansard, please see below.