Fairfax Media is today reporting that Australian police are receiving metadata dumps from mobile phone towers. These data dumps provide information about "the identity, activity and location of any phone that connects to targeted cell towers over a set span of time, generally an hour or two. A typical dump covers multiple towers, and mobile providers, and can net information about thousands of mobile phones."
Access to this information is no doubt of great assistance to police, particularly, as Fairfax points out, when 'they have few leads', as it allows them to undertake fishing expeditions (defined by Cambridge Dictionaries Online as 'an attempt to discover the facts about something by collecting a lot of information, often secretly').
Such access however tramples all over the privacy of thousands of innocent bystanders, and can therefore be justifiable only in the most extreme circumstances, if ever, particularly as there is no requirement on the part of agencies accessing such data to delete it. This information of course includes the location of the mobile phone, and is generated whenever a mobile phone is switched on and has a valid network account. The only way to avoid having this information collected is therefore to switch the phone off.
In a related story, analysis of the documents released by Edward Snowden shows that 90% of the individuals whose communications were intercepted by the NSA were 'non-targets'. The percentage of 'non-targets' whose metadata will be provided to police in a mobile phone data dump will likely be in excess of 99%.
The legislation which provides this access to police, the Telecommunications (Interception and Access) Act 1979 is currently being reviewed by the Senate Legal and Constitutional Affairs References Committee. EFA has provided a submission [PDF, 561KB] to the Committee, which concluded that," [t]he law needs to be reformed so that citizens’ rights, especially the right to privacy, are better protected. The TIA Act should place tighter regulations on who can access data." EFA will also be appearing before the Committee to give verbal evidence, later this month.
At present, an alarming range of organisations are able to request metadata under the TIA Act, including organisations such a local councils, the RSPCA and Australia Post, and there was a total of over 330,000 such requests in the 2012-2013 year, the latest for which information is available.
Much tighter regulations on both the range of organisations that can access such data and the thresholds that must be met to do so are urgently required. Unfortunately, however, the police and other government agencies are seeking more access, including a requirement for mandatory retention of such data for up to two years.
Meanwhile, the Attorney-General is about to introduce legislation to further extend the surveillance powers of the intelligence agencies.
EFA is committed to protecting the privacy and presumption of innocence for all Australian citizens, residents and visitors. We are working hard to ensure that appropriate limitations are placed on surveillance powers, that meaningful oversight is achieved and that there is greater transparency about the types of activities undertaken by our law enforcement and intelligence agencies.