Data retention has always been about a lot more than ‘national security’

Attorney-General George Brandis told us in ­November 2014 the data retention regime ­“applies only to the most ­serious crime, to terrorism, to international and transnational organised crime, to paedophilia, where the use of metadata has been particularly useful as an investigative tool, … only to crime and only to the highest levels of crime”.

The mandatory data retention legislation was duly rushed through the parliament in March 2015 at a time of “heightened national security concern”.

Remember all those flags?

Abbott, Brandis & Dutton press conference
Image: Alex Ellinghausen

But the claim that it was all about national security and child predators, was, of course, far from the complete truth. Telecommunications data — more commonly, metadata — is also extremely useful in identifying the source of government leaks and for tracking down whistleblowers.

It’s been regularly accessed for this purpose, including by ASIO, and it was just such an attempt to identify the source of a leak to the press that got the Australian Federal Police into such dramatic trouble last week.

So, let’s be clear, data retention is, and has always been, about a whole lot more than identifying jihadists and child predators.

It was only last-minute pressure from the journalists’ union — the MEAA — and a number of news organisations that resulted in the addition of a requirement for any access to the retained data of a journalist to require a warrant.

At the time much was said about the critical role of journalists in the democratic purpose, including from then-communications minister (and one-time journo himself) Malcolm Turnbull, who explained, “the work journalists do is just as important in our democracy as the work that we do as legislators”.

Yet, curiously, politicians were not given the same level of protection (it’s pretty clear most of them are yet to realise this). Nor were lawyers, doctors or counsellors. Or, for that matter, the rest of us mere citizens and residents of Australia.

As Friday’s mea culpa from the AFP demonstrates, the practical ­reality is that it’s impossible to provide special protection to any subset of the population in the context of an indiscriminate data retention scheme.

In defending his decision not to take any action against the officers who illegally accessed the phone records of an as-yet-unidentified journalist, AFP Commissioner Andrew Colvin said they “did not realise they were required to obtain a warrant to access the journalist’s metadata … There was no ill will or malice or bad intent by the officers involved who breached the Act. But simply it was a mistake”.

This suggestion the “investigating officers” were unaware of the requirement for a warrant is ludicrous. First, this requirement has existed for 18 months (since October 2015). Second, these are “Professional Standards” ­officers (or what is known as Internal Affairs in TV land). They’re the cops who investigate the cops. Presumably, they’re supposed to know the rules better than anyone. And we know the AFP conducted training because Freedom of Information requests by The Guardian have produced the slides.

AFP training slide

All the officers had to ­remember were the words “journalist” and “warrant”.

But even if it were inadvertent it is a clear demonstration of just how ineffective it is having an extra level of protection for one subset of society.

And it is a very long-established principle in criminal law that ignorance of the law is no defence.

It’s also worth noting there are a number of criminal sanctions defined in the data retention legislation that carry a two-year jail term, including the disclosure of “the existence or non-existence of such a warrant”.

I see no reason why the same penalty shouldn’t also apply to unauthorised access to this data.

The telcos/ISPs that receive these data access requests have no way of knowing which of their customers are journalists. So they’ll dutifully process them as they would the other 99 per cent of requests that don’t require a warrant.

The only way to achieve meaningful protection from malicious or inadvertent access to this data is to introduce a warrant requirement for ALL requests for access to data.

But critics will argue that “would make law enforcement grind to a halt”. Would it? Really? Most EU countries already require some form of independent authorisation for access to telecommunications data.

It’s clear that law enforcement in this country has grown used to using telecommunications data in almost all investigations for the simple reason that it’s been available to them without any meaningful controls, ­regardless of whether it’s useful or not. It’s time that we introduced some meaningful controls.

The only effective protection for anyone is protection for everyone.

The government must therefore legislate to extend the warrant ­requirement for access to retained telecommunications data to the ­entire population without delay.

This opinion piece by EFA’s Executive Officer Jon Lawrence was originally published as “National security? Data laws misused to spy” in The Daily Telegraph on Thursday 4th May 2017.

If you agree that warrants should be required for all access to retained telecommunications data (‘metadata’) then please sign our petition.