NEW Australian Metadata Retention Laws

On Tuesday 13 October 2015 new laws came into effect in Australia that require telecommunications service providers (i.e. Telstra, Vodafone, Optus etc.) to retain prescribed telecommunications data.  The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 sets out a statutory obligation for telecommunications service providers to keep this data for a period of two years.

The new law does not give new powers to criminal law-enforcement agencies to access telecommunication data.  It simply obliges telecommunications companies to retain and secure a limited set of records for two years.

Why were these new laws brought in?

Previously, the law did not specify the types of data that telecommunications service providers should retain for law-enforcement and national security purposes or how long that information should be stored for.  Parliament explained that this limited the investigative capabilities of law enforcement and security agencies and, in some cases, had prevented serious criminals from being brought to justice.  Therefore, the retention of telecommunications data will further assist the law-enforcement agencies in their investigations into crimes such as terrorism, organised crime, murder, rape, and kidnapping.

Data is often the first source of information that leads to further investigations.  It assists in eliminating potential suspects and supporting police and other agencies’ applications for more privacy intrusive investigative tools such as search warrants and interception warrants.  Access to telecommunications data also infringes less on personal privacy compared to other investigative methods, as it does not include the content or substance of the communication.

What is Prescribed Telecommunications Data?

‘Prescribed telecommunications data’ is essentially the information about a communication, rather than the actual communication itself.  For example, data around a phone call would provide the information about who you rang and for how long.  The law provides that the data must not include the actual message you emailed or texted, or the conversation you had on the telephone.  It also includes internet activity, including an email address and when an email was sent.

What sort of data will be retained?

The type of metadata required to be retained and secured includes the following types of information:

  1. the identity of the subscriber to a communications service;
  2. the source of the communication;
  3. the destination of the communication;
  4. the date, time and duration of the communication;
  5. the type of the communication; and
  6. the location of the equipment used in the communication.

Who will be able to see my data?

Essentially all criminal law-enforcement and security agencies, including:

  • the Australian Federal Police;
  • a Police Force of a State (i.e. Queensland Police Service);
  • the Australian Commission for Law Enforcement Integrity;
  • the ACC;
  • the Australian Customs and Border Protection Service;
  • the Australian Securities and Investments Commission;
  • the Australian Competition and Consumer Commission;
  • the Crime Commission;
  • the Independent Commission Against Corruption;
  • the Police Integrity Commission;
  • the IBAC;
  • the Crime and Corruption Commission of Queensland;
  • the Corruption and Crime Commission; and
  • the Independent Commissioner Against Corruption.

Under what circumstances can they gain access to my data?

There are three situations where criminal law-enforcement agencies are able to access telecommunications data:

  1. If it is satisfied that the disclosure is reasonably necessary for the enforcement of the criminal law;
  2. If it is satisfied that the disclosure is reasonably necessary for the purposes of finding a person who the Australian Federal Police, or a Police Force of a State, has been notified is missing; or
  3. If it is satisfied that the disclosure is reasonably necessary for the enforcement of a law imposing a pecuniary penalty or for the protection of the public revenue.

If the data does not specifically include what I wrote in a message or said over the phone, then how will authorities use this to solve crime?

Criminal law-enforcement agencies do not always need to read or hear conversations to know what you are up to.  The types of data that agencies can gain access to can allow them to ‘read between the lines’ and make inferences which they can reply upon to obtain further search warrants or interception warrants.  For example, if you are telephoning a phone sex service at 2.24am and the call lasted 30 minutes, law-enforcement agencies may not know what was said, but they would be able to make a pretty strong inference about the conversation from the data they have.