Australian Parliament Passes Data Retention Law Requiring Storage of User Metadata

Privacy Internet International Regulation
By Jenny Choi – Edited by Katherine Kwong Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 Link to the Full Text of the Bill On March 26th, 2015, the Australian Senate passed the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015. This legislation requires Internet service providers (“ISPs”) and telecommunication providers to encrypt and retain user metadata for two years. On October 30th, 2014, the bill was introduced to the House of Representatives, while it was first introduced to the Senate on March 24th, 2015. According to Yahoo News, Attorney-General George Brandis and Communications Minister Malcolm Turnbull jointly stated that the purpose of the Bill is to ensure national security and provide law enforcement agencies adequate access to the information they need. A summary of the history surrounding the bill is available here. The Wall Street Journal, ArsTechnica, CNET, and Mashable all describe controversies about the bill.  This bill is an amendment to the Telecommunications (Interception and Access) Act 1979. The bill has been controversial because of its possibility of infringing on users’ privacy. Last year, the Court of Justice of the European Union struck down a similar requirement in the EU’s Data Retention Directive, while Edward Snowden’s disclosure about the U.S. National Securities Agency’s mass surveillance has been a hot topic. In light of these events, the new Australian bill certainly attracts a lot of attention, especially amongst civil liberties advocates and legal experts who are concerned about user privacy.  The bill is controversial for several reasons. First, it requires Australian ISPs and telecommunication providers to store two years worth of metadata of all users, including those who are not under any investigations. Second, the bill prohibits a person from disclosing information about the existence or non-existence of a warrant. In the event that a person discloses such information, the penalty upon conviction is two years of imprisonment. As a result, warrant canaries, which signal whether ISPs received warrants, are essentially prohibited.  For example, some American ISPs use their transparency reports to inform how many warrants they received. Due to this new bill, however, Australian ISPs and telecommunications providers will no longer be able to make such statements. Journalists and Australia’s media union have criticized on the bill as impinging upon press freedom, journalists’ privacy, and whistleblower protections. According to Yahoo News, Brandis and Turnbull refuted this criticism by saying, “The bill contains new and strengthened safeguards…no comparable nations will have greater pre-authorisation approval and post-authorisation oversight requirements for journalists.” Similarly, according to CNET, Prime Minister Tony Abbott announced that law enforcement will be required to obtain a warrant to access journalists’ metadata and a government appointed public interest advocate will oversee the warrant issuing process. Although many countries have laws governing privacy and surveillance issues, this bill is significant because it emphasizes the importance of government surveillance when many nations have been giving more weight to privacy concerns. However, given that a recent survey found that 63% of the surveyed people found that this bill was justified for national security reasons, perhaps this bill accurately reflects the Australian perspective on national security and privacy. Yet it will be interesting to see if this bill will have any effects on other nations’ legislation or data retention policies.