Government softens stance on data retention

Extends laws to comply with the Council of Europe's Convention on Cybercrime.

The Australian Government appears to have softened its stance on data retention, introducing a bill today that requires ISPs and carriers to comply with Government orders to preserve data on persons suspected of committing serious crimes.

This morning Attorney-General Robert McClelland gave the first reading in Parliament of the Cybercrime Legislation amendment bill of 2011, which extends the surveillance powers of the Government in order to comply with the European Convention on Cybercrime.

Specifically, the legislation requires carriers and service providers to store data pertaining to persons suspected of committing serious crimes for ninety days upon receipt of a "preservation notice" by law enforcement authorities.

This allows the law enforcement authority time to investigate the matter and seek a warrant to access the data.

A preservation notice is confined to serious offences - such as any offence against a law of the Commonwealth, a State or a Territory that is punishable by imprisonment for at least three years.

Data covered by the legislation is loosely defined as "stored communications and telecommunications data", a deliberately broad definition that encompasses "computer data", email, and SMS messages - remaining "technologically neutral" to remain relevant in the future.

In particular the Bill:

• requires carriers and carriage service providers to preserve the stored communications and telecommunications data for specific persons when requested by certain domestic agencies or when requested by Australian Federal Police on behalf of certain foreign countries.
  
  
• ensures Australian agencies can obtain and disclose telecommunications data and stored communications for the purposes of a foreign investigation.
  
  
• provides for the extraterritorial operation of certain offences in the Telecommunications Interception Act.
  
  
• broadens the scope of computer crime offences in the Criminal Code Act 1995, and
  
  
• creates confidentiality requirements in relation to authorisations to disclose telecommunications data.

A compromise?

Internet Industry Association chief Peter Coroneos said the bill should appease members concerned about the potential introduction of a wider data retention bill that would have required all communications to be stored.

“While we are still working through the detail of the Bill, we are happy that the Government opted for a data preservation approach to evidence gathering,” Coroneos said.

This contrasts with earlier proposals for a blanket data retention regime, he said.

“Data preservation achieves that important balance between the legitimate needs of law enforcement to obtain evidence against the privacy rights of internet users generally, and avoids the huge cost and security issues that a wholesale retention regime would entail,” Coroneos said. 

The carrier will breach its obligations under section 313 of the Telecommunications Act 1997 if it does not comply with a preservation notice.

Types of 'preservation' notices

Three types of preservation notices are provided in the Bill:

• historic domestic preservation notices (which preserve communications held by the carrier on the day the notice is received that might assist the organisation that issued the order in carrying out its function of obtaining intelligence relating to security or a contravention of certain Australian laws for up to 90 days).
  
  
• ongoing domestic preservation notices (which preserve communications held by the carrier during a 29 day period after the notice is received that might assist the Organisation in carrying out its function of obtaining intelligence relating to security or a contravention of certain Australian laws for up to 90 days),  and
  
  
• foreign preservation notices (which cover stored communications held by the carrier on the day the notice is received that might relate to a contravention of certain foreign laws).

Checks and balances

Section 161 of the Telecommunications Interception Act (TIA) provides checks on the operation of the new surveillance regime, which requires the relevant Minister to report once every year on the use of stored communications warrants. 

Subsection 162(1) of the TIA Act sets out that, in relation to each enforcement agency, the report must include statistics about all applications, including telephone applications, for stored communications warrants made during that year.

In addition the Ombudsman will be able to inspect the new preservation regime.

A treaty

The Bill enshrines requirements of the Council of Europe Convention on Cybercrime (the Convention) to which the Government previously agreed to accede.

Australia's intention to accede to this convention was openly criticised in a Senate Committee in April this year. But the Joint Senate Committee on Treaties endorsed the Convention in May, stating that it expected sufficient safeguards to be put in place to address legitimate “fears about invasion of privacy, with potential threat to human rights and civil liberties”.