AG warns blocking metadata could mean more intrusive practices

The Attorney-General's Department has warned restrictions on telecommunications metadata access by law enforcement could lead to frequent use of more "intrusive powers".

The department argued in a wide-ranging Senate submission (pdf) that tightening access to metadata could also leave innocent people under suspicion for longer, and threaten Australian compliance with an international cybercrime treaty.

It said telecommunications metadata "is often used at the early stages of investigations" to build a picture of a suspect, and eliminate others from being under suspicion.

Restricting metadata access "may compel agencies to resort to more privacy-intrusive investigative methods to collect what is, frequently, preliminary information for an investigation," the Attorney-General's department said.

Intrusive methods may include phone taps, interception or the use of surveillance devices.

"Such powers are not appropriate substitutes for telecommunications data, however, as they would be disproportionate to and inadequate for agencies' investigative needs," the department said.

The department displayed a clear preference for metadata to give authorities a better chance of remaining covert.

"An agency might attempt to use physical surveillance or a surveillance device to determine which provider a person uses and with whom they communicate," the department said.

"Such methods would, however, risk compromising a covert investigation if the surveillance, or the installation, maintenance or removal of the surveillance device, was in any way observed or detected.

"In this fashion, the use of more overt powers is often unsuitable, particularly at the very early stages of an investigation when telecommunications data is most frequently used."

Free pass for cybercrims?

The Attorney-General's department backed concerns by Victoria's anti-corruption commission that valuable metadata could be lost while law enforcement tried to arrange warrants to access it.

Such problems could set back cybercrime investigations in particular, the Attorney-General's Department said.

"Telecommunications data is critical for tracing cyber-attacks across networks and, in particular, for linking IP addresses to a particular subscriber," the department wrote.

It claimed that if the 'Get A Warrant' bill currently before the Senate Committee was passed, Australian agencies would find themselves severely restricted in their ability to share cybercrime intelligence with foreign authorities.

This would put Australia in contravention of its obligations under the European Convention on Cybercrime, to which Australia acceded earlier this year, the department said.

Explaining the 293,501

The bill before the Senate Committee is being driven by the Greens, partially in response to 2011-12 figures from the Attorney-General that revealed 293,501 authorisations for access to metadata.

Greens Senator Scott Ludlam accused law enforcement agencies of "vacuuming this material up" with "no judicial oversight", and raised the prospect of warrants to access this material in future.

The Pirate Party Australia suggested in its own submission to the Committee that the number "equates to one in 75 people having their metadata accessed without a warrant".

But the Attorney-General appeared to indicate the high number of authorisations was simply a by-product of metadata being called on early in the investigation process, suggesting the number of authorisations alone was not indicative of the number of people impacted.

"For example, it is often necessary for agencies to issue multiple authorisations for subscriber data to multiple providers simply to determine what phone, internet and email services a suspect is subscribed to," the department said.

The Pirate Party is one of few dissenting voices to have submitted to the inquiry before the cut-off date of July 31.

It took issue with the early position of law enforcement agencies that the bill, as it stands, would interfere with the capability of agencies to do their jobs.

"The claim that warrantless access to hundreds of thousands of individuals' private data is required for government agencies to continue to do their jobs has not been backed up by evidence," Pirate Party Australia said. (pdf)

The Law Council of Australia also backed the bill, though it raised a number of additional concerns, including the applicability of existing warrant processes to metadata requests. (pdf)

The Council indicated it wanted assurances that existing privacy protections would not be diluted as a result of the Greens' bill.