Australia passes data retention into law

The Australian parliament has voted to cement the Government's proposed two-year data retention scheme into law.

It today passed the Senate with 43 votes for and 16 against. The bill needs now only receive royal assent - a formality - before officially becoming legislation.

The Senate spent three full days this week debating around 30 concerns - made through 104 individual amendments - to the bill put forward by the Greens, independent MPs Nick Xenophon and David Leyonhejlm, and the Palmer United Party.

The amendments, among others, attempted to introduce provisions for destruction of data after the two years, notification for journalists whose data had been accessed, a reduction in the storage period to three months, and to enshrine the metadata list to be retained in legislation rather than regulation.

The MPs also sought to introduce a 'protected class warrant' for those alongside journalists with sensitive communications (such as lawyers), remove the Attorney-General's powers to dictate approved agencies, and introduce further oversight by the Commonwealth Ombudsman.

Each was systematically voted down by the Coalition and the Labor Party.

The Government gained the Opposition's support for the bill - guaranteeing it safe passage through the Senate - after it agreed to implement 39 recommendations to the proposed legislation, including an exclusion for journalists.

Law enforcement agencies will need to apply for warrants to access a journalist's metadata for the purpose of identifying a source. All other citizen metadata will be open to access without a warrant.

Telcos and internet service providers will now have 18 months to prepare their systems and processes for the scheme, which has been forecast to cost between $188.8 million and $319.1 million to set up, and around $4 per customer per year to maintain.

They will be required to store the non-content data of all customers for a two-year period to aid law enforcement agencies in criminal investigations. Telcos and ISPs are not restricted in where they can store the data.

The metadata list will include, among other things:

• names, addresses, birthdates, financial and billing information of internet and phone account holders;
• traffic data such as numbers called and texted, as well as times and dates of communications;
• when and where online communications services start and end;
• a user’s IP address;
• type and location of communication equipment; and
• upload and download volumes.

Australian governments have mulled a data retention regime since at least 2008.

The proposal properly reared its head in 2012 by the Attorney-General's department under the former Labor Government.

The plan was shelved after the parliamentary committee investigating the proposal claimed it was unable to make a recommendation due to Labor's failure to provide enough detail on draft legislation.

The AGD introduced the idea again under the Coalition Government this time last year In submissions made to the Senate committee investigating a review of the country’s Telecommunications (Interception and Access) Act.