AFP is sharing a lot more telco data with other countries

The amount of telecommunications metadata the Australian Federal Police shared with 21 countries skyrocketed over 2015-16.

The Attorney-General's Department today published its annual report [pdf] into law enforcement agencies' use of the Telecommunications and Interception Act.

The report reveals that the AFP made 53 requests to telcos for access to telecommunications data in order to enforce the criminal law of another country in the year to June 30 2016.

It passed on information on 23 occasions to 21 countries covering Five-Eyes partners like the UK, US, New Zealand and Canada, as well as the likes of China, France, Serbia, Spain and Zimbabwe, among others.

It's a significant increases on the 17 data disclosures the AFP made to 14 foreign countries in the year to June 2014.

'Telecommunications data', or metadata, includes information about a communication, like phone numbers, email addresses, and time and length of a communication.

From October 13 2015 Australia's telcos were required to store this information for two years following the introduction of data retention laws, unless they applied for a maximum 18-month extension, which most did.

The laws also cut down the list of enforcement agencies allowed to access the stored metadata from 63 to 21 from that date.

This reduction likely explains a fall in the total number of requests for metadata made in the 2015-16 year; 63 enforcement agencies made a total of 333,980 authorisations over the period, compared to 349,820 requests in the 2013-14 year.

The vast bulk of the 2015-16 authorisations were made to enforce a criminal law. There were also 2426 authorisations related to pecuniary penalties or protecting public revenue, and 4406 authorisations to help locate missing persons.

Metadata on journalists - obtained via two warrants - was accessed 33 times by the WA Police for the purpose of enforcing criminal law.

The AGD report said 83 percent of all authorisations since the data retention law kicked in until June last year were for data that was less than three months old.

Most of this information involved subscriber and other customer identification information - "commonly used at the beginning of an investigation to identify and eliminate suspects", it said.

Industry has estimated the cost of implementing data retention obligations from October 2014 to April this year to be $198.5 million.

The government made available $128.3 million in grants to a total 180 of 200 telcos who applied for the funding.