The Government’s plan to introduce mandatory data retention has failed to win the approval of a Senate committee tasked with scrutinising proposed legislation, which yesterday labelled it ill-defined and far-reaching.
The Senate Standing Committee for the Scrutiny of Bills assesses legislative proposals against a set of accountability standards including the effects of the bill on individual rights, liberties and obligations, the rule of law and parliamentary propriety.
It most recently turned its gaze to the Government’s proposed Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, introduced by Communications Minister Malcolm Turnbull in late October.
The bill prescribes that telecommunications service providers retain a specific dataset on each customer for two years, to be made available to law enforcement agencies without a warrant - but offers no other specific details on the dataset to be retained, putting off that task until the release of future “supporting regulations”.
The scheme has been highly criticised by members of the telecommunications industry and privacy advocates, as well as a parliamentary committee tasked with applying the Human Rights Act to new legislation, which recently said it limited free speech, was open to misuse, and went beyond what is necessary to fight crime.
The Senate scrutiny committee - made up of three Coalition MPs, two Labor MPs and a Greens MP - has now lent its voice to the chorus of critics opposing the bill.
It yesterday [pdf] reported that the Government's decision to prescribe the dataset and law enforcement agencies involved in "supporting regulations" rather than the bill iself gave the Government too much autonomy to decide data will be retained and who will be able to access it.
“The explanatory memorandum justifies the delegation of legislative power on the basis that this is necessary to ensure that data retention obligations remain ‘sufficiently flexible to adapt to rapid and significant future changes in communications technology’,” the committee reported.
“In light of this, the committee does not consider paragraph 187A(1)(a) to be an appropriate delegation of legislative power. As noted by the Parliamentary Joint Committee on Human Rights (PJCHR) … a scheme which requires that data be collected on every customer ‘just in case that data is needed for law enforcement purposes is very intrusive of privacy’.
“Given this, it seems appropriate for Parliament (not the executive) to take responsibility for ensuring that the scheme is adequately responsive to technological change in the telecommunications industry.”
The committee said while it accepted that regulation-making powers were occasionally justified by the necessity to build in scope for flexible regulatory responses to changing circumstances, in this instance such a significant matter should be included in primary legislation and not in supporting regulations.
It also raised concerns about potential for the dataset to be expanded under the current arrangement. The proposed scheme - which it called “highly intrusive of individual privacy” - was arranged to allow for the expansion of the obligations on carriers in line with innovations and convergence in the telco industry.
The Government’s rationale behind this was to ensure the regime remained on top of rapid changes to communications technologies, security threats and business practices, the committee said - but again, such a significant matter should be addressed by specific policy, not ad-hoc regulations.
“The committee recommends that consideration be given to amending the bill to provide that these important matters are dealt with in the primary legislation rather than allowing for expansion of the scope of obligations by delegated legislation,” it reported.
Similar concerns were raised about the Government’s attempts to give itself the ability to add to the list of law enforcement agencies able to access the data retained under the scheme, by giving the Attorney-General the power to decide outside of the legislation which bodies fall within its scope.
“The statement of compatibility suggests that the ‘ministerial declaration scheme reinforces the right to privacy in that it ensures that enforcement agency access to telecommunications data is strictly circumscribed and subject to ministerial scrutiny’,” the committee wrote.
“However, given the highly intrusive nature of the scheme, it may be considered that any expansion of the agencies that can access telecommunications data should be determined by Parliament not legislative instrument.”
It called on Attorney-General George Brandis to provide advice on why he alone should be able to increase the number of agencies allowed to access the data, and whether increased parliamentary oversight of his decisions should be built in to the scheme.
The committee also warned that the Government’s failure to clearly define what it constituted as the “content” of communications for the purposes of excluding it from the bill meant a real risk that “personal rights and liberties will be unduly dependent on insufficiently defined administrative powers”.
“The committee therefore recommends that consideration be given to amending the bill to provide a clear definition of ‘content’ in the primary legislation," it said.
PJCIS kicks off review of bill
The committee's comments come as the Parliamentary Joint Committee on Intelligence and Security announced the commencement of its inquiry into the bill.
The PJCIS had looked into an undetailed data retention scheme proposed by the former Labor Government in 2013, but was unable to make any concrete recommendations on the proposal given the lack of draft legislation.
It did, however, recommend that any draft legislation should, among other things, exclude content, limit the retention period to two years, allow for oversight by the Inspector-General of Intelligence and Security, and ensure any costs incurred by providers are reimbursed by the Government.
Committee chair, Liberal MP Dan Tehan, said the PJCIS would consider the "appropriateness of the data retention regime" and its "application to the investigation and prosecution of serious criminal offences and to countering threats to national security".
"Safeguards and oversight will be a key focus for the committee," he said in a statement.
The committee will take submissions on the bill until January 19 next year, and expects to report on its findings by February 27 2015.
Public hearings will be held on December 17, and January 28 and 29, the committee said.