The Coalition Government has introduced legislation governing the mandatory retention of telco metadata into Parliament - a bill that does not provide any explanation of what data is to be stored.
The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 was introduced by Communications Minister Malcolm Turnbull into the House of Representatives this morning, and was immediately referred to the parliamentary joint committee on intelligence and security for scrutiny prior to a vote.
The bill prescribes that telecommunications service providers must retain a yet-to-be-detailed dataset on each customer for two years, to be made available to law enforcement agencies without a warrant.
The specific details of the dataset to be retained will be outlined in future “supporting regulations”, the bill advises.
Turnbull said consultation on the bill will be undertaken over the next few weeks in partnership with industry to set out the technical details of the dataset and the cost to telcos of meeting their obligations under the bill.
The bill does outline a handful of types of information service providers will be required to store, including subscriber details and devices under an account; the source and destination of a communication; the date, time and duration of a communication; the type of communication; and the location of the line, equipment or telecommunications device.
Turnbull reiterated that, contrary to earlier comments by two of his fellow Cabinet members, the bill would expressly exclude a user’s web browsing history from being retained.
The bill also redefines the type of agencies allowed to access the information - which under current legislation extends to the likes of the RSPCA and local government - to specify agencies involved in criminal law enforcement.
The list of those able to access the data will be narrowed to interception agencies (federal, state and territory police and anti-corruption agencies), Australian Customs and Border Protection, and those declared by the Attorney-General as criminal law enforcement agencies, such as the AFP and ASIO.
Service providers will be able to seek an exemption from data retention obligations under the bill, and will be able to apply to the Communications Access Co-ordinator to be excused from either retaining metadata at all; retaining specific metadata; or retaining the data for the designated two year period.
The Commonwealth Ombudsman will be given oversight of an agency’s compliance with its obligations under the proposed bill, which will include auditing the use and access to the data retained.
“The proposed Ombudsman oversight of the telecommunications data regime recognises that access to telecommunications data by enforcement agencies potentially impacts on the privacy of persons whose data is being accessed,” the bill states.
“A comprehensive oversight regime for telecommunications data will assist in ensuring that use, access or disclosure of telecommunications data by enforcement agencies, including retained data, for purposes set out in Chapter 4 of the TIA Act, is subject to independent compliance assessment.”
Service providers will be given 18 months to develop implementation plans - setting out how the company will achieve compliance for the scheme - and submit them to the Communications Access Co-ordinator (the CAC) for approval.
The implementation plan is designed to ensure service providers comply with their obligations and develop “cost-effective solutions to their data retention obligations by, for example, aligning the implementation of such solutions with a provider’s internal business planning and investment cycles”.
The Government expects to make a “substantial contribution” to the cost of the data retention regime - which members of the telco industry have put at hundreds of millions of dollars - but did not provide a funding structure or amount.
The parliamentary joint committee on intelligence and security will report on the effectiveness of the scheme three years after the completion of its implementation, and the Attorney-General’s Department will report annually on the scheme.
The committee is understood to have been given several months to report on the bill, meaning it will not be pushed through parliament before the end of the year.
Shadow Communications Minister Jason Clare and Shadow A-G Mark Dreyfus will join the panel for the purpose of scrutinising the bill. They are understood to be replacing Labor senators Stephen Conroy and Tanya Plibersek.
The introduction of the legislation comes despite heavy and ongoing criticism of the scheme by the telco industry, the Australian Greens and several independent MPs, civil liberties and privacy groups, and members of the Labor opposition.
As recently as yesterday, the parties continued to call on the Government to publish an exposure draft of the legislation prior to its introduction to allow scrutiny of what they say is a murky scheme.
More to come...