Speaking on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015

The starting point for all MPs in considering matters such as this is that national security is the first obligation of any sovereign government. As such, it should transcend the day-to-day rancour of partisan politics.


Of course, that does not obviate the need of all members of this place to carefully scrutinise the details of every piece of legislation. It does not mean that you merely need to attach the words 'national security' to a policy proposition or a bill to ensure bipartisan support for that proposition.

Indeed, on this side of the House we reflect upon the words of the great Ben Chifley who said to Prime Minister Menzies, in the midst of our nation's greatest challenge when the war in the Pacific broke out, that he offered full support to our troops and to the government in the support of the security of our nation, but that did not mean that he would not offer patriotic criticism when he believed the details of the government's strategy, or the implementation of that strategy, had gone wrong. We, on this side of the House, offer the government patriotic criticism when we believe that they have mishandled either the debate, the drafting of the legislation or the process of that legislation through the parliament.

This is one of those circumstances where patriotic criticism is needed because from the beginning of this matter—when in August last year the Prime Minister and the Attorney-General announced their intention to introduce into the parliament legislation which would mandatorily require the retention of data—they mishandled it from beginning to end. We saw the disastrous press interview with the Attorney-General, who struggled over an excruciating 30 seconds that felt more like 30 minutes to define what metadata was all about, only to be rescued by the communications minister about a week later. At no point between then and now has the government regained its composure when attempting to deal with the public debate around this matter.

It has fallen to Labor, in many respects, to do the right thing by the parliament and by the country—to look at this legislation on its merits, to point out the obvious short fallings and to ensure that we can improve it where it needs to be improved. Had the government not mishandled the debate so tragically, they could have pointed out a raft of things which we believe need to be injected into the public debate. For example, the original proposal sought to mandate the retention of data but not the regime for accessing it. It was only after stern advocacy of Labor members of parliament that the bill was widened in its scope.

Throughout that debate, and over the last nine or 10 months when we have been gripped by this issue, at no point in time was the government able to clearly articulate to the Australian people the amount of data that is currently stored by telecommunications companies, including internet service providers and others. At no time during the debate have they pointed out that in many respects this data is already stored. What their original proposal was trying to do was to put in place a standard regime for the storage of that data. At no point during the debate did they point out that at the moment there are thousands and thousands and thousands of applications per year to access the details of that metadata. I am advised that in 2012-13 alone over 320,000—that is right, over 320,000—applications were made by law enforcement agencies and other government authorities for access to the data which is the subject of this debate before the House today. Some of those applications for data, indeed over one-third of them I am advised, came from the New South Wales Police Force.

Some of those applications were for a good cause. I do not think that there is any right-thinking member of this House or in this country who would disagree with that. For example, when the Victorian police force were trying to track down the person who was responsible for the grisly murder of the ABC journalist Jill Meagher, nobody—no right-thinking person—would have criticised the Victorian government for using metadata to be able to match up the location of the perpetrator and the location of the victim in the one vicinity, and therefore being able to relatively quickly track down the man who was subsequently found guilty of that horrible murder. No right-thinking person would say that is an inappropriate use of a law enforcement agency's access to that metadata. That was not explained sufficiently, and as a result there has been enormous misunderstanding about it. I pointed this out as a very valid access by a law enforcement agency to metadata.

Many of us can point to equally dubious requests or attempts to access that metadata. We have heard of examples of the Queensland police spying on its own employees, trying to find their location when they were not reporting for duty, for example. We have seen councils using metadata to spy on their staff.

The member for Melbourne Ports reminds me that this was something that occurred at the Bankstown City Council, where I believe that they were using access to metadata to find out whether people were dropping their McDonald's wrappers and other litter around the streets of the municipality. I am sure a lot of people would look at those sorts of examples, scratch their heads and say, 'Is this the intention? Where is the national security imperative in allowing access to data for these sorts of purposes?'

The completely cack-handed mishandling of this debate has allowed a misunderstanding to occur, and it has also meant that the focus has been on the wrong issue. I have had a long history of dealing with telecommunications companies in this country in many different capacities. I know that for billing reasons, for example, and for resolving disputes between wholesalers and retailers and between customers and the telecommunications companies, they do keep this data, sometimes for two years; sometimes for much in excess of two years. Much of that data is kept, not always in a standard form. The inability of the government to clearly articulate these issues and what it was trying to do and then put a proper set of constraints around its proposal has meant the debate has completely gone off the rails. Labor has had to do the right thing by the country and the parliament to try and bring the debate back and the legislation back to a sensible proposition. We have put in a lot of effort, through the PJC process amongst other processes, to ensure that the obvious defects in this legislation have been remedied. I have to say that that is consistent with the approach that we have taken in this place with the foreign fighters bill when that was brought before the House and the counterterrorism legislation amendment bill—an approach that we have continued to follow.

If I take you through some of the concerns that we had had with the original bill and the action that has been taken by Labor members, both in the PJC process and in our discussions with the government, you will see where the obvious deficiencies in the bill have, in some part, been remedied and why more work is yet to be done. For example, in its original form, the bill left the definition of metadata and the datasets to be retained in regulation, setting very loose parameters on the matters which were to be prescribed. We thought that this was not good enough and that there needed to be a definition of metadata—what was metadata and what was not metadata—in the bill itself, and that has to some extent been remedied by the legislation before the House today. In its original form, the bill limited access to retained data to a list of agencies. The government have made a lot of noise about this change, saying that access was not going to be granted willy-nilly to a whole range of agencies—and we reflect upon the Bankstown City Council example that the member for Melbourne Ports reminded me of just now—but it left a huge back door by allowing the Attorney-General a broad discretion to add to that list of agencies or individuals who may have access to that metadata. We thought that that was not good enough. If the data is to be stored in a mandated form, this is an opportunity for us to put more protections into the existing deficient regime around who and under what circumstances a person can have access to that metadata.

A third deficiency was that the government's bill did not prevent retained data from being accessed in ordinary civil litigation. If the purpose of this bill is to provide our law enforcement agencies, and particularly our national security agencies, with another arrow in their quiver, then we must put some fences around this, and that does not extend to every civil litigant or defendant in this country having access to metadata for God knows what purposes in whatever litigation. That is not a proper purpose for accessing this sort of information.

The original bill did not provide for individuals to access their own data. It has been a consistent principle of privacy legislation since it was first introduced into Australia that citizens have a right to know the information that is being recorded and is being stored when that information pertains to them. That is an issue that has been remedied by amendments pursued by Labor members. In particular, I want to point out the importance of ensuring that individual citizens are notified if there has been a breach that affects their data. If there has been a security breach and their data has been impacted, the very least obligation that the government has in this respect is to ensure that the individual is notified of such a breach.

The original bill made no provision for encryption of data, even though it had been recommended in an earlier inquiry. The bill was silent on who would bear the costs of the regime—that needs to be remedied—and the government's bill provided no sufficient oversight and no guarantees that the ombudsmen having an oversight role would be sufficiently funded to perform that oversight function.

Many who have followed the national security debates and the relationship between national security agencies and this parliament would know that, on the Labor side of parliament, we have long advocated for a greater role in scrutiny by parliament and the committees of this parliament of national security agencies. We take the opportunity of this matter being before the parliament to say that we will introduce a bill to enhance the oversight powers of the PJCIS in respect of operational matters, because we think it is right and proper that the citizens of Australia, through their elected representatives, have oversight of our security agencies.

In the time left to me I want point to two issues that are of continuing concern. Firstly, press freedom. In the last parliament we saw the champions of the free press, in response to the Finkelstein report, thick on the ground from the coalition parties. They have been absent in defending the freedom of the press. Labor takes a different view: if there is to be metadata mandatorily stored, access to a journalist's metadata must be by warrant. That must be a feature of the legislation if we are to support it in the Senate.

As the former Director-General of Security, David Irvine, said last year: unless you deal with the issue of where it is stored, we do not have confidence that this regime can protect the data that we are requiring to be stored