The Federal Government is proceeding with legislation that requires telecommunication companies to store metadata for two years to combat cyber crime and disrupt technology being used by terrorist organisations.
The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 amends the Telecommunications (Interception and Access) Act 1979, which allows law enforcement agencies to access metadata.
It is part of a broader plan to keep pace with technology and the government is also investing in the Data to Decisions Cooperative Research Centre (d2dcrc) to increase the efficiency and capabilities of the country’s national security agencies.
"There is a lot of evidence that shows a wide range of groups – terrorist organisations and protest groups – utilise technological infrastructure."
– Dr Matthew Sorrel, of the University of Adelaide
What is metadata?
Dr Matthew Sorrel, a senior lecturer at the University of Adelaide and expert in cyber crime, said metadata is “data about data... but unfortunately, the government has befuddled the explanation.”
The explanation is now in the reading of the Act, and includes such information as: the source of a communication; the destination of a communication; the date, time and duration of a communication; the type of a communication; and the location of equipment used in the communication.
“A good example is a phone record that reveals your identity, where you are and what call you made (that is, what number you called),” said Dr Sorrel.
“It’s info that ‘telcos’ (telecommunication companies) need to store anyway to run an efficient business for authentication and non-repudiation. Metadata is a good thing for consumers, as (it ensures) you are being billed for what you use.”
“The difference is the ‘telcos’ (now) have to keep it for a period of time beyond what the ‘telcos’ need to (which is two years after the communication took place). There is a period of time you can dispute a bill - about 90 days - but if there is a reason to look into that info, currently you’re limited as an investigation agency,” Dr Sorrel said.
“(Metadata) assists investigations in establishing if there was communication between people – it helps build a picture of what was going on... (But) it can also be used to establish an alibi or defence, to prove you were on the phone to someone else or in a different place – it cuts both ways.”
“This legislation is attempting to keep up with reality.... There is a lot of evidence that shows a wide range of groups – terrorist organisations and protest groups – utilise technological infrastructure... (The legislation) ensures that law enforcement and security agencies can access that info through lawful means,” he said.
The leading lawyer who stood down as the Independent National Security Legislation Monitor last year, Bret Walker SC, supported metadata legislation during an Australian Human Rights Commission symposium on free speech. "As long as we have applied protections, I don't see how in relation to counter-terrorism there should be a denial to authorities of the capacity which has proven so useful in the past to understand patterns of communication of those who, to my certain conviction as we speak, are plotting to hurt us," he presented to the symposium.
The costs and benefits of metadata storage
A joint press release by the Attorney-General, George Brandis, and Minister for Communications, Malcolm Turnbull, said, “This Bill does not provide any additional powers to law enforcement or intelligence agencies, nor does it give them any capacity to access metadata beyond what they already have. The Government will, however, significantly reduce the range of agencies which can access metadata to those with a clear need, such as law enforcement and security agencies.”
Telecommunication companies need to maintain all current data storage practices and have two years to implement further strategies, of which the government will meet “reasonable” costs, the press release said.
Metadata was the subject of an inquiry by the Parliamentary Joint Committee on Intelligence and Security at the end of January 2015.
The NSW Independent Commission Against Corruption (ICAC) submission to that inquiry said metadata storage would help fight police corruption, as well as terrorist-related crime.
“Lack of availability of relevant communications data has the potential to seriously impede the ability to investigate and to persecute serious offences,” the solicitor to the Commission, Roy Waldon, wrote in the ICAC submission.
Police and intelligence agencies have supported the compulsory storage of metadata.
But the nation’s spy agency watchdog, the Inspector General of Intelligence and Security, raised concerns to the inquiry that the Australian Security Intelligence Organisation (ASIO) could hold onto metadata for an indefinite period.
Privacy Commissioner Timothy Pilgrim told the inquiry that security agencies would be able to hold onto more data regarding individuals than was necessary. Law enforcement agencies should be able to access metadata within a shorter period – believing one year would be “sufficient” rather than the proposed two-year framework for data retention.
And Australia’s biggest telecommunications company, Telstra, submitted to the inquiry that stored metadata would be an attractive target for hackers.
“We’re dealing with vast volumes of raw, unstructured data,” said Sanjay Mazumdar, chief executive of the Data to Decisions Cooperative Research Centre (d2dCRC) in South Australia.
The centre has received $92 million in funding from a combination of the South Australian Government, the Federal Attorney-General’s Department and industry partners, to develop systems to analyse the 2.5 quintillion bytes of big data that is created every day.
“For defence and national security agencies, it’s like looking for the proverbial needle in a haystack. In a time-critical situation, you need to be able to extract actionable intelligence from that data, and to do that, you need advanced data analysis programs that can process and filter that data quickly, accurately and efficiently,” Mazumdar said.
The company’s mission is to assist in data storage, analytics support and law and policy research, and ultimately, come up with a ‘super-program’ that can sift through data and identify a “needle in a haystack”.
So why can’t computers already do this and have a flashing red light whenever something suspicious is uncovered?
“A computer sees them as just another compilation of bits and bytes... A computer looks over billions of photos and can’t differentiate between what is harmless and what is problematic,” said Tim Scully, a former military man who is now the chair of the d2dcrc.
Research at the centre aims to develop capabilities “so you don’t have half a dozen police officers looking at a computer screen to find a match.”
The main aim is to combat crime and terrorism, he said, and while ‘telcos’ need to hold onto data, “government agencies have to be able to analyse that data.”
Ultimately, Scully says, the d2dcrc is trying to “achieve a balance between privacy and security – our key function is to find a balance on that.... (as) Australia is irrevocably dependent on the internet.”
The Federal Government is emphasising the need to store and analyse metadata in the fight against terrorism