On 26 March 2015, new data retention laws were passed on the advice of the Parliamentary Joint Committee on Intelligence and Security. The amendments to the Telecommunications (Interception and Access) Act 1979 (the “TIA Act”) place new obligations on Australian Internet Service Providers (ISPs) to retain a prescribed level of consumer metadata.
What is metadata?
The term ‘metadata’ refers to the information that allows a communication to occur. It includes, but is not limited to:
- Phone numbers and service identifiers
- Email, postal or billing addresses
- Time, date and duration of a communication
- Location and source of a communication
- Destination of a communication.
It is important to note however that the substance of a communication will not be retained. That is, information about the content of the communication or the content of a person’s internet browsing will not be kept.
The reason for implementing the new laws is to assist national security and law enforcement agencies in keeping up with the rapid advancements that are occurring in the telecommunications environment. National security and law enforcement agencies will use the information to investigate and prevent serious criminal offences such as terrorism, sexual assault, kidnapping, drug trafficking, money laundering and fraud.
What obligations are imposed on ISPs?
Under the new laws, ISPs must retain and secure certain telecommunications data for two years. Within this period, ISPs are required to protect the data from encryption and prevent unauthorised access or interference with the data from external sources.
How you can expect your data to be protected
While the amendments certainly deal with a very new area of the law, there is no need to be alarmed about your personal security. Amendments have also been made to ensure that particular matters relating to data retention are included in the Australian Security Intelligence Organisation’s (ASIO) annual report, while the Telecommunications Act now prohibits civil litigants from being able to access certain telecommunications data.
When can the information be accessed?
There are strict rules under the TIA Act that regulate access to metadata. Enforcement agencies will only issue authorisations enabling access to the data in situations where it is reasonably necessary for a legitimate investigation. While the words ‘reasonably necessary’ may not seem to offer a great deal of protection, the Explanatory Memorandum to the Bill outlines that this is certainly not a low threshold. In order to be considered ‘reasonably necessary’ the assistance of the metadata in an investigation must be greater than merely ‘helpful’ or ‘expedient’.
Under the TIA Act, the Minister is entitled to declare an authority or body as eligible to gain access to metadata, to those that undertake investigative or public prosecution responsibilities and/or to those that have processes in place to minimise the privacy impacts on the person(s) to which the data relates.
Certainly, the nature of the new laws and the potential effect that storing metadata may have on you can appear to be quite daunting. Should you have any queries relating to anything mentioned above or associated with this article, please contact our team at Marino Law to find out how we can assist you.
