Mandatory Data Retention Defeated in Australia, For Now
For the last few years, Australia’s security agencies have been pushing for the mandatory retention of the communications data of every citizen. If implemented, this policy would require private companies to keep communications metadata of all customers for two years. Essentially, it treats every person as a criminal suspect. Yesterday, a parliamentary committee issued a report declining to recommend data retention and strongly criticizing the government for failing to adequately explain and justify its proposal. In the wake of the report, the governing Labor Party announced it will not pursue data retention before the next election. So data retention in Australia has been defeated, for now.
The most recent push began last July, when the Attorney General’s Department submitted a list of security proposals, including data retention, to the Joint Parliamentary Committee on Intelligence and Security. The scheme met with overwhelming public opposition—98.9% of public submissions rejected data retention. Civil rights groups and individuals explained that the scheme sacrifices the privacy of all citizens. Contrary to the government’s claims, collecting metadata is highly intrusive as it reveals the most intimate connections between persons. In addition, the scheme would create a huge trove of data vulnerable to hacking while imposing significant costs on private companies dragooned to act as the government’s spies.
The government failed to rebut these objections. In a ham-fisted attempt to avoid criticism, the Attorney General’s Department initially refused to provide concrete details about its data retention scheme. The committee strongly criticized this lack of transparency:
[T]he Committee was very disconcerted to find, once it commenced its Inquiry, that the Attorney-General’s Department had much more detailed information on the topic of data retention. Departmental work, including discussions with stakeholders, had been undertaken previously. Details of this work had to be drawn from witnesses representing the [department].
Journalist Bernard Keane tweeted that he’d “never seen a government-controlled committee give a kicking to a department” like this report did. In addition to slamming the department for hiding the ball, the committee acknowledged public concern about privacy:
[A] mandatory data retention regime raises fundamental privacy issues, and is arguably a significant extension of the power of the state over the citizen. No such regime should be enacted unless those privacy and civil liberties concerns are sufficiently addressed.
The committee punted on the ultimate issue. It wrote that there was “a diversity of views within the Committee” as to the merits of a data retention regime and said it was “ultimately a decision for Government.” With an election scheduled for later this year, the governing Labor Party announced that it is dropping the unpopular scheme.
Green Party Senator Scott Ludlam cautioned that, even with the defeat of this proposal, Australia’s security agencies might achieve the same result by other means. He warned that, in light of the recent NSA Spying news, agencies may bypass domestic due process though the “wholesale importing of content and non-content data from colleagues in the U.S.” We need greater oversight of the security establishment to ensure that international cooperative agreements are not enabling the evasion of domestic legal restrictions.
Senator Ludlam also predicted that, regardless of who wins the next election, the data retention plan will be back. Security agencies will not abandon their campaign to treat every person like a criminal suspect. Privacy advocates in Australia and around the world need to keep up the fight.