CIO

Data retention: the case for

Several companies and organisations have now appeared at four public hearings into intelligence and security reform proposals.

The Parliamentary Joint Committee on Intelligence and Security is currently conducting an inquiry into reforms to Australia’s interception and security legislation.

The inquiry relates to the Telecommunications (Interception and Access) Act 1979; Telecommunications Act 1997; Australian Security Intelligence Organisation Act 1979; and Intelligence Services Act 2001 and began in July this year.

One of the most contentious aspects of the terms of reference include "tailored data retention periods for up to two years for parts of a data set, with specific timeframes taking into account agency priorities and privacy and cost impacts".

If we had our druthers, we would have the material held indefinitely

Tony Negus, commissioner, AFP

Below, Computerworld Australia presents a selection of the arguments put forward in favour of the proposals.

Australian Securities and Investments Commission (ASIC)

Greg Tanzer, commissioner: “We note that the introduction of a mandatory retention period would not actually increase law enforcement powers in this field but it would assist in ensuring that the existing powers retain their utility and reverse some of the lost utility that has occurred in recent years as a result of telecommunications service providers no longer routinely retaining relevant information for as long as they used to.”

Tanzer: “Accordingly, we propose that consideration be given to enhancing ASIC's ability to receive and use lawfully intercepted information for the purposes of its investigations and prosecutions. To be clear, ASIC would like to have the ability to seek telecommunications interceptions warrants just like we can currently seek stored communication warrants if the interception is authorised.”

Police Integrity Commission

Michelle O'Brien, commission solicitor: “I cannot mount a strong case to you to extend [data retention] beyond two years. Two years is the period that has been on the table for a long time in terms of what would probably represent an appropriate striking of the balance.

"It is a timeframe that the law enforcement agencies have had quite a long period to get used to, and I think it is generally accepted that it represents compromise between what we would like in an ideal world and what we will probably have to live with once all the processes and the machinations have been gone through.”

O'Brien: “I can only repeat what I said earlier, and that is that two years will be a compromise for law enforcement. If we have to live with two years, we will, but more would be preferable.”

South Australia Police; Victoria Police

Noel Bamford, officer in charge, investigation support branch, South Australia Police: “From a South Australia Police perspective, telecommunications interception is a highly valued strategy for police investigating serious and organised crimes. From an operational perspective, it is a very cost-effective strategy. In terms of harm to the community and police, it is considered to be a very low-risk strategy.”

Jeff Pope, acting deputy commissioner, Victoria Police: “Without a telephone intercept capability, Victoria Police would be significantly inhibited from conducting many thousands of investigations every year. This would significantly decrease the number of offenders brought before the courts for serious criminal offences. Moreover, the level of harm to the community and the cost and impact of crime on society will significantly increase.”

Pope: “There is obviously going to be a balance here. We are not entirely sure where that balance sits and there will be many different views. From our perspective, we believe that we can better serve and protect the community the longer the data is retained. I think it is a matter as simple as that.”

Pope: “…there are no similar standards around how some of this very sensitive data should be stored, managed and protected. We have had some incidents where legal practitioners have simply thrown the brief of evidence in the bin and telephone intercept material has been found by a member of the public. So, when you look at the chain, all the focus is on the police – and we accept that – but there is very little outside of us.”

Page Break

South Australia Police; NSW Police Force; Australian Federal Police (AFP)

Andrew Scipione, commissioner of police, NSW Police Force: “Reform of the TIA is strongly welcomed. The NSW Police Force suggests that to achieve this effectively the legislation perhaps needs to be rewritten almost from scratch, with broad law enforcement consultation and engagement.”

Scipione: “I would suggest that the need for this committee alone shows the inherent difficulties with the current legislation that is largely incomprehensible, inconsistent and, at times, almost unworkable.”

Scipione: “…it is the agencies that readily use this legislation that I think are best placed to assist in its reform and the New South Wales Police Force is in an excellent position to provide further input from an operational perspective.”

What we are talking about here is not necessarily going to be used against people; it will be used to protect people

Andrew Scipione, NSW Police Force

Scipione: “Simply put, without telecommunications interception law reform, the capacity of law enforcement agencies to engage in effective telecommunications intercept will continue its current rapid decline. We will go dark.”

Tony Negus, commissioner, AFP: “Firstly, we are not seeking additional powers in this regard. We simply seek to maintain the current interception capability and current access to non-content data telecommunications as a significant tool for law enforcement in the investigation of serious crimes.”

Gary Burns, commissioner of police, South Australia Police: “Unless data is retained by carriers, potential evidence is lost. The longer the data is retained the greater the likelihood the potential evidence will be available. All Australian businesses are currently required to retain financial records for between five and seven years. We see that telecommunications carriers should also be able to manage similar requirements to the banking industry.”

Scipione: “My concern in the day-to-day is as much about stopping somebody who may be a crazed armed robbery merchant who suffers from a drug addiction and goes out on a nightly basis and holds up corner stores with guns. To ensure that we can get the evidence to take that person out of circulation is just as important to us as dealing with a potential weapon of mass destruction event that may happen in the future.”

Scipione: “The longer you keep [data], the more it grows, particularly in terms of importance. It is a bit like a bank deposit – the longer you leave it in, the more interest you gain.”

Negus: “If we had our druthers, we would have the material held indefinitely.”

Scipione: “We want to make sure that we are doing absolutely everything we can to safeguard what we hold jealously, and that is a safe and free Australia.”

Scipione: “If you look at the number of telephone interceptions in Australia last year, the total number was 3495, and New South Wales police applied for and were issued with well over a third of them. We made applications for 1282 and were granted 1279.”

Scipione: “We think that the technology has just sprinted away from the legislation and that if we keep going and going with incremental change, as we go forward one metre with the legislation the technology goes forward one kilometre.”

Scipione: “…what we are talking about here is not necessarily going to be used against people – it will be used to protect people.”

Follow Stephanie McDonald on Twitter: @stephmcdonald0

Follow Computerworld Australia on Twitter: @ComputerworldAU