Communications Minister Malcolm Turnbull has finally presented proposed legislation to the Australian Parliament regarding the Abbott Government’s plans for the retention of metadata.
The proposed legislation, as he detailed in the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, specifies six categories of metadata to be retained.
- account or subscriber details
- source of communication
- destination of communication
- date and time of communication
- type of communication
- location of the device.
Unfortunately, the actual detail of what is to be retained is not spelt out. That is to be left to regulation which is still to be decided upon.
But Mr Turnbull gave three examples of common communications methods to illustrate the nature of the data he expects to be retained.
The first example was traditional telephony. This was used as an historical example to illustrate the kind of capability that has existed for quite some time.
The hope is that the legislation will provide similar capabilities for more modern services. In this example the source and destination of communication are standard telephone numbers and the subscribers to whom they are allocated.
The second was the mapping between Internet Protocol (IP) address and an account. IP addresses are not fixed, but are the nearest thing the Internet has to a phone number.
The data retention regime would cause the mapping between IP addresses and the accounts to which they were allocated, to be retained. In this example the source and destination of communication are IP addresses and the accounts they were allocated to at the time of the communication.
And then comes this
The third is the worrying one, and one the Internet Service Providers (ISPs) are likely to resist quite strongly. It was messaging, including emails.
Given the huge number of emails that are transmitted every day – including spam emails – this is likely to be a significant imposition on an ISP.
Although not quite as intrusive as web browsing history (which Mr Turnbull said the “act will expressly exclude”), recording who you emailed and who emailed you is still a substantial threat to privacy.
In this case the source and destination of the communication is not so clear. Messaging is not just email. There are many messaging systems such as Apple’s iMessage and messaging embedded within social networks such as Direct Messaging in Twitter.
Presumably ISPs will only be responsible for email and messaging systems they operate, but we will have to wait for the regulations for the detail.
One point Mr Turnbull stressed throughout his speech to Parliament though was that metadata retention was not about the content of any communication.
[…] service providers will not be required to retain the content or substance of any communication, including subject lines of emails or posts on social media sites.
Some good news
One welcome change is that the legislation has tightened the requirements as to who can access metadata without a warrant.
This was a criticism of the current regime, with almost any government agency being able to access metadata without a warrant. That privilege will be restricted to specified criminal law enforcement agencies and other agencies that the minister may approve.
Interestingly, the requirement to store volume of data uploaded and downloaded, the purpose of which is hard to understand as being anything other than looking for copyright violations, appears to have disappeared.
Nevertheless, the Australian Federal Police (AFP) has said the data retention regime will be used to pursue file sharing.
So, in summary, on the positive side we have a little more clarity than we’ve seen so far, and the nightmare where all metadata was to be stored seems to have receded.
But on the negative we still do not know exactly what metadata is to be retained until we see the regulations and based on the messaging example in Mr Turnbull’s speech and the statement from the AFP there are still matters that are likely to be sources of contention.