– Push for Australians’ web browsing histories to be stored (Sydney Morning Herald, March 17, 2014):
Intelligence agency ASIO is using the Snowden leaks to bolster its case for laws forcing Australian telecommunications companies to store certain types of customers’ internet and telephone data for a period of what some law enforcement agencies would like to be two years.
The federal spying agency is supported by the Northern Territory Police, Victoria Police, Australian Federal Police, Australian Crime Commission and Australian Commission for Law Enforcement Integrity, who all say they are in support of a data-retention regime.
What type of data should be stored by internet and phone providers is another question. Although storing “content” data has been ruled out under a retention scheme, at least two agencies – the Northern Territory Police and Victoria Police – want web-browsing histories stored.
In its submission to a parliamentary inquiry into potential changes to telecommunications laws, ASIO argues that more people are encrypting their web communications after revelations made by US intelligence contractor Edward Snowden about widespread data collection programs by governments.
This has hastened the need for changes that would force providers to keep all customers’ “metadata” for a prescribed period, it says.
Metadata stored about a phone call could include the parties to the call, location, duration and time of the call, but not what was said. Metadata stored about an internet activity could include your assigned IP address and the IP addresses of web servers you visit, or uniform resource locators (URLs) you visit and the time at which they were visited, while email metadata might include addresses, times, and the subject.
Agencies accessed metadata 330,640 times during criminal and financial investigations in 2012-13. Access to such data, if it is currently stored by a provider, is able to be retrieved by many state and federal agencies, and a small number of local councils, as well as the RSPCA, Australia Post and the Tax Office, without a warrant.
Privacy advocates are wary of changes to the Telecommunications (Interception and Access) Act, but intelligence and law enforcement agencies say they are vital to keep the law up to date with modern technology now that so much communication is done online.
“These changes are becoming far more significant in the security environment following the leaks of former NSA contractor Edward Snowden,” ASIO states in its submission to the Senate Committee on Legal and Constitutional Affairs.
Mr Snowden, a former contractor for the US National Security Agency, has thrown the intelligence world into turmoil in the past year by revealing sweeping data-gathering programs by the NSA.
“Since the Snowden leaks, public reporting suggests the level of encryption on the internet has increased substantially,” ASIO said.
“In direct response to these leaks, the technology industry is driving the development of new internet standards with the goal of having all web activity encrypted, which will make the challenges of traditional telecommunications interception for necessary national security purposes far more complex.”
The Northern Territory Police said in its submission it wanted telcos to store not only basic metadata but browsing histories for two years.
The policing agency went on to say that a shift away from traditional telephony services to Facebook, Twitter, Google Plus and others meant that data may be included in browser histories and was “as important to capture as telephone records”.
Victoria Police said it “strongly” supported the implementation of a data retention regime, and recommended among other things that URLs be stored “to the extent that they do not identify the content of a communication”.
Storing URLs is the same as storing a customer’s web-browsing history.
The Australian Crime Commission said the loss of data due to the absence of a mandatory data retention scheme has had a “detrimental impact” on its investigations, in terms of availability of data and certainty as to the period it will be retained.
The Australian Federal Police said it wanted to see a data retention regime in place “to ensure a national and systematic approach is taken to safeguarding the ongoing availability of telecommunications data for legitimate, investigative purposes”. It did, however, acknowledge that further work needed to be undertaken to examine the appropriate types of data stored and timeframes for retention.
The Australian Commission for Law Enforcement Integrity said requiring telcos to retain data was needed to police the police.
Digital rights group Electronic Frontiers Australia lobbied against the changes, saying retention was “an ineffective method to curb terrorism”.
“The ease with which data retention regimes can be evaded is grossly disproportionate to the cost and security concerns of the data retention regime,” it said.
The Attorney-General’s Department said further exploration of options was “necessary” and that detailed consultation needed to occur with key stakeholders before providing detailed advice to government to support any decision.
George Brandis, who was shadow Attorney-General at the time, said in July, 2012, that he would “examine the issues carefully”.
Now the Coalition government’s Attorney-General, Mr Brandis said on Monday that the government was “not currently considering any proposal relating to data retention” despite the push from law enforcement agencies and the fact it hasn’t yet responded to an inquiry that examined data retention.
Shadow Attorney-General Mark Dreyfus said Labor was awaiting for the Coalition’s response to the previous inquiry before it would state its position.
“There was insufficient time while Labor was in office to formulate a considered response to the matters discussed in the Committee’s report, including the merits of a data retention scheme,” Dreyfus said.