Attorney-General Nicola Roxon has responded to growing complaints about the ill-defined nature of the data retention proposals currently being considered by the Joint Committee on Intelligence and Security by releasing a five-page “clarifying letter”.
As Crikey reported this week, committee members such as Labor elder John Faulkner have joined key stakeholders in criticising the vague nature of some of the proposals, and particularly the extremely limited nature of the information on data retention.
On Wednesday, Roxon wrote to committee chairman Anthony Byrne to “clarify the parameters of this proposal”, while insisting she does not have a specific model in mind. However, the letter discusses in detail the European Union’s data retention directive of 2006, suggesting that if Roxon doesn’t have a specific model in mind she’s doing a fair impression of it.
In the Attorney-General’s Claytons’ model, no content data of any kind would be retained, and not, seemingly, URLs of sites visited by an IP address, although this point is made less clearly in the letter than in her previous public statements. “The government does not propose that a data retention scheme would apply to the content of communications. The content of communications may include the text or substance of emails, SMS messages, phone calls or photos and documents sent over the internet,” Roxon says in the letter.
ASIO, whose unclassified submission was recently revealed by JCIS, similarly cites the EU directive.
But the EU data directive that Roxon cites has come in for extensive criticism. Several EU states have refused to apply it, insisting it’s unconstitutional. In 2010, the German Federal Constitutional Court annulled the German law implementing it and the German government has failed to replace it since then. Also in 2010, following an extended review, EU privacy officials released a scathing report on the directive which found that some service providers were keeping records of URLs and email headers, mobile phone data on the location of users was being retained and that reporting on compliance was poor. The EU is now reviewing the directive with the aim of overhauling it at the same time as its e-privacy directive.
The EU model is also at odds with the model argued for by the AFP, which has appeared to lobby for the retention of URLs to enable it to pursue child abusers. According to industry sources, the previous model put forward by the Attorney-General’s Department in secret consultations with telcos and ISPs was significantly closer to the wide-ranging model favoured by law enforcement.
There are two things to bear in mind about Roxon’s Claytons’ data retention model: it is still, as several European courts have found, a serious assault on the right to privacy, not the least because even a limited retention model confined to telecommunications data can enable extensive profiling of the user of an IP address. Moreover, as the EU privacy report makes clear, implementation of an Australian data retention directive would be in the hands of private companies whose adherence to the letter of the law on what is to be retained would be influenced by cost and human error.
The other is that data retention is only one of a range of draconian proposals put forward by AGD: confusion, not least between what the discussion paper says and what the Attorney-General herself has said, continues about the proposal to criminalise refusal to assist with decryption; wiretapping social media usage is also on the agenda, as is giving ASIO and the AFP the green light to plant software on computers. With all the focus on data retention, there’s a real risk other proposals won’t receive the attention they merit.
Crikey is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while we review, but we’re working as fast as we can to keep the conversation rolling.
The Crikey comment section is members-only content. Please subscribe to leave a comment.
The Crikey comment section is members-only content. Please login to leave a comment.