Telstra has warned that public trust in the security of their data will be eroded if government agencies continue to be allowed access to it without appropriate authorisation.
More than 60 agencies, including local councils, state coroners, Centrelink, the National Disability Insurance Agency and the Australian Sports Anti-Doping Authority, have been accessing data using a loophole in the Telecommunications Act that allows them to bypass restrictions in the 2015 data retention legislation, under which access was restricted to only 20 agencies, primarily police and other law enforcement bodies.
In a submission to the parliamentary review of the data retention laws, Telstra said the reasons the agencies had for accessing the data may have been “significant in their own domain” but doing so could “erode public trust in the regime and undermine the relationship we have with our customers in relation to protection of their privacy”.
Telstra has proposed that all organisations should be required to follow the process for accessing telecommunications data under the data retention legislation. This would not mean adding more organisations to the list of law enforcement agencies, but would require them to follow the same procedure to access the data, and ensure that all requests were reasonable and proportionate.
The Communications Alliance, the peak industry body, has warned that many agencies do not know what to do with the data once they receive it.
“They then take up more of the [company’s] time to explain the data, then sometimes also call on [telecommunications companies] to appear in court on relatively minor issues as expert technical witnesses.”
The alliance also heavily criticised the government’s tardy reporting on metadata access. The home affairs department is required to put out a report every financial year on the number of times agencies accessed metadata, but it took until last week for the report covering the 2017-18 financial year to be released, with no sign of the report covering the last financial year.
The alliance has called for the law to be changed to require the government to release the report by 30 September after each financial year.
The department has denied that companies are required to hand over the data if it is collected solely for the purpose of complying with the data retention law. The department said in its submission only data retained “in the course of their usual business” can be accessed outside the data retention scheme.
The office of the Australian information commissioner has called for the government to consider requiring agencies to obtain a warrant before accessing the data, and limit access to the purposes of investigating a serious offence or to safeguard national security.
Guardian Australia reported last week that ACT police, which has the power to access metadata, unlawfully accessed metadata more than 3,000 times, including in two cases that resulted in information that may have been used in a prosecution.
These are the agencies that have been granted access under the data retention regime:
Australian Competition and Consumer Commission
Australian Criminal Intelligence Commission
Australian Commission for Law Enforcement Integrity
Australian federal police
Australian Securities and Investments Commission
Crime and Corruption Commission (Qld)
Crime and Corruption Commission (WA)
Department of Home Affairs
Independent Broad-Based Anti-Corruption Commission (Vic)
Independent Commission Against Corruption (NSW)
Independent Commission Against Corruption (SA)
Law Enforcement Conduct Commission
NSW Crime Commission
NSW police
NT police
Qld police
SA police
Tas police
WA police
Theses are the agencies that have been skirting around the scheme to access data under the Telecommunications Act, according to the Communications Alliance:
Australian Communications and Media Authority
Australian Building and Construction Commission
Australian Sports Anti-Doping Authority
Australian Financial Security Authority
Air Transport Safety Bureau
Australian Taxation Office
Australia Post Corporate Security Group
Australian Health Practitioner Regulation Agency
Bankstown city council
Brisbane city council
Centrelink
Clean Energy Regulator
Consumer and Business Affairs Victoria
Coroners (NT and Tas)
Corrections Intelligence Group NSW
Department of Agriculture
Department of Defence
Department of Environment and Conservation WA
Department of Economic Development, Jobs, Transport & Resources Victoria
Department of Fair Trading NSW
Department of Fair Trading Qld
Department of Commerce WA
Department of Families, Housing, Community Services
Family and Community Services NSW
Fairfield citycouncil
Fair Work
Healthcare Complaints Commission
Liverpool city council
Local Government Investigations and Compliance Inspectorate (Vic)
National Disability Insurance Agency
NSW Environment Protection Authority
NSW Office of State Revenue
NSW Department of Trade, Investment Resources and Energy
NT Office of Information and Public Interest Disclosures
Office of Environment & Heritage
Office of the Health Ombudsman (Qld)
Queensland Office of Industrial Relations
Primary Industries and Resources SA
Primary Industries NSW
Primary Industries Queensland
Primary Industries Victoria
Queensland Department of Fair Trading
Queensland Transport
Racing Integrity Victoria
Regional Illegal Dumping Squad
Report Illegal Dumping NSW
Rockdale City Council
SA Fisheries
SafeWork NSW
State Penalties Enforcement Registry (QldD)
Taxi Services Commission
Transport Accident Commission Victoria
Veterinary Surgeons Board of WA
Victorian Building Authority
Victorian Department of Justice
Victorian Department of Health and Human Services
Victorian Institute of Teaching
Victorian Fisheries
Victorian Ombudsman
WA Department of Fair Trading
WA Fisheries
Work Safe Victoria
Workplace Health and Safety