Metadata Retention: Is it Just Giving Up Freedom in the Name of Public Safety?

Wednesday 18 March 2015 @ 11.29 a.m. | Crime | IP & Media | Legal Research

In a recent Media Release (27 February 2015), the Federal Attorney General Mr George Brandis welcomed the unanimous report of the Parliamentary Joint Committee on Intelligence and Security (the PJCIS) on the fourth tranche of the government’s national security legislation, the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 (the metadata retention scheme) - the AG stated that the PJCIS in its concluding comments indicated that it ".  .  .  considered carefully the rationale for a mandatory data retention scheme and that such a regime is justified as a necessary, effective and proportionate response.”

He further said of his government's proposed metadata retention legislation, that:

"This is urgent legislation which will support the security and safety of the Australian public. Metadata is used in virtually all serious criminal investigations, including murder, sexual assault, child exploitation and kidnapping investigations. It is also central to almost every organised crime, counter-espionage, cyber-security and counter-terrorism investigation."

He then proceeded to use this as justification for a scheme which many feel will degrade personal freedom and privacy. Further, while the scheme has substantial critics as the AG's Media Release indicates the proposed law does have the support of the opposition, the Labor party.

"The Government also acknowledges the bipartisanship of the Labor party."

Given likely  agreement between the Prime Minister Mr Abbott and the Labor Party to modify the proposed metadata legislation to "protect journalistic sources", Labor's bipartisan support looks almost assured as does the passage of the legislation into law.  Thus, it seems important to consider some of the issues and problems surrounding metadata retention.

Note: More general details about the proposed metadata legislation, its path to enactment and the issues around it can be found in the following of our previous articles:

The Issues and Criticisms

Officially: Even the PJICS while supporting the proposed metadata legislation in its report made recommendations to revise and clarify the proposed legislation, key among these being:

  • the offering monetary compensation for service providers to cover the costs of implementing the scheme;
  • limiting the discretionary powers of the Attorney-General in making changes to the bill once it’s passed;
  • preventing the stored metadata from being used as a part of civil litigation; and
  • requiring more consideration regarding how to protect press freedom and anonymous sources (a point as already mentioned above the government is proposing to act on).

Cost: One of the key concerns with the metadata legislation scheme, especially in the IT industries, is the actual cost of the scheme. While the figure of $400 million has been oft quoted it is most unlikely to be the actual cost. As the Financial Review has reported:

"A range of telecommunications experts have warned that this $400 million figure has been 'plucked from the air' and could be 'many multiples' higher. How much will this all cost? We still don't know. . . . We do know that the costs will be significant. What costs will be passed on to residential and business customers? Ultimately we'll all pay as taxpayers and consumers."

Certainly, in an age where technology of this type has become an enabler for business and industry and the need is for cheaper wider access, a driver like this of costs in the entirely opposite direction is likely to raise more than a little opposition.

Privacy: By most , the proposed legislation's effect on privacy is percieved as the greatest threat, as there are no limits to access to retained data through other legal avenues. As the reported submission of the Law Institute of  Victoria pointed out, the proposed legislation as currently drafted requires data retention that is capable of revealing ".  .  . much more than who you call and when".

In its current form, the data retained will be able to be used to deduce, for example, places you frequented or visited, who you voted for, what illnesses or health issues you have or had and very private matters like sexual orientation. Effectively, these are all things which build from the knowledge of who called, messaged or emailed you and can also indicate shopping, banking, investment and holiday habits and behaviours.

Taking the above on board and realising that the proposed legislation does not limit access to the data retained by other parts of the legal system (for example, courts, tribunals, the ATO, the Corporate regulator) the position could result where as the Financial Review reported:

"The data will be an attractive target in a range of civil disputes – family law, personal injury, employment, intellectual property, breach of confidence and trade secrets. Data retention makes your story available to anyone who might be thinking of suing you."

Does Data Retention Actually Work?

While the Australian Government and even the Federal Opposition appear to be convinced that it does, much of the legal expertise and overseas experience seems to indicate that it does not. In this respect the Financial Review reports:

"There is no evidence data retention will make us safer. . . . Telecommunications data of suspects or persons of interest may be useful to the police. But that doesn't mean that data of every person in Australia who uses a phone or the internet is useful to the police."

And speaking of the overseas experience The Conversation says:

"The doubts that international experience cast over the effectiveness of a mass data retention scheme in achieving its stated purpose (to keep Australians safe against serious crime and terrorism) have not been addressed at all."

Reported examples of data retention not working are from:

Germany: It has not had mandatory data retention laws since its scheme was found to be unconstitutional. The Financial Review reports a 2011 study that found data retention had ". . .  no impact on either the effectiveness of criminal investigations or the crime rate".

Britain: Here it is reported that in July 2013, before the Court of Justice of the European Union, British representatives had to conceded that there was " . . . no 'scientific data' to underpin the claimed need for data retention".

USA: In the USA it is reported that in 2013, the US Privacy and Civil Liberties Oversight Board found that ". . . there is little evidence that the metadata program has made the United States safer".

Freedom Versus Public Safety

Key to the whole debate around metadata retention is the issue of how much freedom is it right to give up in the name of public safety? Reading any of the literature, might indicate to the more dispassionate reader, that a lot is being required to obtain things that are already mostly available to  law enforcement through existing legal process in the name of a speedier and wider response. This is especially so when the common experience in countries where it's been tried is that it has produced little or no result for public safety. To this, add the technology considerations of:

  • how safe will the retained data be?
  • how will cloud based retention of data be handled? and
  • how hack proof and susceptible to the vagaries of overseas storage will such data be?

and even the thought that public safety is protected might still be at issue. Then consider:

"Data retention undermines the strongest privacy protection available – that is, what isn't kept can't be hacked".

TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products.

Sources:

Related Articles: