Data Retention and Metadata: Browsing History Inclusion
As previously reported by TimeBase, the Federal Government announced that the government would begin developing a framework to require Australian telecommunications companies to retain customer "metadata" for access by law enforcement agencies in what has been called a "data retention regime."
Background to the Data Retention Regime
The last report from the Attorney-General's Department revealed that in Australia, a wide range of local, state, and federal government agencies accessed telecommunications customer data 319,874 times in the 2012-2013 financial year.
The data, which the government prefers to describe as "metadata", is a comprehensive history of the time, date, location, and recipient information about telephone calls, emails, and other communications. A warrant is not required to access the data because agencies argue that telecommunications customer data does not include content. Government agencies have been arguing that telecommunications companies should be required to store this data for up to two years, but a parliamentary committee report last year left the decision on data retention to the government.
URL Data and Browsing History
Specifically, URL Data or Browsing history has not been part of the metadata required for the warrants and has not been considered such by the government. Communications Minister Malcolm Turnbull said:
"The police, the security services, ASIO and so forth, are not asking the government to require telcos to record or retain information they are not currently already recording...There has been some concern expressed that the government was proposing that telcos should retain for two years a record of the websites you visit when you're online, whether that's expressed in the form of their domain names or their IP addresses; in other words that there would be a requirement to keep a two-year record of your web browsing or web surfing history — that is not the case."
But a new paper from the Parliamentary Library indicates that URL history has in fact been part of the existing regime.
Jaan Murphy, author of the Parliamentary Paper, pointed to a 2012 submission to the Joint Standing Committee on Intelligence and Security from Australia's largest telecommunications' company Telstra where the company said it had, in fact, handed over URL data to government agencies under the current access regime.
In the explanation, Telstra details exactly what data it has provided under the Telecommunications (Interception and Access) Act 1979 (Cth).
Any telecommunications data or meta data but not the content or substance of a communication.
It may include:
- Subscriber information (including name, address, date of birth, method of payment and related account transaction details)
- Telephone numbers of the parties involved in the communication
- The date and time of a communication
- The duration of a communication
- Internet Protocol (IP) addresses and Uniform Resource Locators (URLs) to the extent that they do not identify the content of a communication, and
- Location-based information
The Australian Security Intelligence Organisation (ASIO) and the Australian Federal Police have indicated they do not want browsing history as part of a mandatory data retention regime, but previous statements from Victoria Police and Northern Territory Police have called for browsing history to be retained.
Jaan Murphy again comments:
"The current regime for access to metadata arguably allows law enforcement and intelligence agencies to access URLs under the umbrella of 'metadata' (provided the URL does not identify the content of the communication) despite stakeholders holding contradictory perspectives...This ambiguity indicates that the proposed mandatory metadata retention scheme, if modelled on existing laws, may exacerbate the confusion surrounding the definition of metadata."
TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products.