IT Brief Australia logo
Story image

Metadata retention laws “abused” by enforcement agencies

10 Feb 2020

Digital security advocates have expressed outrage at revelations that Australian law enforcement agencies have been potentially abusing mandatory metadata retention laws and receiving data explicitly excluded from the legislation. 

“It is incredibly worrying to hear that government agencies have been receiving extensive details of Australians’ web history with no oversight or accountability, potentially undermining the already minor protections that were placed on this scheme when it was passed,” says Digital Rights Watch chair Tim Singleton Norton.

The Parliamentary Joint Committee on Intelligence and Security (PJCIS) is conducting a review of the controversial metadata retention laws that require telecommunication companies to retain records of every single person’s calls, texts, and internet browsing history for at least two years.

In parliamentary hearings last week, the Commonwealth Ombudsman confirmed that law enforcement agencies are receiving URLs as part of the mandatory data retention regime, despite this practice being explicitly banned under the legislation.

“More than ever, this shows what was warned from the start – that the scheme would be abused, and safeguards overstepped. The government should immediately move to repeal this legislation, or at a bare minimum make significant improvements to bring it in line with Australia’s human rights obligations,” says Singleton Norton.

“Australia is one of many jurisdictions that grapple with the complexity of data retention rules. It’s at the heart of how we, as a society, approach privacy in the digital era – the integrity of our communication, privacy and rights as individuals are at stake,” adds Access Now policy analyst Lucie Krahulcova.

In a joint submission to the PJCIS review, Human Right Law Centre, Digital Rights Watch and Access Now advised the following recommendations:

  • ensuring that only the metadata of people connected with the commission of a serious crime is retained;
     
  • limiting access to metadata to the investigation of serious crimes, such as murder and child abuse;
     
  • requiring a warrant for access to metadata in all instances;
     
  • excluding journalists, whistleblowers and human rights defenders from investigation for public interest reporting; and
     
  • reducing the duration for which metadata is retained. 
Link image
Do you know how secure your Active Directory is?
For a limited time, get a free AD security assessment from Attivo Networks' ADAssessor - a tool that provides unprecedented and continuous visibility into AD vulnerabilities.More
Story image
New digital conference details best practices for Microsoft 365 optimisation
In this virtual conference, leading practitioners come together to share their real-world success (and failure) stories and share their tips and tricks on optimising their Microsoft 365 and SharePoint investments.More
Link image
The 24th Australasian SSON week is coming to Sydney
You'll hear from thought-leaders on their groundbreaking work in bouncing back and leveraging new found transformations to launch their business out of crisis!More
Story image
How cloud silos are holding organisations back
It’s important to work with a storage specialist that can map a path to a successful hybrid, multi-cloud strategy that ultimately delivers results in digital transformation projects.More
Story image
APAC IT spending to grow by almost 5% in 2021 — IDC
The acceleration of digital adoption in the wake of the pandemic was a significant driving force, the analyst firm says in its report, and the lifting of lockdowns across the region has stirred consumer demand.More
Story image
Apple creates sweeping carbon removal fund
The US$200 million fund has set its goal to remove ’at least one million metric tons of carbon dioxide annually from the atmosphere’ — equivalent to the amount of fuel used by over 200,000 passenger vehicles.More