Metadata retention laws “abused” by enforcement agencies
FYI, this story is more than a year old
Digital security advocates have expressed outrage at revelations that Australian law enforcement agencies have been potentially abusing mandatory metadata retention laws and receiving data explicitly excluded from the legislation.
“It is incredibly worrying to hear that government agencies have been receiving extensive details of Australians’ web history with no oversight or accountability, potentially undermining the already minor protections that were placed on this scheme when it was passed,” says Digital Rights Watch chair Tim Singleton Norton.
The Parliamentary Joint Committee on Intelligence and Security (PJCIS) is conducting a review of the controversial metadata retention laws that require telecommunication companies to retain records of every single person’s calls, texts, and internet browsing history for at least two years.
In parliamentary hearings last week, the Commonwealth Ombudsman confirmed that law enforcement agencies are receiving URLs as part of the mandatory data retention regime, despite this practice being explicitly banned under the legislation.
“More than ever, this shows what was warned from the start – that the scheme would be abused, and safeguards overstepped. The government should immediately move to repeal this legislation, or at a bare minimum make significant improvements to bring it in line with Australia’s human rights obligations,” says Singleton Norton.
“Australia is one of many jurisdictions that grapple with the complexity of data retention rules. It’s at the heart of how we, as a society, approach privacy in the digital era – the integrity of our communication, privacy and rights as individuals are at stake,” adds Access Now policy analyst Lucie Krahulcova.
In a joint submission to the PJCIS review, Human Right Law Centre, Digital Rights Watch and Access Now advised the following recommendations:
- ensuring that only the metadata of people connected with the commission of a serious crime is retained;
- limiting access to metadata to the investigation of serious crimes, such as murder and child abuse;
- requiring a warrant for access to metadata in all instances;
- excluding journalists, whistleblowers and human rights defenders from investigation for public interest reporting; and
- reducing the duration for which metadata is retained.