Law in the Internet Society

Mandatory data retention in Australia: will this proposed assault on privacy come to pass?

1. The proposal

In May 2012, the Australian Government announced an inquiry into further potential reforms to national security legislation, including a mandatory data retention scheme. The data retention proposal is vaguely described in the Government’s discussion paper as ‘[a]pplying tailored data retention periods for up to 2 years for parts of a data set, with specific time-frames taking into account agency priorities, and privacy and cost impacts.’

In this course, we have discussed how privacy can be understood to encompass three elements: anonymity, secrecy and autonomy. We have also discussed the intersection between the actions that governments and the private sector can undertake to undermine privacy. A mandatory data retention scheme provides a clear example of how privacy can be undermined and how the government can co-opt the private sector to do this surveillance work(cheaply) for it.

Mandatory data retention laws ensure that every person’s anonymity is compromised by ISPs and phone carriers even when the government never requests this information. Such laws also compromise the secrecy of private communications. There will be ‘fuzzy’ lines to draw as to what constitutes ‘content’ (requiring a warrant) and what is meta-data (requiring no warrant) and which ISPs would hold at the government’s behest. This fuzziness has been made clear in recent Senate estimates hearings where officials argued that URLs did not fall within their ‘working definition’ of meta-data, despite previous contradictory statements. A mandatory data scheme would also be a significant blow to Australians’ autonomy to live their lives without the knowledge that they are being watched.

In the rest of this revised paper, I comment on the political opportunities to prevent or stall a mandatory data retention scheme in Australia and whether there are plausible legal responses if it does go ahead. Like all issues in a globalized world, I believe that there is something to be said about how issues play out in different national contexts, as well as about how Australia’s experience relates to geo-political realities.

2. Political and legal responses

The good news is that the consultation and parliamentary committee process may result in data retention being put on the political back-burner. An election is likely to be called around August 2013, and since there is no draft legislation, it is unlikely to be an issue that the minority Labor Government will want to push through just prior to an election. Leaks suggest a number of conservative (Liberal party) parliamentarians oppose the idea.

Interestingly, there are opportunities for unusual coalitions to coalesce against any draft law. The broadly ‘left wing’ [][Greens]] party, the GetUp advocacy group (grassroots leftish lobbyists) and lawyers have made their human rights concerns clear. However, it is only in combination with industry’s arguments that the government has not thought through the implications of data retention that this dissent could have real political bite.

Industry’s argument is that data retention will be costly and, if the government doesn’t directly pay, then this will be passed onto the consumer. Perhaps a campaign that your internet costs will increase because the government wants to spy on you could work political wonders? This line could see an unlikely, but potent, coalition between Greens and conservatives, which could be enough to kill the law.

Industry has also argued that there are security risks associated with mass storage. To underscore this concern, it is alleged that ‘Anonymous’ hacked an ISP’s data to demonstrate these security risks. This is a controversial tactic, but it is something that industry has seized on in parliamentary inquiry submissions about the untold risks of data retention.

Although there is potential for coordinated dissent to hinder this policy, the introduction of some form of mandatory data retention over the medium term appears a real risk. Government could introduce a similar scheme in the future – saying the issues were of detail, not substance. Australia is always keen to align itself with the national security priorities of the US and other Western nations. This issue is no exception. Australia has shown a willingness to cooperate with other nations to provide collected data. In 2012, Australia ratified the Council of Europe’s Convention on CyberCrime and passed a law enabling agencies to provide foreign law enforcement agencies with existing and prospective telecommunications data held or generated in Australia, ahead of a warrant. We cannot assume that information will only be provided to democratic nations, or for purposes that Australian citizens would condone. It is hard to find any moral high-ground about China spying on its citizens, when countries like Australia continue to remove all the road-blocks from this occurring in their own nation and enshrine laws to provide this information to other nations.

Unfortunately, if mandatory data retention is introduced, there is no reasonably arguable legal ground for challenging the laws. Laws are not invalid merely because they conflict with Australia’s international obligations. Australia has no express or implied constitutional rights to privacy, or to be free from search and seizure which is either unreasonable or not authorized by warrant.

The Constitution does protect a limited freedom of political speech. It may be possible to construct an argument that data retention could be invalid as applied to political information. The difficulty is that the constitutional freedom only applies to invalidate laws which impose an “effective burden” on political communication. The High Court has only ever found this standard to be met by laws which prohibit speech: it has not held that laws which are likely to chill speech or which compel speech meet this standard. Even if the regime imposes an effective burden on political communication, the Court has given the government great leeway to burden speech in pursuit of legitimate end and claims that the laws advance national security would carry great weight.

Trying to stop this law being passed in the first place, or self-help through encryption and other technologies, appear to be the best options in an Australian context.

I think this is a solid effort, clear and coherent. I don't quite believe some of the political analysis. Complaints about cost in situations of this kind aren't policy opposition: they're bargaining positions, backing requests for subsidy or compensation by way of immunization or concessions on regulation. The telcomms and other affected businesses are just announcing that they're to be bought off.

I also don't understand why you consider the actual retention of the data as anything but inevitable. Either government will listen to the network and retain all the data for itself, or it will get the data from everyone else and retain it for itself, or it will force everyone else to pay for collecting and storing everything in case government needs it. If the Net allows power access to data, that data will be taken. Australians will no more avoid that situation than Chinese, or the inhabitants of Zuckerbergstan. But "self-help" is not the correct name for the alternative that involves all of us collaborating to restructure the Net so power doesn't have access to data.

Your political analysis in both respects seems to me to be based upon an incomplete mapping of the contemporary power distribution. Matters are further along than you seem to account for; the sides have hardened more than you accept, the apparent disparity of power is more immense than you let on, and the eventual outcome is therefore both gratifying and ironic, which is how the politics of liberation should be.


Webs Webs

r7 - 23 Aug 2014 - 19:33:50 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM