Five lies the government is telling about data retention

Bernard Keane, Crikey

In the course of the government’s announcement on last week of its proposal for a mass surveillance data retention scheme, a number of falsehoods were uttered. Given the ministers involved have access to an army of bureaucrats who supposedly are across these issues, we can only assume the falsehoods were deliberate – but we’ll let you be the judge. Let’s go through them.

1. Malcolm Turnbull: ‘The important thing to understand about this metadata bill, these amendments, is that it is not creating new classes of data to be retained… it’s about preserving the status quo.’

Status: False

Turnbull, Attorney-General George Brandis and the Prime Minister have all repeatedly claimed data retention does not involve data not already retained by communications companies as part of existing business practices. This was comprehensively refuted by iiNet in its response to the government’s industry consultation paper. In fact, the government’s own paper refutes it. As iiNet notes,

‘The Consultation Paper expressly states that data which falls within the defined data set will be required to be retained ‘even if this exceeds business needs’ and that ‘the policy recognises that providers may need to modify some systems to ensure they meet the minimum standard’.’

And this is no longer merely the claim of iiNet. Yesterday, Telstra stated in its response to the bill ‘complying with the legislation will go beyond Telstra’s current business practices’.

2. George Brandis ‘I want to stress, as Mr Turnbull stressed in his second reading speech, that this bill confers no new powers on ASIO, the AFP or on law enforcement agencies.’

Status: False

Putting aside the minor legal point that the bill gives the government a new power to force communications companies to store data, agencies can already access metadata without a warrant, true. But the bill will give them the power to access historical data, and data in volume, enabling the extensive and detailed profiling of individuals and their communities in a way currently impossible (assuming both telcos and security agencies are operating within the law). The bill will also enable agencies to obtain data showing the geographical location of individuals, using mobile phone data. This is exactly where the bill represents the greatest threat to whistleblowers, activists, journalists and politicians: it significantly increases the power of security agencies to track down those who threaten governments and the powerful. It will also, incidentally, create a vast trove of data about an individual and a company that can be subpoenaed as part of civil litigation — imagine a large company subpoenaing the phone records of a suspected whistleblower as part of a campaign of litigation against them.

3. Duncan Lewis, head of ASIO: ‘access to telecommunications metadata history is critical and central to ASIO’s work as we go about protecting the security and the safety of we Australians, our families and our interests.’

Andrew Colvin, head of the AFP: I speak on behalf of all law enforcement in this country when I say how fundamentally important this is to us, not just in a national security context but so fundamental in most of the crimes, particularly serious and organised crimes, that we investigate on a daily basis.

Status: False

No one disputes that metadata is a key investigative tool. But if metadata history is critical and central to ASIO’s work, why has it barely used the data preservation power given to agencies in 2012? That enables ASIO to require a telco to preserve data for up to 90 days before it needs to get a warrant — which is just shy of the three month period that, in the UK, covers 75% of all data requests. ASIO already has the power to capture someone’s metadata history if they’re linked to any crime carrying more than three years in jail, and it’s not using it. And why two years? The original, now overturned, European Union data retention directive was for a minimum of six months. As the UK data shows, the vast majority of data requests relate to data less than three months old.

And if metadata history is so crucial to both counter-terrorism and law enforcement, why did the German data retention regime see such a negligible shift in the crime clearance rate in that country? Why did Barack Obama’s hand-picked National Security Agency surveillance review panel conclude that the NSA’s massive surveillance of Americans, which went far beyond the scheme proposed by the government, not stop a single terrorist attack?

4. George Brandis ‘Most of the work that the PJCIS needs to do about this has already been done.’

Status: False

As Brandis himself must know, one of the key problems for the Joint Committee on Intelligence and Security’s inquiry into over 40 national security reform proposals, including data retention, was the inability of the then-government, and the then-attorney-general, to explain what they meant by data retention. The committee explicitly addressed this, with then-chair Anthony Byrne writing at the start of the report:

‘…the lack of any draft legislation or detail about some of the potential reforms was a major limitation and made the Committee’s consideration of the merit of the reforms difficult. This also made it hard for interested stakeholders to effectively respond to the terms of reference… one of the most controversial topics canvassed in the discussion paper —data retention—was only accorded just over two lines of text. This lack of information from the Attorney-General and her Department had two major consequences. First, it meant that submitters to the Inquiry could not be sure as to what they were being asked to comment on. Second, as the Committee was not sure of the exact nature of what the Attorney-General and her Department was proposing it was seriously hampered in the conduct of the inquiry and the process of obtaining evidence from witnesses.’

As Byrne explained, the result was that ‘the Committee’s conclusions are often qualified or suggest areas where further work is needed.’ And clearly the current committee doesn’t agree with Brandis either. The committee will not report on its inquiry into data retention until next year (and Labor communications shadow Jason Clare, and shadow Attorney-General Mark Dreyfus, will join the committee for it, replacing Stephen Conroy and Tanya Plibersek).

5. Brandis: ‘…for the avoidance of doubt, the bill makes it explicit by Section 187 A4 that nothing in the bill requires a service provider to keep information about the content of a person’s communications and specific provision is made to exempt from the scope of the bill a person’s web browsing history.’

Status: true — but irrelevant

Perhaps the greatest lie of all in data retention is that metadata is somehow innocuous and it’s content where the real threat to privacy lies. In fact, collected metadata is equally or even more privacy-intrusive than content. The General Counsel for the United States National Security Agency has said ‘metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.’ As Edward Snowden says: ‘You can’t trust what you’re hearing, but you can trust the metadata.’ And data retention will deliver to authorities a two-year portrait of everything you’ve done in your life involving a communications device, even when that device is sitting unused in your pocket. Whether it’s content or not doesn’t change that.

This article was first published in Crikey.