The Department of Home Affairs has been working to broaden the list of agencies who can access metadata under the Telecommunications (Interception and Access) Act 1979.
An undated letter penned by Minister for Home Affairs Peter Dutton, received under the Freedom of Information Act by CommsDay, said the department was working with state and territory agencies who have asked to be added as “enforcement agencies” by legislative amendment.
The letter also said the department was, in the meantime, working to “explore the feasibility and suitability of a temporary declaration”.
The comments were made in response to a request from Tasmanian Attorney-General Elise Archer on 29 July 2019 asking for state and territory Australian Consumer Law (ACL) regulators to be declared as enforcement agencies under the Act, allowing them access to telecommunications data as per the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015.
“As the Minister for Home Affairs, I have the power to declare additional agencies to be ‘enforcement agencies’ subject to consideration specified criteria in the Act,” Dutton wrote.
“However, this declaration mechanism is only temporary, with declarations expiring after 40 sitting days of either House of the Federal Parliament.
“Legislative amendments would be required to create a permanent list of enforcement agencies under the Act, and to include the ACL regulators on this list.”
The letter asks ACL regulators to make a joint submission to the Parliamentary Joint Committee on Intelligence and Security’s (PJCIS) now-closed review of the mandatory data retention regime.
“The data retention legislation limited the range of agencies permitted to access telecommunications data in accordance with recommendations from a previous review by the Committee,” the letter continued.
The Law Council of Australia, in a submission to the PJCIS, called for the introduction of warrants when the nation’s enforcement agencies seek to access metadata.
Currently, enforcement agencies have access to two years’ worth of customers’ call records, location information, IP addresses, billing information, and other data stored by carriers without the need for a warrant.
The submission said that since metadata contains so much data on an individual — where they have been, who they have called, as well as potentially revealing medical conditions — the Law Council said it should be treated the same as communication content, which currently does require a warrant to access.
It added that the agencies that are able to access metadata should be spelled out in the metadata legislaton, and only those agencies investigating serious crimes or assisting in finding missing persons should be named.
The submission further called for minimum security standards for retained data.
The PJCIS closed its inquiry in April and expects to table the report by the end of July.