Australia’s metadata retention laws made news again this week after it was revealed, via ZDNet’s freedom of information requests, that 61 Australian government-affiliated agencies had made requests for citizens’ and others’ metadata.
Just recently, a television commercial for lamb, called Operation Boomerang, caught ire for its apparent casual disregard for Indigenous Australians’ feelings about Australia Day (which many call Invasion Day). It’s one of many put out by Meat and Livestock Australia linking the importance of lamb to Australian culture. However the National Measurement Institute applying for access to metadata to combat supermarkets’ lowballing their lamb cutlet portions may be a bridge too far, even for ardent lamb lovers.
Compulsory metadata collection and two-year retention by Australia’s internet service providers has been controversial and contradictory since 2014, especially when Attorney General George Brandis made a gargantuan hash of his explanation of not only his government’s proposed laws, but also his understanding of what metadata is. Then-Prime Minister Tony Abbott did not do much better and it seemed to the public that the government’s ability to get its message across cogently on this issue (among others) was somewhat compromised. Then Communications Minister Malcolm Turnbull later went on Sky News to helpfully explain how one could somewhat circumvent their data being collected by using instant messaging apps like Viber.
Much of the Australian media has noted that though these laws were ostensibly designed to combat homegrown terrorism and extremism many other government agencies and groups would be able to petition for access to citizens’ metadata also. A blog post by Marque Lawyers notes, “Telcos and ISPs now need to store ALL metadata for two years, and it will be available for trawling by 20 different government agencies including ASIO, the cops, ASIC and the ACCC.” The RSPCA was another group which had previously been allowed access.
However, one of the Attorney General’s Department (AGD) stated aims was to actually simplify and safeguard metadata retention laws: “In fact, data retention will be supported by existing as well as new safeguards, oversight and accountability mechanisms, including: significantly limiting the range of agencies permitted to access metadata.” At present, 61 agencies have applied to be classified as a “criminal law-enforcement agency,” allowing them access to metadata. While metadata being used to investigate underweight lamb chops is as charmingly preposterous as it is somehow very Australian, it shows just how broad these warrants are. Few of these agencies have much, if anything, to do with national security or combatting terrorism, the very reason given in the first place.
As The Guardian wrote, “Agencies can seek access (to metadata) by filling out a short form and sending it directly to a phone or internet company.”
Greens senator Scott Ludlam, from Western Australia, said that the one “saving grace” had been the fewer number of agencies able to access the data. That, he said, has now been “blown to pieces.”
As ZDNet writes of what metadata access actually means, “The Australian data-retention laws allow the nation’s approved law-enforcement agencies to warrantlessly access two years’ worth of customers’ call records, location information, IP addresses, billing information, and other data stored by telcos.”
However, it’s not quite known which of the 57 named (four of the 61’s names were redacted) were classified or reclassified as criminal law enforcement agencies. Australia Post’s request was apparently knocked back. However, the same article notes the long list of agencies that previously had had access to metadata, which numbered 79 and included state fishery departments, horse racing bodies, and local city councils.
However, there are those who still cannot access metadata, such as its creators. Lawyers from Corrs Chambers Westgarth wrote on January 18, “On 18 December 2015, the Administrative Appeals Tribunal held that metadata does not constitute Personal Information under the Privacy Act, thereby overturning the Privacy Commissioner’s decision that Telstra hand over personal mobile data to those who requested it.”