[AusNOG] Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME, INVITATION TO MAKE A SUBMISSION

Tue Aug 13 15:53:54 EST 2019

I found this rather cryptic observation in the submission
<https://www.aph.gov.au/DocumentStore.ashx?id=0076905f-bd1c-4536-8ff3-a90dd3ac6b18&subId=668584>
from the Inspector General of Intelligence and Security. It points out
where metadata retained under the Data Retention regime, may be accessed
without a warrant, where the data in question is not content. Such would
obviously be the case where LEAs sought access to metadata datastreams
using a TCN as the enabling authorisation. After due consideration of a
number of other PJCIS submissions, I'm yet more confident than where I
first laid out the case to PJCIS back last November, that a combination of
s280/s313 or s177 and TCN would be sufficient for LEAs to gain access to
metadata datastreams without warrant or any judicial or parliamentary
oversite.

It should also be noted that although the obligations in the
Telecommunications Act 1997 prevent carriers and carriage service providers
from disclosing telecommunications data without a warrant or authorisation
in place, these obligations do not prevent agencies from accessing that
data using other means. Any access by an agency to telecommunications data
that does not require disclosure by a carrier or carriage service provider
would therefore not require a warrant or authorisation, unless it also
involved accessing content or unauthorised access to a computer.

*Access to telecommunications data outside Chapter 4 of the TIA ActThe
Committee may wish to discuss with relevant agencies the extent, if any, to
which telecommunications data is accessed outside the framework provided by
Chapter 4 of the TIA Act.*

The Australian Information Commissioner's submission
<https://www.aph.gov.au/DocumentStore.ashx?id=8e675437-b875-4863-87cc-71b721280d8f&subId=668240>
could
also be regarded as making the case that s280/s313 substantiate warrantless
access to metadata.

The OAIC recommends that the Committee consider implementing an enforceable
restriction on the agencies that are permitted to access telecommunications
data, noting this was a safeguard that provided privacy protections in the
absence of more formal mechanisms such as a warrant-based access regime. As
the law currently stands, there appears to be mechanisms for accessing
telecommunications data outside of the TIA Act that, while permitted, have
the practical impact of reducing the effectiveness of safeguards in the TIA
Act.

Kind regards

Paul Wilkins

On Sat, 27 Jul 2019 at 14:56, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> Report in the Guardian today of judicial and governance experts
> increasingly concerned Australia is stifling journalism and State
> accountability playing the security trump card.
>
> National security being used to stifle public interest journalism, former
> judges warn
> <https://www.theguardian.com/australia-news/2019/jul/27/national-security-being-used-to-stifle-public-interest-journalism-former-judges-warn>
>
> As regards the consequences of this, Data Retention means that
> conventional avenues for whistleblowers to contact national media are
> severely curtailed, where the Feds can apply for journalist warrants, as
> they have recently, to go after the ABC et al. And as has been pointed out,
> no warrant is required to access data retention of non journalist sources
> suspected of leaking, which gives police an end around the journalist
> warrant process anyway.
>
> Now from a jurisprudential prism within the Australian jurisdiction, this
> looks like a simple conflict of security versus accountability, but not so.
> Because of the reach of the internet beyond Australia's jurisdiction, the
> Data Retention regime creates a situation where whistleblowers have
> options. They can either leak their concerns to an Australian media
> organisation, and run the gambit of being exposed, or, they may prefer to
> leak to organisations outside the Australian jurisdiction, to organisations
> who won't have the national interest as a concern, nor the constraints of
> operating as a media organisation within the Australian jurisdiction. Which
> is kind of germane if you were say, inclined towards leaking matters
> pertaining to national security.
>
> Kind regards
>
> Paul Wilkins
>
> On Wed, 17 Jul 2019 at 11:29, Mark Smith <markzzzsmith at gmail.com> wrote:
>
>>
>>
>> On Wed, 17 Jul 2019 at 10:32, Paul Wilkins <paulwilkins369 at gmail.com>
>> wrote:
>>
>>> Comms Alliance submission
>>> <https://www.aph.gov.au/DocumentStore.ashx?id=10156360-86ba-4fff-93c9-f2caa3577dd6&subId=668168>
>>> makes the case that the costs of Data Retention are not being properly
>>> compensated, with substantial incurred costs being a carrier expense.
>>>
>>>
>>> The initial capital costs incurred by industry to meet the requirements
>>> of the regime were
>>> partially – but not fully – met via grants from Government. As has been
>>> highlighted in
>>> information presented to the committee, industry has incurred a net cost
>>> to meet its
>>> obligations under the regime of *at least $171m over a four year period*,
>>> despite cost-recovery mechanisms being in place.
>>>
>>> This gets more interesting still, when you begin to consider the
>>> substantially more expensive and complex TCNs/TANs.
>>>
>>
>> The less carriers there are, the better suited it is to the government's
>> surveillance agenda. It must have been really easy for LEAs to only have to
>> deal with PMG and then Telecom. So if they cost a carrier out of business,
>> they'll only be crying crocodile tears.
>>
>> There are many threats to many parties in this agenda, that's perhaps one
>> not really recognised.
>>
>>
>>
>>>
>>> Kind regards
>>>
>>>
>>> Paul Wilkins
>>>
>>> On Thu, 11 Jul 2019 at 11:50, Paul Wilkins <paulwilkins369 at gmail.com>
>>> wrote:
>>>
>>>> This enquiry has data retention back in the news, that and recent AFP
>>>> execution of search warrants on journalists.
>>>>
>>>> Link to PJCIS submissions
>>>> <https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Dataretentionregime/Submissions>
>>>>
>>>> Kind regards
>>>>
>>>> Paul Wilkins
>>>>
>>>> On Tue, 2 Jul 2019 at 11:38, Paul Wilkins <paulwilkins369 at gmail.com>
>>>> wrote:
>>>>
>>>>> News this morning that the Victorian government is developing plans to
>>>>> use mobile apps to track commuters. The government argues the data will be
>>>>> used to improve travel times. This however, ignores the larger picture,
>>>>> that across all Australian governments, both State and Federal, there's a
>>>>> forward going agenda to widen the meta data kept on citizens - CCTV facial
>>>>> recognition, license plate capture, and that these data bases are being
>>>>> integrated by law enforcement.
>>>>>
>>>>> So where there exists the theoretical possibility that data retention
>>>>> metadata can now, under existing law, be integrated into other law
>>>>> enforcement databases under TANs/TCNs, there is a genuine concern that
>>>>> blandishments by law enforcement that "we wouldn't do that" may not
>>>>> actually be an effective check on creeping extensions of police powers, and
>>>>> that there should in fact be legislated protections against the use of data
>>>>> retention datasets.
>>>>>
>>>>> Kind regards
>>>>>
>>>>> Paul Wilkins
>>>>>
>>>>> On Fri, 21 Jun 2019 at 17:05, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Submissions close 1st July for those so foolhardy as to throw their
>>>>>> random stream of consciousness into the void of Dep't Home Affairs'
>>>>>> accountability.
>>>>>>
>>>>>> And when you throw your random stream of consciousness into the void,
>>>>>> the void throws its random stream of consciousness back at you, or
>>>>>> something.
>>>>>>
>>>>>> Kind regards
>>>>>>
>>>>>> Paul Wilkins
>>>>>>
>>>>>> On Sat, 13 Apr 2019 at 11:26, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> I raised the point in my PJCIS submissions regarding the Assistance
>>>>>>> and Access Act, that TANs/TCNs are potentially sufficient grounds to serve
>>>>>>> as authorisation under s280/s313 of the Telecommunications Act for the
>>>>>>> access of Data Retention datasets, and so provide the necessary enabling
>>>>>>> legislation for law enforcement to institute access to metadata datastreams.
>>>>>>>
>>>>>>> I had thought with the election announced, there'd be some respite
>>>>>>> from this rinse/repeat cycle of calling for public submissions. Just when
>>>>>>> you thought it was safe to go back in the water.
>>>>>>>
>>>>>>> Kind regards
>>>>>>>
>>>>>>> Paul Wilkins
>>>>>>>
>>>>>>>
>>>>>>> On Fri, 12 Apr 2019 at 19:29, Robert Hudson <hudrob at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ---------- Forwarded message ---------
>>>>>>>> From: ITPA President <president at itpa.org.au>
>>>>>>>> Date: Wed, 10 Apr 2019 at 20:27
>>>>>>>> Subject: Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME,
>>>>>>>> INVITATION TO MAKE A SUBMISSION
>>>>>>>> To: <exec at itpa.org.au>
>>>>>>>>
>>>>>>>>
>>>>>>>> FYI
>>>>>>>>
>>>>>>>> ---------- Forwarded message ---------
>>>>>>>> From: Little, Robert (REPS) <Robert.Little.Reps at aph.gov.au>
>>>>>>>> Date: Fri, 5 Apr 2019 at 13:23
>>>>>>>> Subject: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME,
>>>>>>>> INVITATION TO MAKE A SUBMISSION
>>>>>>>> To:
>>>>>>>>
>>>>>>>>
>>>>>>>> *PARLIAMENTARY JOINT COMMITTEE ON INTELLIGENCE AND SECURITY*
>>>>>>>>
>>>>>>>> *REVIEW OF THE MANDATORY DATA RETENTION REGIME*
>>>>>>>>
>>>>>>>> *INVITATION TO MAKE A SUBMISSION*
>>>>>>>> The Parliamentary Joint Committee on Intelligence and Security has
>>>>>>>> commenced a review of the mandatory data retention regime proscribed by
>>>>>>>> Part 5-1A of the *Telecommunications (Interception and Access) Act
>>>>>>>> 1979 (TIA Act).*
>>>>>>>> <https://www.legislation.gov.au/Details/C2019C00010> On behalf of
>>>>>>>> the Committee I am writing to invite you to make a submission to the
>>>>>>>> Committee’s review.
>>>>>>>> The mandatory data retention regime is a legislative framework
>>>>>>>> which requires carriers, carriage service providers and internet service
>>>>>>>> providers to retain a defined set of telecommunications data for two years,
>>>>>>>> ensuring that such data remains available for law enforcement and national
>>>>>>>> security investigations.
>>>>>>>> Section 187N of the TIA Act provides for the review and requires
>>>>>>>> the Committee to report by 13 April 2020. Terms of reference are available
>>>>>>>> here
>>>>>>>> <https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Dataretentionregime/Terms_of_Reference>
>>>>>>>> .
>>>>>>>> The Committee has resolved to focus on the following aspects of the
>>>>>>>> legislation:
>>>>>>>>
>>>>>>>>    - the continued effectiveness of the scheme, taking into
>>>>>>>>    account changes in the use of technology since the passage of the Bill;
>>>>>>>>    - the appropriateness of the dataset and retention period;
>>>>>>>>    - costs, including ongoing costs borne by service providers for
>>>>>>>>    compliance with the regime, any potential improvements to oversight,
>>>>>>>>    including in relation to journalist information warrants;
>>>>>>>>    - any regulations and determinations made under the regime;
>>>>>>>>    - the number of complaints about the scheme to relevant bodies,
>>>>>>>>    including the Commonwealth Ombudsman and the Inspector-General of
>>>>>>>>    Intelligence and Security;
>>>>>>>>    - security requirements in relation to data stored under the
>>>>>>>>    regime, including in relation to data stored offshore;
>>>>>>>>    - any access by agencies to retained telecommunications data
>>>>>>>>    outside the TIA Act framework, such as under the Telecommunications Act
>>>>>>>>    1997; and
>>>>>>>>    - developments in international jurisdictions since the passage
>>>>>>>>    of the Bill.
>>>>>>>>
>>>>>>>> *Making a submission*
>>>>>>>> The Committee invites written submissions addressing any or all of
>>>>>>>> the areas of focus for the Committee’s inquiry. Submissions should clearly
>>>>>>>> identify which areas of focus are being addressed.
>>>>>>>> Prospective submitters are advised that any submission to the
>>>>>>>> Committee’s inquiry must be prepared solely for the inquiry and should not
>>>>>>>> be published prior to being accepted by the Committee. Documents do not
>>>>>>>> attract parliamentary privilege until they are accepted by the Committee.
>>>>>>>> Documents submitted during the election period will be held by the
>>>>>>>> Secretariat and provided to the Committee as established in the 46th
>>>>>>>> Parliament.
>>>>>>>> Submissions are requested by *1 July 2019*. Further information
>>>>>>>> about making a submission to a parliamentary committee inquiry is available
>>>>>>>> here
>>>>>>>> <https://www.aph.gov.au/Parliamentary_Business/Committees/House/Making_a_submission>
>>>>>>>> .
>>>>>>>> Regards
>>>>>>>>
>>>>>>>> Robert
>>>>>>>>
>>>>>>>> *Robert Little** |* *Inquiry Secretary*
>>>>>>>> *Parliamentary Joint Committee on Intelligence and Security*
>>>>>>>> *Department of the House of Representatives*
>>>>>>>> PO Box 6021 | Parliament House | Canberra ACT 2600
>>>>>>>> Ph. (02) 6277 4589 | *www.aph.gov.au/pjcis*
>>>>>>>> <http://www.aph.gov.au/pjcis>
>>>>>>>> *Facebook:* @AusHouseofRepresentatives
>>>>>>>> <http://www.facebook.com/aushouseofrepresentatives> | *Twitter:* @
>>>>>>>> AboutTheHouse <http://twitter.com/aboutthehouse>
>>>>>>>> Don’t take your organs to heaven, heaven knows we need them here.
>>>>>>>> Register to be an organ donor *here.*
>>>>>>>> <http://www.medicareaustralia.gov.au/public/services/aodr/index.jsp>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> Robert Hudson
>>>>>>>> President, ITPA
>>>>>>>> president at itpa.org.au
>>>>>>>> 0408 860 595
>>>>>>>> _______________________________________________
>>>>>>>> AusNOG mailing list
>>>>>>>> AusNOG at lists.ausnog.net
>>>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>>>
>>>>>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190813/18dd4219/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture (Device Independent Bitmap) 1.jpg
Type: image/jpeg
Size: 1136 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190813/18dd4219/attachment.jpg>