[AusNOG] (Abuse of) mandatory data retention information.

Ross Wheeler ausnog at rossw.net
Wed May 2 11:23:39 EST 2018 


On Wed, 2 May 2018, Paul Wilkins wrote:

> I am not a lawyer. This is not legal opinion.

I don't mean to be irritating, but have you actually read the legislation, 
Paul?
>From https://www.ag.gov.au/dataretention

Access to telecommunications data under the Act is subject to a number of 
safeguards. In particular:

     access to data is limited to a defined list of law enforcement and 
national security agencies
     agencies that may access data are subject to independent oversight by 
the Commonwealth Ombudsman, or by the Inspector-General of Intelligence 
and Security in the case of the Australian Security Intelligence 
Organisation (ASIO)
     the Attorney-General reports to Parliament on the operation of the 
data retention scheme each year
     where ASIO or enforcement agencies require access to a journalists 
data for the purpose of identifying a source, those agencies are required 
to obtain a warrant, and report all such requests to their independent 
respective oversight body.



So the only ones requiring a warrant is where the information sought is 
known to be that of a journalist.


>From 
https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionGuidelinesForServiceProviders.pdf

12. Access by law enforcement
Access to telecommunications data by law enforcement and national security 
agencies is substantively unchanged by the data retention obligations.

The legislation continues to enable a limited group of enforcement and 
security agencies to authorise the disclosure of telecommunications data 
in certain circumstances. Providers are required by the Telecommunications 
Act to give such help as is reasonably necessary in responding to those 
requests.

Service providers must provide help to agencies requesting access to retained
data on the basis that the service provider neither profits from nor bears 
the cost of giving that help.

Where access to data is required an authorised officer of an enforcement 
agency or an eligible person in a security agency will approach the 
service provider and request the data that is subject to an authorisation.
If the provider is uncertain about the credentials of the authorised 
officer or eligible person, the provider can contact the requesting agency 
or the CAC to confirm whether the person has the authority to make the 
request.

More information about the AusNOG mailing list