Footnotes


Footnotes

Overview - Introduction

[1]        Journals of the Senate, 12 December 2013, p. 373.

[2]        Journals of the Senate, 14 May 2014, p. 793; Journals of the Senate, 27 August 2014, p. 1318; Journals of the Senate, 29 October 2014, p. 1673; Journals of the Senate, 1 December 2014, p. 1917; and Journals of the Senate, 12 February 2015, p. 2159.

[3]        Journals of the Senate, 18 March 2015, p. 2320.

[4]        Australian Law Reform Commission (ALRC), For your information: Australian Privacy Law and Practice, May 2008, p. 19.

[5]        ALRC, For your information: Australian Privacy Law and Practice, May 2008, p. 19.

[6]        Information privacy involves the establishment of rules governing the collection and handling of personal data such as credit information, and medical and government records. It is also known as 'data protection'. See: ALRC, For your information: Australian Privacy Law and Practice, May 2008, p. 142.

[7]        Privacy of communications covers the security and privacy of mail, telephones, email and other forms of communication. See: ALRC, For your information: Australian Privacy Law and Practice, May 2008, p. 142.

[8]        ALRC, For your information: Australian Privacy Law and Practice, May 2008, p. 2392.

[9]        See: ALRC, For your information: Australian Privacy Law and Practice, May 2008, p. 2395.

[10]      In the response, the government committed to: creating a harmonised set of Privacy Principles; redrafting and updating the Privacy Principles; creating a comprehensive credit reporting framework; improving health sector information flows, and giving individuals new rights to control their health records, contributing to better health service delivery; requiring the public and private sector to ensure the right to privacy will continue to be protected if personal information is sent overseas; and strengthening the Privacy Commissioner's powers to conduct investigations, resolve complaints and promote compliance, contributing to more effective and stronger protection of the right to privacy. Source: Australian Government, Enhancing National Privacy Protection, Australian Government First Stage Response to the Australian Law Reform Commission Report 108. October 2009. See: http://www.dpmc.gov.au/privacy/alrc_docs/stage1_aus_govt_response.pdf (accessed 25 March 2014).

[11]      Source: Australian Government, Enhancing National Privacy Protection, Australian Government First Stage Response to the Australian Law Reform Commission Report 108. October 2009. See: http://www.dpmc.gov.au/privacy/alrc_docs/stage1_aus_govt_response.pdf (accessed 25 March 2014).

[12]      The Privacy Amendment (Enhancing Privacy Protection) Amendment Act 2012 (Cth). See: http://www.alrc.gov.au/inquiries/privacy/implementation (accessed 25 March 2014). Among other things that Act amended the Privacy Act 1988 (Cth) to replace the existing privacy principles for the public and private sectors with a single set of privacy principles (the Australian Privacy Principles (APPs)). The APPs came into effect on 12 March 2014. For further information about the first stage response reforms, see: http://www.dpmc.gov.au/privacy/alrc_docs/stage1_aus_govt_response.pdf, and  http://www.alrc.gov.au/inquiries/privacy/implementation.

[13]      Attorney-General's Department, Equipping Australia Against Emerging and Evolving Threats, July 2012, p. 3.

[14]      Parliamentary Joint Committee on Intelligence and Security (PJCIS), Report of the Inquiry into Potential Reforms of Australia's National Security Legislation, June 2013, pp. 192–193.

Chapter 2 - The Telecommunications (Interception and Access) Act 1979

[1]        http://www.comlaw.gov.au/Details/C1960A00027 (accessed 3 July 2014).

[2]        http://www.comlaw.gov.au/Details/C1960A00027 (accessed 3 July 2014).

[3]        At the time that the Act was amended to change its name, it was also amended to implement a number of the recommendations of the Report of the Review of the Regulation of Access to Communications (the Blunn Report) which had concluded: '[T]here was inadequate regulation of access to stored communications, as well as insufficient protection of privacy during the access, storage, and disposal processes of stored communications [and that] the distribution of provisions between the Telecommunications Act and the Telecommunications (Interception) Act (as it was then known) dealing with access to telecommunications data security was complicated, confusing and dysfunctional'. See: ALRC, For Your Information: Australian Privacy Law and Practice, 2008, pp. 2478–2479.

[4]        Attorney-General's Department, Submission 26, pp 3–4.

[5]        Section 5 of the Telephonic Communications (Interception) Act 1960 provided that telephone communications were not to be intercepted, the exception being by ASIO where the interception was in connection with the performance by ASIO 'of its functions or otherwise for the security of the Commonwealth'.

[6]        Australian Crime Commission, Submission 23, pp 3–6.

[7]        Australian Crime Commission, Submission 23, pp 3–6.

[8]        Australian Security Intelligence Organisation, Submission 27, p. 4.

[9]        Australian Federal Police, Submission 25, p. 3.

[10]      Victoria Police, Submission 6, p. 1.

[11]      Western Australian Police, Submission 20, p. 4. Northern Territory (NT) Police also expressed support for reform of the TIA to 'provide greater simplicity, clarity and efficiency of operations under those acts'. See: NT Police, Submission 21, p. 10.

[12]      Law Council of Australia, Submission 34, p. 4.

[13]      ThoughtWorks Australia, Submission 5, p. [2]. The Australian Privacy Foundation (APF), made similar comments, stating its support for a holistic review to consider the cumulative effect of the many marginal changes over time. See: Mr Nigel Waters, Australian Privacy Foundation, Committee Hansard, 29 July 2014, p. 30.

[14]      Blueprint for Free Speech, Submission 4, p. 15.

[15]      Mr Roger Wilkins AO, Secretary, Attorney-General's Department, Committee Hansard, 22 April 2014, p. 2.

[16]      Mr Roger Wilkins AO, Secretary, Attorney-General's Department, Committee Hansard, 22 April 2014, p. 2.

[17]      Ms Narelle Clark, President, Internet Society of Australia (ISOC-AU), Committee Hansard, 23 April 2014, p. 32.

[18]      For Your Information – Australian Privacy Law and Practice, Australian Law Reform Commission (ALRC) Report #108, p. 104.

[19]      Law Council of Australia, Submission 34, p. 5.

Chapter 3 - Warranted access to telecommunication content

[1]        PJCIS data retention report, paragraph 2.102, p. 37.

[2]        The TIA Act is comprised of five chapters.

[3]        The process which the Australian Security and Intelligence Organisation (ASIO) is required to follow for warrants, differs to those for anti-corruption agencies and law enforcement agencies and has not been specifically addressed in the body of the report. The sections relevant to ASIO are sections 9, 9A and section 109 of the TIA Act. By way of example, where ASIO has applied to the Attorney-General for a warrant under section 9 of the Act, the Attorney-General     may issue a warrant where satisfied that the telecommunication service is being used, or is likely to be used in 'activities prejudicial to security' and interception will, or is likely to, assist the organisation in carry out its functions. 'Activities prejudicial to security' is defined in section 4 of the Australian Security Intelligence Organisation Act 1979.

[4]        Attorney-General's Department, Submission 26, p. 17.

[5]        See sections 46 and 46A of the TIA Act which set out the factors to which the Judge or AAT member must have regard when considering an application for a telecommunications service interception warrant or a named person warrant.

[6]        The legislative framework governing stored telecommunications warrants is set out in Chapter 3 of the TIA Act.

[7]        See Chapter 3 of the TIA Act.

[8]        Subsection 116(2) of the TIA Act sets out the matters to which the issuing authority must have regard when considering an application for a stored communications warrant.

[9]        This definition presents particular issues in relation to access to telecommunications data which are examined in Part II of this report.

[10]      Sections 5, 5E and 6DB, TIA Act.

[11]      One penalty unit is currently $170.

[12]      Among others, the following organisations cited support for removal of legislative duplication: Victoria Police, Submission 6, p. 2; Western Australian Corruption and Crime Commission, Submission 14, p. 16; Northern Territory Police, Submission 21, p. 8; and New South Wales Government, Submission 30, p. 13.

[13]      These same matters were canvassed by the PJCIS throughout its inquiry which reported in June 2013 (see that committee's recommendations 6, 7 and 10) and are discussed further at paragraphs 3.27 and 3.28 of this chapter.

[14]      Mr David Irvine, Director-General of Security, Australian Security Intelligence Organisation (ASIO), Committee Hansard, 21 July 2014, p. 7.

[15]      ASIO, Submission 27, p. 34.

[16]      Australian Federal Police, Submission 25, Attachment E, p. 5.

[17]      Australian Mobile Telecommunications Association and Communications Alliance, Submission 16, pp 7–8.

[18]      Law Council of Australia, Submission 34, pp 39–40.

[19]      Attorney-General's Department, Submission 26, p. 17.

[20]      Attorney-General's Department, Submission 26, p. 17.

[21]      Ms Katherine Smith, Assistant Secretary, Telecommunications and Surveillance Law Branch, Attorney-General's Department, Proof Committee Hansard, 22 April 2014, p. 3.

[22]      Ms Katherine Smith, Attorney-General's Department, Committee Hansard, 22 April 2014, p. 3.

[23]      ASIO, Submission 27, p. 33.

[24]      ASIO, Submission 27, p. 33.

[25]      ASIO, Submission 27, p. 33.

[26]      ASIO, Submission 27, p. 33.

[27]      PJCIS, Report of the Inquiry into Potential Reforms of Australia's National Security Legislation, June 2013, p. 34.

[28]      See: ACC, Submission 23, Attachment A, p. [3] and AFP, Submission 25, Attachment E, p. 4.

[29]      Attorney-General's Department, Submission 26, p. 18.

[30]      Law Council of Australia, Submission 34, pp 33–34.

[31]      Law Council of Australia, Submission 34, pp 33–34.

[32]      Law Council of Australia, Submission 34, pp 33–34. This view was shared by AMTA and the Communications Alliance. See: Submission 16, p. 6.

[33]      Ms Katherine Smith, Attorney-General's Department, Committee Hansard, 22 April 2014, p. 3.

[34]      ASIO, Submission 27, p. 35. See also: ACC, Submission 23, Attachment A, p. [6].

Chair's Minority Additional Comments - Access to telecommunications data

[1]        'Enforcement agency' is defined in section 5 of the TIA Act. Notably it includes any body whose functions include: (i) administering a law imposing a pecuniary penalty; or (ii) administering a law relating to the protection of public revenue. See also: paragraph 3.10 of Chapter 3 which sets out the definition.

[2]        See sections 276, 277 and 278, Telecommunications Act.

[3]        Sections 276, 277 and 278, Telecommunications Act.

[4]        However, the TIA Act does not permit the disclosure of this information if it is the contents or substance of a communication, or a document to the extent that the document contains the contents or substance of a communication. See: section 172, TIA Act.

[5]        Section 178, TIA Act.

[6]        Section 179, TIA Act. Division 4 of the TIA Act also provides for authorised officer of the Australian Federal Police or a state police force to authorise disclosure for the purposes of locating missing persons  and for an authorised officer of a criminal law enforcement agency to authorise access to prospective information if satisfied that disclosure of the information is reasonably necessary for the investigation of: a serious offence; or an offence against the Commonwealth, a state or territory law punishable by imprisonment for at least three years.

[7]        Section 180F, TIA Act.

[8]        Attorney-General's Department, Telecommunications (Interception and Access) Act 1979 Annual Report 2012-13, p. 44.

[9]        Attorney-General's Department, Submission 26, p. 21.

[10]      Attorney-General's Department, Submission 26, p. 46. The department expressly stated that the definition of telecommunications data 'does not include information relating to a person's web browsing or the contents or substance of their communications'. See: Submission 26, p. 46.

[11]      Mr Jon Lawrence, Executive Officer, Electronic Frontiers Australia, Committee Hansard, 29 July 2014, p. 35.

[12]      Mr Jon Lawrence, Electronic Frontiers Australia, Committee Hansard, 29 July 2014, p. 38.

[13]      Ms Narelle Clark, President, ISOC-AU, Committee Hansard, 23 April 2014, p. 32. ThoughtWorks expressed similar views explaining that technology has changed communications such that 'really there is no distinction between metadata and content'. See, Ms Lindy Stephens, ThoughtWorks, Committee Hansard, 26 September 2014, p. 4.

[14]      Attorney-General's Department, Submission 26, p. 45.

[15]      Attorney-General's Department, Submission 26, p. 45. Sections 9 and 108 of the TIA Act prohibit access to communications and therefore access would require a warrant.

[16]      Mr Philip Moss, Integrity Commissioner, Australian Commission for Law Enforcement Integrity, Committee Hansard, 23 April 2014, p. 6.

[17]      Assistant Commissioner Peter Crawford, Queensland Police Force, Committee Hansard, 22 April 2014, p. 15.

[18]      Mr Paul Jevtovic APM, Acting Chief Executive Officer, Australian Crime Commission, Committee Hansard, 22 April 2014, p. 16.

[19]      Acting Commissioner Andrew Colvin, Australian Federal Police, Committee Hansard, 22 April 2014, p. 15.

[20]      Mr Alastair MacGibbon, Director of the Centre for Internet Safety at the University of Canberra, Committee Hansard, 26 September 2014, p. 26.

[21]      Attorney General's Department, Submission 26, p. 22. The department also explained that in the case of cybercrime investigations—such as, online fraud, identity theft and child exploitation investigations—law enforcement agencies rely heavily on telecommunications data. Cybercrime includes: crimes where computers or other communications technologies are integral to the offence, such as online fraud, identity theft and the distribution of child exploitation material, and crimes targeting computers, such as hacking or unauthorised access to data. See: Submission 26, p. 22.

[22]      Law enforcement agencies that accessed telecommunications data by authorisation in 2012-13 included (but is not limited to): the Australian Federal Police (AFP), Tasmanian Police, NSW Police, South Australia Police, Northern Territory Police, Victoria Police, Western Australia Police, the Australian Crime Commission, and the Australian Commission for Law Enforcement Integrity. See: p. 47 http://www.ag.gov.au/NationalSecurity/TelecommunicationsSurveillance/Documents/TSLB-GAPSTIAActAnnualReport2012-13.pdf (accessed 9 August 2014).

[23]      Some of the Commonwealth enforcement agencies that accessed telecommunications data by authorisation in 2012-13 included: the Australian Competition and Consumer Commission, Australian Securities and Investments Commission, Australian Taxation Office, Customs, Department of Health, and the Insolvency and Trustee Service of Australia (now known as the Australian Financial Security Authority). See: http://www.ag.gov.au/NationalSecurity/TelecommunicationsSurveillance/Documents/TSLB-GAPSTIAActAnnualReport2012-13.pdf (accessed 9 August 2014).

[24]      Among the state and territory enforcement agencies that accessed telecommunications data by authorisation in 2012-13 were the Victorian Department of Environment and Primary Industries, Worksafe Victoria, RSPCA (Victoria), RSPCA (Queensland), Bankstown City Council, Corrective Services NSW and the Western Australia Department of Commerce. See: http://www.ag.gov.au/NationalSecurity/TelecommunicationsSurveillance/Documents/TSLB-GAPSTIAActAnnualReport2012-13.pdf (accessed 9 August 2014).

[25]      http://www.ag.gov.au/NationalSecurity/TelecommunicationsSurveillance/Documents/TSLB-GAPSTIAActAnnualReport2012-13.pdf (accessed 9 August 2014). See: pp. 47–48.

[26]      See: Australian Privacy Foundation, Submission 36, pp. 5, 9; ThoughtWorks Australia, Submission 5, p. [2]; The Pirate Party, Submission 10, pp. 5–7.

[27]      Attorney General's Department, Submission 26, p. 22.

[28]      Parliamentary Joint Committee on Intelligence and Security, Report of the Inquiry into Potential Reforms of Australia's National Security Legislation, June 2013, p. 26.

[29]      Corruption and Crime Commission of Western Australia, Submission 14, p. 11.

[30]      Mr Jon Lawrence, Executive Officer, Electronic Frontiers Australia, Committee Hansard, 29 July 2014, p. 36.

[31]      ThoughtWorks Australia, Submission 5, p. [2].

[32]      Attorney General's Department, Submission 26, p. 21. The AFP raised similar concerns in relation to the Council of Europe Convention on Cybercrime. See: Submission 25, Attachment E, p. 3.

[33]      Attorney General's Department, Submission 26, p. 21.

[34]      Attorney General's Department, Submission 26, p. 21.

[35]      Mr Timothy Pilgrim, Australian Privacy Commissioner, House of Representatives Committee Hansard, 29 January 2015, p. 47.

[36]      Parliamentary Joint Committee on Human Rights, Fifteenth Report of the 44th Parliament, pp. 16–17.

[37]      Blueprint for Free Speech, Submission 4, pp. 3–4.

[38]      Office of the Public Interest Monitor Victoria, Submission 17, p. 5.

[39]      AMTA and the Communications Association, Submission 16, p. 6.

[40]      Ms Narelle Clark, ISOC-AU, Committee Hansard, 23 April 2014, p. 33.

[41]      Mr Jon Lawrence, Electronic Frontiers Australia, Committee Hansard, 29 July 2014, p. 36. This suggestion was also made by Mr Alastair MacGibbon (see, Committee Hansard, 26 September 2014, p. 26) and Mr Matthew Lobb, General Manager, Industry Strategy and Public Policy, Vodafone Hutchison Australia (see, Committee Hansard, 26 September 2014, p. 18).

[42]      Section 5, TIA Act.

[43]      Section 79 of the TIA Act and section 150 of the TIA Act prescribe that 'restricted records' (any information obtained by interception) and records or information obtained by accessing a stored communication are required to be destroyed if it is no longer likely to be required.

[44]      Australian Privacy Principle (APP) 11—security of personal information:

11.1 If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information: (a) from misuse, interference and loss; and (b) from unauthorised access, modification or disclosure.

11.2 If: (a) an APP entity holds personal information about an individual; and (b) the entity no longer needs the information for any purpose for which the information may be used or disclosed by the entity under this Schedule; and (c) the information is not contained in a Commonwealth record; and (d) the entity is not required by or under an Australian law, or a court/tribunal order, to retain the information; the entity must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is
de-identified. Source: Part 4 of Schedule 1 to the Privacy Act 1988.

[45]      Mr Colin Neave, Commonwealth Ombudsman; Mr Simon Pomery, Assistant Director, Commonwealth Ombudsman, Committee Hansard, 23 April 2014, pp. 29–30.

[46]      Mr Roger Wilkins AO, Secretary, Attorney-General's Department, Committee Hansard, 23 April 2014, p. 4.

[47]      Mr Colin Neave, Commonwealth Ombudsman, Committee Hansard, 23 April 2014, p. 29.

[48]      Mr Simon Pomery, Assistant Director, Commonwealth Ombudsman, Committee Hansard, 23 April 2014, p. 29.

[49]      Mr Jon Lawrence, Electronic Frontiers Australia, Committee Hansard, 29 July 2014, p. 36.

[50]      Mr Nigel Waters, Australian Privacy Foundation, Committee Hansard, 29 July 2014, p. 31.

[51]      Mr Jon Lawrence, Electronic Frontiers Australia, Committee Hansard, 29 July 2014, p. 36.

[52]      'Information that allows a communication to occur' would include: the internet identifier assigned to the user by the provider; for mobile phone services – the number called or texted; the service identifier used to send a communication; the time and date of a communication; general location information/cell tower; and the duration of the communication. See, paragraph 4.10.

[53]      Mr Christopher Warren, Media, Entertainment and Arts Alliance, Committee Hansard, 21 July 2014, p. 23.

[54]      For more discussion refer to paragraphs 4.11 to 4.14.

[55]      Law Council of Australia, Supplementary Submission 34, p. 2.

[56]       Parliamentary Joint Committee on Intelligence and Security (PJCIS), Report of the Inquiry into Potential Reforms of Australia's National Security Legislation, June 2013, p. 139.

[57]       PJCIS, Report of the Inquiry into Potential Reforms of Australia's National Security Legislation, June 2013, p. 190. The PJCIS noted in its report that its task was made more difficult in the absence of any draft legislation.

[58]       In noting that mandatory data retention should be a decision for government, the PJCIS did recommend that if the government was persuaded to introduce a mandatory data retention regime, an exposure draft of the proposed legislation should be referred to the committee for examination. See: PJCIS, Report of the Inquiry into Potential Reforms of Australia's National Security Legislation, June 2013, pp. 192–193.

[59]       The Hon Malcolm Turnbull MP, Minister for Communications, Votes and Proceedings, Thursday 30 October 2014, p. 951.

[60]       The Hon Malcolm Turnbull MP, Minister for Communications, Second Reading Speech, House of Representatives Hansard, 30 October 2014, p. 12560.

[61]       The Hon Malcolm Turnbull MP, Minister for Communications, Second Reading Speech, House of Representatives Hansard, 30 October 2014, p. 12561.

[62]       Proposed new subsection 187A(4).

[63]       Proposed new sections 110A and 176A.

[64]       Proposed new sections 186A to 186J.

[65]       The Hon Malcolm Turnbull MP, Minister for Communications, Second Reading Speech, House of Representatives Hansard, 30 October 2014, p. 12560.

[66]         Mr Paul Jevtovic APM, Acting Chief Executive Officer, Australian Crime Commission, Committee Hansard, 22 April 2014, p. 9.

[67]       Victoria Police, Submission 6, p. 4.

[68]       ACLEI, Submission 11, p. 5.

[69]       ACLEI, Submission 11, p. 5.

[70]       Explanatory Memorandum (EM), p. 34.

[71]       Proposed new subsection 187A(1).

[72]       Proposed new subsection 187A(2).

[73]       EM, p. 36.

[74]       EM, p. 34.

[75]       EM, p. 47.

[76]       Mr Steve Dalby, Chief Regulatory Officer, iiNet Limited, Committee Hansard, 29 July 2014, p. 21.

[77]       Mr Steve Dalby, iiNet Limited, Committee Hansard, 29 July 2014, p. 20.

[78]       Mr Simon Wolfe, Head of Research, Blueprint for Free Speech, Committee Hansard, 23 April 2014, pp. 50–51.

[79]       Mr Jon Lawrence, Executive Officer, Electronic Frontiers Australia, Committee Hansard, 29 July 2014, p. 36.

[80]       Mr Jon Lawrence, Electronic Frontiers Australia, Committee Hansard, 29 July 2014, p. 36.

[81]       Ms Lindy Stephens, ThoughtWorks, Committee Hansard, 26 September 2014, p. 5

[82]       Ms Lindy Stephens, ThoughtWorks, Committee Hansard, 26 September 2014, p. 5.

[83]       Australian Mobile Telecommunications Association and the Communications Alliance, Submission 16, pp. 12–13.

[84]       Mr Christopher Warren, Federal Secretary, Media, Entertainment and Arts Alliance, Committee Hansard, 21 July 2014, p. 22.

[85]       Dr Roger Clarke, Immediate Past Chair, Australian Privacy Foundation, Committee Hansard, 2 February 2015, p. 26. Similar concerns were raised by the Internet Society of Australia (ISOC-AU): At this point in time there are...no clear technical specifications for metadata in the internet protocol world. In [classic] telephony there were call detail records which are defined under International Telecommunications Union standards...It is clear, it is simple and it is available. In the internet world that type of description does not exist for the myriad of types of communications and communication services that we have. Source: Ms Narelle Clark, President, ISOC-AU, Committee Hansard, 23 April 2014, p. 35.

[86]       Mr Alastair MacGibbon, Committee Hansard, 26 September 2014, p. 35.

[87]       Mr Jon Lawrence, Executive Officer, Electronic Frontiers Australia, Committee Hansard, 29 July 2014, p. 36. See also: Ms Narelle Clark, ISOC-AU, Committee Hansard, 23 April 2014, p. 35.

[88]       Ms Anna Harmer, Acting First Assistant Secretary, National Security Law and Policy Division, Attorney-General's Department, Proof Committee Hansard, 2 February 2015, p. 46.

[89]       The committee notes that Optus however 'consider[ed] the use of regulations to spell out more detail of the intended data set [was] appropriate'. Source: Optus, Submission 86 to the PJCIS inquiry, p. 7.

[90]       Law Council of Australia, Submission 126 (Submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014), p. 13.

[91]       Law Council of Australia, Submission 126 to the PJCIS inquiry, p. 13.

[92]       Senate Standing Committee for the Scrutiny of Bills, Alert Digest No. 16 of 2014, 26 November 2014, pp. 2–5. See also: Law Council of Australia, Submission 126 to the PJCIS inquiry, p. 13.

[93]       Law Council of Australia, Submission 126 to the PJCIS inquiry, p. 14.

[94]       Australian Human Rights Commission (AHRC), Submission 42 to the PJCIS inquiry, p. 7.

[95]       Ms Katherine Jones, Deputy Secretary, National Security and Criminal Justice Group, Attorney-General's Department, Proof Committee Hansard, 2 February 2015, p. 54.

[96]       The Hon Malcolm Turnbull MP, Minister for Communications, Second Reading Speech, House of Representatives Hansard, 30 October 2014, p. 12561.

[97]       Emma Griffiths, ABC News, 'Data retention plan could cost almost $400 million a year, Tony Abbott says', 18 February 2015, http://www.abc.net.au/news/2015-02-18/data-retention-plan-could-cost-almost-400-million-a-year/6139078 (accessed 3 March 2015).

[98]       PJCIS, Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, February 2015, p. 182.

[99]       Australian Mobile Telecommunications Association and the Communications Alliance, Submission 16, pp. 12–13.

[100]      Mr Steve Dalby, iiNet Limited, Committee Hansard, 29 July 2014, pp. 26–27.

[101]      Mr Chris Althaus, AMTA, Committee Hansard, 29 July 2014, pp. 11–12.

[102]      Mr Steve Dalby, iiNet Limited, Committee Hansard, 29 July 2014, pp. 26–27.

[103]      Mr Chris Althaus, Chief Executive Officer, AMTA, Proof Committee Hansard, 2 February 2015, p. 6.

[104]      Mr James Shaw, Telstra, Committee Hansard, 26 September 2014, p. 39.

[105]      Mr Matthew Lobb, Vodafone Hutchison Australia, Committee Hansard, 26 September 2014, p. 24.

[106]      Mr Alastair MacGibbon, Committee Hansard, 26 September 2014, pp. 30–31.

[107]      Ms Lindy Stephens, ThoughtWorks, Committee Hansard, 26 September 2014, p. 7.

[108]      Mr Simon Breheny, Director, Legal Rights Project, Institute of Public Affairs, Committee Hansard, 26 September 2014, p. 8.

[109]      The Hon Malcolm Turnbull MP, Minister for Communications, Second Reading Speech, House of Representatives Hansard, 30 October 2014, p. 12561.

[110]      Attorney-General's Department, Submission 27 to the PJCIS inquiry, p. 38.

[111]      See: Attorney-General's Department, Submission 27 to the PJCIS inquiry, Appendix A–Summary of data retention and access arrangements in Western countries, pp. 55–56.

[112]      Parliamentary Joint Committee on Human Rights (PJCHR), Fifteenth Report of the 44th Parliament, p. 15. It is expected that the response of the Attorney-General together with the PJCHR's finding on the Bill's compatibility with human rights will be set out in the PJCHR's report of 17 March 2015.

[113]      PJCHR, Fifteenth Report of the 44th Parliament, p. 15.

[114]      Australian Human Rights Commission (AHRC), Submission 42 to the PJCIS inquiry, pp. 8­–9. See also, Gilbert + Tobin Centre for Public Law, Submission 5 to the PJCIS inquiry, p. 2; Mr Bernard Keene, Submission 37 to the PJCIS inquiry, pp. 5–6; Australian Privacy Foundation, Submission 75 to the PJCIS, p. 2; Law Institute of Victoria, Submission 117,
pp. 15–16; Civil Liberties Councils of Australia, Submission 129 to the PJCIS inquiry, p. 12; and Mr Jon Lawrence, Electronic Frontiers Australia, Proof Committee Hansard, 2 February 2015, p. 15.

[115]      AHRC, Submission 42 to the PJCIS inquiry, pp. 8­–9. A similar study was cited by the Australian Privacy Commissioner in his submission to the PJCIS inquiry and the Law Council of Australia. See, Office of the Australian Information Commissioner (OAIC), Submission 92 to the PJCIS inquiry, p. 15; Law Council of Australia, Submission 126 to the PJCIS inquiry,
pp. 16–17.

[116]      OAIC, Submission 92 to the PJCIS inquiry, p. 14.

[117]      Law Council of Australia, Submission 126 to the PJCIS inquiry, p. 17.

[118]      Ms Narelle Clark, ISOC-AU, Committee Hansard, 23 April 2014, pp. 33, 38.

[119]      AMTA and Communications Alliance, Submission 6 to the PJCIS inquiry, p. 7.

[120]      AMTA and Communications Alliance, Submission 6 to the PJCIS inquiry, pp. 7–8.

[121]      http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-17-australian-privacy-principles (accessed 20 August 2014). See also: APP 3, Schedule 1 to the Privacy Act 1988.

[122]      APP 11, Schedule 1 to the Privacy Act 1988.

[123]      See sections 79 and 150 of the TIA Act.

[124]      Ms Anna Harmer, Attorney-General's Department, Proof Committee Hansard, 17 December 2014, p. 7.

[125]      Law Council of Australia, Submission 126 to PJCIS inquiry, pp. 25–26.

[126]      Telstra, Submission 112 to the PJCIS, p. 5.

[127]    http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF (accessed 26 February 2015). A copy of Directive 2006/24/EC is set out in Appendix 5.

[128]    http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF (accessed 26 February 2015). Directive 2002/58/EC concerned the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). See: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML (accessed 3 March 2015).

[129]    The categories of data required to be retained are set out in Article 5 of Directive 2006/24/EC. The definitions for the purposes of the directive are set out in Article 2.

[130]    http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF (accessed 26 February 2015).

[131]    http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf (accessed 26 February 2015). See also: Ms Lindy Stephens, Global Director of People Operations, ThoughtWorks, Committee Hansard, 26 September 2014, p. 1.

[132]    http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf (accessed 26 February 2015).

[133]    http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf (accessed 26 February 2015).

[134]    Mr Phillip Boulten SC, Law Council of Australia, Proof Committee Hansard, 23 April 2014, p. 3.

[135]    Mr Paul Jevtovic APM, Australian Crime Commission, Committee Hansard, 22 April 2014, p. 10.

[136]    Attorney-General's Department, Submission 27 to the PJCIS inquiry, p. 39.

[137]    Mr David Irvine, ASIO, Committee Hansard, 21 July 2014, p. 16.

[138]    Mr David Irvine, ASIO, Committee Hansard, 21 July 2014, p. 16.

[139]    iiNet Limited, answer to a question taken on notice, received 11 August 2014, p. 1.

[140]    Ms Katherine Jones, Deputy Secretary, National Security and Criminal Justice Group,

Attorney-General's Department, Proof Committee Hansard, 2 February 2015, pp. 52–53; and Ms Anna Harmer , Acting First Assistant Secretary, National Security Law and Policy Division, Attorney-General's Department, Proof Committee Hansard, 2 February 2015,
pp. 52–53.

[141]    Ms Lindy Stephens, ThoughtWorks, Committee Hansard, 26 September 2014, p. 2.

[142]    Ms Lindy Stephens, ThoughtWorks, Committee Hansard, 26 September 2014, p. 3.

[143]    Ms Lindy Stephens, ThoughtWorks, Committee Hansard, 26 September 2014, p. 3.

[144]    Ms Lindy Stephens, ThoughtWorks, Committee Hansard, 26 September 2014, p. 1.

[145]    Ms Lindy Stephens, ThoughtWorks, Committee Hansard, 26 September 2014, p. 2.

[146]    ALRC Report 123, June 2014, p. 35.

[147]    Mr Nigel Waters, Australian Privacy Foundation, Committee Hansard, 29 July 2014, p. 31. The preservation notice regime, set out in Part 3-1A of the TIA Act, establishes a system of preserving certain stored communications that are held by a carrier. The purpose of the preservation is to prevent the communications from being destroyed before they can be accessed under certain warrants issued under the Act.

[148]    iiNet Limited, Answers to questions taken on notice, received 11 August 2014, p. [5].

[149]    Mr Simon Breheny, Director, Legal Rights Project, Institute of Public Affairs, Committee Hansard, 26 September 2014, p. 8.

[150]    The Hon Malcolm Turnbull MP, Minister for Communications, Second Reading Speech, House of Representatives Hansard, 30 October 2014, p. 12560.p.

[151]    Attorney-General's Department, Submission 27 (to the PJCIS inquiry), p. 17.

[152]    Parliamentary Joint Committee on Intelligence and Security (PJCIS), Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, February 2015, p. 79.

[153]    Data that is 'information that allows a communication to occur' includes for example: the internet identifier (information that uniquely identifies a person on the internet) assigned to the user by the provider; for mobile service: the number called or texted; the service identifier used to send a communication, for example the customer’s email address, phone number or VoIP number; the time and date of a communication; general location information, that is, cell tower; and the duration of the communication.

[154]    Data that is 'basic subscriber data' would include for example: name of the customer; address of the customer; postal address of the customer (if different); billing address of the customer (if different); contact details, mobile number, email address and landline phone number; and same information on recipient party if known by the service provider.

[155]    PJCIS, Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, February 2015, p. 100.

[156]    For example, data identifying information such as the name, address and contact details of a customer.

[157]    For example, data including the internet identifier, service identifier, and geo-location data.

[158]    PJCIS, Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, February 2015, p. 245.

[159]    Recommendation 25 of the PJCIS report stated:

The Committee recommends that section 180F of the Telecommunications (Interception and Access) Act 1979 be replaced with a requirement that, before making an authorisation under Division 4 of 4A of Part 4-1 of the Act, the authorised officer must be satisfied on reasonable grounds that any interference with the privacy of any person or persons that may result from the disclosure or use is justifiable and proportionate. In making this decision the authorised officer should be required to have regard to:

-   the gravity of the conduct being investigated, including whether the investigation relates to a serious criminal offence, the enforcement of a serious pecuniary penalty, the protection of the public revenue at a sufficiently serious level or the location of missing persons;

-   the reason why the disclosure is proposed to be authorised; and

-   the likely relevance and usefulness of the information or documents to the investigation.

[160]    PJCIS, Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, February 2015, p. 251.

[161]    PJCIS, Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, February 2015, pp. 145–147.

[162]    PJCIS, Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, February 2015, p. 262.

[163]    PJCIS, Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, February 2015, p. 297.

[164]    PJCIS, Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, February 2015, p. 258.

[165]    PJCIS, Advisory report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, February 2015, pp. 298–299.

[166]    WikiLeaks, Submission 46.

Additional Remarks from Government Senators

[1]        Parliamentary Joint Committee on Intelligence and Security (PJCIS), Advisory Report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, February 2015, p.xxv.

[2]        For Your Information – Australian Privacy Law and Practice, Australian Law Reform Commission (ALRC) Report #108, p. 104.

[3]        ASIO, Submission 27, p. 34.

[4]        For example ASIO, Submission 27, p. 26; Attorney-General's Department (AGD), Submission 26, pp. 16-19.

[5]        ASIO, Submission 27, p. 35. See also: ACC, Submission 23, p. 14.

[6]        Law Council of Australia, Submission 34, p. 5.

[7]        AGD, Submission 26, pp. 3, 4; ASIO, Submission 27, pp. 5, 33, 39.

[8]        AGD, Submission 26, p. 30.

[9]        ACC, Submission 23, p. 15.

[10]      ACC, Submission 23, p. 15.

[11]      ASIO, Submission 27, p. 27.

[12]      Australian Federal Police, Submission 25, p. 10.

[13]      Privacy Act 1988 (Cth), ss 4 and 11.