I rise also to speak on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. Debate around this bill is very important. It concerns challenging and complex legislation that raises some fundamental questions. How do we, on the one hand, enable effective law enforcement, while, on the other hand, preserving the foundations of our democracy and safeguarding privacy? The bill the government introduced to this House in October of last year failed to satisfactorily grapple with these questions. I could not have supported it and I hoped that this House would not have supported it in that form.
Now, on balance, as a consequence of the considered and firm approach Labor has taken to this legislation, and the hard work of the members of the Joint Committee on Intelligence and Security, I am persuaded that I should support this legislation, subject to the many amendments arising from the committee's report and those additional matters proposed and outlined by the shadow Attorney-General in his contribution to this debate.
In my view, however, there are significant matters that remain outstanding, particularly in respect of oversight. I again echo the contribution of the shadow Attorney-General in talking to what have been described as the Faulkner reforms, which would elevate to a more appropriate level parliamentary and democratic oversight of the operation of our security agencies. That is, of course, only a small part of the remit of this legislation, but, in my view, it is a critical piece of unfinished business for this parliament to attend to.
Let us be clear in having this conversation about the circumstances that this legislation is concerned with. As the member for Fraser said at the start of his contribution earlier today, with any law we must start with the status quo—as this government did not in October last year and as some who continue to oppose this legislation, or any such legislation, do not. As we speak today, a vast amount of data is retained by telecommunications companies. This information is, in large volume, being accessed by a wide range of law enforcement agencies. Last year, we understand that over half a million applications were made to access metadata. This, of course, represented a very significant increase on applications made in the previous year. This legislation, this debate, does not arise in a vacuum.
The data that is retained is not in a standard form, nor is it kept for common or standardised periods of time. The bodies accessing the data right now are not just police and security agencies. They include local governments and, indeed, the RSPCA. As we are having this debate, this area is effectively unregulated and without any meaningful oversight. We know very little about the use and, indeed, the misuse of such data—a very important point made by the member for Blaxland in his contribution. This is the problem we are trying to solve, or the problem we should be trying to solve, through this legislation and this wider debate. This should have been the starting point for this conversation. Should we seek to regulate these activities and, if so, how? What safeguards should we seek to introduce? What balances should we strike? I believe that we should be regulating both the retention data of data and the question of access.
As the member for Isaacs has noted, this bill differs in several important respects from the national security laws that were supported by Labor last year. This bill is not primarily concerned with national security. Evidence presented to the joint committee made clear that telecommunications data is used in law enforcement of all kinds, and that counter-terrorism and counter-espionage make up only a very small proportion of this data use in Australia. The majority of requests for access are made by state and federal police for general law enforcement purposes. The data retention regime, as set out in this bill, is not specifically directed towards current national security concerns. This is a point that must be stressed. Rather, the scheme proposed provides for the retention of certain telecommunications data generated by all Australians who use the internet or a mobile phone.
This bill, as I said earlier, raises difficult and complex questions, as the Attorney-General demonstrated in one of his media contributions. Fundamentally, we are considering questions of balance, not absolutes. That is another point which has been insufficiently stressed here by government members and, indeed, by some of those opposed to any regime of this type. Across the provisions of this proposed legislation, we must be prepared to run the ruler over their efficacy to maintain security and lawfulness, on the one hand, and to weigh this against infringements on privacy on the other. It is important that we consider questions of process here. This bill was introduced in the House last October. It was not in a state, as I said at the start of my remarks, to be properly dealt with, much less passed. The process undertaken at some length by the joint standing committee makes this abundantly clear, and I take this opportunity to acknowledge the work of the members of this committee—all of them but in particular the Labor members. Their report is comprehensive and I certainly found it helpful in considering my response to this legislation.
I say again: the retention of very large volumes of telecommunications data by private companies has been occurring in Australia for many years in a largely unregulated manner. This data has been accessed under the current act by a large number of agencies hundreds of thousands of times at least. This is something that has not been greatly appreciated by the general community, and this lack of understanding clearly extends to members of the government, which is not helping an informed debate. The Attorney-General has clearly been out of his depth in these matters. This has raised community concern about the supposed powers in this bill, the cruel irony being that the majority of the security agency powers that people have contacted me about are already in existence.
I am concerned, like many other speakers on this side of the chamber, about the implications of this legislation on the media. I am not convinced that it is appropriate that we should be waiting to move to address such concerns, which go to the heart of how we enable, or facilitate perhaps, truth to be spoken to power. I note that the government has had to be dragged kicking and screaming to provide any such protection, thanks to Labor's resolve on this issue, but this is worrying and it is also telling. It depicts a government in the thrall of security agencies and one that has had seemingly very little regard to other sources of information. Of course it is vital to pay careful attention to what these agencies say, but this cannot properly be to the exclusion of all other voices. The fact that Labor has had to close so many loopholes, like protection of whistleblowers, is evidence of this government's slapdash approach to legislating on these critical questions. Labor keenly await the government's amendments in the Senate and we will make sure the government is held to its reluctantly given agreement to our warrants proposal to protect journalists, journalism and sources.
Due attention must also be given to the question of how data is preserved, and this is a matter that remains outstanding. In large part, of course it is the case that assurance in this regard turns on the question of where data is stored. If this were to be solely a question of cost, it is obvious that ISPs would choose lowest cost options—that will be the market simply doing its work. But how secure would this data be? In this regard, I note comments reported in The Australian Financial Review by former director-general of ASIO David Irvine, who voiced strongly held concerns about where Australians' data would be stored. Mr Irvine makes the perfectly sensible point, in my view, that this bill does not presently require the onshore storage of data but that it should, describing himself as a 'cyber-nationalist', as I think he should be and we should be in this regard.
It is clear, however, that the government does not have any meaningful answer to this proposition, and why would it? It has not sought to ask this question. Indeed, this bill is silent on the important related process of telecommunications sector security reform, a process commenced under Labor, underlining our strong record in seeking to protect people's personal information across a range of policy areas. Consistent with this approach and these principles, Labor will continue to articulate the case for this data to be stored in Australia. I note also on these points that Labor has argued for the bill to be amended to impose stringent standards for data security, and I am pleased that these arguments were accepted by the committee, which recommended a requirement for stored data to be encrypted. Labor has also pressed for a recommendation that a scheme of mandatory data breach notification be introduced so that anyone who has had their data compromised is informed of this breach and so is placed to take appropriate measures to respond and to protect their privacy.
The question of who pays for this data to be stored, wherever that may be, is, of course, a question the government has been reticent about, but it is not sufficient for consumers to carry the costs of the implementation of this regime. The original bill was silent on who would bear the cost of the scheme and the government refused to release the cost of the scheme. Through the work of the committee, Labor has insisted that the government bear the cost of the scheme. Business and consumers—small business in particular—should not have to bear solely the cost of law enforcement or, indeed, national security operations. Labor has demanded that the government consider the interests of competition in small business in structuring their contribution to industry. This scheme should not—indeed, must not—harm the interests of small ISPs. It should not entrench the market dominance of major players. Labor has also made sure through this process that members of the public are informed of the cost of the scheme. We have insisted the government release the cost figure ahead of the parliament's consideration of the bill.
As my contribution, I hope, has made clear, I am far from being opposed in principle to implementing a mandatory data retention regime. Indeed, I am persuaded, having carefully read the report of the committee, that such a regime is warranted, for a variety of reasons, of which national security is only one. For example, and importantly to me, the ACCC and the Australian Securities and Investments Commission require access to metadata, in my view, to build their case against those whom they suspect of insider trading. So Labor has moved to enshrine their access for this vital law enforcement purpose.
Having said this, though, we should be much clearer about the purposes for which this regime is to be introduced. Only in this way can we be assured and assure our constituents that it is appropriate in all respects and strikes the correct balances—and we should take the time to get it right.
These laws were introduced with unseemly haste under the auspices of national security, but their remit goes much, much further. This should give pause for thought for all of us, as it did for all of us on this side of this chamber. Labor recognises, for instance, the world of difference between someone downloading the latest episode of Vikings and someone plotting a terrorist attack. On this, the words of the shadow Attorney-General, the member for Isaacs, bear repeating:
The bill as introduced by the government would have allowed access in ordinary civil proceedings to private information retained under the regime for the purpose of national security and criminal law enforcement. This could have led to serious intrusions into the privacy of individuals by civil litigants for purposes entirely unrelated to the reasons for which the data retention regime is being established. To respond to this problem, Labor argued for and the intelligence committee recommended amendments to ensure that retained telecommunications data cannot be used for civil litigation purposes, including enforcement of copyright claims.
I pause to say that this is a matter that the member for Melbourne might have considered in his contribution.
Exceptions to this prohibition will be able to be made by regulation. The government has proposed amendments to give effect to this recommendation.
As with the issue of whistleblower protections, we keenly await the government's formal response. Time is available, and we should make use of it. We should not forget that successive governments have already given security agencies a wide range of powers. As the review into the Martin Place siege found, these powers had been used to monitor Man Haron, the perpetrator of this attack. This is really an indication that these powers will not always prevent such attacks. We should be up front about this. The Martin Place siege review recommended that we should broadly maintain the current balance in our existing regulatory and legislative framework.
With the limited time available to me, I note, firstly, that there are a wide range of important aspects of this bill that I have not had the time to consider; but I say this: there is genuine community concern about this bill. To the extent that people's fears are well founded in the community, I believe the Labor Party has played an essential role in listening to and acting on this community response. But the response on the part of all of us in this place cannot end with this debate. There are outstanding matters that we need.