As my colleague Morgan Begg has already noted, the Parliamentary Joint Committee on Intelligence and Security released its inquiry into mandatory data retention last week. The government says it accepts all the committee’s recommendations.
The inquiry demonstrates clearly the sort of mission creep for data retention that we’ve long warned about. The committee recommended that the Australian Securities and Investment Commission (ASIC) and the Australian Competition and Consumer Commission (ACCC) be listed in the revised legislation as agencies able to access stored data without a warrant.
The IPA has been warning for years that some of the most virulent supporters of data retention aren’t security and law enforcement agencies, but economic regulators. (As we said in this press release from September 2012, “ASIC push for surveillance powers goes too far”.) But if the scope of data retention wasn’t clear before, it ought to be now. This is not a targeted national security measure, and it appears the government has no intention of ensuring that it is one.
Some of the committee’s recommendations are welcome – particularly the recommendation to define the data that will be required to be retained in legislation, rather than allowing the government to implement it via regulation.
Nevertheless, these recommendations do little to resolve the very real privacy, efficacy, regulatory, and of course liberty problems with data retention that I outlined in the IPA’s submission to the committee.
The government now wants to push the bill through parliament as soon as possible. But it is only once the legislation is amended to list the data that we will actually, finally, after so many years of debate, discover exactly what data retention is supposed to do – and be able to make some guesses as to how much it might cost.