Tomorrow morning at 10am, the Attorney-General’s Department will front the Joint Committee on Intelligence and Security to discuss the national security proposals put forward by the government. It’s the most anticipated moment of the committee’s public hearings.
A key issue will be the definition of the “telecommunications data” to be retained under the data retention proposal put forward as one of 44 national security reforms. The proposal was not discussed in the “discussion paper” prepared by AGD for the inquiry, and the definition of data to be retained was not discussed in AGD’s own submission to the inquiry. Committee members, as well as the public and stakeholders, have been left in the dark about the meaning of the proposal.
Last week, in a robust question and answer spell (on both sides) at Senate Estimates, AGD and the Australian Federal Police handed over a definition of telecommunications data to Greens Senator Scott Ludlam that they insisted reflected their own current interpretation of legislation. The robust exchanges centred particularly on whether the URLs that an IP address visited were included in telecommunications data. The AGD and AFP view was that they definitely were not. AGD secretary Roger Wilkins was quite direct, not to mention rude, on the subject.
But that’s not the end of the matter, because the law actually says something different — according to Wilkins’s own department.
This is an excerpt from page 10 of the AGD report on the Telecommunications (Interception and Access) Act 1979:
Section 172 prohibits the disclosure of any content or substance of a communication. While telecommunications data is not defined in the TIA Act, it is taken to mean anything that is not the content or substance of a communication. It can include:
- subscriber information
- telephone numbers of the parties involved in the communication
- the date and time of a communication
- the duration of a communication
- Internet Protocol (IP) addresses and Uniform Resource Locators (URLs) to the extent that they do not identify the content of a communication, and
- location-based information.
That is, according to AGD, URLs can be part of telecommunications data if they don’t identify the content of a communication — contrary to the AGD insistence to Ludlam at Estimates.
The problem is, however, what sort of URL doesn’t identify the content of a communication? A URL — even if converted to a numerical address — must reveal where a user wanted to go online and therefore the content of the communication. The concept of a URL that does not identify the content of a communication is an oxymoron.
The AGD definition handed over at Estimates, or more specifically the assurances from Wilkins that accompanied it, actually complies with this approach because they rule out URLs entirely, thereby avoiding the problem. But their own TIA report appears to cloud the issue by including URLs.
Perhaps AGD officials — who have a poor track record of explaining national security legislation when put under pressure by parliamentary committees — can clarify this vexed issue once and for all.
“.. AGD secretary Roger Wilkins was quite direct, not to mention rude, on the subject..”
This attitude and approach seems to reflect the way the data retention proposals have been thrown together in the first place.
And seemingly, rejecting any notion of accountability what so ever. This equals rude!
some URL’s literally contain content as well. links to php pages frequently include inputs to the page that is being looked up. search strings, user login details (i.e. first time user, etc.) location data etc. Given this use, URL’s should never be considered exempt.
Reading the two relevant Telecommunications Acts, it appears that as an operator of a home computer network, I am a “listed carriage service provider” as a “carriage service” means a service for carrying communications by means of guided and/or unguided electromagnetic energy. On that basis it is a crime for me to disclose my Apache webserver logs because they detail the times at which URLs on my site were accessed – even thought they contain no identifying information?!
Having followed this very closely, it seems from the AGD’s and the AFP perspective, the less clearer the interpretation of the proposals ( we have all witnessed the confusion ) and then finally leading to legislation, it would be easier for these bodies to over-step that legislation beyond it’s lawful parameters.
This under-scores the importance of scrutineers such as Scott Ludlam to ensure all bases are covered and prevent that unlawful over-step.
Power to you Scott and thanks to Crikey and Keane for the excellent coverage.