Gov to close long-running telco metadata loophole – Security – Telco/ISP


The government will finally close a loophole in Australia’s metadata retention laws that enabled over 100 agencies, from councils to the RSPCA and environmental authorities, to access telecommunications data.

The formal commitment comes only after a change in government and the passage of almost two-and-a-half years since a parliamentary review of the metadata retention scheme recommended the loophole be shut.

In a response [pdf] to the committee’s 2020 findings, the Attorney-General’s department said overnight that it shared concerns that part 280(1)(b) of the Telecommunications Act 1997 provided “inappropriate means to access telecommunications data without appropriate oversight and safeguards.”

“The government will introduce legislation to repeal this provision and replace it with one that limits access to data (including personal information of subscribers) to specified entities in situations where that access is necessary and proportionate to achieving an allowable purpose,” the department said.

“This will include consideration of reforms to other relevant provisions of the Telecommunications Act 1997 as required.

“These reforms will address the need to protect the personal information of subscribers and manage regulatory costs to industry.

“The Department of Infrastructure, Transport, Regional Development, Communications and the Arts will progress action on this.”

Warrantless access to telecommunications metadata was only ever intended for 22 law enforcement and security agencies; however, many state and local authorities were able to use the laws for a range of enforcement purposes.

Telcos said the scope creep agencies often asked for a lot of data and did not financially contribute to the scheme. There were also concerns about the way these agencies handled the data they received.

In total, the govermment has accepted all but two of the 22 recommendations made in 2020.

In addition to closing the loophole, the government has also committed to much greater oversight of the use of the scheme.

This will require both telcos and agencies to keep better and more detailed records of metadata requests, such that they are readily available to federal overseers of the scheme.

For agencies, this will include reporting details of who requested the metadata and why; “where practicable”, the reporting may also include details about whether the case resulted in a conviction, and the cost of the metadata access.

The government also said it would tighten rules around who within agencies is authorised to make metadata requests, and tie the authorisation to specific training levels.

Other key recommendations include national guidelines for the scheme; a legislated definition of the “content” of a communication, so that only metadata is captured; and stricter controls over ASIO use of information provided by telcos, should it include the content of a communication.

The full response was tabeled yesterday in parliament.

Interception powers could also be reformed

The government also flagged further reform of its telecommunications interception powers, including possibly repealing and replacing the current Telecommunications (Interception and Access) Act (TIA).

The government said it is finally preparing legislation to implement recommendations of the 2020 Comprehensive Review of the Legal Framework of the National Intelligence Community, and this includes telecommunications interception reform.

“This includes aligning the statutory thresholds for access to electronic surveillance powers and ensuring appropriate privacy protections,” the government said.



Source link