Speaking to Lawyers Weekly ahead of a panel discussion at the Australian Internet Governance Forum, David Carrington said he was concerned by the ease with which law enforcement agencies can access data under the current metadata retention laws.
“From a completely personal perspective, I absolutely see the benefit for police and law enforcement agencies in having access to some data,” he said.
“Where I diverge is probably the ease with which enforcement agencies in Australia can now get at that data.”
Mr Carrington said the “criminological and philosophical arguments” for retaining metadata were compelling.
“It is difficult to say that metadata should never be retained. But, at the same time, there is data out there that points to metadata maybe not providing the panacea for international crime and terrorism that it could be painted to be by certain parties.”
Australia finalised the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 while other countries were in the process of scaling back their policies, according to Mr Carrington.
“It could be argued that the retention regimes are actually contracting over there, particularly in areas like the UK,” he said. “The regime as it stands in Australia is a lot bolder and stronger than compared to the EU regime.”
Australia’s metadata retention law requires telecommunication companies and internet services providers to store a broad range of customer metadata for two years. Metadata includes information about a communication, such as the time, date and location, but not the content.
By comparison, very few countries in Europe have a two-year metadata retention regime.
Under Australia's new law, a number of law enforcement agencies, including the Australian Federal Police, ASIC and ASIO, can access a range of metadata without a warrant.
Fewer organisations can now access metadata without court approval than before the legislation was enacted, but these groups now have access to a larger pool of data.
“[By comparison] Europe tended to have a requirement that there was some form of judicial process to access that data. And even that has now been struck down as being incompatible with European rights to privacy,” said Mr Carrington.
Australia's new law makes exceptions for journalists and whistleblowers, but does not take into consideration legal professional privilege.
Law enforcement agencies must seek a court order to access a journalist’s telephone or email records or to identify a whistleblower.
Submissions by a new ‘public interest advocate’ concerning freedom of speech and freedom of the press will be taken into consideration before a warrant is issued.
Mr Carrington said there was some last-minute discussion regarding a potential exemption for privileged material as the Act was passing into law, but that these were unsuccessful.
“The opportunity was there in the early part of the year when it was passed,” he said. “[But] the opportunity to have this revised is probably non-existent [now]."
Mr Carrington said he could understand the concerns that private practice lawyers might have with the metadata retention law. However, he said it was not clear that metadata attracts privilege as it does not include the content of a communication.
“The devil will be in the detail of the application of how it actually plays out,” he said.
“In an ideal world, it would be nice to have [protections] in place. But I don't think they are going to be forthcoming. It's a question of managing your client’s expectations in that sense.”
Like this story? Subscribe to our free newsletter and receive Lawyers Weekly every day straight to your inbox.