A Review of Australia’s Metadata Laws Finds Too Many People Can Get Their Mitts on Your Data

A Review of Australia’s Metadata Laws Finds Too Many People Can Get Their Mitts on Your Data

Australia’s metadata retentions laws are making it too easy for too many people to access Australian’s data without warrant, according to a review of the controversial scheme.

The Parliamentary Joint Committee on Intelligence and Security has published a report that reviews how the scheme, first implemented in 2015, has been working in practice.

The scheme forced telecommunication companies to retain metadata for at least two years so law enforcement could access it, if necessary. The metadata kept by telcos includes who made the text or call, who the recipient was, when and where it was made, and how long for.

The 189-page report lists 22 recommendations on ways to improve the effectiveness, reduce the cost and clear up rules around the scheme. And according to the Committee, there’s a lot that needs to be tightened up.

Raising the bar for accessing metadata in Australia

The Committee recommended removing loopholes and updating definitions to limit access of metadata in Australia.

When the law was first passed in 2015, there were just 21 agencies who were allowed to access it — a number that Peter Dutton wouldn’t mind increasing.

But since then, more than 100 agencies — including local councils and even the RSPCA — have accessed the data, sometimes for minor legal offences.

This is due to a loophole that allowed data to be released to more agencies if it was authorised.

In response, the Committee suggested setting a “serious offence” threshold for accessing the data under the scheme.

The Committee suggested clarification the definition of some terms to exclude telecommunications giving too much data as they have in the past.

Other recommendations include reducing the number of ‘authorised officers’  — people who can approve metadata access — and improve reporting around how many there are, as well as a raft of other rules around the storage and disposal of metadata.

Overall, the Committee decided that the warrantless metadata access should continue so it looks like these laws are here to stay.