Attorney-General George Brandis has announced the Government plans to give security agencies more resources and legal powers to respond to technological change and “evolving” security threats.
Whether the Government is talking about phone calls, emails or internet browsing, officials define “communications data” or “metadata” in two ways:
• Information that allows a communication to occur
• Information about the parties to the communication
The difference between metadata and content in a phone call is that metadata can detail the phone number, time of call, duration of call, cell tower, customer name etc, government officials say.
Whereas, the content is the actual verbal record of conversation, which would require a warrant to obtain.
When talking about internet browsing, government officials say anything that a person enters into their browser is content (which requires a warrant) – this is called “user-generated”, eg: the typing in of a URL, the typing in of words into Google, the clicking-through to another site or link. This is manual and user-generated.
Any communications information the system automatically puts in around the user-generated content is defined as “metadata”. This can include IP addresses, number of visits to sites and the length of time on a page.
Currently, if police or security officials want to get access to a suspect’s metadata they need to fill out a form asserting suspicion of an offence, get the form signed by superintendent rank or above and submit it to the telco or internet service provider (ISP).
The telco/ISP then extracts the data (which authorities pay for) and hands the data records over to the authority or agency.
The procedure for signing and submitting the form and for the telco extracting the data for the authorities would not change under the proposal.
For content, a warrant would be needed.
Does any browsing metadata hint at or indicate “content”?
An IP address would “hint” at content, in that it would show that the person has been to a worrying jihadist site (for instance) – but the IP address does not tell what pages the person read there, if they wrote anything there, what videos they might have viewed there etc.
Police and security agencies need a warrant for this information (“content”) and might choose to get it, if the metadata alerts them to a concern.
They would obviously cite the metadata concern as evidence in their request for warrant.
What Telcos/ISPs are doing?
There has been a proliferation of ISPs in Australia in recent years – there are now more than 200.
There are variations between each company on what data they store and for how long. Industry retention patterns vary from “months” to “years”.
There has been a trend towards telcos/ISPs holding metadata for shorter periods of time.
Some telcos already hold data for seven to nine years, government officials say. Those companies would not be affected if the Government proposes a mandatory two-year retention of metadata.
What would be different for telcos/ISP with mandatory retention of metadata?
Nothing, if they are already holding it for more than two years.
Some telcos/ISPs who hold for shorter periods would be affected if the Government seeks to “standardise” a two-year retention period.
Government officials have not provided the ABC with estimates for additional storage costs for potentially affected companies.