PrivacyUnlawful Metadata Access Is Easy When We’re Flogging a Dead Law

By Genna Churches and Monika Zalnieriute

Published 11 December 2019

After watching this year’s media raids and the prosecution of lawyers and whistleblowers, it’s not hard to see why Australians wonder about excessive police power and dwindling journalistic freedom. But these problems are compounded by another, less known issue: police, and other bodies not even involved in law enforcement, have broad powers to access metadata. Each year, police alone access metadata in excess of 300,000 times.

After watching this year’s media raids and the prosecution of lawyers and whistleblowers, it’s not hard to see why Australians wonder about excessive police power and dwindling journalistic freedom.

But these problems are compounded by another, less known issue: police, and other bodies not even involved in law enforcement, have broad powers to access metadata. Each year, police alone access metadata in excess of 300,000 times.

Metadata has been described as an “activity log”: it’s the information that allows a communication to occur. Once, this would have been the address on the envelope. But modern telecommunications metadata consists of the time, date, duration, locations of a connection and more.

This year, fresh evidence revealed police accessed the metadata of journalists and 3,365 telecommunications users unlawfully.

And local governments and professional bodies – which were explicitly denied access to metadata in 2015 – have been accessing the same data under different legislation.

What’s more, Optus this year revealed it was granted an exemption from a requirement to encrypt retained metadata. This means the metadata they hold isn’t secure.

So why are so many agencies overstepping their powers? The obvious answer is, of course, because they can.

There’s little oversight and consistency in the current metadata regime. The system is spread across two separate pieces of legislation, enacted decades ago, with more than 100 amendments.

This leaves loopholes that various agencies and police exploit for accessing metadata and dodging safeguards.

Why Should I Care about Metadata Anyway?
These scandals surrounding the metadata regime have cast a shadow over the Parliamentary Joint Committee on Intelligence and Security’s current review of the outdated laws.

Metadata can reveal where you work, live, who you visit, who you communicate with and potentially reveal your plans by exposing websites you access.

Australian law considers metadata less important than “content” (the voice in a live phone call or message in an email).

So while intercepting a phone call or email requires a warrant, metadata is accessible without a warrant by law enforcement agencies and any other bodies the legislation authorizes, such as local governments.

The Abbott-Era Metadata Scheme Limits Press Freedom
In 2015, federal parliament, as part of efforts to target terrorism, passed the metadata retention scheme used today, requiring telcos to keep metadata for two years.

Attempting to address privacy concerns, parliament limited the types of organizations that could access the data and the specific types of metadata that could be retained (excluding web browsing histories). It also created “journalists information warrants” to protect journalists’ sources.

Despite evidence suggesting these limitations wouldn’t work