Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Parliamentary Joint Committee on Intelligence and Security

DICKSON, Mr Paul, Assistant Commissioner, Crime Service, South Australia Police

KOPSIAS, Detective Superintendent Arthur, APM, Commander, Telecommunications Interception Branch, New South Wales Police Force

LANYON, Assistant Commissioner of Police Malcolm Arthur, APM, Assistant Commissioner, Commander, Special Services Group, New South Wales Police Force

SEGRAVE, Inspector Gavan, Intelligence and Covert Support Command, Victoria Police


CHAIR: Welcome. Although the committee does not require you to give evidence on oath, I remind witnesses that this hearing is a legal proceeding of parliament and warrants the same respect as proceedings of the House itself. The giving of false or misleading evidence is a serious matter and may be regarded as a contempt of parliament. The evidence given today will be recorded by Hansard. Do you wish to make some introductory remarks before we proceed to questions?

Mr Dickson : In my position as the Assistant Commissioner of Crime Service in South Australia, I am ultimately responsible for all investigations of serious offending that occurs in the state. Part of those investigations rely heavily on the subject of our meeting today. I am also the chair of the Serious and Organised Crime Coordination Committee, which is a national body made up of the heads of all crime areas and other law enforcement partners in tackling serious and organised crime.

The data retention bill, if approved, will require companies providing telecommunications services, carriers and internet service providers to keep a limited but prescribed set of telecommunications data for two years. I believe that the data referred to in this bill is best described as information about a communication and not the content of that communication. I think it is very important that we understand the difference. In simple terms, the bill seeks to retain data that provides evidence that two parties contacted each other. The bill does not refer to the contents of that communication.

SAPOL routinely requests and obtains telecommunications data from telecommunications service providers. The data more commonly referred to as subscriber texts, call charge records, reverse CCRs and cell dumps contains information which is often critical evidence in serious criminal investigations which have a significant impact on the community. Currently there is no defined period of time for which service providers must store this data and, as a result, availability differs from carrier to carrier. The data retention bill seeks to legislate the compulsory retention of this data by service providers for the period of two years, which I support.

Access to metadata plays a central role in almost every criminal investigation, including investigations into murder, sexual assault, drug trafficking and kidnapping. In the offence of murder, the ability to actually identify people who have contacted each other is quite critical. It is the same in cases of child exploitation and, obviously, serious and organised crime matters, where you may have people involved in illicit drug-taking or dealing in drugs. Those are significant issues for us. SAPOL has requested metadata to be provided on about 17,000 occasions over the last five years. It is important to note that over 60 per cent have resulted in requests for data that is older than 12 months. Unfortunately, we do not keep records of any greater periods of time. We just do not have that capacity.

This proposed amendment bill will provide both the community and policing agencies with valuable information that protects the community and, importantly, provides consistency in approach for the actual carriers. I think that is one of the main issues we have got here. From a policing perspective, there is no consistency in approach. A good example of the issues we have is the inconsistent and unregulated approach and how it negatively impacts on policing. I note that talking about stored data is not within the purview of this committee; I fully understand that. But I think this is a good example of how an inconsistent approach does create issues for investigators.

Currently, a service provider destroys the communication on a 24-hour time frame. Every 24 hours, that stored data is destroyed. So we could have a murder which occurs today—now—and SMS messages could have been sent previously. The investigators become aware of it tomorrow and do their investigation. We can never obtain that stored data because it will be destroyed at 12 o'clock tonight. Because there is no regulation in relation to that it is a good example of how, if we do not have a regulated position, it creates significant issues for our investigators.

Another thing I want to say is that the bill is critical to prevent the capability of Australian law enforcement and national security agencies being degraded. It does not expand the range of telecommunications metadata, which is currently being asked for. We are not asking for any more. It is simply to ensure that metadata is retained for a two-year period and that it will assist the investigators and law enforcement to protect the community. Thank you.

CHAIR: Thank you. Would anyone else like to make some introductory remarks.

Mr Lanyon : Yes, if possible. Can I express my appreciation to the committee on behalf of the New South Wales Police Force for the opportunity, firstly, to provide a submission and, secondly, to give some evidence here today in relation to it. Can I start with an apology. New South Wales Police Force prepared a submission for the committee some time ago. I was advised this morning by our Department of Premier and Cabinet that that submission had not reached the committee. I have arranged for it to come through by email this morning, so it will be available. The submission itself provides a number of case studies which are relevant to the topics I will speak about and certainly in relation to the nine questions posed by the committee. It will provide some further evidence.

The issue of data retention is critical to the efficacy of criminal investigations within New South Wales and also nationally. It is relevant to point out that counter-terrorism and serious and organised crime syndicates traverse traditional borders and, for that reason, data retention impacts on all law enforcement agents, be they state or Commonwealth. New South Wales supports the objectives of the data retention bill in order to ensure a consistent regime occurs with carriers and providers in order to best aid the investigation of criminal and national security investigations. A model piece of legislation would redress some of the current inconsistencies for retention. For example, reverse call charge records vary between seven years and eight weeks with other carriers. Cell tower dumps vary between seven years and six to eight weeks, depending on the carrier. Similarly, by providing a standardised dataset the current situation, whereby approximately 80 per cent of IP requests made by New South Wales to carriers did not identify the end user of the server or subscriber because they are not currently kept, may be ameliorated.

New South Wales Police Force has a vested interest in maintaining access to stored data as the largest user in Australia. Last year, New South Wales made in excess of 122,000 requests to carriers and providers for metadata. Accordingly, whilst agreeing in principle with the objectives of the bill, New South Wales Police Force does hold some concerns with regard to the potential unintended consequences of limiting a period of up to two years for the retention of that data. As indicated earlier, New South Wales Police Force is currently able to access certain telecommunications data for up to seven years. That is generally our call charge records and reverse call charge records.

At a time when encrypted mobile and internet based communication degrades our interception capability, it is imperative that telecommunications data is retained for as long as possible to facilitate investigations. It is also worth highlighting the differences between law enforcement responsibilities at a state and Commonwealth level. Whilst two years may be appropriate for the majority of offences investigated by the Commonwealth and other Commonwealth agencies, such as national security, drug and online sexual offences, states are also responsible for investigating a range of criminal offences, including murders, sexual assaults and robberies, which are often historical or take years to investigate prior to a suspect being identified. The New South Wales Police Force has provided a submission—albeit you do not have it in front of you at the moment, Chair—which outlines a number of case studies demonstrating the complexity of and historical nature of these types of investigations.

I am able to say with some experience from my previous role as Director of Organised Crime in New South Wales and as a longstanding detective, including working with the homicide squad, that there are very few investigations which do not rely on telecommunications metadata. The data is vital to corroborate evidence, identify suspects, eliminate suspects, place movements of suspects or to found affidavits for warrants under the Telecommunications (Interception and Access) Act.

The need for data retention for extended periods is even more important at the moment, as DNA, trace evidence and other forensic science becomes more sophisticated and it is possible to test against older crime exhibits, resulting in the identification of suspects years after offences have been committed. Of the 122,000 requests for telecommunications data New South Wales submitted in the previous year, 4,358 of those requests related to a period greater than two years for retention. Whilst as a percentage this may not appear large, it represents a significant number of offences which may be solved with the access to the information after two years. It is worth pointing out that, of those requests for greater than two years data, the most common offence was murder followed by sexual assault and then robbery.

The New South Wales Police Force is cognitive of the balance of privacy against law enforcement, but would respectfully submit that agencies have thorough and rigorous processes in place to both apply for and manage telecommunications related data. The draft bill, in the New South Wales Police Force's submission, does not focus on content communications, which are rightly governed by a warrant regime under the current TIA Act—rather, stored metadata which is already available to law enforcement agencies. It is well known by the community that carriers and providers maintain calling records for billing consumer purposes, and there would be a general expectation that these records are not expunged after two years. Similarly, the public rightly expect that police forces continue to investigate and solve matters which are not recent and telecommunications metadata is becoming more critical in that area as technology increasingly makes interception difficulty.

It is the New South Wales Police Force's submission that metadata in the form of CCRs, reverse CCRs and subscriber checks should be available to law enforcement for well in excess of a period of up to two years, particularly when it can be obtained from carriers now for up to seven years and there will be a significant number of serious crimes that go unsolved without it. Thank you for your indulgence.

CHAIR: Thank you.

Insp. Segrave : I would firstly like to thank the committee on behalf of Victoria Police for the opportunity to appear before you today in relation to your consideration of the issues around the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. Victoria Police considers these issues to be of critical importance to the ongoing viability of avenues of inquiry that police currently routinely rely on in the course of serious and organised crime investigations—that is, access for a prescribed period of time to a defined set of metadata, including call charge records, subscriber information, cell tower information et cetera. In an age where there is an ever-increasing reliance across virtually all elements of our community on telecommunications in its various forms, coupled with increasingly sophisticated telecommunications technologies, law enforcement must be able to stay abreast of the tools of trade or the modus operandi of the similarly empowered and sophisticated criminal element who are always amongst us.

One of the touchstones of investigation that junior investigators are taught is the notion that every contact leaves its trace. In the past, this was intended to draw the investigator's attention to the possibilities of fibres, fingerprints and DNA evidence. In the present, this thinking is just as applicable to the opportunities provided to serious and organised crime investigators by metadata. And, just as in the case of more traditional crime scene analysis, often the lawful access to and analysis of metadata will form part of the initial actions taken at the earlier stages of an investigation, particularly in the case of proactive investigations—such inquiries being intended to help understand how an offence may have been committed; to identify suspects; to eliminate or exculpate persons not relevant to the investigation; to open up new avenues of inquiry; to contribute to applications for more intrusive investigative options requiring judicial warrants, such as search warrants, surveillance device warrants, and telecommunications interception warrants; and effectively to focus the application of finite investigative resources.

An investigation can be considered to be a process underpinned by a series of logical and ordered steps, and the identification, analysis and interpretation of the traces that an offender has left behind in the course of his or her preparatory actions or actual offending will always be amongst the critical first steps that can ultimately determine the success or otherwise of an investigative process, whether such traces are in the form of a fingerprint or a call charge record. Nonetheless, Victoria Police understands and acknowledges the fundamental principle of a citizen's right to privacy and the inherent tensions between aspects of the criminal investigation process and that right to privacy. In this context we note that this bill is not intended to increase the reach of law enforcement in terms of the types of metadata able to be accessed or the circumstances in which it might be accessed and that the bill proposes to introduce new safeguards against abuse by way of the active oversight of the Commonwealth Ombudsman.

It is the view of Victoria Police that the current safeguards in the Telecommunications Interception Act have proved sufficient; however, we accept that the proposed arrangements would appear to strike a pragmatic balance between the sometimes competing imperatives of the right to privacy and the right to personal and community safety and security. However, if there were to be a move to a situation where additional judicial authority was required to access the types of metadata that are the subject of this bill, Victoria Police believes that this would have very significant if not catastrophic implications for investigations for the reasons I have broadly outlined above; would pose very significant logistical problems for all stakeholders involved, including police, lawyers and the courts, by virtue of the volumes involved; and may well perversely drive changes in policing methodologies that potentially result in the use of more intrusive capabilities—for example, physical surveillance, undercover operatives and the cultivation of human sources, in circumstances where they would not currently be deployed.

In conclusion, I appear before you today on behalf of Victoria Police in order to support and reiterate the written submission already provided to you, to reinforce the Victoria Police view that the ability to access metadata in support of serious and organised crime investigations is a critical element in the majority of such investigations, to commend the notion that there is a need to enshrine the types of metadata and the duration of retention of such metadata in legislation and to further assist the committee in its deliberations as you see fit. Thank you.

CHAIR: Thank you. I think Andrew wants to fire away first.

Mr NIKOLIC: Gentlemen, thank you for your contributions. There has been some evidence to the committee asserting the need for a warrant or judicial process not just for content of information and telecommunications information but for metadata as well. I will try to paraphrase the logic behind some of those submissions. It is that metadata information is as compelling from a privacy perspective—what it reveals about an individual—as the warrantable content information might be. So my question is in two parts. Do you have a perspective on the operational impact of introducing a warrant or judicial system for metadata, not just for content? Second, could you provide some insights on the way you use metadata and the intensity of intrusion in personal information as it relates to metadata? What do you use that information for versus the level of intrusion should you need to seek content through a warrant?

Mr Dickson : I will answer the second part of that question before I answer the first part. By way of example, in a police submission where an individual was murdered, we had no suspects of that murder. Then we identified who that person had been in contact with. We had his mobile phone or knew where that mobile phone was. There were certain contacts which occurred between certain parties in the 24 hours before his death. Obviously that came as metadata. That is how we obtained that information. That led to us identifying, once we had that information, who those individuals were. Then we were able to get further intelligence which led to those people being suspects, and ultimately they were convicted of his murder. It related to a drug rip-off. That is just a very simple example.

Metadata is really just about where the communication occurred, when it occurred, place, time—those sorts of issues. As you quite rightly say, it does not actually relate to the content of that metadata. Often, when we seek that metadata, we are just looking for information because we do not really have much else to go on. We are using that information tool to find out what contact, what communication, the suspects or the victim have had and to then go and speak to those individuals to find out what is the relationship and just going through that process, as any good investigator should do. Really it is an intelligence tool to provide us with information to assist us with that investigation. Often the metadata does not get us anywhere because it is not relative to the investigation.

The first part of your question in relation to—as you are fully aware, the stored communications warrant is a warrant process we go through, but under the legislation the metadata that relates to the warrant has to be 'reasonable and necessary' in relation to a criminal offence. In South Australia we have two levels of authority: the first level is a senior police officer who authorises that metadata is to be collected and the second level is the authorising officer, who is the superintendent, who provides that authorisation. So we do have our own internal requirements that are not part of the legislation; we do have a process in place. From a policy position, five years or more is the penalty provision. That is how we have designed it; other law enforcement agencies could be the same or could be somewhat different. You have just heard about the impact from the New South Wales police. We have about 4,000 a year. New South Wales police would have a significantly higher number than that. The ability to obtain that information, going through a warrant process for that information, would be a significant drain on the investigation—and not just our resources but also the resources of the judiciary and courts and whatever. I think it is quite a big ask.

At the moment we are audited by the state ombudsman twice a year and the Commonwealth Ombudsman once year. I would have thought the issues that came up about us not doing the appropriate things in relation to metadata or TI applications would become a red rag in relation to those audits that are conducted.

Mr BYRNE: Did you see the front page of The Australian today, when you say that?

Mr Dickson : Yes.

Mr BYRNE: So while you are saying that—and that was referred to an ombudsman. No reflection on anything, but I am just saying that you can say use the term 'red rag', but there is a very serious incident that has occurred there that apparently was referred to an ombudsman. I do not want to prejudge the outcome, but I would be careful about what you said in terms of that.

Mr Dickson : All I am saying is that we do have a process of audit in place.

Mr BYRNE: Sure.

Mr RUDDOCK: Describe 'senior police officer'.

Mr Dickson : It is inspector or above.

Mr Lanyon : It is the same in New South Wales, Mr Ruddock.

Mr RUDDOCK: Do they have particular qualifications, or is it just any inspector?

Mr Dickson : You are quite right, it is any inspector, but the ultimate decisionmaker is the superintendent in charge of our ISP who is ultimately in charge of our TI section.

Mr NIKOLIC: Did you have anything to add, Assistant Commissioner Lanyon?

Mr Lanyon : Just quickly, if I can I would liken metadata more to intelligence purposes, generally it will commence an investigation, we would look for the metadata. It would be very difficult to found an application for a warrant for the basis of metadata to start a investigation because we really do not necessarily know what we are looking for. If I had been murdered, the first thing we would do is to look at my phone to see who had contacted me, who I had been in contact with and to look for persons who potentially could have been contacted. It would be impossible from an investigative perspective to identify what we were seeking to get out of that telephone data, who we thought the contact would be between when it is clearly an intelligence touch point to start with. And probably just to support again, for the 122,000 applications last year, the operational impact on the time delay in investigating matters, and certainly the first 24 hours in a homicide investigation is critical, a significant time delay to go under a warrant regime would significantly impact on both the effectiveness and certainly the efficiency of criminal investigations.

Mr NIKOLIC: thank you, if I have the figures right and if I have copied them down quickly, Assistant Commissioner an end to you talked about 122,000 requests, of which 4358 requests were greater than two years and Assistant Commissioner Dixon you talked about, in the last five years, 17,000 requests, of which 60 percent were older than 12 months. One of the features of evidence presented to this committee, using overseas research information in particular, is that this is some sort of quantitative consideration because such a small number are longer than 12 months, ago they are less important. Clearly, those ratios do not apply as far as South Australia Police are concerned. Do I take it from your comments that the 4,358 cases in New South Wales older than two years and the 60 per cent in South Australia older than 12 months were complex cases or people reporting crime like sexual crime well after the event? Can you give me an insight there?

Mr Dickson : From the South Australian perspective, I think it is a bit of both. It would be complicated matters where you may not have a suspect for a long period of time, especially within some of the OMCG type investigations where it is very difficult to get people to talk to you because of extortion and those sorts of things. What happens is your suspect might come up 12 months or 18 months into the investigation and that is the time that you need to get this level of detail which we are talking about. That is probably one of the main reasons. It is around when we identify who the suspect is. So that is one issue. Then it is also about the complexity of the matter as well. You may have a rape investigation where, again, the suspect becomes known quite a long time after the event, or it might be historical sex offending where the young person who is the victim of the matter reports two years after the matter. You then have to try to go back two years for investigative purposes. So all those difficulties are there, but the detail that is provided is gold for the investigator.

Mr Lanyon : It is a similar position with New South Wales offences. As I indicated, murder, sexual assault and robberies were the key offences for which those 4,350 were requested. Again, they are often historical. We have had a number of royal commissions and commissions of inquiry into child sexual offences. So there have been a lot of reports for which a suspect was never known and an offence was never know up to a certain period. We have an unsolved homicide squad in New South Wales and we have approximately 650 unsolved homicides for which, as you work through, suspects are often unearthed by advances in forensic science and by changes to information provided by source. The ability to then go to metadata to confirm and corroborate is absolutely essential.

Mr NIKOLIC: Can I deal with the issue of responsiveness. You have described what I can only picture in my mind as a Sara Lee approach to oversight. You have talked about some oversight at the tactical level within your own individual organisations—an inspector making a recommendation; ultimately, someone at the top of the organisation deciding you would seek metadata. There are Ombudsman processes and there are privacy principles being applied and . Then, nationally, if you look at it, you have Ombudsman and IGIS and this committee. As that relates to responsiveness, can you give me a sense in the early stages of an investigation where you have said metadata is important?

Mr Lanyon : Essential.

Mr NIKOLIC: You mentioned you being killed. To what extent do existing processes allow you to be responsive? Do you consider them about right? Do you think they slow you down? Give me a sense of what these layers of oversight do on your ability to do your job?

Mr Lanyon : I would say the balance at the moment is quite appropriate in terms of metadata. As I said, internally there are checkpoints that we need to go through to get there. There is external oversight—and I can have Superintendent Kopsias talk in terms of the telecommunications interception act and Ombudsman, Commonwealth and state, oversighting. In the initial stages of an investigation, it is really about gathering information as quickly as we can so we can try to narrow down suspects, try to identify communications and found the investigation and the direction we are going to go with it. If a significant layer of bureaucracy is put on top of that, that will significantly impede investigations. I would think that they are appropriate, and I certainly take note of Mr Byrne's comments before. But when you look at the significant number of inquiries that are made for metadata each year and the way that they are handled compared to the response we do get from both the state and Commonwealth Ombudsman, I think we have the processes very appropriate.

Mr Dickson : I fully support those comments of the New South Wales Police. Also, I think it would be very difficult from the initial part of that murder investigation to actually get the detail to obtain a warrant to get that metadata. Often you have quite a cold scene and it is very difficult to have any information, so you have to work through that. This is an investigative tool which provides us with intelligence and that is all it is at that point in time: intelligence to give the investigators some lines of inquiry. Then at a subsequent time that may turn into evidence. But it may not; it might just be the intelligence which allows us to move forward.

Insp. Segrave : The Victoria Police endorse that as well. I alluded in my opening to what could be characterised as the potential for unintended consequences around this idea that there needs to be a judicial authority for the access to metadata. I would like to reinforce that point, and it has been raised by other witnesses before you. If we were to move to that type of regime, one of the questions that arises is: what would be available at that point of an investigation to put in an application to be made before a judicial authority for that type of warrant? The reality is that, if you look at where metadata is normally accessed in the course of an investigation, quite often the answer is not a lot. So, if the view is taken that a particular target is worthy of further focus in relation to that issue, you need to deploy other resources that are effectively more intrusive, I would suggest, than obtaining the metadata—for example, physical surveillance, human source or, potentially, undercover operatives. I think on any assessment that type of approach would have to be considered to be more intrusive than the accessing of the metadata. I think that is a worthwhile point for the committee to consider as well.

Det. Supt. Kopsias : From a New South Wales Police Force prospective, the volume of our metadata requests if we put a warrant regime on top of the metadata scheme would—I will make a bold statement—virtually cripple our organisational capacity to effectively deal with organised crime and serious crime. I would make that statement to you. It is not just responding during business hours; it is also after hours. We respond to kidnappings and other serious crime after hours and on weekends. You would need after-hours people to do that type of work. Just the sheer volume of metadata and TI requests would hamper our investigative capacity.

In terms of oversight, I do not think a warrant scheme would add more to due diligence and to the accountability and oversight process currently in place at the moment. As Mr Lanyon told you, we have enough internal processes and accountability schemes in place to ensure governance and equitable practices are adhered to at all times in compliance with the legislative practices that we adhere to.

The enormous, I suppose, intent of our investigative charter does differ from Commonwealth law enforcement agencies, and this is why we are fairly unique. If I could paint a picture of our need to retain data for longer than two years, we have an unsolved homicide unit with 650 cases on its books right now. Pre-1960, we have 12 cases; from 1960 to 1969, we have 15 cases; from 1970 to 1979, we have 80 cases; from 1980 to 1989, we have 150 cases; from 1990 to 1999, we have 210 cases; and, 2000 to 2009, we have 120 cases. At any given time, a particular investigation would need some sort of metadata once it is activated. We would need some sort of metadata to get the process on foot, start the investigation process and then work out whether we need other resources, electronic evidence or physical surveillance to enhance that investigative capability. So, without it, we would be hampered, but on top of that we also have a royal commission into child abuse right now. We have provided that body with 191 cases—referrals. At any given time, they would need to access metadata. Again, those cases go back to pre-1950.

I am not saying we need a scheme that would need to hold records back to 1950, but certainly we need a scheme of longer than two years. Whether it is more than two years or seven years, I am not too sure, but right now we can access CCRs and reverse CCRs with particular carriers or, actually, across all three carriers for up to seven years. Certainly, from our perspective we would not like to go backwards. We would like to keep the current scheme in place in terms of those particular datasets, but we do support in principle a data retention scheme to consistently standardised this process.

Mr NIKOLIC: What do you say to those concerns expressed to this committee that this is potentially an unacceptable intrusion into the lives of 23 million people? As I hear you talk about your operations at the tactical level, it is about a quick skim across a large dataset to understand connections between individuals and networks, which might then lead you to areas of further inquiry rather than a deep dive. I have heard evidence that metadata could be used to listen to journos talking to their sources or to see what clubs people are frequenting. It seems to be inconsistent with the sorts of examples that you are painting to the committee.

Mr Lanyon : With cell site location that we would normally get with metadata, we would talk about an area, for example if I am in Canberra I might be in Deakin or I might be somewhere—it does not specify. There is not the amount of specificity to say that I am in a particular place. We are talking more about gross data. The data does certainly assist us in terms of time, date and place. It gives an idea of who has been speaking to each other. It is absolutely essential. In terms of privacy, I would think most members of the public would expect that there are billing records kept in relation to their mobile phones. I think most people would be astounded to believe that that was not the case, and I think that most people would certainly expect that if a criminal offence had been committed the police would be able to access that data to assist. Again I was very specific before when I said that we are not talking about content. There is quite rightly a warrant regime around content. It is a limited intrusion but a very valuable investigative tool, and I think that if you look at a comparative weight then certainly the public would see the weight of being able to solve crimes higher than the potential intrusion that we are talking about.

Mr Dickson : I support that. As we all know, it is about balance. It is about a balance between privacy and the ability to protect the community. I think the balance is about right, where it is at the moment.

Insp. Segrave : From a policing agency point of view, we are talking about finite resources and an expectation that those resources are targeted where they can achieve the most good. It is just not open to agencies to engage in the sort of activities, routinely, that perhaps some of the commentary suggests. Where that does occur I would suggest that it is generally going to be within the purview of misconduct, and there is a whole regime of legislation and process around that particular aspect of police misconduct.

Senator FAWCETT: Assistant Commissioner Dickson, could I also take you to the table you have provided in your reply to questions on notice which indicates that, pretty consistently over the last five years, over 60 per cent of your requests have been more than 12 months old. Does that apply predominantly to telephone information or do you also deal with IP addresses in terms of internet communication?

Mr Dickson : It is everything. It includes IP addresses, it includes cell dumps, it includes CCR and reverse CCR. We do not calculate it by particular type of metadata, so that is the entire time out. From my experience the greatest amount would be CCR kicks and reverse CCR, because as an investigator what you would need to know is: who has that person been in contact with, or who has contacted them—especially around the issues of serious assaults, murders, drug trafficking and those sorts of offences where it is very important to have an understanding of the criminal network and the nexus between different parties.

Obviously with that there would be a lot of work also around live CADs and those sorts of things, where you need to track someone. From that perspective that would be a minority. Most of them would be around the CCR kicks.

Senator FAWCETT: We have had a number of witnesses use the examples that have been provided to us by law enforcement agencies where metadata has successfully led to a prosecution and they argue that the existing system is working and therefore no change is required. Again I would take you to your case studies, where there was a murder and four days after the murder you put a request in. The particular carrier kept data for only seven days; and, in that case, you resolved the case and you successfully prosecuted. But you then go on to quote a case later where again, a fairly short period after the event, you put a request in but the data was not available. How frequent are those events where you only just get it in time or, in fact, you request and it is not there? The reason this is important is because it demonstrates the fact that the existing system is not sufficient in many cases.

Mr Dickson : There are a significant number of investigations where, because different carriers keep data for different periods of time, it is a bit hit and miss from an investigator's perspective as to whether you are with Optus, Telstra or Vodaphone, because they all have different lengths of time that they keep that metadata for.

Going back to your question, there are a number of examples of where I have heard investigators talk about the fact that they put in a request for metadata but were not able to receive it, which impacted on their investigations in that if that metadata had been available it would have assisted them. I go back to my opening statement. The main issue I see here is the importance of it for law enforcement. To have a consistency of approach is very important for us, because then we will know what the period of time is that that metadata is going to be stored for.

Mr Lanyon : I support that. I think I spoke in my opening remarks as well about IP data that we had requested in New South Wales last year. There were only about 1,100 requests, of which conservatively 80 per cent failed to yield a subscriber from the other end because, without the legislation, carriers are not required to keep the proposed datasets.

Similarly, on metadata call charge records, investigators get very skilled at knowing which carriers they can get data from and which they cannot. They know very well, so the level of requests that go to carrier A, knowing that they only hold that data for four to six weeks, is obviously reduced. There is no point putting a request in if we know the carrier does not hold the data for that long. I think the issue of consistency that we have all spoken about here today is the central key here and the reason why the bill is supported by the jurisdictions. It is because it is essential that there is confidence that carriers are holding information for a particular period of time. We have indicated that obviously we would like it to be for longer, but it is essential that it is held for a standard period of time and that, again, there are consistent datasets so that investigators and certainly law enforcement can be assured that they can get particular information which is relevant to investigate criminal offences.

Senator FAWCETT: This is, again, for SA Police. There was a discussion in your paper that in the five annual reports it is indicated that 146 convictions utilised telecommunications information.

Mr Dickson : Again, that is not just metadata; that is TI information, content information and those sorts of things. It is a very difficult question to answer. In jury matters, it is difficult to know why a jury found a person guilty, as an example. Was it because of the metadata provided? Was it because of certain admissions made? Or was it because of the DNA evidence? It is very difficult to say that metadata was the reason that that person was convicted. Most convictions at the end of the day are because of a whole raft of different things and bits of evidence.

Insp. Segrave : I will make another point there, if I may. The metadata, quite often, is a step in the process for the investigator to get an evidentiary footing. Without the metadata, that evidentiary footing may never be achieved. But it is not actually represented or recognised in the brief of evidence that is put before a court. So it can be very hard to drill down into the brief and into the prosecution to have an understanding of the underlying role that metadata actually plays. But I think law enforcement consistently are saying that, with our understanding of the investigative process and the application of metadata within that process routinely, it is critical to us.

Det. Supt Kopsias : I will also just add to that. It is hard to quantify. We do not keep a central repository of the effectiveness of metadata, especially involving court outcomes. In our submission, which I hope you will be able to read today, we gauged it as well as we could to parallel the effectiveness of TI because we capture that data annually for the AGD in an annual report questionnaire. We have done that quite well over the years because we have a database and a process for it. I can tell you that over the past four years where we have used metadata and TI they have coexisted. Neither will survive without the other. The best we could come up with is that we had a total of 7,343 interception warrants issued which contributed to 5,093 arrests, 14,016 prosecutions and 5,064 convictions. We are not saying they were directly attributable, but there was some value, some effectiveness or some evidence given in those court proceedings in relation to metadata, including TI. So we are saying, 'Yes, it is effective. It is a building block. Without it, TI and other electronic surveillance resources that we use would not exist today.'

Insp. Segrave : In relation to that, if we were to move to a judicial warrant situation for metadata, one of the things I think it would throw up in terms of an anomaly is that telecommunications interception warrants, by definition, require metadata within the applications—and quite a deal of metadata—to substantiate the application. We would effectively be moving to a situation where, in a lot of instances, we would need a warrant to obtain the information that we would need to obtain the warrant. I think that would raise a whole range of issues as well.

CHAIR: That is a very good point.

Mr CLARE: With reference to the submission of the NSW Police that was available, it was sitting on our desks here and then it was taken away from us. I am wondering whether the police can authorise us to read your submission or whether we have to wait for the approval of the New South Wales government.

Mr Lanyon : You most certainly can certainly have it now, Mr Clare. I am told it has been officially released to the committee and it is available for you.

Mr CLARE: If that is the case then we might ask the staff of the secretariat to allow us to read the submission. The argument is being put to us that this is urgent and that this legislation needs to be passed and implemented very quickly. Evidence has been given to us by Telstra, Optus and Vodafone that, in regard to the data they hold at the moment for set periods of time, they have no intention of changing the time periods that they hold that data for. In evidence today, law enforcement has said that they are concerned about the degrading of access to this data. I am interested in whether you can expand on and explain what your concern is and why you think this is urgent.

Mr Lanyon : I have several concerns. We certainly get a good deal of cooperation from the carriers; however, they are a commercial entity. One of my concerns with an unintended consequence—and certainly a consequence at the moment—is reverse call charge records. I think I indicated in early evidence that it varies between carriers: carrier A may have seven years and carrier B may have six to eight weeks. Consumer protection is the primary reason that the carriers hold that information, and that relates to billing of customers. There is no billing advantage for a carrier to hold reverse call charge records as it is simply calls in to their service. There is nothing to stop a carrier at any stage—for commercial interests, for the reasons of storage or for the reasons of hardware—from deciding that they are no longer going to hold that there. Without legislation, there is nothing to stop a commercial interest. There are already variances between carriers in terms of what they hold, so there is nothing to stop one making a decision one way and another making a decision another way.

Mr CLARE: Is that the nub of your concern—that it is more an issue of consistency of the length for which ISPs hold data, rather than a shift in ISP behaviour and the degradation of access to this data because ISPs are now holding the data for shorter periods of time?

Mr Lanyon : I certainly think consistency has been the main message from each of us this morning, but certainly the dataset is equally important—that the carriers are holding the same data which is relevant to criminal investigations.

Mr CLARE: So the same data and for the same period of time.

Mr Lanyon : Certainly.

Mr CLARE: Is it a concern to law enforcement that this legislation, when passed, would not come into effect until two years after that legislation is passed and proclaimed?

Mr Lanyon : I think so. We currently operate within an unregulated regime. As you are aware, we exist on the assistance provided by the carriers. We would like to have something in place to ensure that we have consistency and can actually obtain those records when we need to. A regime put in place would certainly be preferable to us, and that would be the reason, I would say, for urgency. By the same token, I think it is very important to all of law enforcement that we get those processes right. We understand that there are industry concerns, and we certainly understand that there are privacy concerns. From a law enforcement perspective, we will certainly push our barrow, but we do understand that there are other things that need to be considered in that process. The faster we could get a regime in place to enshrine what is going to be kept, how it is going to be kept and for how long it is going to be kept, and we have some consistency across the process, that will benefit all law enforcement agencies.

Mr CLARE: But you are not making a submission to this committee that we should truncate the implementation period? You recognise that, from the date the legislation is passed and proclaimed, it is another two years before this regime would come into effect, and that is something that law enforcement could live with?

Mr Lanyon : Obviously the sooner we have it the better, but I will take on board the submission that you have indicated the telecommunications industry has given—that they do not intend to change the information that they currently provide to law enforcement—as some reassurance that we will continue to get that information in the short term.

Mr CLARE: To be fair—maybe just to expand on that and then ask the superintendent to comment—that is the feedback from the major telcos. We have not had all of the telcos, big and small, come through and give advice to this committee. But the advice from Optus, Telstra and Vodafone is that they are intending to hold data for the same length of time they currently do. My question to South Australia, Victoria and New South Wales is that, at the moment, the legislation this committee is considering, and that the parliament would consider, once passed and proclaimed would not become operational for two years, and given that law enforcement, particularly federal law-enforcement agencies, have told us that this is urgent, I am wondering if you want to make recommendations to this committee that that period should be truncated, otherwise the inference this committee will take is that that two-year period is okay.

Mr Dickson : From the South Australian perspective, where we are going here is that if from, say, 1 July this year this legislation came into place, my view, and what I would be seeking, is that from that point in time data was kept, as best as could be, for two years previously. That is the magic number we are going to come with. Some telcos will not be able to comply with that because they have already destroyed it after six months, or whatever, and that is fine. We just have to live with that because there is nothing we can do about it. But, then, have that as the practice moving forward, so that in two years' time you will have all data at least two years old. That would be my recommendation to the committee.

Mr Lanyon : As well, I think the importance of why we would like to have this in place as soon as possible is as you have indicated: the major carriers may indicate something but the minor providers, completely unregulated, provide what they like, and store what they like and hold it for as little time as possible. So it is a matter of the sooner we have that sort of surety in place. I agree with Mr Dickson.

Mr Kopsias : I not too sure if a certain matter concerning a customer billing record and a record that is currently accessed by law enforcement has been clarified with the committee. Take, for example, a call charge record. The customer's records are different to what we as law-enforcement personnel get for call charge records—and reverse call charge records. It is probably about two-thirds. We will not be getting a replica call charge record under an exemption if we call it like the bill has, where the carrier would keep those records for customer billing and ATO purposes. This is why it is important that a regime is put in place that standardises, and we get exactly what we get today. We get a location—where the person who made the phone call called from. With certain carriers we get the B-party location, too. We get time and dates. We get an IMEI number—a unique identifier. Sometimes we actually get a little sample from particular carriers saying that there is picture here or an SMS—it does not tell us what it is—which prompts us to get a stored comms warrant, or another process. What we are saying is that the current CCRs and reverse CCRs we get are vital to our criminal investigation process. Going back and accessing traditional customer billing records probably will not suffice.

Mr Lanyon : I think that probably again builds on the question that you asked before. After two years, as this bill proposes, there is not a requirement, and carriers are entitled to keep records, as they would normally do. Obviously, consumer protection would require that. The reason that New South Wales has asked for that period of two years, particularly with call charge records and reverse call charge records and subscriber checks to be longer than that period is that there is nothing to stop a service provider keeping for commercial purposes what are only billing records, after two years. At the moment, for seven years we get what I would call law-enforcement records. So we will have a number of pieces of data. After two years, according to the bill, the carriers are entitled to keep information, obviously as they would under consumer protection. That level of information is not at the same detail as that which we would currently get. If it were cheaper to store it that way there would be a commercial reason why a carrier would not want to do that. That is one of the main concerns I raised earlier in terms of the two-year period.

Mr CLARE: You made the point in evidence that you think the two-year period, as defined in the bill, is insufficient and should be well in excess of two years. Could you explain for how long you think data should be retained.

Mr Lanyon : When my commissioner gave evidence in front of this committee, probably in 2012, I think he indicated that it should be for as long as possible, up to seven years, which we currently have. I did not want to prescribe a number, but we have it for seven years at the moment. We still run into a problem with that but at least if we had that data. Call charge records and reverse call charge records and subscriber details to my mind are not intrusive records. To introduce a bill that would go to two years and the allow carriers to keep records only as they see fit, or as required by consumer protection laws, would downgrade what law enforcement currently has, which is a retrograde step that I certainly do not support and New South Wales cannot support.

We make a significant number of requests for metadata. Currently we are fortunate to get that back for seven years. If we went to a two-year regime and then had less data provided from that point on that would obviously significantly impact our investigations.

Mr CLARE: Can I ask South Australia and Victoria whether you support two years or seven years, or something in between?

Mr Segrave : We certainly endorse a longer period, for similar reasons. Again, I endorse the view that access to these records is not anywhere near as intrusive as actual communications. I reiterate the points I made earlier in relation to the importance of this material being available in the course of the early stages of most investigations.

If we are looking at an investigation that may be afoot three, four, five or six years after a communication, almost invariably it is going to be an investigation of great significance. Law enforcement is not going to take on an investigation for an incident that occurred that long ago, unless it is a homicide, a sex crime, a crime of significant personal violence, a counterterrorism inquiry or something of that nature.

The other point I would make, and I think it has already been borne out in other evidence before you, is that the reality is that the bulk of these types of inquiries are made when this data is relatively new. Minimal inquiries are made further out. But, again, they are ones that pertain to investigations that are probably of greater import.

Mr Kopsias : For the committee's recommendation, and to perhaps clarify that this is not just rhetoric, we have records on our books at the moment that justify data in excess of five years. Whilst they are minimal, as Mr Lanyon alluded to—minimal in terms of the volume of requests that are handled up-front in the first six to 12 months—we have nearly 1,000 cases involving most serious fraud, unsolved homicides, historical sexual assaults, and a lot of clear-up armed robberies. They are fairly complex crimes in that batch. Those crimes, we can justify, are five years plus. Whether they are five, six, seven, eight or nine, I am not sure, but certainly we get to the five-year mark.

Mr CLARE: So is it arguable that seven years is not enough.

Mr Kopsias : All I can say is, the longer the better. But we would not want to being going backwards from what we are accessing today.

Mr Dickson : I support both my Victorian and New South Wales colleagues on this. I think the issue is that we do not want to go backwards. At the moment we have the ability to obtain CCR records from seven years ago. If we go to two years, from an investigative perspective that is a retrograde step, especially when you are dealing with more and more historical offences, be they murders or historical sex offences, which do require that information. All of us around the table here would understand that the reliance on and use of electronic devices such as those we are talking about is not going to go away. It is increasing. So we will become more and more reliant on this sort of technology in the future.

Mr CLARE: Have you brought your concerns about this to the attention of the federal government or the Attorney-General's Department? If your argument about the CCR data, which you can currently access for seven years, is that this legislation will in effect reduce your access to that data, have you brought this to the attention of the Attorney-General's Department?

Mr Kopsias : I have, in my capacity as a delegate before the Interception Consultative Committee meetings we attend, and national TI forums. It has been brought up over the last three or four years that our desire was for a longer retention period. We made it quite known to A-GD and other delegates at that forum. Whilst some of the agencies had differing views, which were respected, we always were of the view that we wanted a longer retention period.

Mr CLARE: And there was no feedback about how that concern might be addressed in this legislation?

Det. Supt Kopsias : No, I cannot say that.

Mr Lanyon : Previous submissions have been called for, as you are aware, over the previous few years in relation to changes to the redrafting of the TI Act. The New South Wales position has always been consistent in terms of the seven years.

Mr CLARE: If I understand what your evidence is, you are saying that, unless this issue is addressed in this legislation, it could reduce the access that you currently have.

Mr Lanyon : Correct.

Mr CLARE: So this is a fairly serious issue. What you are saying is that this legislation could reduce the effectiveness of your law enforcement capabilities unless it is fixed?

Mr Lanyon : Correct.

Det. Supt Kopsias : Correct.

Mr CLARE: So this is a major hole in the legislation that needs to be addressed, is that correct?

Mr Lanyon : That is correct.

Det. Supt Kopsias : Just for the record—and I am not too sure if it has been raised by other agencies or delegates—when a court proceeding comes up, whether it is a trial, a hearing or a committal, somewhere down the track, whether it is two, three, four or five years, we get requests from the DPP and from the defence in terms of alibis, in terms of checking out a particular witness's statement, a particular location or a particular subscriber. So we get after the fact type requests for metadata. I cannot quantify that right now, but I am trying to. We do get requests from the DPP and there is an expectation that we can access data that is two, three, for five years old. And that is what we are doing today. We are able to access the data today. Under the current regime, if the legislation is enacted in its current form we will be hampered. We will not have the same unrestricted rights that we have today.

Senator FAWCETT: I want to clarify something. My understanding is that the intent of this bill is to put in a common data set and a common mandatory detention period of two years. Those who currently retain data for up to seven years do so because of their own business practice. The passage of this bill, we have heard from telcos, will not make them change their business practice in terms of reducing things necessarily. As they have indicated, that may be more expensive than continuing to retain the data. So the passage of this bill will not in itself reduce that period. It will only be if they decide they are going to upgrade their systems and it is more economical to no longer retain seven years. They may do that in the future. All we are doing is putting in a floor and saying that, as a minimum, you must retain two years of data. But that is not going to force or, indeed, encourage anyone to reduce from the seven years they already have.

Det. Supt Kopsias : But there is no guarantee they will keep those records in the current form. As we move to an internet based regime, with the introduction of the internet, national broadband and 4G, carriers and ISPs are changing their billing processes to bulk-billing their receipting data, as distinct from who called whom and from where. In terms of those unique identifiers that we are getting today, I think we will be hampered down the track because we will not be getting those same records.

Senator FAWCETT: I understand that, but my point is that that is a function of changing business practice and changing technology, not a function of this bill. The only way this bill would achieve the outcome you are looking for is if we say that seven years is the period we will mandate that the data has to be retained for. But the bill itself will not actually bring about what you are saying.

Mr Lanyon : As I think I said before, that is what we call an unintended consequence. If we mandate—and, again, that is a matter for government to decide—two years as the period, you are then basically saying to carriers that we expect them to comply with this for two years. There is nothing to stop them from maintaining records after that. If you put a compliance burden on at the start, and there is a cost at the end, it is only logical, with commercial interests, that there is a reason why you would want to do that. I agree with you 100 per cent that the bill itself does not do that, but I would ask the committee to consider that that is a consequence of the bill and certainly one that would be negative, certainly for New South Wales and other law enforcement agencies.

CHAIR: Just to clarify that: it is an informal arrangement at the moment that gives you access to the seven years? There is no formal legal arrangement that requires you to do that?

Det. Supt Kopsias : It is just a practice that we have in place—whether it is an MOU or an agreement. There is no legislative basis for the current arrangements. It is purely based on commercial agency—

Mr DREYFUS: You seek access from telecommunications providers, to telecommunications data, under the Telecommunications Interception and Access Act. It is a warrantless regime. In what sense is that informal?

Det. Supt Kopsias : It is informal because it does not set a time frame. Under the Telecommunications Act they provide reasonable assistance to us—whether that is in telco data, a TI process or some other form of data—but there is no retention period defined anywhere.

Mr Lanyon : There is no retention, there is no dataset.

Mr DREYFUS: That is good. I just want to clarify this. So you are not suggesting it is informal that when you seek access from—

Det. Supt. Kopsias : Informal in terms of the period.

Mr DREYFUS: Perhaps we can put the term 'informal' to one side. There is no presently legislated requirement—not formal or informal, there is no requirement at present—that imposes any obligation on any of the 600 service providers to keep any data at all?

Mr Lanyon : That is correct.

Mr DREYFUS: Right. So that is not a matter of informal or formal; there simply is not a law of Australia which requires them to keep data?

Det. Supt. Kopsias : To correct the record, I never alluded to 'informal'. That was raised by someone else.

Mr DREYFUS: I know. I am trying to clarify with you because you are here before us.

Mr Lanyon : There is under consumer protection legislation—

Mr DREYFUS: Sure. There are other—

Det. Supt. Kopsias : There are obligations on the carriers to retain data for us but there is no retention period defined anywhere in the legislation.

Mr DREYFUS: Other than that, as the assistant commissioner has very correctly pointed out to, there might be in other legislation such as in the consumer protection code under the communications ministries legislation, which is one reason why some of this data exists.

Senator FAWCETT: Can I also clarify with SAPOL: on the basis of your verbal evidence and your written submission, some telcos get rid of the data you need within seven days. So in fact this bill would at least establish a base line of two years, which is a step ahead of where you are at the moment, with some providers.

Mr Dickson : You are 100 per cent correct, yes, and the two years would be far better than what we have today from the policing perspective and especially from SAPOL's perspective. I think the discussion we are now moving to is is that this practice and considering where at the moment we can get information which is a lot older than that. So it is really about a decision for government to make a determination as to where that number is. I fully accept that two years would be great, but is that the best is a decision we are now having discussion about.

Senator FAWCETT: Two years is not as good as the best of the current crop but it is a lot better than many of the current crop.

Mr Dickson : I agree 100 per cent.

Mr NIKOLIC: Are you arguing for a no-detriment clause to exist in practices? I think the bill currently contains a no-detriment clause from the time it is passed to the time it is implemented. Are you arguing for an extension of that to say that these favourable existing arrangements you would be seeking to preserve to the extent you were able?

Mr Dickson : I think the only difficulty with that is that different telco providers have differing regimes. So telco A may have seven years and telco B may have four years, six weeks or 14 days. That would be quite problematic to do what you—

Mr NIKOLIC: But would you need to standardise? Would you say that in grandfathering existing arrangements, which you find favourable for a variety of purposes, given what they do now which is inconsistent, that that aspect of it would not need to be standardise?

Mr Dickson : Yes, you could consider that.

Mr CLARE: Maybe I can assist. My understanding is that under the TCP Code there are obligations on certain telcos to hold certain data to six years. Is that right?

Mr Dickson : Correct.

Mr CLARE: This is where my questioning was going to. You have indicated that you are concerned that by passing legislation like this, which sets a mandatory minimum period for the retention of data of two years, that data currently held for six, seven or more years might be held for only two. I am trying to understand why that concern exists if there are obligations under the TCP Code to hold it for longer than that.

Mr Lanyon : You ask that question before and what I have tried to explain is that there is a difference between what I will call a customer billing record and a law enforcement record. Under the consumer protection, they are required to hold customer billing information obviously for a consumer issue. That is very different from what we currently get. My concern is that, if we went to two years holding the dataset we are asking for and then carriers are required to hold, as they are required under other legislation for an extended period, the current level of information we get and the current level of specificity in it we could lose. There is no reason why a carrier for commercial interests could decide not to hold the same level of information or data. That was my concern.

Mr BYRNE: Would you then seek a data preservation order on data currently held by the telcos, what they have at the moment? I hear what you are saying, that you are worried they will whack out the information they have, which might specifically be tailored for you. Are you saying that what you are worried about is that they will destroy that data in setting up their system so that you will not be able to access it almost retrospectively?

Mr Lanyon : No. I think we would be talking about a future period where, if there were a cost or a burden applied by having a two-year period, there was an opportunity commercially. If the bill only specifies 'hold records as required' there is nothing to stop you holding records after that period. There is consumer protection legislation which requires only minimal information to be held. My concern is that practices could change to reduce the level of information we currently receive.

Mr BYRNE: What I am saying is that the telcos are saying that it imposes some cost. Notwithstanding what you have just said about legislation, you are obviously getting metadata outside of that that is useful. That aspect of the metadata that you are seeking could then become not accessible to you if they start implementing this data retention scheme.

Mr Lanyon : No, not immediately, because the datasets proposed by the data retention scheme would cover the two years. They would be required to hold it for that period. Outside that two-year period, there would be no requirement—

Mr BYRNE: But you said you are going back seven years at the present time, so you will be losing some form of—

Mr Lanyon : Absolutely. If they decide to make a decision at that stage that they will only hold billing records—strict billing records as opposed to law enforcement records—yes, there is an obvious risk that we could lose that information.

Mr CLARE: You gave a very good example of the use of metadata with respect to a murder and then checking someone's phone records to identify who they have been speaking to. I am just interested in getting the views of law enforcement about the importance of web browsing—what websites people might have clicked on, for example.

Mr Dickson : My understanding is that it is not suggested under the bill. I certainly support that. Again, it goes back to the principle. The information is about time and place of contact as opposed to what is actually in the contact. I think you are now moving into the content of that communication. While you could argue that sometimes it would be good to have that, there are other opportunities you may have to get to that information through a warrant and those sorts of things.

Mr CLARE: But would that not be of interest to law enforcement? You would not want to know—

Mr Dickson : I think it is about where the balance is. I think the balance is, at this point in time, the metadata. We are now talking about privacy principles. If we were to have access to all the web browsing at an IP address, I would say that we had moved not a step too far but certainly a lot further than what the bill is about. I think at this point in time it is important to keep to what the bill is seeking as opposed to the actual content of the communications. It is about the metadata to get information as opposed to getting the content of communications. I think your question is going towards the content of communications.

Mr CLARE: I am just trying to understand how the law can assist law enforcement. You gave the example of being able to check the records and see who that person rang before they died. I would have thought that law enforcement would also want to have a look at what website they might have clicked on. That might help them to work out where they need to go to investigate the murder.

Det. Supt Kopsias : That is important, from our perspective, but at the moment that is content. It is defined as content. The other problem is that when people are using smart phones out there it is hard to get IP addresses because the carriers do not keep records. That is because external IP addresses are handed out and they roam from phone to phone. They do not collect that data. You can go to wi-fi hotspots. Telstra are actually rolling out certain hi-fi areas where you can go and log into your account and virtually remain anonymous because we cannot trace your IP address. Your IP address is actually traced back to your computer, not to your smart phone. So we have a gap there in the process that we are trying to tidy up. That explains the business about going dark in the cloud and the encryption problem we are having with over-the-top applications. That is affecting our metadata and interception capability to identify who is using a particular service at a particular time at a particular location. These things are important, yes.

Mr CLARE: Is this power something that you would like to see in the legislation?

Det. Supt Kopsias : I would have thought with the reform process and the comprehensive review of the T(IA) Act that the data and the T(IA) Act would perhaps merge into one proceeding, otherwise down the track we might be doing this again. I was just saying this to my boss. I said, 'We might be doing this again in 12 months in relation to the TI review.' There would be similar practices and issues we would be raising before a similar committee because they go hand in hand. Metadata and TI coexist. They are interlinked. The metadata will fall under the T(IA) legislative regime as it stands anyway. It always has. I apologise, but to me it does not make sense to be having separate proceedings, but I do respect these proceedings.

Mr CLARE: There is logic to that. You could argue that we are putting the cart before the horse because we are doing metadata before TI. I am just trying to get a sense from state law enforcement about, in this piece of legislation which does not include web browsing, whether that is an issue from your point of view and whether that is the sort of thing you think should be addressed in the future.

Insp. Segrave : From a Victoria Police point of view, if we were to look at this solely from a law enforcement perspective without considering all the surrounding issues which obviously this committee and the community more broadly need to consider, the answer would probably be, 'Yes, we need that. That is fantastic.' But, like all other stakeholders in these proceedings, we need to bring a degree of pragmatism to these discussions. As South Australia Police have already alluded to, we acknowledge the tensions between law enforcement and privacy. We understand the need to try to find a balance. I think the view of the Victoria Police would be that, although that is something that would be very nice to have and very beneficial, if it raises a level of concern in the community around the bill and the proposed regime generally we are prepared to say we can live with the proposed arrangements and do the best we can under that regime.

Mr Lanyon : I appreciate your question. We have been talking about data retention today and one of the key points that we have all made is that we wish to retain what we currently have. For us, that is certainly a step along the line. Certainly in any reform of the T(IA) that is something that we would like to consider. In terms of data retention, it is more important for law enforcement that we are actually able to retain what we currently have so that we can facilitate our criminal investigations. Down the track, that is certainly something we would like to look at. I could give a wish list of things that would be outstanding for law enforcement but obviously would be very difficult for other parts of the industry and would impact on privacy. I think it is most important that we stay, from a law enforcement perspective, in the game—and that is that we really want to be able to retain what we currently have and ensure that we have consistency across the board with carriers and providers so that we can best carry out the investigations we are charged with.

Mr Dickson : Just on that, the information that you are talking about we can gather through a warrant. So it is not as if we cannot get it. We can get it if we go through the warrant process which is appropriate in the circumstance. I think it is all about balance, as the others have said.

Mr CLARE: Detective Superintendent, you mentioned the issue of going dark and also wi-fi in public places and the current problem that creates for law enforcement. This is an issue that my colleague Mr Ruddock has raised in the examination of a number of witnesses. It came up most particularly yesterday from the Australian chapter of the Internet Society. In their evidence they expressed a concern about this. They talked particularly about municipal wi-fi networks in public libraries, airports and public rail networks and indicated that this is a potential big loophole in the legislation that creates an opportunity for people that you might be seeking to investigate to go dark to avoid detection. Can you just expand upon that from a law enforcement perspective for me.

Det. Supt Kopsias : It is a pretty broad topic but it is also very close to my heart as I have been the TI commander for 15 years. I have been doing interceptions for 15 years. I have managed thousands and thousands of intercepts. But, in the last four or five years, the phrase 'going dark' has come about in terms of the strong encryption out there, lots of over-the-top providers providing apps, the online process. The advent of the internet, if I could explain it to you, has actually degraded our interception capability to the point where we are receiving a lot less than we used to receive.

When I went to the TIB, I used to apply for the warrants. I used to go before Federal Court judges; in those days, we did not have AAT members. I used to go down with a request for the warrant, the same warrant that is served today, and present it before the member, present our case with the affidavit, come back with a warrant and serve it on the carrier. In those days, we had the luxury of one carrier. We would get all communications related to Mal Lanyon, say—everything. It was not a problem. It was easy. Any words spoken were what was said over the phone. The audio was easy to work out. But with the advent of the internet, although it is the same warrant today to the same member, there are about 600 or 700 potential ISPs and carriage service providers out there; and, when we serve the warrant, I am not getting the content, the communications, I used to get, to the point where we have to do other things—I cannot disclose those things in this forum—to complement the TI process.

So we are exploring alternative methods of operational deployment and other forms of electronic surveillance services to fill in the gaps. There is a gap there. Encryption has become mainstream now, with the Snowden impact; we have over-the-top applications and the smartphones out there: all those things are impacting on us. I am not saying they are bad for the global community. I think there are some good things in there, but for us it is hard just to keep abreast. That is why we need to very quickly reform the TIA process—to get a level playing field for policing, I suppose, or a creeping-up in terms of our powers to intercept and more comprehensively acquire and collect the data that we once used to collect. So it is a growing problem for us.

Mr CLARE: Most particularly, on that issue of public wi-fi, if somebody who is up to something nefarious is communicating using public wi-fi, will this legislation not capture them?

Det. Supt Kopsias : Probably not. It will not go all the way, but we will be able to do other things, other investigative processes, to enable it to be rendered intelligible. I remember, when Mr Blunn AO reviewed the T(I) Act back in 2005, one of his recommendations was that the telecommunications carrier and the carriage service providers should be responsible for rendering all product intelligible and readable to law enforcement agencies, and those costs should be borne by the carrier. They were that man's recommendations but, sadly, they have not been enacted as yet. I am waiting for the day when we will have some legislation in place where encryption will not be a huge problem for us. But that is where we are heading; it is huge problem for us.

The legislation is part of the process, but it is a pretty broad area we are talking about here. Certainly, there is a lot of enacting legislation that needs to come from other state and federal areas too. But, with that, we need to be collaborating more with agencies. That is what we are doing now. We are working internally and externally with overseas partners to find a common theme here, because the problem does not just rest here in New South Wales or Australia; it is a global issue, and I think all agencies are in the same boat at the moment.

Insp. Segrave : If I could just make one point: I think the issue with those wi-fi hot spots is that they are a vulnerability in terms of law enforcement and, by extension, the community; and history shows, across a whole range of areas, that serious and organised crime actors are very quick to identify those vulnerabilities and exploit them. So it is clear, certainly to me and Victoria Police, that there are risks associated with those arrangements. That argument has probably been put to the committee before now, but I just draw your attention to that.

Mr CLARE: Thank you.

Mr RUDDOCK: I raised it in the context of internet cafes because it was an exemption, and now I understand it is much wider and goes to wi-fi providers in railway stations, shopping centres and the like. Presumably there is a reason they have been exempted—a practical reason in terms of implementation. Have you turned your mind to that to offer any advice to the Commonwealth as to how the shortcoming may be adequately addressed?

Insp. Segrave : To my knowledge, Victoria Police has not had that discussion. I am not sure whether that discussion has occurred at some of the national forums that I have not been a party to. Without meaning to sound flippant, from a law enforcement point of view, I would have thought that that is self evident: ie we have got areas within our community that persons can go to and engage in communications where they are less likely to come under notice or be discovered, the persons in our community who wish to or choose to do that because they are undertaking criminal activity, or actions that they do not want to come to the attention to law enforcement, will naturally gravitate to those areas.

Det. Supt Kopsias : Those issues have been raised in forums, but I am not sure that they have been well documented. We have raised them too in our submission in the review of the TI Act, to some extent, and we have raised them at national TI forums. We have a forum with the Australian Crime Commission now where all agencies get together and talk about exactly what we are talking about now, and those things are raised in that particular forum. AGDs are also aware of our concerns and the process in terms of the gap in the legislation.

Mr RUDDOCK: So your recommendation to us would be that, if it can be amended to remove the exemption in relation to internet cafes and wi-fi bodies, that should happen?

Det. Supt Kopsias : If it could happen, yes; that would be our recommendation. I know it is a big thing to happen, but it is that one job where you are trying to get that communication—it is the one that we will not be able to get, and it will affect us because it will be a serious crime.

Insp. Segrave : I think, at a minimum, the committee and the community need to be conscious of the fact that it is a vulnerability and it carries risks with it.

Mr DREYFUS: Thank you for coming, gentlemen. It is of great assistance to the committee to have the benefit of your view from the coalface, if I can put it like that. You would have been heartened to hear Telstra, Optus and Vodafone tell the committee yesterday and today that none of them have any intention of reducing the amount of data that they keep. I was certainly heartened to hear that. As was put by Mr Epstein, who was here for Optus this morning—I do not know whether you heard his evidence—the three of them carry the vast majority of communications in Australia.

I want to start by saying that all three forces understand, I take it, that this bill does not prevent access by any state police force to telecommunications data—no part of this bill prevents you from obtaining access. Is that clear?

Insp. Segrave : Yes.

Mr Lanyon : Yes.

Det. Supt Kopsias : Yes.

Mr DREYFUS: That is because this bill is, in fact, not dealing with access by state police forces. What it is dealing with is the data that will be there for you when you go asking. Understood?

Insp. Segrave : Yes.

Mr Lanyon : Yes.

Det. Supt Kopsias : Yes.

Mr DREYFUS: It has the potential—and I am just confirming that this is all three of your force's understanding—to expand the telecommunications data that is available over what is there now.

Insp. Segrave : Yes.

Mr Lanyon : Yes.

Det. Supt Kopsias : Yes.

Mr DREYFUS: Which, as I understand from the evidence you have already given—and I am trying not to go over the same ground—you all think is a desirable thing.

Insp. Segrave : Yes.

Mr Lanyon : Yes.

Det. Supt Kopsias : Yes.

Mr DREYFUS: And that would be particularly so from the point of view of the standardisation that this bill has the capacity to produce, because one of its aims is to not only require that all of these 600-odd telcos keep data which, in some cases, they do not now keep at all, but to also require them to keep it for two years and in a standardised form.

Mr Lanyon : Correct.

Mr DREYFUS: I do not want to get confused here. I will ask questions regarding New South Wales first. You said, Assistant Commissioner Lanyon, that you think the current balance is about right. Just for clarity: you are talking about the current situation, not the bill?

Mr Lanyon : I was asked a number of questions. One of them was in relation to the current application process, which I certainly agree is about right. Regarding the seven-year ability for us to access through some of the carriers—and you mentioned earlier that it is certainly heartening that the carriers have agreed to hold what they do at the moment—the problem is that one of the carriers we have spoken about currently holds it for a lesser period than the bill would specify. I think we have all been very clear. From New South Wales' perspective, I support the intent of the bill. I certainly support what the bill is trying to achieve and what the outcomes will be for law enforcement.

The point I have tried to raise from a New South Wales perspective is simply that, in terms of some of that data, we are enriched by what the bill is going to achieve. We will get more data than we have ever had before. My concern is that, regarding some of the data which I feel is least intrusive, if I can put it that way, and would be of concern, we have the potential to have it for a lesser period of time than we currently do. My submission to the committee was that we could consider expanding that period or keeping that period as it was for that data, which would be an extension of what the bill is currently proposing.

Mr DREYFUS: That is why I at least was heartened to hear that Telstra, Optus and Vodafone were not going to keep it for a lesser period.

Mr Lanyon : One of those carriers does not keep it for even the period in the bill at the moment.

Mr DREYFUS: Understood. This is a question directed to New South Wales initially. Could you outline, as briefly as you can, how the process of access by your force works now? You have said that there is an authorisation by inspector or above, but presumably it comes from lower ranking officers. I am not talking about the process for telecommunications interception; it is the non-warrant process—Detective Superintendent, if you are going to answer it.

Det. Supt Kopsias : All of our inspectors and above—we call them commissioned officers—

Mr DREYFUS: How many of them are there, approximately?

Mr Lanyon : There are probably at least 1,000 commissioned officers in the New South Wales Police Force.

Det. Supt Kopsias : They are all authorised under the act—I think it is section 5AB. They are authorised officers to approve metadata requests under section 178 of the TIA act. They are in the field, say, at a particular location. Someone puts the request up to the inspector. They call in the boss. They discuss it—a particular crime has just been committed or is about to be committed—and there is a process in place. There will be discussion. There is a cost involved too. The constable or the detective will need to talk to the boss to make sure that everyone is happy, and costs will obviously be paid for the metadata. They look at the privacy aspects of the particular crime and the safeguards. There is a process on the computer called our 'I Ask' system. They log in online. They put down a narrative of the brief and so on. It goes through to the 'I Ask' system at Parramatta where it is approved. That system then talks to the carrier's system and it is vetted by 'I Ask', which is done by another inspector. There is more supervision and vetting, and the data is obtained from the carrier. At the local level, the inspector will approve that particular request. They will look at all the safeguards, facts and circumstances to justify the request, and so on. It goes to 'I Ask'. There is another vetting process at 'I Ask', and then the carrier accesses the records back to the officer who requested the data under the process.

Mr DREYFUS: It is a pretty standardised process, I take it.

Det. Supt Kopsias : It is standardised, accounted, documented, recorded—

Mr DREYFUS: There is, in effect, a form sent by email to a carrier? You are not one of the police forces still using a fax?

Mr Dickson : I think it is more an issue with the carriers as opposed to the—

Mr DREYFUS: We were a bit shocked yesterday to hear that some of this takes place by fax. Does New South Wales—

Det. Supt Kopsias : One carrier still uses a fax process because it has not really come on board with the electronic delivery process. The other carriers have come on board. One carrier still uses a fax.

Mr DREYFUS: Perhaps we had better not ask you to name them. It might embarrass them.

Mr Lanyon : We use an electronic process internally.

Det. Supt Kopsias : We use an electronic one called—

Senator FAWCETT: Don't put the accusation to the police.

Mr RUDDOCK: I still have a fax machine.

Det. Supt Kopsias : What I am saying to you is that it is recorded, it is documented, it is discussed, it is transparent, it is objective, it is checked, it is balanced, it is all sanctioned—it is all good. The process seems to work. We have never had any adversity or any criticism levelled at us by any authority in relation to data processes and how we keep and manage data. We thrive on data because it is intelligence. We have thousands of police who access data. We have a data management policy. We have a communications policy. There is a screen up there and when you log in it tells you—it is in your face—what to do and what not to do with the data and to look after the privacy interests under the personal protection information act and so on. We are bombarded with the legislation, regulations and codes of conduct. Our own code of conduct tells us how we deal with that particular data too. The process is working. If it was not working, I would not be here telling you that—it is working. To give us another layer with another warrant would just about cripple us. It would add no more due diligence or accountability to the existing process.

Mr DREYFUS: On that, the questions that were asked by my colleagues went to a hypothetical and judicial warrant process. Some of the submissions we have had have acknowledged the slowness, expense, time, effort of a judicial warrant process and have said, in recognising that, this committee and the government ought to give consideration to, say, a much less formal tribunal process or even a ministerial process. Have you given any thought to that?

Mr Dickson : I think we have alluded to this previously. The main concern that we have with obtaining a warrant as an example for metadata is that at that initial stage of the investigation we would not have the information to support the warrant. We treat this as an intelligence. We need to get this information so we can actually then identify who may be involved, where the communication nexus is between the victim and the other parties if it is a murder type investigation. That will then give us opportunities to look at different individuals. Quite often it might remove them as a suspect or whatever. It is about having that process in place. As was previously alluded to, often when we do provide the warrant for stored data, we require all this information—that there has been contact between person A and person B. We would never know that unless we have the metadata. It is almost a circular argument to some degree as to how we would achieve that. I think it would be very difficult, and we would have to change our investigative practices significantly, if we needed a warrant to get the metadata. I do not think there would be that many occasions where we would actually have the justification at that point in time. While it is very important for the investigation—and do not get me wrong—we need to have the reasonable cause to suspect, and that is what we would be lacking at that in time.

Insp. Segrave : If I could just make a point on that too. I think there is potential for some observers to misconstrue this idea of law enforcement using metadata in terms of intelligence. It needs to be tied back to an understanding of the investigative process. The point that I made in my opening address tried to do that. It is important for people to understand that in most instances metadata is used at the early stages of investigation when police are trying to get an understanding of a whole range of things in relation to the circumstances under investigation. I think that is what we mean when we talk about it being used in an intelligence sense, not that it is some broad fishing expedition because we have nothing better to do. It is part of a process, but it occurs at a point in the process where we are unlikely to have sufficient information to make a formal application to a judicial authority. If there were steps taken to require that of us, that has very significant implications for the process as a whole, for the veracity of that process, for the outcomes of that process and for the viability of that process. It is really important that that point is understood and that, when we use the term 'intelligence', it is not construed as some sort of broad based fishing expedition.

Mr Dickson : The legislation talks about it being reasonably necessary and relevant. To me, if person A is murdered, who has had contact with that person in the previous 24 hours, 48 hours, seven days or whatever is quite relevant to that murder investigation, and that is what we are asking at that point in time. It is this same with a drug trafficker: whom that person has had contact with is relevant to that investigation.

Mr DREYFUS: That is helpful. Just taking New South Wales, it is very much a standard. With 122,000 requests, that means that a request is being made in a lot of cases. It has become a standard as a preliminary, early stage investigative tool for certainly all of your officers investigating serious crime?

Mr Lanyon : There would be very few criminal investigations for serious or organised crime that would not involve the use of metadata early in an investigation. It is a valuable tool to us in an investigation. One of the questions in relation to that is the utility—putting another layer of scrutiny over the top. The example I gave earlier is if I was murdered. If I had my phone, we would want to scrutinise it. We already have a system in place where we have to record which criminal offence it is tied to and the reasons why we are seeking that metadata, and that is recorded. If I had a judicial officer or a tribunal member looking at that as well, they are really only going to be rubberstamping what has already been done. I really do not know that it affords any greater scrutiny at that particular stage, because of the type of information that we are getting and we are looking for with metadata.

Det Supt Kopsias : It would not make sense because it is just as Mr Lanyon was saying. There is metadata, you get a warrant, TI get a warrant, surveillance devices get a warrant and covert search warrants get a warrant. It would just about cripple us. Another layer would really hurt us right now because, you are right, it is a preliminary aspect of the investigation. If that were the attempt within the TIA act, I am sure you would have a warrant already in place for metadata, because metadata sits within the TI process, and that complements the TI process—it advances and enhances it—and there is a process in place where you do get a warrant within the TIA act but not for the person using the service. It tells you to do your own inquiries and checks to get that data. It does not tell you to go out and get a warrant. The current process, from our perspective, is quite fine, and it does work.

Mr DREYFUS: It has become more useful over time, I would suggest, compared with 1979 when the current form of the regime was created—1979 being a point at which you would have got the call, the number rung, the number from, the time of call, the date and the duration; that is it. Now you get a lot more information.

Insp. Segrave : Could I make a couple of additional points? The numbers that have been put before you today, in terms of the applications, reflect the uptake of the broader community of the communications technologies that are available. Obviously, they have increased exponentially over time and the law enforcement figures just reflect that. The other point that I would make in relation to those numbers, certainly from a Victoria Police point of view—and I would be confident that that extends across other law enforcement agencies—is that it should not be interpreted that, if we have made 60,000 requests in a year, that is 60,000 individuals. A lot of the organised crime figures that are investigated and where these tools are utilised routinely drop phones and roll phones over, so there are multiple requests in relation to that. There may be multiple requests in relation to call charge records over periods of time, and so on. Another aspect that needs to be understood is that, if you were to drill down into those figures, the actual numbers, in terms of the individuals that are the subject of the applications, are much less than the bottom line figure—

Mr DREYFUS: Can I reassure you, Inspector, on behalf of myself and my colleagues, that we have been given, in closed hearings, by the Australian Federal Police and ASIO, multiple examples of exactly what you are talking about. I am not disclosing anything here. For major investigations, there will be hundreds of requests for telecommunications data for a single investigation—

Insp. Segrave : Indeed. That is the experience across—

Mr DREYFUS: possibly only covering half a dozen or a dozen individuals, but nevertheless there are hundreds of requests. So, take it from me, and I think I can speak for my colleagues: we are not assuming—it is quite the reverse—that the 60,000 requests from your force or the 122,000 requests from New South Wales describe a number of persons. Far from it.

Insp. Segrave : It is also important to get that on the record in terms of other observers and other commentators to the proceedings.

Mr DREYFUS: Absolutely. Part of this exercise, part of what you do, part of what we do is build in confidence in our law enforcement agencies in the system. I want to finish on the stats. The committee sent you, all three, and to the other state police forces and the Australian Federal Police quite a detailed questionnaire. Thank you for ending the tantalising 'now you see it, now you don't', New South Wales. The purpose of sending the questionnaire was very much to provide as much opportunity as possible to publicly make the case for data retention. In other words, because the framework in which this question of the mandatory data retention has been considered elsewhere in the world by reference to statistics, allowing for all of the problems of looking at statistics—that was the purpose of the questionnaire. Your three forces have been able to provide broad level statistics as to the raw number of requests over the past five years, the percentages in time periods for which they are sought and that is really helpful. So thank you for that, but in answer to the questions—and I think this applies to all three forces—as to whether you could give statistical information as distinct from anecdotal information about the instances where historical telecommunications data had been used to prevent a serious crime, instances of historical communications data being used to prevent a terrorist attack, that is something on which the data is simply not available.

Mr Lanyon : I do not think there would be a police force in Australia that would keep that sort of data and, as Mr Dickson alluded to before, one of the issues is that it is rarely a single source of data that is responsible. For example, metadata might identify a source for us and might contribute to the way we go with the first steps of an investigation but there would be a number of other contributors. So to say that it was simply purely as a result of metadata would be a very problematic statistic to keep and I do not know of a police force which keeps that sort of information.

Det. Supt. Kopsias : It is pretty hard to keep those figures.

Mr DREYFUS: I do not think the questioning was intended to be where historical telecommunications were the only reason that conviction occurred or the only reason that crime was prevented. I am just checking that there is just not that level of breakdown available. What you have done, all of you to some extent, is provide some examples.

Mr Lanyon : If telecommunications metadata was stored hypothetically for an infinite period, there would not be one historical murder, sexual assault or robbery for which metadata would not be sought, not one. It is simply that crucial because it allows us, if nothing else, to put persons in places, to put contact into perspective, to identify whether people are talking to each other and where they were at a particular time. It can eliminate a person, get them out of an investigation very easily. So I can say hypothetically that if there was an infinite data storage period there would not be one historic investigation that would not use metadata.

Det. Supt. Kopsias : It also has the ongoing disruption element, too. When we investigate, we identify and we interview criminal gangs and associations, it has that disruptive element. That is why it is hard to quantify these outcomes which we are seeking in that questionnaire because it is hard to quantify that particular source of information—other than anecdotally, yes it is effective and without it we would not be able to function the way we function to day.

Mr DREYFUS: Lastly, I would say to Inspector Segrave that your force has attempted to answer our question about the discrepancy between ACMA figure and the reported figure to parliament under the T(IA) Act. We have had a pretty acceptable explanation yesterday, which, speaking for myself but not for my colleagues, I am satisfied with.

Insp. Segrave : Thank you for that.

Mr CLARE: I want to pursue that little bit more, in terms of understanding the limitations of historical metadata and look at it in the context of the events that occurred in Sydney late last year to get some feedback from New South Wales police in particular. My impression, looking at that, is that this legislation—or access to historical metadata and its use by police—would not stop an event like that from having occurred, but I presume law enforcement agencies would now, after the event, look at that data and be able to exploit it to find out who that individual was talking to or communicating with. As opposed to that, a preservation order on somebody who has been identified as a potential risk to the general public—if the correct person has been identified and the notice has been put in place with the ISP, and law enforcement is looking closely at what that person is doing as a result—would be a more effective way of trying to disrupt or stop a potential attack like the one we saw in Sydney. Would you care to comment on that?

Mr Lanyon : Again, as a hypothetical, with the nature of Sydney itself and where law enforcement would benefit from metadata in relation to, say, the Sydney incident, it most likely would not have prevented the Sydney incident. At the time, metadata could have been essential in trying to identify any other persons who may be engaged in a group or involved in that type of offence. Historical metadata could still benefit police down the track to see who that person has associated with in terms of a cell or, if they have been radicalised, where they come from. The preservation order you have spoken about would certainly be beneficial in that way, but metadata would have a range of benefits to law enforcement to prevent subsequent incidents.

Det. Supt Kopsias : Those preservation orders would be fairly important to us because they work in similar instances to the stored communications preservation orders in place, so we could actually go and apply to the carrier to retain that data for us for perhaps a more defined period. That early piece of information is pretty important. This is why it is good to standardise the current regime—to make sure that internet data or the rest of the data in terms of who called who is there, including cell dumps. It is important to find out who is in that particular location or another location and who called who, so you need those unique identifiers to be able to start the investigation process. Whether it is at that particular time or three or four months down the track, it is all part of the investigation process.

Mr CLARE: I presume NSW Police would be making a submission either in writing or orally to the NSW coroner and, potentially, to the federal government's inquiry into the events that occurred in Sydney. Would that be correct?

Mr Lanyon : We will mostly investigate the incident on behalf of the coroner. So, in terms of the critical incident, we will certainly report to the coroner on that side of things. If it was identified that there would be useful amendments that could be made or recommendations for amendments that would assist us, then that would certainly form part of that process. Similarly, if that forum was not the most viable for it—and, arguably, whether a state coroner would be is a question—there is certainly a capacity through Superintendent Kopsias for us to make national representations of what could have benefited law enforcement out of that example.

CHAIR: Maybe you can take these questions on the record or answer them now, but Mr Ruddock has named one exemption which is in the legislation regarding public wi-fi, and we have heard evidence today that you think the committee should look at that. Are there any other exemptions that you think we also should have a look at? I am happy for you to take it on the record.

Det. Supt Kopsias : I was looking at the oversight arrangements in the bill, where we have the Commonwealth Ombudsman oversighting the metadata scheme. From a state perspective, if I can use the current model, we have a state ombudsman that looks after interception warrants under the Commonwealth interception act, then we have a Commonwealth Ombudsman who looks after stored communications warrants per se. So we have two oversight bodies looking after our warrants: one body checks a couple of thousand warrants and the other one checks a few hundred, so to speak, but there are different practices for one and different practices for the other, and different rules apply. Having two oversights in the one process, to me, seems a little bit ineffective and inconsistent. It leads to confusion in terms of trying to operation at best practice to ensure compliance. With this scheme here, you will throw—sorry, my words—the Commonwealth Ombudsman again into the loop to do our metadata. So we will have the Commonwealth Ombudsman looking after metadata, the Commonwealth Ombudsman looking after stored communication warrants and the state ombudsman looking after TI warrants. I think we would like to see one oversight body looking after the whole process, especially when it falls under one legislative scheme. To me, it makes better sense from a state perspective. We have not discussed this with our state partners here but certainly from my perspective—

Mr Lanyon : We will take that on board and respond back to the committee. I have not really considered the exemptions in the way you are asking at the moment. We could respond back, if there were any other information.

CHAIR: Good. Also, we have had this discussion about seven years, two years et cetera. The evidence we have heard is that potentially there may be an issue here. If you could think about how this may or may not be sold in a practical way or whether it could be, if you could come back and provide us with some further evidence around the discussion we have had on that topic, that would be extremely useful as well.

Mr Lanyon : We could certainly do that. As I think I have indicated, from a New South Wales perspective we would be looking for only a limited number of data sets to go to that seven-year period that we currently have—three particular sets.

CHAIR: If you could set that out for us and if there was, say, agreement among the lot of you et cetera to give us a little bit of a potential guidance on that matter, I think the committee would find that incredibly useful as well.

Mr Lanyon : Thank you.

Insp. Segrave : Chair, could I take you back to the issue of exemptions. There is one area Victoria Police would like to put on the record. It is in our written submission—that is, VLR, visitor location register data. The intent of the bill, as I understand it, is explicitly around data that arises out of communications, which VLR does not. VLR is effectively the handshake, as it is anecdotally referred to, between the phone and the tower as the phone passes the tower, even when there is no actual communication occurring. That has what I would suggest are fairly obvious benefits for law enforcement and within the Victorian jurisdiction we have had one recent very high profile homicide which caused high degrees of community concern and which VLR was instrumental in resolving, certainly in the time frames that we were able to do. Victoria Police would like it to be put on the record that our view is that VLR should also be part of the datasets that are considered in this legislation.

Det. Supt. Kopsias : We would also endorse the VLR because carriers have a similar capability and we would like some standardisation and some consistency in that particular arena.

Mr Dickson : Can I ask for a time frame for the advice you would be seeking?

CHAIR: If we could get it by the end of next week or may be in 10 days time, if that is reasonable.

Mr Dickson : We will do our best.

CHAIR: That would be very beneficial. Thank you for giving evidence at the hearing today. You will be sent a copy of the transcript of your evidence to which you may suggest corrections. If you have been asked to provide any additional material please forward this to the secretariat as soon as possible. If the committee has any further questions, the secretariat will write to you. Thank you very much.

The committee resolves to accept the confidential submission we have received.