Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Parliamentary Joint Committee on Intelligence and Security
Potential reforms of national security legislation

BERG, Mr Chris, Director, Policy, Institute of Public Affairs

BREHENY, Mr Simon, Director, Rule of Law Project, Institute of Public Affairs


CHAIR: Welcome. Although the committee does not require you to give evidence on oath, I remind witnesses to this hearing that this hearing is a legal proceeding of parliament and warrants the same respect as proceedings of the House itself. The giving of false or misleading evidence is a serious matter and may be regarded as contempt of parliament. The evidence given today will be recorded by Hansard. Do you wish to make some introductory remarks before we proceed to questions?

Mr Breheny : Yes we do. The suite of policies proposed in the Attorney-General's discussion paper add up to one of the most significant attacks on civil liberties in Australian history. Many of the proposals breach the rule of law, severely curb civil liberties and threaten freedom of speech. Our submission focused on the data retention proposal. We were disturbed to see the Attorney-General support this proposal yesterday. In our view, the data retention proposal is a much greater threat to privacy than even the proposed Australia Card was in the 1980s. The complexity of these discussion papers' proposals is significant. Many of them interact with multiple pieces of legislation. Few have been elaborated or justified. They should be dealt with separately, with separate legislation and separate inquiries. The burden of proof rests on the government to prove to the public that after 10 years of continuous, unrelenting increases in national security power—the last major change was as recently as August this year—there is still a clear need for such extraordinary changes. Almost every single proposal in the discussion paper has serious problems. For instance, the proposal to establish an offence for failure to assist in the decryption of communications is a clear abrogation of the government's responsibility to uphold the privilege against self-incrimination and the right to silence—vital features of our criminal justice system. We call on this committee to reject this proposal.

We also oppose the default extended period for warrants from 90 days to six months, the lowering of thresholds for obtaining warrants, the power of the Attorney-General to unilaterally vary warrants and the power of ASIO to move, alter or delete data. But the most extraordinary proposal we would like to talk about is that of data retention. This draconian proposal for mandated and indiscriminate retention of the online data of all Australians is completely lacking in proportionality, undermines basic freedoms and is in fundamental conflict with the right to privacy. Extraordinary claims require extraordinary evidence, yet no evidence has been presented to justify one of the world's most onerous data retention regimes. Abstract references to emerging threats and cybercrime are patronisingly insufficient as justification for such an extreme example of state power.

The collection and storage of data by internet service providers also creates a considerable data security problem. Rather than dispersing information, data retention creates silos of information begging to be attacked by the very criminals this proposal seeks to limit. Many European nations have had data retention regimes in place for a number of years. A study conducted over a five-year period, from 2005 to 2010, found no statistically significant increase in crime clearance rates in countries that had adopted data retention. 'Australians should not allow themselves to be bullied into accepting a proposal which has ominous implications and particularly a grave temptation for abuse by the government.' That was said by the IPA in 1986 in relation to the proposed Australia card, and the same holds true for the proposals being considered here today.

Mr DANBY: Mr Breheny, you are the Director of the Rule of Law project at the Institute of Public Affairs.

Mr Breheny : Yes.

Mr DANBY: I do not normally comment on a submission in full but rather on specifics; however, I found both the presentation now and the submission extraordinary—extraordinary in its extremism, extraordinary in its one-eyed view of extreme civil liberties. This is a view that I would accept from the Human Rights Law Centre and from the Castan Centre for Human Rights Law, but from an organisation that has a wider brief than just civil liberties this is an extraordinary submission, including the kinds of adjectives used in your introductory submission.

I would have thought a person who is the Director of the Rule of Law Project would have been concerned about the safety and security of Australian citizens—presumably that is the mainstay of the rule of law in Australia. I see no evidence in your submission that the security agencies have breached the responsibilities that were very carefully given to them by the federal parliament. I see no attempt by the Institute of Public Affairs to address the well-known concerns of the community or those of the security agencies which have arisen with the changes in technologies and the changes in the nature of the terrorist threat to Australia and that these things should be considered seriously.

Only last night the Director-General of ASIO said that there are 200 people who are Australian citizens whom they have to keep an eye on to make sure that the record of no mainstream terrorist attacks in Australia is successful. There has been no terrorist attack on mainstream Australia. There have been eight cases where, under the existing laws, various groups of people who would have attacked their fellow Australian citizens have been arrested, charged and convicted under the laws that you denigrated so strongly in your presentation and submission. Frankly, I find it offensive that a responsible organisation like the Institute of Public Affairs comes along and makes such a one-eyed presentation. I would like to hear Mr Berg's response to my general remarks.

Mr Berg : I did not hear a question—

Mr RUDDOCK: He wants to hear whether you said the same things to the two other organisations you mentioned.

Mr DANBY: I did not. I made it very clear that I did not, because I expect them to be more responsible.

Mr Berg : With due respect, Mr Danby, I think you have misread our submission, because we make a number of important points that address your concerns. The first one is obviously that we have had a decade of continuous, repeated increases in national security power. The discussion paper does not demonstrate to anywhere near any required standard that they would have to be increased again, especially, as my colleague pointed out, as new cybercrime legislation was just introduced in August. I cannot see how the committee is going to be able to deal with the fact that there has just been new legislation and we have not seen it play out.

Also, we have recommended a very specific response to what we think are very real threats. Yes, we openly recognise that there have been substantial changes in the way criminals, terrorists and law-breakers use the internet. But in our view, as you have heard from many other submissions, the appropriate response to that is a targeted, supervised and carefully delineated data protection order, not a broadbrush requirement that everybody has to keep everybody else's data. I think we can strike a balance here. If the committee imagine that there has not been a decade of anti-terror and national security changes then they are kidding themselves.

Mr DANBY: There has been, but there have been no terrorist attacks on mainland Australia. Surely that is the point, that there have been 35 people arrested, charged and convicted under Australian laws—not with the development of a national security state but with laws and groups being carefully monitored by parliament. We have seen the security agencies behave within the laws. In fact, Senator Faulkner, Mr Byrne and I were surprised that they have not used some of the laws that we have granted to them. They have been able to effect their responsibilities within those laws.

Mr Berg : Sure, but I am not certain what that proves.

Mr DANBY: What it proves is that it was necessary to have those laws, because there has been no successful killing of Australians. I am sure that is important to the Institute of Public Affairs too.

Mr Berg : Absolutely. Our submission makes no reference to the existing suite of laws, some of which we would approve of, some of which I am sure we could be critical of. We can have another inquiry in the future, if you like, where we can go through the 50 plus laws that have been passed over the last decade one by one and decide what we like and what we do not like. This submission is directed specifically to just a few of the proposals in the Attorney-General's discussion paper.

Mr DANBY: Ironically, organisations which would be described as left wing—the Human Rights Law Centre and the Castan Centre for Human Rights Law—both said in their submissions that carefully directed, strongly supervised laws that dealt with the new technologies would justify themselves if they were very specifically applied under the existing system of warrants. To me, that was a much more reasonable suggestion than your machine gun approach that all of this is completely wrong.

Mr Berg : No, we agree with them completely. We agree with data protection orders, for which the Australian government has a pretty substantial capability already. I do not see that we are in conflict with those groups at all.

Mr RUDDOCK: I would like to ask, for the purposes of the record, that we invite the relevant agencies to comment on the last paragraph on page 4 of the institute's submission, which suggested strictly limited, supervised, transparent data protection orders targeted at specific subjects would strike the right balance. I would like to hear whether they believe that such a proposal would be workable in terms of the issues that they believe they need to address.

Mr Berg : In my understanding, the cybercrime legislation that was passed in August, in order to accede to the Council of Europe's Convention on Cybercrime, had to introduce that sort of scheme. In our view, and we can comment more specifically on it, that may even have slightly tipped the balance in a direction that we are not happy with. But at the very least, as I understand it, those data preservation orders are already available to those agencies. I hope you will ask them how that interacts with the proposals presented here today.

CHAIR: I think what Mr Ruddock is saying this, and it goes to the point that you make very well in your submission at page 4, which Mr Ruddock drew to my attention a second ago. We will ensure that that particular question gets asked directly of the agencies. Both of us thought it was very well put.

Mr Berg : We agree completely and data preservation orders are a good liberal balance to strike between the demands of national security and the demands of privacy.

Senator FAULKNER: I must be so worn out by the political process because I am afraid I cannot get into any high dungeon about your submission at all.

Mr Berg : We can rewrite it for you if you would like.

Senator FAULKNER: No, let us deal with it as it has been provided. You make the point that you have made one primary recommendation, but I think you have made two recommendations, if I could respectfully suggest that to you: one that the data retention scheme not be proceeded with, effectively, and a second one dealing with the other recommendations that they be critically assessed under principles of proportionality for the potential threat and that there be a proper assessment of what that threat constitutes and that there be guarantees that basic rule of law principles are adopted. I think they are the two fundamental recommendations that you make.

Mr Berg : Yes, and we can have more specific discussions about some of it all.

Senator FAULKNER: Sure, and I might go to both of those. In relation to the second one, so let us put the data retention proposal scheme aside for a moment, who do you see as appropriate to conduct this critical assessment that you are recommending? Should it be this committee? What is the most appropriate vehicle for the conduct of such an assessment?

Mr Berg : Parliament has to assess its laws, and I am not an expert in parliamentary procedure, so this committee or other committees need to critically assess the laws that have been proposed. Did you have another body in mind? I am trying to see why you are asking.

Senator FAULKNER: You have asked for a critical assessment under principles of proportionality. I am trying to establish what you see as the appropriate vehicle for that to be conducted.

Mr Berg : Sure. In my view parliamentary inquiries are the right forums to discuss proposed legislation. Our only point in making that argument is that having a few dozen proposals in front of one committee at one time with no legislation available is not the right way to go about it.

Senator FAULKNER: The point you make about the precise legislative provisions not being before us is an accurate one. That is a fair point to make and I have asked other witnesses about this. This is a real challenge for the committee, that we do not have specific legislative provisions before us. We have, if you like, a discussion paper and some pretty broad-brush terms of reference, making it difficult I think for not only the committee but also for witnesses to grapple with what is an enormously wide-ranging set of proposals in relation to an extraordinarily important element of public policy and national security legislation. You have managed to distil this into a pretty short and sharp response which is overwhelmingly pretty negative I think it is fair to say. But what sort of challenge did the IPA find, given we had a discussion paper and broad terms of reference but no precise legislative provisions or draft legislative provisions to grapple with? Was this a challenge for you?

Mr Berg : I think you are excessively kind in saying that the only problem is that there was not the legislation.

Senator FAULKNER: I knew eventually in my political life that the IPA would say that I am excessively kind, and I did want to reinforce that.

CHAIR: You have all led with your chin on that one!

Mr Berg : I think, and I would argue, that the problem is not just that the legislation is not available. Many of the proposals in the discussion paper are not well explained—and data retention is the most obvious one. There are maybe two dozen words to describe what on earth it is, not talking about the thresholds for crimes that it would fall under. I have noticed that the committee spends a lot of time talking about national security policy, but this would obviously be much more than national security policy if it is to be at all parallel with existing laws or changes that the committee is considering making. It could be for any crime with a minimum of three years, for example.

Senator FAULKNER: Did you hear the South Australian and Victorian police provide evidence earlier today?

Mr Berg : No.

Senator FAULKNER: In a nutshell, I think it is fair to say that they said that the data retention scheme was critically important in terms of their capacity to fight serious crime. How should the committee deal with very stark evidence like that?

Mr Berg : I think there is contrary stark evidence. The data retention is not entirely hypothetical. It has been tried and it exists in a number of European states. I think it is important for the committee to critically assess the evidence that has come out of that. We have offered—

Mr RUDDOCK: I better go and have a look.

Mr Berg : I am happy to send around the reference.

CHAIR: Could you please do that, because you make a very valid point. We are very interested in this, so, if you could, we would be more than happy to take that on board.

Mr Berg : I would be very happy to. Off the top of my head, I will direct to the committee to a shadow report into the data retention scheme. That makes reference to a report that the research wing of the German parliament made into the efficacy of these laws between 2005 and 2010. They found, as my colleague pointed out, that there is no statistically significant increase in clearance rates. I think that the committee will have to come to terms with that evidence, even if it is just to take it on board and move on. But I think it is important that you critically assess the real world implication rather than just talking in hypothetical terms. I understand that many police agencies would like the capacity to have a continuous tap on absolutely every Australian. I am not convinced that that is something that should be welcomed by the public.

Senator FAULKNER: Let me just explain to you. By the way, I have serious concerns about the data retention scheme and the lack of safeguards. I have been frank about that, and I may well share a number of your concerns. But the police, for example, provided evidence to us that one of their perspectives was the value of such stored data. It might be for crimes committed some time ago and a capacity for police forces to use such stored data as an evidentiary basis to investigate and charge individuals responsible for a serious crime some period of time—possibly measured in years—after the event. This is the sort of evidence that we are receiving. To be fair to the police, that is the perspective that was put to us. I do not sneeze at that sort of evidence before a parliamentary committee. I think we have a responsibility to take it very seriously. I hope you would share that view.

Mr Berg : Absolutely. Simon might take up that point.

Mr Breheny : Yes. The main point here is that there is a fundamental conflict between indiscriminate data retention, which would mean companies collecting and storing all the data that comes through them from clients, and a right to privacy. The two are in complete conflict. You cannot have an indiscriminate blanket data retention policy and also have a right to privacy in Australia.

Mr DANBY: How does that jibe with the fact that many of the companies we are talking about already keep information for seven years, not two?

Mr Breheny : If it is the case that companies already keep data, what is the point of having a government mandated policy?

Mr Berg : I think it is important to split a couple of issues here. A lot of companies keep phone records and they do that in order to bill. This is something they have to keep as part of their operations and we do not have a problem with that, assuming that it is kept safe and according to national privacy principles.

The committee is being asked to consider whether there should be a creation of a new bank of data that does not exist, of a substantially larger amount of data. We make maybe a couple of phone calls a day—and the committee makes a few more than that—but we spend a lot time on the internet and we look at hundreds and hundreds of websites during one day. The government would be asking for an enormous bank of data, hugely disproportionate to any security goal.

Senator FAULKNER: So here is the challenge. I am trying to present this as an objective and rational person might. I am not putting a point of view here. I am just asking questions. A committee like this is faced with the challenge of trying to protect the rights of individuals—the civil liberties and freedoms that are very important to us all. They are important to your organisation and you make that very clear in what you have written in your submission and what you have presented to us in evidence at the table today. I accept that. On the other hand, we have an obligation to ensure the safety and security of Australians.

Mr DANBY: And rule of law.

Senator FAULKNER: Well, we have that obligation too, but we also have an obligation to make the laws which is where the rubber hits the road. This is always the difficulty in these matters—finding the balance between individual liberties and rights and freedoms on the one hand and our broader obligations in terms of national security and the safety of our citizens on the other hand. Do you accept that our national security legislation needs to be modernised? How, in your view, do we deal with this critically important balance but also the critically important obligations that any sensible parliamentary committee and any sensible legislature is going to have uppermost in their minds at getting that balance right?

Mr Berg : Certainly there is a balance, but I want to take up the point about modernisation. There is an assumption within the discussion paper that telecommunications interception legislation has not been modernised since it was introduced. That is empirically not the case. You are talking about modernising legislation that was changed in August. I do not think that there has been a demonstrated need to do that. It is all well and good to talk about balance and we are all for balance, except that appears to only go in one direction, which is towards more national security power and against individual liberties and privacy. We feel that, at the very least, this would be a nice place to make a stand, to say, 'Let us stop for at least a while and maybe we will see what happens in a decade and wait until the whole national security situation has changed.'

Senator FAULKNER: Do you think that governments and parliaments of goodwill might be able to achieve both objectives? The discussion paper is very light on in terms of safeguards and the like. Are both objectives able to be fulfilled with goodwill on the part of the parliament?

Mr Berg : With respect, we do not treat government under an assumption of goodwill.

Senator FAULKNER: Well, with legislation, good work.

Mr Berg : Certainly. We are a small government organisation. We take a sceptical approach to both the good work of legislators and, of course, the good work of agencies and bureaucracies across the board. I am not convinced that the balance needs to be struck continuously in the favour of more government power. As far as we can tell, there is only one proposal in this discussion paper that would reduce the size of the national security state, and that is the proposal to reduce the number of interception agencies. Everything else gives the government more power. If parliament is going to strike a balance it will have to offer up a different discussion paper and a different set of proposals.

Senator FAULKNER: In terms of the obligations of government, how does the Institute of Public Affairs rate the need to ensure Australia's national security and the safety and security of its citizens?

Mr Berg : Extremely highly. It is one of the few things that we think government should do. But that does not mean it should get absolute carte blanche to ask parliament to write up whatever increase in power it likes. We are not convinced that the discussion paper or the submissions have demonstrated any need for national security change since August. That is our position. We are all for having a safe and secure Australian community, but we do not think that is the issue at stake here; we think it is an unnecessary, disproportionate increase in government power.

Senator FAULKNER: Do you accept that we can have a more safe and secure environment in this country through changes to national security legislation?

Mr Berg : Perhaps, but I am not convinced that any of the discussion papers and proposals help that. To a large degree, they push in the other direction. The data retention one is a classic example here. It is supposed to keep us safe; it will actually expose us to many more risks. If you ask hundreds of ISPs and telecommunications providers to keep an extraordinary amount of data on their own, that will create a honey pot and increase the risk that somebody will break in and use that data nefariously. We think that some of these proposals, like the data retention one, will actually make us less safe. Even if your only purpose and concern is national security, we think that this could be counterproductive.

Senator FAULKNER: But you do acknowledge, I am sure, that there are three different categories of matters the government has asked us to look at—

Mr Berg : Yes.

Senator FAULKNER: matters the government wants to progress, matters the government intends to consider and matters on which it seeks this committee's view. Do you know which one of those categories the data—

Mr Berg : Yes, absolutely, it is the committee's view, of course. But it is worth noting that the Attorney-General made data retention a significant part of her speech yesterday, and to us that suggests that data retention is something to be focused on—

Senator FAULKNER: I suppose it depends how you define a 'significant' part of her speech. I counted it as four sentences, but you—

Mr Berg : I think it was a couple of paragraphs, but—

Senator FAULKNER: Two paragraphs and four sentences!

Mr DANBY: Do I understand, Mr Berg, that is why you are against it—because the Attorney-General put it up?

Mr Berg : Not in the slightest. We were against the data retention proposal years before she became Attorney-General.

Senator FAULKNER: I am not entirely sure what the position of the Attorney-General might be on this. I have actually read the Attorney-General's speech and I have read a number of comments the Attorney-General has made. One assumes the government does not have a strong policy position on this. If it does, I would have hoped that it would not be seeking this committee's views on the matter and in fact would have put a more substantive proposal to us to investigate. It would seem logical, don’t you think?

Mr Berg : Sure, and I hope the committee makes that point in their final report.

Senator FAULKNER: That is not a point we need to make, given that it is one of those elements on which our views are sought. I have my concerns with the proposal, I stress again. But it is not a matter which the government has indicated at this stage it intends to progress. That is the only point I am making to you. On the information available to me, and I can assure you I am not in the cabinet; nor am I in the National Security Committee of Cabinet. I used to be, but I have no idea how these things have developed at that level. We can only make assessments on the basis of the information that is available to us, and the same information is available to us as to you.

Mr Berg : The only point that we are making is that out of the discussion paper this is by far the most objectionable proposal. And given that it is a policy that has been enacted overseas as well I think that something that we were able to bring to the table, at least in this submission, was a bit of a discussion about that. But having said that, we can talk about some of the other proposals as well.

Again, I have to reiterate that the major problem with the discussion paper is the sheer volume of proposals within it and the fact that those proposals interact with each other and interact with existing pieces of legislation that have just been passed. It gets very, very complicated very quickly, and this is why we are saying that each individual change ought to have its own inquiry and have its—

Senator FAULKNER: I do not know about your response to that problem but it is a fair point, Mr Berg. Try being on this side of the table!

Mr WILKIE: I have a quick question. You indicated acceptance of the telcos' current practice of retaining what I would call billing data or call data. So I suppose they would know who each of their customers are calling, the duration of the call and the time of the call, which is probably quite useful for the security services, if they were to have access to it. You have indicated acceptance of that, if only because telcos do that currently, but in your submission and in your testimony today you have indicated obviously very strong opposition to the whole issue of keeping all of this data. So what assumptions have you made—I think this is crucial—about what data the government might keep? Are you assuming the government wants to keep even voice recordings and the content of emails? I think, depending on what assumption you make, you could come down in any number of ways.

Mr Berg : You could, although you would still be imposing a data retention requirement. The assumption that we have made, which we think is reasonable and legitimate is that it would be analogous to the European data retention direction, which is in terms of location and time and information of communication rather than the content of that data. I have not seen any serious proposal that it would be full content storage, for exactly that reason. The discussion paper goes into great detail talking about how it believes that telephone calls and internet access are analogous and that they should be able to keep records as they do with telecommunications—

Mr WILKIE: For example, you are assuming—again I am not expressing a personal view; like Senator Faulkner, I am trawling for information—that they might want to know who a person sent an email to and at what day and time, but not the content of it. And the same for other media.

Mr Berg : Yes. So, if they—

Mr RUDDOCK: Sorry, is that true? I thought that if it was the equivalent of a telephone call, if you are tapping a telephone call you get content.

Mr Berg : If you are tapping a telephone call you get content but at the moment the telecommunication providers are not recording everybody's telephone calls for you to get two years later.

Mr RUDDOCK: I understand that, but if you tap a telephone call you get content. If you have something that is equivalent—

Mr WILKIE: I just asked for an assumption—

Mr Berg : Yes, a data preservation order would be equivalent.

Mr RUDDOCK: it might well mean you want content.

Mr WILKIE: I am just keen to know what assumptions have been made—what assumptions underpin this submission.

Mr Berg : The simple assumption is that it would be roughly the same as what a number of European countries have, which is in accordance with the European data retention directive.

Mr WILKIE: But does that include a recording of the voice conversation?

Mr Berg : No.

Mr WILKIE: It would almost be impossible, wouldn't it, to record that much information, over years?

Mr Berg : And there are video calls and so forth. I am not a technologist but I would say that it would be technically infeasible to do that sort of thing, and certainly infeasible to analyse it once you have recorded it.

Mr WILKIE: We are probably jumping around two issues. One is recording a certain amount of data for years, storing that—and being able to mine it, which is another issue—versus a warrant being taken out to target a particular person, in which case they might actually record the voice conversation.

Mr Berg : You are confusing three issues now: the first is specific warrants in data preservation orders, where there is no data retention scheme; the second is what we think the data retention proposal would be, which is simply recording the fact that someone emailed someone rather than the content of that email; and the third option is recording absolutely everything, including content of email, video sends et cetera.

Mr WILKIE: But that would require a warrant and it would be future information that you would be collecting. You could not go back into the database—it just would not exist in the database, unless you had been specifically searching for it in the past and recording it, which presumably would have had to occur by warrant.

Mr Breheny : If you are talking about content, then yes, that is probably the case. As I understand it, the data retention proposal is not a discussion that relates to content. Our concerns are great as the proposal stands. They would be considerably greater were it to be about content. But even with metadata, or data about who sends a particular email or who receives it and at what time, and those kinds of details, we have problems with ISPs collecting across all Australians.

Mr WILKIE: We have learned that they are doing it already for landline and mobile but not, we understand, for emails. As was described to us this morning, people buy capacity in a pipe and all this stuff just goes through there, and they are not recording who is sending an email to whom.

Mr Breheny : Yes.

Mr WILKIE: That would be a new capability if they were to go down that path.

Mr Breheny : Precisely. In this case the difference between the kind of data that is stored and collected by telcos, when you are talking about mobile or landline telephone calls, is for business purposes. They keep that so that they can bill their clients. That is not required for ISPs. What we are saying is that the government would be creating silos of information that ISPs simply do not need for business purposes. The important point to make here is that under the national privacy principles ISPs, if they were to go down this path without data retention legislation being mandated by the government, would be breaching national privacy principles. Telcos are not doing that in the case of telecommunications, because they need to do what they do for business purposes. They need to do it to bill clients.

Mr WILKIE: We now come to an interesting issue. We are saying it is acceptable for a business to store data for billing purposes. I could take you to mean that that is seen as more important than a government storing data for national security purposes.

Mr Breheny : There is a significant philosophical difference between a telecommunications provider—

Mr WILKIE: Well, that is not my personal view; I just have my devil's advocate hat on here.

Mr Breheny : Sure. I would say that there is a stark philosophical difference between the government mandating for data to be stored, on one hand, and on the other hand a contractual relationship between a client and a telecommunications company whereby their privacy policies are made clear. They would probably be on a website or in the contract. There is a clear difference between those two scenarios.

Mr WILKIE: So your concern then is more a philosophical concern rather than a practical concern about whether we are able to collect the call data for our mobiles phones or whether they are stored properly.

Mr Berg : That is the subject, perhaps, of a different inquiry—the management of existing customer data. This is not the proposal; the proposal is to create an entirely new bank of data, which we would oppose. It is hard enough for existing companies to look after the data they already look after, as we are seeing with a number of very high-profile and prominent data breaches. The idea that parliament would mandate the creation of a new set that would be so broadly applied and so destructive should it be breached is, we think, very objectionable.

Mr WILKIE: It is interesting: this is our very first day of hearings and we have already brushed up against this a number of times—the fact that so much data is already stored by so many organisations, everything from Coles FlyBuys through to the poker machine loyalty cards to the banks.

Mr Berg : Sure. And with a warrant, agencies can get access to that enormous set of data as it is. We should not pretend that suddenly there is no way for law enforcement agencies to access information at the moment, because that is just not the case.

Mr Breheny : I would also make the point that if, on privacy grounds, you do not like the fact that your carrier or your service provider is keeping that data you have the option of moving somewhere else. If the government mandates a two-year data retention period, you do not have that option.

Mr WILKIE: I would suggest that the average consumer has no idea of what different companies are doing about them as a customer. The average person probably has not the slightest idea of the enormous amount of data that now exists out there. They have probably never thought about it. They were never offered information about it, or if they were it was in a booklet so thick and in very fine print—and who reads that?

Mr Berg : Yes, and a large part of that is because of the complexity of the legislative frameworks that govern such booklets. But what they actually expect is that the service works and that people understand their needs when they call up to question a billing issue. I understand that there are sometimes privacy concerns with the amount of data that has been collected but we are getting something in return for that. We, as customers of the national security state, would not be getting anything in return for having our innocent data stored.

Mr WILKIE: Except perhaps arguably a reduced possibility of being blown up.

Mr Berg : That is very, very arguable.

Mr Breheny : That is why we bring up the case of the German parliament having looked into this issue and finding over a five-year period that there was no increase in crime terrorist rates.

Mr WILKIE: Thank you, and thank you, Chair.

Mr RUDDOCK: I suppose I am a touch disappointed having been a very significant admirer of your contribution to public life. I see things somewhat differently from Mr Danby. But I must say I was disappointed that you think there should be a 10-year prohibition on further reform in the national security area, particularly if you identify potential weaknesses, which you appear not to have. The one that concerns me and of which I have spoken today is the advice that is in this submission, but also it is advice that we have received, that with significant technological developments the usefulness of warrants issued on the telecommunications of an individual, on the telecommunications medium that they are using, and of search warrants leave now a very significant area of activity that is not the subject of any scrutiny. So what they are seeking is to have warrants — and I emphasise that — that apply to the individual but enable all mediums to be accessed. Given the technological changes, I do not think that is unreasonable.

Mr Berg : Are you referring to the data retention option?


Mr Berg : So you are referring to the warrants that—

Mr RUDDOCK: Yes, I am referring of the capacity of the organisations to target the individual whatever medium they are using. It seems to me that that is eminently reasonable. It still has a protection, a protection that we regard as satisfactory now, and it does address a very clear and looming gap that is not only acknowledged here but also internationally.

Mr Berg : As I understand it, agencies have the capacity to do that. The discussion paper spends a lot of time talking about how they would like to streamline the process, how they would like to make it easier and so on and so forth. We feel that it should actually be very hard to get these sorts of warrants.

Mr RUDDOCK: I am not suggesting that it be made easier. All I am saying is that it is the medium that you are using and now you are medium limited to the individual rather than being able to target all the mediums that the individual might be using. It is still subject to the same requirement with ASIO, an Attorney's warrant, and police, a judicial warrant.

Mr Berg : But I am not comfortable with that sort of unlimited warrant that can expand out without supervision.

Mr RUDDOCK: But there is supervision.

Mr Berg : There is supervision in the original giving of the warrant, yes; I understand that. But that is the sort of warrant that could expand out to all sorts of activities that have not been considered by the —

Mr RUDDOCK: All the mediums you might be using to plan your terrorist attack. I have seen a lot of warrants and I know the level of evidence that is required to satisfy somebody that an individual should be targeted. It is not just everyday activity; there is a very high degree of evidence that has to be produced to satisfy the person who issues the warrant. When I issued warrants, I was conscious that there was somebody else, called the Inspector-General of Intelligence, who was going to be looking at these things afterwards and that my judgement could be brought into question if I was not looking very critically at those matters. Equally, I am sure that the agency, even before it put up the matters, was conscious of those matters. As to the way in which many people see these issues, they assume that they happen without a high degree of supervision—

Mr Berg : No, we are not assuming anything like that. We are suggesting that the supervision would be undermined with named warrants because, as I understand it, in the existing warrant system the medium that the warrant is going to serve is key to the getting of the warrants in the first place. This would be a much broader, much more open warrant and we are concerned that it would unjustifiably undermine supervision.

Mr RUDDOCK: I agree to disagree.

Mr Berg : Sure.

CHAIR: Thank you very much for the evidence that you presented before us today. If we have any further questions we will write to you. Thank you, everyone, for the entertaining to and fro.

Proceedings suspended from 15:01 to 15:12