Technology

Requests from government agencies for Australian telecommunications customers’ phone, internet, and address data surpassed 500,000 in the last financial year, according to the Australian Communications and Media Authority (ACMA).

The figure was revealed in the ACMA’s annual report (PDF) released this month. It says that there were 563,012 authorisations granted to government agencies for access to telecommunications metadata in the 2013-14 financial year.

Under the Telecommunications (Interception and Access) Act, government agencies can force telecommunications companies to hand over details about their customers, including address, phone number, IP address, call data, SMS data, and other held information without a warrant for the purpose of enforcing the law.

The ACMA recorded that total disclosures amounted to 748,079 for the financial year including to law enforcement for a range of reasons, such as to avert a threat to life, assist the ACMA, or enforce the criminal law of a foreign country.

The number of requests by far exceeds the more than 300,000 requests made in the 2012-13 financial year reported by the Attorney-General’s Department in its Telecommunications (Interception and Access) report last year. The report for this year has yet to be tabled in parliament.

A spokesperson for the Attorney-General’s Department had not responded to a request for comment on the disparity at the time of writing; however, security agencies such as the Australian Security and Intelligence Organisation (ASIO) are not required to publicly report the number of metadata access requests they make.

The department told The Guardian that the difference between the two figures was due to the department only counting the authorisation for a particular person’s details. So if the request is made to multiple telcos for that one person’s information, the access request is only counted as one from that particular government agency. The ACMA has compiled its report based on data from the telcos themselves, leading to the higher figure — via redwolf.newsvine.com

This week, Australian Prime Minister Tony Abbott used recent terrorist threats as the backdrop of a dire warning to Australians that for some time to come, the delicate balance between freedom and security may have to shift. There may be more restrictions on some, so that there can be more protection for others.

This pronouncement came as two of a series of three bills effecting that erosion of freedoms made their way through Australia’s Federal Parliament. These were the second reading of a National Security Amendment Bill which grants new surveillance powers to Australia’s spy agency, ASIO, and the first reading of a Counter-Terrorism Legislation Amendment (Foreign Fighters) Bill that outlaws speech seen as advocating terrorism. A third bill on mandatory data retention is expected to be be introduced by the end of the year.

Whilst all three bills in this suite raise separate concerns, the most immediate concern—because the bill in question could be passed this week — is the National Security Amendment Bill. Introduced into Parliament on 16 July, it endured robust criticism during public hearings last month that led into an advisory report released last week. Nevertheless the bill was introduced into the Senate this Tuesday with the provisions of most concern still intact.

In simple terms, the bill allows law enforcement agencies to obtain a warrant to access data from a computer—so far, so good. But it redefines a computer to mean not only one or more computers but also one or more computer networks. Since the Internet itself is nothing but a large network of computer networks, it seems difficult to avoid the conclusion that the bill may stealthily allow the spy agency to surveil the entire Internet with a single warrant.

Apart from allowing the surveillance of entire computer networks, the bill also allows the addition, deletion or alteration of data stored on a computer, provided only that this would not materially interfere with, interrupt or obstruct a communication in transit or the lawful use by other persons of a computer unless … necessary to do one or more of the things specified in the warrant. Given the broad definition of computer, this provision is broad enough to authorise website blocking or manipulation, and even the insertion of malware into networks targeted by the warrant — via redwolf.newsvine.com

Last Friday, the Australian Attorney-General’s Department sent internet service providers (ISPs) a confidential discussion paper — subsequently leaked to Fairfax Media — that attempts to clarify exactly what metadata they’ll be required to store under the government’s proposed mandatory data-retention scheme. The detailed requirements are presumably designed to feed into the statutory specification of metadata that will be included in legislation to be introduced to parliament in coming weeks.

Until now, the only official government description of metadata we’d seen — apart from that breathtakingly confused TV performance by Australia’s favourite Attorney-General Senator George Brandis QC — was the hilariously inadequate one-pager (PDF) that the Attorney-General’s Department (AGD) tabled in Senate Estimates on October 15, 2012, after much prodding by Greens Senator Scott Ludlam.

You might therefore think that the description of the government’s metadata needs in Friday’s document was a recent development.

You’d be wrong.

A confidential document obtained by ZDNet shows that even more detailed descriptions of the government’s data-collection ambitions had been discussed with ISPs as far back as early 2010.

The document, Carrier-Carriage Service Provider Data Set Consultation Paper version 1.0 (PDF), is a 16-page PDF file created on 9 March 2010, at 14:49. Its core sections are similar in structure to the nine-page document obtained by Fairfax Media this week, with the addition of tables of sample data to further illustrate the expected type of data to be retained for each specific retention requirement from the data set, discussion questions for industry to answer, and an introductory background section rather than an executive summary.

The 2010 version of the document was quite specific about the data to be collected. For mobile calls, for example, the data would include the IMSI and IMEI of both the calling party’s and called party’s devices, whereas the current version simply specifies the identifier(s) of the devices. This is in line with the government’s intention to make the legislation technology neutral.

References to web-browser sessions and file transfers that were in the 2010 version have vanished, too, in line with such ideas being dropped as the data-retention debate has evolved — via redwolf.newsvine.com

A leaked discussion paper from both Attorney-General George Brandis and Communications Minister Malcolm Turnbull has floated the possibility of websites being blocked, and measures to compel ISPs to take steps to prevent their customers infringing on copyright online.

Five months after first flagging a crackdown was on its way, Brandis appears to be pushing ahead with plans to crack down on Australians using programs such as BitTorrent to obtain copyright-infringing content such as TV shows, music, and films.

The discussion paper, leaked to Crikey, had been expected to be released this month, following Brandis meeting with representatives in the US and UK governments on their respective copyright infringement deterrence schemes.

It outlines a number of potential legislative measures the government can implement to deter what the paper said is a long standing issue with Australians having high illegal download rates.

The government states in the document that it believes even if an ISP doesn’t have a direct power to prevent its users from infringing on copyright, there are reasonable steps it can take to deter infringement.

In a move to undo the 2012 High Court judgment that iiNet did not authorise its users’ copyright infringement, the paper proposes amending the Copyright Act to extend authorisation of copyright infringement and the power to prevent infringement would just be one factor the courts would consider in determining whether an ISP was liable for infringement — via redwolf.newsvine.com