On the 21st of December 2016, the Attorney-general's Department requested submissions regarding the use of telecommunications data held by a service provider solely for the purpose of complying with the mandatory data retention regime in civil litigation. The original closure date for submission was the 13th of January but it's been moved back to Friday the 27th January.

The following is an open letter I'm making as a Submission to Attorney-general's Department, I'd encourage others to use it as a template and make their own submissions. Also avalible as a LibreOffice and a pdf versions.

---

Retained data in civil proceedings consultation
Communications Security Branch
Attorney-General's Department
3-5 National Circuit
BARTON ACT 2600

Submission against the use of telecommunications data held by a service provider solely for the purpose of complying with the mandatory data retention regime in any civil litigation

When mandatory metadata retention laws were first announced several people and high profile organisations raised concerns about the storage and use of this incredible amount of very personal data being kept on all Australians. However the laws were ushered through under the guise of national security. It was claimed that stronger powers were needed to protect Australia from terrorism¹ and that this huge expansion of law enforcement capabilities would be used by intelligence agencies to fight Islamic State².

The metadata facts sheet³ released by the Attorney-general's Department says that

Metadata is vital to nearly every counter-terrorism, organised crime, counter-espionage and cyber-security investigation. It is used in almost every serious criminal investigation, including murder, sexual assault, child exploitation and kidnapping.

However from the day mandatory data retention was introduced it was feared that this information, described in an opinion piece by George Brandis titled "One more anti-terror tool" as being "vital to investigate terrorism and organised crime."² would instead be subject to mission creep. Many predicted that metadata kept solely for the purpose of complying with the mandatory data retention regime would go from a tool only to be used in "serious criminal investigation" to a source of information for petty crimes and civil litigation.

In the Consultation Paper it is mentioned that

In the course of the Committee’s inquiry into the Bill, a number of submissions expressed concerns that retained telecommunications data would be able to be accessed by parties to civil proceedings.

In its Advisory Report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, the Committee recommended that the Bill ‘be amended to prohibit civil litigants from being able to access telecommunications data that is held by a service provider solely for the purpose of complying with the mandatory data retention regime.’

I find it particularly worrying that the question on the Data Retention FAQs that talked about use in copyright enforcement has now been removed, previously⁴ it said:

Will data retention be used for copyright enforcement?

The Telecommunications (Interception and Access) Act 1979 only allows access for limited purposes, such as criminal law enforcement matters. Breach of copyright is generally a civil law wrong. The Act will preclude access to telecommunications data retained solely for the purpose of complying with the mandatory data retention scheme for the purposes of civil litigation.

and I fear that a tool which was originally introduced to fight terrorism will now become a tool of large private media organisation perusing copyright violations.

In regards to the question 3;

Are there particular kinds of civil proceedings or circumstances in which the prohibition in section 280(1B) of the Telecommunications Act 1997 should not apply?

I believe the answer should be a strong and firm "No, the prohibition in section 280(1B) of the Telecommunications Act 1997 should apply to all types of civil proceedings". We should be looking to strengthen our controls and protections around this data not to weaken them.