Here's Every Australian Government Agency That Wants Your Data

In response to a Freedom of Information request, the Australian government has released a partially-redacted list of Commonwealth agencies that have applied for access to the metadata retained by Australia's telecommunications providers as part of the Telecommunications Interception and Access Act. There are over five dozen government entities that want to look through your mobile, internet and home phone records, ostensibly to uncover criminal activity.

Metadata image via Shutterstock

Data retention has been in force in Australia since October last year, when the law to enable it passed our Senate by a majority of 43 votes to 16. While telcos are required to store customer data for a minimum of two years for access by registered and sanctioned agencies, there is ongoing confusion over the requirements for that retention.

There are somewhere between 250 and over 500 internet service providers in Australia -- the exact number is unknown, as there is no licensing scheme in place or required. Each of those ISPs is required to retain data, but the onus on them to do so is not equal -- smaller ISPs bear more financial burden in doing so.

Proper implementation of the data retention scheme even for larger companies is likely at least a year away, according to Internet Australia CEO Laurie Patton. Australia's largest ISP, Telstra, applied for an 18 month extension on the implementation to work out how to integrate such a broad retention scheme into its existing systems.

Although the precise nature of Australia's metadata retention is unclear, it's thought to extend to telecommunications users' personal details, records of the IP addresses used by their devices, and the broad details of the websites that they access -- not the content of the communication itself, but the record that the communication took place. Approved agencies can access stored metadata without having to get a warrant beforehand.

Here's the full list, including the jurisdiction of those agencies:

1. Australian Financial Security Authority, Commonwealth 2. Australian Health Practitioner Regulation Agency (AHPRA), Commonwealth 3. Australian Postal Corporation, Commonwealth 4. Australian Taxation Office, Commonwealth 5. Australian Transaction Reports and Analysis Centre, Commonwealth 6. Civil Aviation, Safety Authority (CASA), Commonwealth 7. Clean Energy Regulator, Commonwealth 8. Department of Agriculture, Commonwealth 9. Department of Defence (ADFIS and IGD), Commonwealth 10. Department of the Environment, Commonwealth 11. Department of Foreign Affairs and Trade, Commonwealth 12. Department of Health, Commonwealth 13. Department of Human Services, Commonwealth 14. Department of Social Services, Commonwealth 15. Fair Work Building and Construction, Commonwealth 16. National Measurement Institute, Commonwealth 17. ACT Revenue Office, ACT 18. Access Canberra (Department of Treasury and Economic Development), ACT 19. Bankstown City Council, NSW 20. Consumer Affairs, VIC 21. Consumer, Building and Occupational Services (Consumer Affairs and Fair Trading - Department of Justice), TAS 22. Consumer and Business Services, SA 23. Department of Agriculture, Fisheries and Forestry, QLD 24. Department of Commerce, WA 25. Department of Corrective Services, WA 26. Department of Environment and Heritage Protection, QLD 27. Department of Economic Development, Jobs, Transport & Resources (Fisheries), VIC 28. Department of Environment, Land, Water and Planning, VIC 29. Department of Environment Regulation, WA 30. Department of Fisheries, WA 31. Department of Justice and Regulation (Consumer Affairs), VIC 32. Department of Justice and Regulation (Sheriff of Victoria), VIC 33. Department of Mines and Petroleum, WA 34. Department of Primary Industries (Fisheries), NSW 35. Environment Protection Authority, SA 36. Greyhound Racing Victoria, VIC 37. Harness Racing New South Wales, NSW 38. Health Care Complaints Commission, NSW 39. Legal Services Board, VIC 40. NSW Environment Protection Authority, NSW 41. NSW Fair Trading, NSW 42. Office of Environment & Heritage, NSW 43. Office of Fair Trading (Department of Justice And Attorney-General Office of the Director General), QLD 44. Office of State Revenue, NSW 45. Office of State Revenue, QLD 46. Office of the Racing Integrity Commissioner, VIC 47. Primary Industries and Regions South Australia (PIRSA), SA 48. Queensland Building and Construction Commission, QLD 49. Racing and Wagering Western Australia, WA 50. Racing NSW, NSW 51. Racing Queensland, QLD 52. Roads and Maritime Serices NSW, NSW 53. Royal Society for the Prevention of Cruelty to Animals (RSPCA), VIC 54. State Revenue Office, VIC 55. Taxi Services Commission, VIC 56. RevenueSA, SA 57. Victorian WorkSafe Authority, VIC

Four agencies have also been redacted from the document under Section 47b as well -- their disclosure would be "contrary to the public interest" -- for a total of 61 government entities that have applied for ongoing access to the telecommunications data of Australian citizens and residents.

That's a lot. [Right To Know]


    19. Bankstown City Council, NSW - Oh yeah, can totally see why they'd need access to metadata.

    Also it's redacted, not retracted. Retracted would probably be a good thing in this case.

      That is bizarre. Anybody reading this live in that area? I'd be curious to know what answer you get if you contact your council and ask them why they want access to your metadata and what they plan to use it for. Maybe they're trying to crack down on people conspiring together over the phone to put their recyclables in their general waste bins?

        And 55. Taxi Services Commission, VIC is probably just checking how many users load up Uber after first connecting to a Taxi app.

      Right you are! I had redacted in the intro par, then my mind wandered after hand-typing 57 different "departments of" and "offices of"...

      Im more concerned the other local councils didnt apply, what does Bankstown know that the other do not, OMG what is my local council hiding from me... its a conspiracy I tell you.

        The reason why your council (and other agencies like RSPCA) wants the metadata is explained here:

        Its so they can go after people dumping illegal waste, a smartphone that updates logs of your GPS location and sends that data back to google/apple at the time is all they need (and fitness trackers and watches and anything else you might have on you)

        Officially they said phone calls but why people dumping waste illegally feel the need to make phone calls whilst doing it is something I'm not sure about.

        Last edited 20/01/16 1:10 pm

    So all of these organisations are battling terrorism and hunting down pedophiles? Bankstown City Council, NSW?? Greyhound Racing Victoria, VIC<---???????

      Have you been to bankstown mate?!
      Dodgy af, and then there's the surrounding suburbs which are worse,
      If it were up to me, I'd build a wall around that shitty area :)

      Some pricks tried to burn the christmas tree there a few months ago

    After seeing this list it is a definite reason for a VPN. Seriously grey hound racing victoria needs my Metadata without a warrant? For what? Spam cause I don't gamble.

    Concerned citizen - "I'd like to know all the agencies that can access my private data"
    Totalitarian Aussie Government - "No, f..koff, you have no rights"
    Concered citizen - "But it is my right in a free and open democracy"
    Totalitarian Aussie Government - "This guy is a troublemaker, get (redacted) and (redacted) to monitor him"


      Last edited 18/01/16 8:23 pm

    How does this affect you standard VPN user. I currently use my VPN connection details in certain software, but not for all of my regular internet usage. If I go through a VPN with an Aussie server, does this protect my privacy? Or do I have use a server abroad?

      My understanding is that the technology in place can't effectively track any vpn traffic. So no metadata (which makes this 100% ineffective for any counter terrorism \ crime). It really depends on whether the government is using any "man in the middle" attacks that could theoretically decrypt traffic. This is highly unlikely tho as the cost to do this on a per user basis is astronomical.

        I bet you the NSA could do it though, so maybe ASIO could too.

          Yer i don't doubt they could if they really, really wanted to its just the cost of doing so. Main reason for this is instead of just encapsulating data to disk they need to actually process it on the fly (decrypt and re-encrypt) for the connection to actually work. For one connection this is a non issue - for millions simultaneously it's a pretty huge task. Also not all vpn protocols are vulnerable to the same mitm attacks (some are actually pretty well secured against it).

      Personally, I send all of my data over the VPN at home, but this more about avoiding geo blocks so I can watch my tv shows free of hassle than anything else.

      On mobile, I don't really bother as the battery life and data usage hits aren't worth it for me (leaving a VPN connected will chew up small amounts of data, allow about 10MB a day extra)

    Clearly the government is more concerned about Environmental Terrorism than actual bomb building gun totting terrorism considering the number of fisheries and environmental groups are listed... are we expecting a Dolphin Uprising or are there people out there willing to die for their right to fish without a licence.

    "Four agencies have also been retracted from the document under Section 47b as well"

    Any guesses on who that would be? I can think of 3 off the top of my head - ASIO, ASIS, DSD.

      Police maybe?

        Yeah, the AFP isn't there but they definitely have access to the data. They had access to it before the Mandatory Data Retention laws came into place as well.

        Last edited 19/01/16 11:20 am

        All the federal and state government police forces were included in the original list of public agencies with access to data retention.

        This list is in ADDITION to all those agencies who had access from the start.

        The volume of agencies in this list proves there is a lot more you can do with this metadata than the PM would have us believe. The phrase "if you have the metadata, you have the content" rings a bell here.

      Can't be ASIO or ASIS - they already have access I believe.

      I'd really like to know why the government thinks that keeping those 4 redacted agencies away from public scrutiny is in the "public interest". Apparently it's better for us to just assume that people we don't know about have access to our metadata for some purpose of which we've not been made aware.

      Say, can I be added to the list? I've got as much right to be on there as the Bankstown City Council or the Taxi Services Commission.

        If you were a tiny government agency charged with investigating a very small or specialised industry and you have an active investigation running, having your name in public as having applied recently for this access could potentially alert your target that they're being investigated.

        Last edited 11/10/17 11:04 pm

    Why does 16. National Measurement Institute need metadata for... they do testings and government standards. Do they even have any sort of police or investigative authority?

    so pretty much everyone has access to all our meta data!?

    great! So I guess all of them are after metadata...

    @campbellsimpson Do you think that all those agencies have access to all the metadata, or just some of it? It seems unlikely that everyone listed would have access to every bit of it, maybe filtered parts of it relevant to them?

    Either way I'm pretty concerned about the amount of agencies that can get to this - I always assumed that it would be intelligence/police/government/courts that would have access to this kind of stuff - not racing and taxi companies!


    I think the phrase at the end of your article "...a total of 61 government entities that have applied for ongoing access..." is a little disingenuous.

    The FIO request asked for requests made to the Minster for access to metadata under s176A of the Telecommunications (Interception and Access) Act 1979 (Cth) (which I'm just going to call The Act).

    Any declarations made under s176A(3) are in place for roughly 40 days, and then they expire. As per s176A(10).

    They're likely to be subject to restrictions and declarations can only be made for the following three purposes:
    1) to enforce a criminal law,
    2) administering a law imposing a pecuniary penalty; or
    3) administering a law relating to the protection of the public revenue.

    Now, I know everyone at Gizmodo believes these laws are the worst thing since Hitler, but perhaps you could point out that they are NOT ongoing access and maybe even highlight the limitations, and that they can be for only 3 statutory purposes. You know, accuracy and all.

    Last edited 18/01/16 11:41 pm

      I honestly can't see any part of your post which supports your claim that the text is disingenuous.
      Which part of "...a total of 61 government entities that have applied for ongoing access..." do you object to?

        ...a total of 61 government entities that have applied for ongoing access...

        It's the 'ongoing access' which isn't true. It's temporary limited access that expires. Not ongoing.

        If a customer purchases a one-month subscription to a website do they have 'ongoing access' to the site? No, they don't. They have temporary time limited access.

        Last edited 19/01/16 3:49 pm

          Ah, I see what's confused you.
          This isn't a list of agencies who have made s176A(3) requests.
          This is a list of agencies who want permission to make s176A(3) requests.
          I see no evidence that a time limit is associated with this permission.

          Follow the "Here's the full list" link in the article, see for yourself.

          Campbell Simpson quotes the government description precisely, so if that quote is disingenuous, you'll have to blame the Attourney General :)

            Mmmm, no. I can see why you would think that that is the case, as there is a heading on that particular attachment that says similar words.

            If you go by the actual FOI request ADG agrees that the scope of the request is

            any document which lists the names of each agency which is not authorised
            to access telecommunications metadata under 176A of the Telecommunications
            (Interception and Access) Act, which has requested such authorisation
            either by seeking to be declared an enforcement agency under the act, or
            seeking authorisation external to 176A(3)

            (underlining added)

            There's no such thing as an 'ongoing 176A' request. 173A(s) declarations made by the Minister are short lived and expire after around 40 days. So really that document is a list of agencies that at some point requested temporary access to telco data on at least one occasion.

            While the words on that attachment are unhelpful and slightly misleading, you and @campbellsimpson have misunderstood the legislation and the response to the FOI. I'm not saying you're bad people, it's a mistake I could see someone making who isn't intimately familiar with this law. I'm just saying that there is a significant amount of discussion on this topic that goes on here on Gizmodo, and very little of that discussion is coming from sources who understand both the criminal law and its practical application in law enforcement.

            What I do see is a lot of people who are terrified about an indistinct boogieman who they've been told by 'the internet' is, for reasons that aren't quite clear, coming to take their ice-cream.

            Spreading fear and half-truths (also known as lies) to an already fearful audience is irresponsible and unhelpful. Not to mention shoddy journalism. On the other hand, fear mongering sure does sell page views and ad impressions, so maybe I've got this 'journalists are there to inform the public not to sell ads' around backwards...

            Last edited 19/01/16 9:46 pm

              So the reprehensible half-truth was the term 'ongoing'?
              Because you *know* that isn't Campbell's fault.
              Was he supposed to call the Attourney-General a liar?

              The information request also requested data about "authorisation external to 176A(3)", so claiming that it's all about 176A and also only about the 40-sitting day timeframe of 176A, is ridiculous.

              On the subject of half-truths, how about you explain to us why you misrepresented 40 sitting-days as 'about 40 days'? In 2015, 40 sitting days averaged 197 actual days. Does a factor of five count as a lie, or a damn lie?

                Loaded adjectives aside, there is a large, large difference between on-going unfettered access access and temporary access. In fact it was a specific recommended change to the T(I&A) Act from the Parliamentary Joint Committee on Intelligence and Security to make those non-police agencies have to apply for temporary access, and to ignore this fairly important distinction does a disservice to everyone that reads this article, not only because it's not correct, but also if you look at the comments on this article everyone is up in arms about every person in Australia having access to this data, which simply isn't the case.

                As for 'knowing'. And 'fault' etc. I'm honestly not trying to pick a fight with anyone or accuse anyone of deliberate hostile intent. However I am quite happy to gently, politely yet firmly suggest that laymen should stay out of commentating on things that they know nothing about. I know nothing about aeronautical engineering, not a thing, so I don't comment on it on the internet or any other public forum. Maybe journalists and other people who know nothing about criminal law and law enforcement should refrain from commenting on posting articles, because they will invariably make mistakes and misinform people.

                As for 40 sitting days being 'about 40 days' after checking it, you're absolutely right, it's a lot longer than I had originally anticipated. I think in 2015 40 sitting days went from 1 Jan to somewhere in October. That's a lot longer than 40 days or even 40 working days. My bad. Still, at least it's time limited.

                As for access outside of 176A(3), yes you're right there ARE other mechanisms in the act to authorise persons and agencies. Such as if a Commonwealth Royal Commission is established, or if a State Royal Commission is established, or if someone becomes authorised as a senior officer holder within the meaning of the ASIO act, or if a new State is created and thus a newly raised Police Force comes into existence that Force can be authorised by the Minister... however the only realistic declarations that are occurring are by the 176A(3) mechanism. It's hardly a half-truth, but no-one wants to read a lecture on the entire contents of the T(I&A) Act and how it relates to the law enforcement structure of Australia. Because quite frankly the Act is mainly geared towards interception warrants and stored comms warrants - which isn't what we're talking about in this thread.

                  "laymen should stay out of commentating on things that they know nothing about."


                  If a layman sees their rights being undermined, they should object long and loud.

                  In this case:

                  1: Joe layman sees the government pass a law empowering it to better spy on Joe.

                  2: If Joe doesn't want the government to be able to better spy on them, Joe should object, by text by speech, by action.

                  3: Anyone who tells Joe to shut up because Joe doesn't appreciate exactly how much more effective that spying will be, deserves a broken nose.

                  You listen to your doctor for medical advice and accept that advice because they're the experts, you listen to climate scientists because they're the experts in that field, you listen to a structural engineer when they talk about buildings, you listen and trust your automotive electrical mechanic when he tells you what's wrong with your car. Most people even listen to celebrity's health advice because they recognise them from a movie.

                  Yet when Parliamentary Joint Committee on Intelligence and Security, who have submissions from the representatives of every major professional intelligence and law enforcement body in the country as well as submissions from each of their independent oversight bodies, make recommendations on updating some laws some people seem to believe that they know a lot more about this topic than they do.

                  Saying you have a right to an opinion because you're a layman who will potentially be effected is similar to you wanting to have input into aeroplane design because at some point you might be a passenger on an aircraft.

                  I would love to see people re-print the comments of the dept. head of ASIO, or the comments from the experts that made submissions to the PJC - IS. But alas, all we have is terrified people who don't really understand the content of their discussions.

                  I don't think anything I have to say is going to convince you so this will be my final post - unless you ask me a specific question in which case I'll be happy to answer as best as I can.

                  This is not a 'plane I might fly on' it's a law empowering government spying.
                  I refuse to believe you don't see the difference.

              Do you really, truly believe that once having gained access to said metadata, even for an initial period of only 40 days, that those agencies would want to stop having access? It may be time limited but this will just mean that make multiple requests prior to the expiry period, thus in effect giving them on-going access.

              Any if you really truly believe that metadata is only going to be held for 2 years then you really need to get some real life experience.

      And what part of Greyhound racing, fishing, taxi or National Measuring requires warantless access to peoples metadata. I dont mind if there is stipulations for investigative agencies had warranty access to the data for criminal investigations then judges can assess there case by case requirements... but the waranty free conditions are meant for terrorism and critical crime investigations... not investigating parking violations in Bankstown


      What are the restrictions?
      Who applies them?
      Who enforces them?
      Where is the oversight?

      Access is one thing but how do we ensure that data isn't copied and retained by the agencies?

        If you have a read of section s176A of The Act you can have a look at who applies the restrictions and who enforces them. The oversight is the responsibility of the usual oversight body for the relevant agency.

        If you wanted a copy of the privacy policy for a particular agency you'd probably have to ask them, or hunt around for it on the agency's website.

        As for what restrictions are imposed are pretty broad. It's up to the Minister, however it's easier to give an example.

        Agency A is investigating person B and requests the Minister to grant access the Agency A for the purposes of investigating some offence person B is alleged to have committed.
        The Minister makes his declaration (which expires after 40 odd days) that Agency A can then apply for telecommunications data, HOWEVER the Minister specifies that they can only apply for access that directly relates to person B and that particular investigation. So even though Agency A is now empowered to request data from telcos - just like Police, they cannot ask for any ol' data they feel like - only data relating to person B and that particular investigation. Not another investigation, not their ex-girlfriend.

        I must say that I don't have any direct knowledge of the internal workings of agencies that are not specifically empowered under The Act, so I'm taking a bit of an educated guess on this one but I'm pretty confident that's how Ministerial declarations now work.

          I find the vagueness around oversight the most troubling. YMMV.

          Last edited 20/01/16 3:21 am

            Not really. Every government agency has an oversight body. Every single one. But they're often different.

            For instance, the NSWPF has 3 oversight bodies (at the moment, though it's about to change) who include the Police Integrity Commission (PIC), the NSW Ombudsman and the Independent Commission Against Corruption (ICAC). PIC's oversight body is the Inspector of PIC. ICAC's oversight body is a NSW Parliamentary committee and so on and so on. Sometimes an oversight bodies does multiple agencies. Such as the Inspector General of Intelligence and Security who oversights ASIO, ASIS, ASD and the geospacial people who's name I forget.

            I am not going to list each and every oversight body for each agency - mainly because I don't know them all off the top of my head. Also just because I cannot name them all, doesn't mean that they don't exist and that they're not doing their jobs correctly.

              Perhaps the Act might have gone to the trouble of introducing independent oversight.

              Still not seeing how funnelling requests thorough a single person (and a partisan one at that) with vague and variable notions of oversight, is more efficient and safer than seeking a court order.

              Politicians don't exactly have a great track record when it comes to managing private information and transparency.

              Faith based policy making doesn't inspire great confidence.

              Last edited 20/01/16 10:14 am

                I have no idea why this Act would do that. There are many, many Acts that grant Police and other investigative agencies powers and none of them create new oversight bodies.

                Each oversight body is independent. That's the whole point of oversight, otherwise they're called internal review measures and things of that nature.

                There's only 20 or so Judges (who do other things besides sitting around authorising warrants) in NSW that can authorise Interception warrants.

                If a matter goes to Court the internal review process of the requests can (and are) subpoenaed by defense and their validity (and any evidence obtained from that request) can be challenged in Court and potentially excluded from evidence (i.e. a jury will never hear about the evidence).

                Don't worry about faith based policy. Go to the NSW Ombudsman's website and look at his report to Parliament that he does every year which contains his yearly continuous rolling audit of the NSWPF's telco data requests. The Ombo do both systematic reviews (one section this year, another section the next), random dip samples and targeted reviews if there's a complaint or suspicion of misuse. Read the reports for yourself.

                Last edited 11/10/17 11:12 pm

                  Clearly you're tied to NSWFP and those ties are framing your thinking. You're also forgetting the fact that these checks and balances exist in NSW because the NSWFP have a history of demonstating an urgent need for such oversight.

                  If you think Bankstown Council and the office of flotsam and jetsam are similarly setup you're kidding yourself.

                  All this talk of busy officers and unavailable judges, doesn't add to the case for funnelling all requests through a single Minister. How is that more immediate than getting a warrant (as difficult as that may be)? Unless the Minister's approval is a rubber stamp in which case it raises more problems than it solve IMO.

                  Last edited 20/01/16 6:20 pm

                  @ajm I'm replying here because the blog only allows for so many indented posts.

                  I use NSWPF because they are the largest law enforcement agency in the country, make the largest number of requests for telco business records and also because they have the most number of oversight bodies.

                  As for the Bankstown Council, s176A requires the Minister to be satisfied that the agency has an appropriate privacy policy, internal policies to ensure the security of information and a few other bits and pieces. Like other government agencies Councils are audited. If you're curious what their privacy policy looks at then ask them for a copy. If you want their policies ask them or file a GIPA (NSW Government specific FOI request) request with the relevant agency (Bankstown Council). If you believe that the agency is not adhering to the law or policy, make a complaint to their oversight body. The oversight body for the Bankstown Council is the NSW Ombudsman.

                  You're confusing the several types of requests we've been talking about.

                  One is a request for information for telco business records made by Police. They're approved internally by a senior officer in that Police force and then sent to the relevant telco for compliance. These are the 'warrantless metadata requests' everyone is terrified of. There are hundreds of thousands of these requests made annually.

                  The other is a 173A(3) declaration made by the Minister in relation to whether or not a government agency can be temporarily considered an enforcement agency under the Act, allowing them limited access to telco business records. Those requests, I would imagine are pretty infrequent - as there's only so many government agencies in the country that has investigative duties. I have no idea the time frame these requests would take, as they're a decision for the Government made at the ministerial level.

                  The other type of thing I was talking about was a Supreme Court issued warrant for live-interception of telecommunications ('bugging' a phone). Warrants are applied for by Police officers and signed off by a Supreme Court.

                  The system that is in place has been around (tweaks and amendments notwithstanding) for almost 50 years. It's a tiered system with low level requests for records being made internally, graduating up to the Supreme Court for the most invasive requests. The system is audited at multiple levels by various oversight bodies and more-or-less runs pretty smoothly with very few problems. I think barring a governmental coup the system isn't going to change anytime soon.

                  Last edited 12/10/17 11:26 pm

    "If you have nothing to hide, then you have nothing to fear". Joseph Goebbels, Germany's Nazi Propaganda Minister in 1933.

      I would like to install a tracking application on your phone, just so I know where you are at all times. This should be ok as you have nothing to hide do you? Or do you....

        Don't kid yourself. Our phones are already a tracking mechanism.

    So besides security, defence, and taxation agencies, why do the others need my metadata? Except for the fact they're public servants justifying their job plodding along requesting every piece of information they can that they'll probably never use because they have no idea what the data means?

    I didn't see......RSPCA?

    I have now had a girl look,and now I see it :(

    I assume the racing bodies are on there due to the amount of gambling that goes on around it. When there's that much money changing hands, the potential for corruption is huge. Presumably they want the metadata to be able to find out if jockeys, trainers, owners etc are having communication with shady gambling types? I'm surprised there aren't more sporting bodies on this list, to be honest.

    Man, my memory of the bullshit spin before this law was passed with bipartisan support was that they were only using this data to catch the pedos and terrorists. Y'know... The really serious criminals.

    But from the jurisdictional responsibilities of the departments involved, it seems almost as if they're using this data to aid in processing pretty much ANY crime or even minor infringement?

    Did... did our nation's politicians mislead - if not outright lie to - us?

    I'm shocked! Shocked and appalled.

    6. Civil Aviation, Safety Authority (CASA), Commonwealth
    This is an interesting one!!!!

    if this is the initial list of who wants our metadata than imagine how quickly it'll grow if these all have access to it..

    & the worst bit is, we the people of Australia are increasingly getting less access to information from politicians who seek to hide everything.

    Is this read only access? Will they copy info to their servers for processing? I guess these agencies are competent regarding securely storing their data or their access credentials. I'm sure some of these might present an interesting target for malicious 3rd parties as a way to get access to our metadata.

      Requests are the electronic equivalent of walking into a business and asking for a photo copy of one of their records.

      The records have always, and will always, belong to the business that generates them, not the government.

      Last edited 11/10/17 11:14 pm

        "Requests are the electronic equivalent of walking into a business and asking for a photo copy of one of their records."

        Which you would be denied unless you had a warrant.

          Assistance from the public to Police is given on a daily basis.

          NSWPF have formalised arrangements with a number of agencies, both government and private called Memorandums of Understanding (MOUs) for access to information under certain circumstances.

          If a Police officer walked into 7/11 and said "Hi there, I'm investigating a fraud where a man had his credit card stolen and it was used illegally to purchase x,y, and z at your store. Can I please have a copy of that receipt to show the Court and could I please see your CCTV footage so I can identify the man." do you really think the manager of the store is going to yell at the cop "Get a warrant pig!"?

          The community assists Police every day. In fact, the Police cannot function without public assistance.

          The difference with telecommunication companies (and now ISPs) is that as far back as the 1970s the government realised that their records could be invaluable and they were asked to setup their systems a certain way to facilitate the production of records. It's now been computerised.

          There's lots of other industries that are required to produce documents and assist with investigations in a similar way to telco's that include the racing, gaming, liquor, firearms industries, primary industries, pawning and secondhand dealers, taxation and banking industries. There are more, but they're just off the top of my head.

          This system is not new and it's not unique. It's just that the public has never cared to take an interest in it.

          Last edited 19/01/16 9:51 pm

            Fair enough if the cops asked you.
            Would you be as receptive if Greyhound Racing Victoria came to your house and asked for your internet banking password?

            This is not "assistance from the public".

            The industries you've listed are required to maintain document relevant to their business, to ensure they comply with legislation/regulation. This is not the same thing.

            This is not anonymous CCTV footage or a receipt.

            Why is applying for a warrant, and following due process with Court oversight, not an appropriate way to access personal, private information stored at an ISP?

              Well, you use the term 'due process' like it means something other than complying with law and policy. And the T(I&A) Act has been in place since the 1970s, so due process has, is and will continue to be followed with these requests. Thus 'due process' is being followed.

              Warrants are fine, and they're applied for in their thousands every year, no-one's scared of them. But they're one of a number of legal mechanisms for obtaining business records (yes, telco records are business records as far as the law is concerned).

              One of the practical problems with telco data requests is their volume. There's lots and lots or requests made and warrants are simply impractical both for Police and the Courts.

              Asking for a copy of a person's phone bill, requires the authority of a senior Police officer who is the same person who is capable of authorising SWAT and is in charge of a city's Police. In practical terms they're the officer's boss's boss. They can only authorise the request if they agree that the request is justified in the circumstances and they must consider whether the invasion of privacy is justified in the circumstances.

              Asking for the name and address of the the person who owns a certain phone number requires the same thing.

              Asking for the contents of a text messages, MMSs, or listening in on phone calls all require Supreme Court warrants.

                Funnelling every request through a single point (a Minister) doesn't alleviate the burden on the telcos or the overworked Inspector. Just muddies the waters in terms of transparency and accountability.

                You can't ignore the potential for misuse and/or negligence when you've got the whims of partisan politicians with a deep aversion to public scrutiny in charge of granting access to (seemingly) any organisation with the word Department or Office in front of it.

                This is going to bite someone.

    It is a timely reminder that this year 2016 is elections year. You show them who's in charge, vote the mob who allows this out of office. make it a landslide. Then they're learn.

Join the discussion!

Trending Stories Right Now