Fresh fears of potential human rights breaches have surfaced amid a parliamentary review into mandatory data retention laws.
Dr Stanley Shanapinda, a researcher with La Trobe University’s Cyber Security Research Hub, is concerned the small clusters of cells in 5G networks will give law enforcement agencies unnecessary access to extremely precise location data of private citizens.
“Because the powers are so broad right now 5G gives the agencies greater power than ever before,” Shanapinda said.
Under changes made to the Telecommunications Act in 2015, service providers must store data about communications made on their network for at least two years.
Relevant data includes the source, destination, date, time, duration, and location of all connections to a service.
“With location information, the precision now is far better than were the laws were put in place which reveals more sensitive information about you,” Shanapinda said.
“And because of the availability of machine learning, they can use tools to analyse and predict where you will go.
“Mobile phones will basically act like ankle monitors that are carried in bags and pockets.”
The laws were designed to standardise data retention across the industry.
When the data retention law was introduced, then-Communications Minister Malcolm Turnbull said the bill was “critical to prevent the capabilities of Australia's law enforcement and national security agencies being further degraded”.
But Shanapinda warns that a combination of broad laws and technological innovation has over-corrected for claimed weaknesses of law enforcement powers.
“There was a lot of discussion about needing to make the laws technology neutral, and we weren’t even thinking about 5G at that particular time,” he said.
“But as the technology continues to advance, the agencies have ended up holding a disproportionate amount of power.”
Questionable necessity
Australian Human Rights Commissioner, Edward Santow, told Nine newspapers the data retention laws need to be reformed and law enforcement should require a warrant to access the telecommunications data of suspects.
"We say it's worth the effort because people's basic rights are at issue," Mr Santow said. "But we have also seen that a warrant may make it less likely that there will be overuse of accessing metadata."
"We accept it's necessary to have laws that may impinge to some extent on rights like privacy in order to protect the community against serious crimes. But our fundamental concern is that the law goes further than it should and breaches a number of human rights."
Currently metadata can be accessed without a warrant as long as an authorised law enforcement officer “is satisfied the disclosure is reasonably necessary for the enforcement of the criminal law”.
This is at odds with laws in other jurisdictions.
Last year, a US Supreme Court ruled it was unlawful for police to access location data without a warrant.
While under EU law, blanket national legislation requiring general and indiscriminate data retention is prohibited.
Since the data retention laws were put in place in 2015, the Australian Federal Police (AFP) has made 67,000 authorisations to access telecommunications data.
More than half of those authorisations were related to illicit drug offences, and 5,400 were for terrorism offences.
The Australian Human Rights Commission (AHRC) has also doubted the necessity of keeping data for two years – especially considering that more than 70 per cent of the data accessed by the AFP was less than six months old.
“This suggests that the data retention period could be reduced in order to address significant privacy concerns without unduly impacting on investigations,” the AHRC said in a recent submission into the parliamentary review of the data retention laws.
“The Commission recommends that the two-year retention period for communications data be significantly reduced or, alternatively, tailored retention periods be adopted.”
The Australian Securities and Investments Commission (ASIC), however, says that telecommunications data older than 12 months “is often crucial for ASIC to obtain successful criminal outcomes”.
ASIC said metadata has aided in 72 convictions since the laws were in place, and that the agency made nearly 10,000 authorisations in the same period.
The Australian Communications and Media Authority reported telecommunications providers have spent over $200 million in complying with mandatory data retention legislation since the laws came into effect.
