In March this year we saw the passing of new data retention laws. The laws essentially require telecommunication companies to store and retain an individual’s metadata for access and use by security or law enforcement agencies.*
Under the new legislation, the data being retained is the digital information or ‘metadata’ accompanying a communication, such as the date, time and duration of a communication, where the communication was made, and the type of communication made, i.e. email, phone call, SMS, text message, social media post etc.**
Basically, everything but the content of the communication itself.
At the time the laws were introduced, they raised obvious privacy concerns. However, in the wake of the ‘Sydney Siege’, such concerns were outweighed by the apparent need to bolster our counter-terrorism and crime-prevention strategy. The laws were passed with bipartisan support from both major parties.
But exactly how these laws will play out, outside of national security matters, is only just starting to be seen.
This week, journalist Ben Grubb won a legal battle against Telstra over access to his metadata. The Privacy Commissioner found in his favour, ruling that the metadata was ‘personal information’ for the purposes of the Privacy Act.
Even though this decision is not directly related to the data retention laws themselves, the Commissioner’s ruling is significant because it formally recognises that our metadata is personal. It is not merely a collection of random and unidentifiable numbers and codes.
On Tuesday night, the president of the Law Institute of Victoria, Katie Miller, spoke at a forum in Melbourne about how the new data retention laws are having real-world implications for legal practice.
Miller explained, ‘The metadata itself can tell very detailed stories, including, you know, what sort of legal issue you have. So if you’re contacting a family law lawyer or a divorce lawyer, it doesn’t… you don’t really need the content to know why you’re contacting them.’
Miller was mostly concerned about situations involving criminal proceedings, where a law enforcement agency with access to a Defendant Lawyer’s telecommunications data under the data retention laws can find out who they have been talking to in terms of potential witnesses. This kind of information gives the Prosecution a heads-up on the other party’s litigation strategy.
Although there are legal ways around metadata laws (like using encrypted communication services, offshore email accounts like Gmail and virtual private networks (VPNs))*** Miller’s concerns are a signal that lawyers, and others, should be aware of the metadata trace they are leaving.
**see section 187AA of the Act
– An example of the story your metadata can tell