Authorities are not interested in using the Abbott government’s proposed data retention scheme to go after internet pirates and would be prevented from doing so by the commonwealth ombudsman, the assistant commissioner of the Australian federal police, Tim Morris, has said.
Morris also said any changes to the way metadata is collected and used would have to be approved by the ombudsman.
But the ombudsman, Colin Neave, has told Guardian Australia his office would not play a formal oversight role in the scheme and would give advice only at the attorney general’s discretion.
Morris told a technology conference on Sunday that the $400m scheme, which would see Australians’ metadata retained by internet service providers for up to two years, was essential to fight cybercrime and terrorism.
Phone numbers, the time and duration of calls, email addresses and, potentially, URLs would all be stored, but Morris reiterated that the AFP was “not interested in someone sitting down in their lounge room torrenting Game of Thrones”.
“We’re not going to have a taskforce come out to get [pirates] based on metadata collection. I need to make this clear. That’s a no,” he said on Sunday.
Any changes to the kind of metadata collected and the types of crimes it is used to investigate would require an ombudsman’s approval, Morris said.
“[Any request to expand on the meaning of metadata] has to go up through a commissioned officer,” Morris said. “Under the new bill the ombudsman would have a look at our suggestions and he then writes us a report telling us if our actions are appropriate, or not.
“I can tell you that 99.99% of the time we usually change our processes and procedures based on the advice of the ombudsman.”
However, Neave denied that his oversight role has been formalised.
The commonwealth ombudsman told Guardian Australia that while he was consulted by the attorney general’s department (AGD) about the oversight role, “it is not proposed that the commonwealth ombudsman will oversee the data retention regime and carriers”.
“The office has only provided comments to the AGD on provisions relating to the commonwealth ombudsman’s oversight role,” Neave said.
“It is only proposed that the commonwealth attorney general may consult with the commonwealth ombudsman in determining which agencies may be declared eligible to access telecommunications data.”
Greens senator Scott Ludlam, who was also at the conference, said ombudsman’s oversight provided only “weak” protection and that the public could not take the AFP’s assurances the scope of the scheme would not expand in the future.
“We don’t know how ubiquitous or restrained this data retention scheme is because they simply refuse to say anything at all,” Ludlam said.
“The bill doesn’t say [what data will be collected]. It was written by lawyers inside the attorney general’s department, and they don’t have technical backgrounds,” he said.
“What if in six months’ time something horrible happens, they’re going to say actually we’re going to need to collect five years worth of data and now actually we’re going to need records, we’re going to need this, we’re going to need that.
“These things move in one direction only and it’s bloody hard to unwind them. It’s scope creep. All we’ve been able to get out of attorney general George Brandis is that Edward Snowden is a traitor.”
An Australian Lawyers Alliance spokesman, Greg Barns, said Australians should be wary of assurances made by police given what we know from Snowden’s revelations and the way in which police and security agencies have misled the public about how they have used data.
“I am not accusing Mr Morris of misleading the public, but I’m saying there is a track record that needs to be taken into account and the only way to ensure the AFP doesn’t use data is for there to be an independent ombudsman, or alternatively, a specific industry-type ombudsman,” Barns said.
Barns said it was “pointless” to have an ombudsman that had been appointed internally because the very nature of having an ombudsman is that it is independent of all agencies and government.
“It’s not up to the AFP to talk about appointing the ombudsman to oversee the scheme that can ensure metadata is not misused by law enforcement.
“The ombudsman needs to have sufficient teeth that would be able to impose real sanctions against the AFP and other police departments for breaches, otherwise it’s a toothless tiger.”
Ludlam said Australian voters have simply not been shown any evidence that mandatory data retention works.
Courts in Germany, Romania and the Czech Republic have rolled back data retention schemes on privacy grounds. A study by German police found that it made a negligible impact on reducing crime.
While the AFP said it took Australians’ right to privacy seriously, Morris said that had to be balanced with the need for pre-emptive law enforcement.
“Those that have nothing to hide should have nothing to fear,” he said. “The chances that your data will be viewed by law enforcement are very low.”
