A parliamentary inquiry has found strong opposition to the Government’s “unjustified” and “incoherent” proposals to increase cyber-surveillance of citizens by requiring telcos to keep web data and subscriber traffic records for up to two years.

The Parliamentary Joint Committee on Intelligence and Security last week published 177 submissions from the public after launching an inquiry into the proposals in July.

Proposed changes to Australia’s Telecommunications (Interception and Access (TIA) Act 1979 would expand the phone-tapping powers of law enforcement agencies to cover internet telephony and social media.

The submissions represented thousands of individuals and organisations, with only a handful in support of the proposals.

Government and law enforcement authorities such as the Australian Federal Police, the NSW Government, the Australian Customs and Border Protection Service and the Tasmanian Police argued that the proliferation of communications devices in the internet era meant reforms were needed.

“Fundamental reform is ... required, not to increase powers, but to ensure that existing powers are not rendered completely ineffective,” the NSW Government wrote.

But critics slammed the proposals for greatly expanding the power of intelligence-gathering organisations at the expense of the human rights and civil liberties of citizens.

The discussion paper was also attacked for being “vague” and “incoherent” and many submissions noted that the six-week consultation was inadequate for proper consideration of the issues.

The telecommunications industry warned that costs of complying with the proposed regime would be passed on to consumers.

“Industry should not be asked to assume risks and responsibilities that properly rest with Government,” the Australian Mobile Telecommunications Association and Communications Alliance wrote in a joint submission.

“The full and real economic cost of providing assistance to national security and enforcement agencies must be minimised (to avoid costs being passed onto consumers) and be recoverable from agencies that will benefit from access to such information.

“Similarly, any costs associated with a requirement to retain customers' communications data not normally retained for business purposes, should not be borne by industry.”

Vodafone Hutchison Australia endorsed the AMTA and Communications Alliance submission, calling also for more detail about how the new arrangements would work.

Australia's second largest broadband provider, iiNet mounted a defence of civil liberties, saying the proposals failed to achieve “an appropriate balance between the human rights and privacy of individuals, the cost and impact of the reforms on the telecommunications sector; and the needs of law enforcement agencies”.

iiNet objected to giving government unfettered power over how telcos ran their networks and to any requirement for carriers or service providers to collect new information.

Macquarie Telecom also argued that the reforms had not been justified and the burden on industry was not proportionate.

Huawei Technologies took the opportunity to argue that any regulatory regime focused on security should operate in a “non-discriminatory” manner to give Australia access to the latest technology and ensure it met its international trade obligations.

Chinese-owned Huawei made headlines this year after it was shut out from the National Broadband Network on advice from intelligence agencies.

Privacy concerns

The Internet Society of Australia described the discussion paper as “unclear” and “vague”, while Electronic Frontiers Australia (EFA) described it as “far from coherent”.

“EFA is seriously concerned at the lack of detail ... in relation to this proposal, as well as the lack of any cost-benefit analysis or even a substantive justification for such a wide-ranging proposal that would affect all Australians,” the EFA wrote.

“It is therefore very difficult to make meaningful comments.”

Free-market think tank, the Institute of Public Affairs (IPA), noted that the discussion paper made only “a very weak attempt” at justifying significant new powers and described the data retention regime as “onerous” and “a significant incursion on civil liberties”.

“Data retention would be a continuous, rolling, systematic invasion of the privacy of every single Australian, only justified because a tiny percentage of those Australians may, in the future, be suspects in criminal matters,” the IPA wrote.

“Indiscriminate data retention is an abrogation of our basic legal rights. Data retention regimes make internet users guilty until proven innocent.”

The Gilbert + Tobin Centre of Public Law at the University of NSW warned against an 'omnibus' approach to legislation because of the difficulty of winding back legislation.

“Distinct pieces of legislation for each individual issue being addressed are preferable,” the centre submitted. “Such an approach makes the purpose of the legislation clear to the public and parliamentarians and facilitates engaged debate and effective scrutiny.

“Furthermore, if and when it becomes appropriate to scale back the state's national security response, separate pieces of legislation are easier to identify and to amend.”

The Australian Communications Consumer Action Group Costs noted that any costs would be passed onto consumers in the form of higher prices and added that the proposals could impact the consumer choice of people with hearing difficulties.

Groups such as the Victorian Privacy Commissioner and the Law Council of Australia also argued that the proposals would shift power too far in favour of the state, away from the human rights of its citizens.

The Western Australian branch of the Religious Society of Friends (Quakers) and the Pirate Party of Australia both pointed out that the data retention policy left people's personal records vulnerable to hacking.

Last month, hackers stole and published AAPT customer data to prove that ISPs and telcos would be unable to protect information that would be stored under the data retention regime.

The Pirate Party suggested that only crimes of a serious nature – with a minimum jail time of seven years –would justify the use of surveillance technologies as stipulated in the TIA Act.

The TIA Act was one of four that were amended by a data preservation bill last week, allowing police to force telcos to retain data on persons of interest for a set period while a warrant was sought.

Last week’s changes were couched as necessary for Australia to accede to the 2004 Council of Europe Convention on Cybercrime, while the full data retention regime was modelled on the European Union’s data retention directive.