Privacy versus the Use of Location Information for Law Enforcement and Security in Australia
Main Article Content
Keywords
location information, privacy, metadata retention and disclosure, LTE, law enforcement and national security
Abstract
This article reviews existing knowledge regarding the powers of the Australian Security Intelligence Organisation and the Australian Federal Police to access and use metadata. The review is primarily based on published research on the privacy impact of the revised metadata retention and collection framework introduced in 2015. The review reveals that, after 2015, no comprehensive study was undertaken in the following areas: how location information is generated and exchanged in the IP-mediated long-term evolution telecommunications network, and how mobile devices are tracked and create more precise location estimates, in the legal and policy context of the exceptions and privacy safeguards introduced after 2015; the discretionary powers of the agencies to use personal and sensitive information to identify inquiries and investigations to pursue, to enforce the law and perform their functions, and to carry out activities related to their functions and purposes; and the flexible oversight principles contained in the guidelines that create conflicts between law enforcement and privacy interests. The review proposes future multidisciplinary research.
Downloads
References
ACMA. 2017b. Communications report 2016–17
Australian Security Intelligence Organization (ASIO) Act 1979 (Cth)
Attorney-General’s Department. 2015. Submission No 27 to the Parliamentary Joint Committee on Intelligence and Security (PJCIS), Inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, 16 January 2015
Attorney-General’s Department. 2016. ‘Attorney-General's Guidelines in relation to the performance by the Australian Security Intelligence Organisation of its function of obtaining, correlating, evaluating and communicating intelligence relevant to security (including politically motivated violence)’, June (Attorney-General's Guidelines). http://www.asio.gov.au/About-ASIO/Oversight-and-Accountability/Attorney-General-Guidelines.html
Australian Privacy Commissioner. 2015. Submission No 92 to the Parliamentary Joint Committee on Intelligence and Security, Parliament of Australia, Inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, January 2015
Australian Attorney-General’s Department. 2012. ‘Equipping Australia against Emerging and Evolving Threats’, Discussion Paper, July 2012
Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd. 2001. HCA 63 (the Lenah Game case)
Australia & New Zealand Bank v Ryan. 1968. 88 WN (Pt l) (NSW) 368
Barclays Bank Plc. (Trading as Barclaycard) v Taylor [l989] 1 1 WLR 1066
Battersby, L. 2012. ‘Telstra offers signal boost – at a price’, Sydney Morning Herald (online), 6 July 2012 http://www.smh.com.au/business/telstra-offers-signal-boost--at-a-price-20120706-21l5f.html
Bellovin, SM; Blaze, M; Landau, S; Pell, SK. 2016. ‘It’s Too Complicated: The Technological Implications of IP-Based Communications on Content/Non-Content Distinctions and the Third Party Doctrine’. Harvard Journal of Law & Technology, 30(1), 1-101
Bloch V; Wark V (eds). 2015. ‘Australian Internet Data Collection – Are We Fighting to Protect Privacy Which Is Already Lost’. Communications Law Bulletin, 34(2), 23-27
Bramwell, O. 2012. A delicate balancing act: data protection, individual privacy & the right to be forgotten: tackling data retention in the digital age (LLB Thesis). Melbourne, Monash University
Burgess, M. 2015. ‘Why new “metadata” laws are vital for police’. Police Association (Victoria) Journal, 81(5), May 2015, pp 16–17. https://search.informit.com.au/documentSummary;dn=340074488849139;res=IELAPA
Carona, X; Bosua, R; Maynard, SB; Ahmad, A. 2016. ‘The Internet of Things (IoT) and its impact on individual privacy: An Australian perspective’. Computer Law & Security Review, 32(1), 4–15. http://dx.doi.org/10.1016/j.clsr.2015.12.001
Carpenter v. United States (Supreme Court of the United States of America, No. 16-402, 22 June 2018) IV 18. https://www.supremecourt.gov/opinions/17pdf/16-402_h315.pdf
Christoj v Barclays Bank. 2000. 1 WLR 937
Chan, J; Moses, LB. 2017. ‘Making Sense of Big Data for Security’, The British Journal of Criminology, 57(2), 299-319
Clarke, R. 2015. ‘Data retention as mass surveillance: The need for an evaluative framework’. International Data Privacy Law, 5(2), pp 121–132. http://dx.doi.org/10.1093/idpl/ipu036
Clarke, R. 2016. ‘Privacy Impact Assessments as a Control Mechanism for Australian National Security Initiatives’. Computer Law & Security Review, 32, pp 403–418.
Commonwealth, Parliamentary Debates, Senate, 25 March 2016, 2294 (George Brandis MP)
Communications Access Coordinator’s (CAC) Telecommunications (Interception and Access) (Requirements for Authorisations, Notifications and Revocations) Determination 2015 (Cth) (at 9 October 2015) [CAC Determination 2015]
Davies, D. 2001. ‘Unprincipled privacy: Why the foundations of data protection are failing us’, UNSW Law Journal, 24(1), 284-289
Day v Commissioner, Australian Federal Police. 2000. FCA 1272 (11 September 2000) (the Day case)
Department of Parliamentary Services (Cth), Bills Digest, No. 10 of 2007-08, 3 August 2007
Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources (C-293/12 and C-594/12) [2014] ECJ
Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006
ETSI. 2016a. ‘Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; Functional stage 2 description of Location Services (LCS)’, (3GPP TS 23.271 version 13.0.0 Release 13)
ETSI. 2017a. ‘LTE; Evolved Universal Terrestrial Radio Access Network (E-UTRAN); Stage 2 functional specification of User Equipment (UE) positioning in E-UTRAN’, 2017, (3GPP TS 36.305 version 14.2.0 Release 14)
ETSI. 2017b. ‘Lawful Interception (LI); Retained data handling; Handover interface for the request and delivery of retained data’, 2014, TS 102 657 V1.15.1 (2014-08)
ETSI. 2017c. ‘LTE; Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Universal Terrestrial Radio Access Network (E-UTRAN); Overall description; Stage 2’, 2017
ETSI. 2017d. ‘LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); LTE Positioning Protocol A (LPPa)’
ETSI. 2017e. ‘LTE; Evolved Universal Terrestrial Radio Access Network (E-UTRAN); S1 Application Protocol (S1AP)’
ETSI. 2017f. ‘Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; Network architecture’, 2017, (3GPP TS 23.002 version 14.1.0 Release 14) ETSI TS 123 002 V14.1.0 (2017-05)
ETSI. 2017g. ‘Universal Mobile Telecommunications System (UMTS); LTE; Evolved Packet System (EPS); Mobility Management Entity (MME) and Serving GPRS Support Node (SGSN) related interfaces based on Diameter protocol’
Evidence to PJCIS, 30 January 2015, 48 (Malcolm Lanyon, Assistant Commissioner Commander, Special Services Group, New South Wales Police Force)
Evidence to Parliamentary Joint Committee on Intelligence and Security, Parliament of Australia, Canberra, 30 January 2015, 31 (Peter Leonard Guildford, Chairperson of the Media and Communications Committee, Business Law Section of the Law Council of Australia)
Farrell; Secretary, Department of Immigration and Border Protection (Freedom of information) [2017] AATA 409 (31 March 2017) (the Farrel case)
Fair, P. 2015) ‘Mandatory Data Retention: Overview and Issues Citation’. Inhouse Counsel, 19(8), 110
Fernandes, F; Sivaraman, V. 2015. ‘It’s only the beginning: Metadata Retention laws and the Internet of Things’. Australian Journal of Telecommunications and the Digital Economy, 3(3), 47–57. http://dx.doi.org/10.18080/ajtde.v3n3.21
Federal Commissioner of Taxation v Australia & New Zealand Banking Group (1979) 143 CLR 499
Germano, A. 2010. ‘The Impact of Femtocells on Next Generation LTE Mobile Networks’, (PowerPoint Presentation at the FemtoForum) 1–30. ftp://www.3gpp.org/Information/presentations/presentations_2010/2010_05_Moscow/Femto_Forum_G ermano.pdf
Golder, B; Williams, G. 2006. ‘Balancing national security and human rights: Assessing the legal response of common law nations to the threat of terrorism’. Journal of Comparative Policy Analysis: Research and Practice, 8(1), 43-62.
Human & Constitutional Rights Resource Page. 2018 http://www.hrcr.org/safrica/privacy/austr_law.html
iiNet. 2015. Law enforcement agencies contact https://www.iinet.net.au/about/legal/law.html
IETF. 2007. ‘Request for Comments: 4960 Stream Control Transmission Protocol’.
IETF. 1981a. ‘RFC. Transmission Control Protocol DARPA Internet Program Protocol Specification’
IETF. 1981b. ‘RFC 791. Internet Protocol DARPA Internet Program Protocol Specification’
Inspector?General of Intelligence and Security Act 1986 (Cth) (IGIS Act)
Jaffarie v Director General of Security [2014] FCAFC 102 (18 August 2014)
Johnston, A. 2017. ‘Privacy law: Data, metadata and personal information: A landmark ruling from the federal court’. Law Society of NSW Journal, 31 (March), 82-83.
Jones, DM. 2016. ‘Intelligence and the management of national security: the post 9/11 evolution of an Australian National Security Community’. Intelligence and National Security, 33(1), 1–20.
Kozierok, C. 2005. The TCP/IP Guide in the TCP/IP Guide. http://www.tcpipguide.com/free/t_MessagesPacketsFramesDatagramsandCells-2.htm
Lachmayer, K; Witzleb, N. 2014. ‘The Challenge to Privacy from Ever Increasing State Surveillance: A Comparative Perspective’. UNSW Law Journal, 37(2), 748-783
Laster, D. 1989. 'Breaches of Confidence and of Privacy by Misuse of Confidential Information'. Otago Law Review 31, 424
Legal and Constitutional Affairs References Committee (LCARC), Parliament of Australia, Comprehensive revision of the Telecommunications (Interception and Access) Act 1979, (2015)
Leonard, P. 2015a. ‘The Metadata Retention Debate Rages On’. Internet Law Bulletin, 18(1) 17. https://www.gtlaw.com.au/sites/default/files/The-Metadata-Retention-Debate-rages-on.pdf
Leonard, P. 2015b. ‘Internet Data Retention in Australia: New Controversies and Complexities’. Privacy Law Bulletin 2, 12(1) (Lexis Nexis, online)
Leonard, P. 2015c. ‘Mandatory Internet Data Retention in Australia – Looking the horse in the mouth after it has bolted’. https://www.gtlaw.com.au/sites/default/files/Mandatory-Internet-Data-Retention-in-Australia_0.pdf
Loyd v Freshjeld (1826) 2 Car & P 325; 172 ER 147
Letter from the Attorney General, George Brandis to Hon Philip Ruddock MP, Chair of the PJCIS, 9 February 2016 cited in PJCHR, 25 February 2016
Maurushat, A. 2016. ‘BD use by law enforcement and intelligence in the national security space: Perceived benefits, risks and challenges’. Media and Arts Law Review, 21(3), 1–27.
Mayer, J; Mutchler P; Mitchell, JC. 2016. ‘Evaluating the privacy properties of telephone metadata’. Proceedings of the National Academy of Sciences of the United States of America, 113(20), pp. 5536–5541
Michael, K; Clarke, R. 2012. ‘Location privacy under dire threat as uberveillance stalks the streets’. Precedent, 108, 24–29.
Moses, LB; Chan, J. 2014. ‘Using Big Data for Legal and Law Enforcement Decisions: Testing the New Tools’. UNSW Law Journal, 37(2), 643-678
Nicholson, N; Redlich, H. 2015. ‘Big Data, Metadata and Personal Data - How Does the Privacy Act Regulate Metadata?’ Privacy Law Bulletin, 12(8), 215 (online)
Nohrborg, M. 2017. LTE, 3GPP. http://www.3gpp.org/technologies/keywords-acronyms/98-lte
Office of Australian Information Commissioner (OAIC, January 2015, Submission No 92 to the Parliamentary Joint Committee on Intelligence and Security, Inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, January 2015
Parliamentary Joint Committee on Human Rights (PJCHR). 2014. Parliament of Australia, Fifteenth Report of the 44thParliament
Parliamentary Joint Committee on Intelligence and Security (PJCIS). 2015. Advisory Report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 (Cth)
Privacy Commissioner v Telstra Corporation Limited [2017] FCAFC 4 (19 January 2017)
Privacy Act 1988 (Cth)
Revised Explanatory Memorandum, Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 (Cth)
Rodrick, S. 2009) ‘Accessing telecommunications data for national security and law enforcement purposes’. Federal Law Review, 37, 391.
Rix, M. 2013. ‘Security without secrecy? Counter-terrorism, ASIO and access to information’, pp. 240-263 in Baldino, D. (Ed), Spooked: the truth about intelligence in Australia. Sydney, Australia: NewSouth Publishing.
Rix, M. 2014. ‘What is the meaning and what is the use of ‘metadata retention’?’ The Conversation (online) 26 August 2014. https://theconversation.com/what-is-the-meaning-and-what-is-the-use-of-metadata-retention-30350
Robertson v Canadian Imperial Bank of Commerce [l9941 1 WLR 1493
Roach, K. 2011. The 9/11 Effect: Comparative Counter-Terrorism. Cambridge: Cambridge University Press.
Samsonidis v Commissioner, Australian Federal Police [2007] FCAFC 159 (5 October 2007)
Sarre, R. 2017. ‘Metadata Retention as a Means of Combatting Terrorism and Organised Crime: A Perspective from Australia’. Asian Journal of Criminology, 12(3) pp. 167–179
Selvadurai, N; Gillies, P; Islam, R. 2009. ‘Maintaining an effective legislative framework for telecommunications interception in Australia’. Criminal Law Journal, 33(1), 34–44
Selvadurai, N; Kisswani, N; Khalaileh, Y. 2016. ‘The proportionality principle in telecom-munications interception and access law in an environment of heightened security and technological convergence’. Information & Communications Technology Law, 25(3), 229-246. doi:10.1080/13600834.2016.1230925
Selvadurai, N. 2017. ‘The retention of telecommunications metadata: A necessary national security initiative or a disproportionate interference with personal privacy?’ Computer and Telecommunications Law Review, 23(2), pp 35–41.
Senate Legal and Constitutional Affairs References Committee (SLCARC), Parliament of Australia, Comprehensive revision of the Telecommunications (Interception and Access) Act 1979 (2015)
Shanapinda, S. 2017. ‘Retention and disclosure of location information and location identifiers OTT content and communication services’. Australian Journal of Telecommunications and the Digital Economy, 4(4), 251-279. https://doi.org/10.18080/ajtde.v4n4.68
Shanapinda, S. 2018. Advance metadata fair: The retention and disclosure of location information as metadata for law enforcement and national security, and the impact on privacy – An Australian story, (PhD Thesis). UNSW Canberra University (unpublished)
Smith, GJD; Moses, B; and Chan, J. 2017. ‘The Challenges of Doing Criminology in the Big Data Era: Towards a Digital and Data-driven Approach’. The British Journal of Criminology, 57(2), pp 259–274.
SSHD v Watson & Others Secretary of State for The Home Department and Tom Watson MP and others [2018] EWCA Civ 70 (the Watson case)
Svantesson, DJB. 2012. ‘Systematic government access to private-sector data in Australia’. International Data Privacy Law, 2(4), 268–276.
Taylor, G. 2000. ‘Why is there no Common Law Right of Privacy?’ Monash University Law Review, 10, 26(2) 235.
Telstra Corporation Limited and Privacy Commissioner [2015] AATA 991 (18 December 2015)
Telecommunications (Interception and Access) (Data Retention) Amendment Act 2015 (Cth) (Data Retention Act)
Telecommunications Interception Legislation Amendment (TILA) Act 2002 (Cth)
Telecommunications (Interception and Access) Regulations 2017 (Cth)
Telstra. 2015. Submission No 112 to the Parliamentary Joint Committee on Intelligence and Security, (PJCIS) Inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, January
Telecommunications (Interception and Access) Act 1979 (Cth)
Telecommunications Act 1997 (Cth)
Tournier v National Provincial & Union Bank of England [l9241 1 KB 461
USA FREEDOM Act 2015, 114–23 H.R.2048
Victoria Park Racing and Recreation Grounds Co Ltd v Taylor (1937) 58 CLR 479 (the Victoria Park case)
Vodafone Hutchinson Australia. 2017. ‘Privacy, 2017’. https://www.vodafone.com.au/about/legal/privacy
Williams, G and Hardy, K. 2014. ‘National security reforms stage one: Intelligence gathering and secrecy’ [online]. LSJ: Law Society of NSW Journal, No. 6, Nov 2014: 68-69. Availability: https://search.informit.com.au/documentSummary;dn=785911277868564;res=IELAPA
Williams, G. 2016. ‘The Legal Assault on Australian Democracy’. QUT Law Review, 16(2), 19-41.
Williams, G. 2005. ‘Balancing National Security and Human Rights: Lessons from Australia’. Borderlands e-Journal, 4(1) http://www.borderlands.net.au/vol4no1_2005/williams_balancing.htm
Winterton Constructions v Hambros (1992) 39 FCR 97, 114-15
Zwolenski, M; Weatherill, L. 2014. ‘The digital universe: Rich data and the increasing value of the internet of things’. Australian Journal of Telecommunications and the Digital Economy, 2(3), 41–49. http://doi.org/10.7790/ajtde.v2n2.47