It was very surprising to read an article by Josh Taylor in the Guardian claiming that, first:
Telstra is holding key information that could solve the mystery of who decided to use private security guards in hotel quarantine in Victoria, but Victoria Police has said restrictions in the mandatory data retention legislation prevent the release of critical call records.
Legal experts said there were multiple ways the call logs could have been legally accessed for the inquiry.
Let’s have a closer look at the grounds suggested.
Monika Zalnieriute, a senior lecturer of law at Macquarie University, and Genna Churches, a PhD candidate at the University of NSW faculty of law and justice, have examined the data retention legislation closely.
The pair told Guardian Australia in a joint statement the claim by Victoria police that Telstra could not provide the logs “is not grounded in law at best, and is deliberately confusing, at worst, because there are quite a few ways for Victoria police to access Ashton’s data”.
They said one potential avenue allowed in the mandatory data retention legislation was for “protecting public revenue”.
The reference here is to the infamous Chapter 4 of the Telecommunications (Interception and Access) Act 1979 (‘the TIA’). Back when the TIA was first enacted, it was a mere 28 sections long. Now it is a beast of more than 300 sections. One of those insertions was Chapter 4: ‘Access to telecommunications data’. In popular political discussions, this Chapter is the main site of the ‘metadata’ regime — when could authorities access information about a communication without being able to access the content of the communication (a quick technical note is that Chapter 4 predated the metadata regime, but let’s just roll with the narrative).
Part 13 of the Telecommunications Act 1997 makes it an offence to disclose information about communications unless it is authorised by law. A simplified way of thinking about it is that the Telecommunications Act 1997 protects privacy in very broad, sweeping terms, while the TIA provides the limited situations in which there is an exemption from the privacy protection.
Division 3 of Chapter 4 of the TIA is all about ASIO’s ability to access your metadata, while Division4 of Chapter 4 is all about access for ‘enforcement agencies’. Victoria Police is fairly uncontroversially an enforcement agency so, in order to access metadata, it needs a legitimate purpose that matches a statutory reason.
This gets us to ‘protect the public revenue’ in section 179 which, in no uncertain terms, would not give Victoria Police access to the telephone logs. Here’s the relevant part of the section:
The authorised officer must not make the authorisation unless he or she is satisfied that the disclosure is reasonably necessary for the enforcement of a law imposing a pecuniary penalty or for the protection of the public revenue.
It’s clear from the explanatory memorandum that ‘protecting the public revenue’ refers here to tax fraud. It is likely that it could extend to welfare fraud. But it’s a very creative act of statutory interpretation that says that finding out who made the decision to use private security at a hotel would protect public revenue. Which revenue is being protected? How is it being protected? In what way would getting access to the data result in the revenue being returned or not disbursed?
“We cannot know if metadata was accessed under this category in similar circumstances in the past – there is no information because of the loose reporting requirements for enforcement agencies under the act and no reporting requirements under the Telecommunications Act,” they said.
This is an extremely puzzling statement. We also cannot know if metadata was accessed under this category to discover what happened to Harold Holt, whether the Gipplsand Panther is real, or why birds suddenly appear every time you are near, not because of the ‘loose reporting requirements’ but because there’s no rational connection between the statutory ground and those purposes.
Zalnieriute and Churches said section 280 of the Telecommunications Act could be used, and the hotel quarantine inquiry also had powers to compel the production of information under state legislation that Telstra could not refuse.
Section 280 of the Telecommunications Act is a bit cumbersome, but here’s the important bit:
[The protection of information in the Telecommunications Act] does not prohibit a disclosure or use of information or a document if:
(a) in a case where the disclosure or use is in connection with the operation of an enforcement agency—the disclosure or use is required or authorised under a warrant; or
(b) in any other case—the disclosure or use is required or authorised by or under law.
The argument is that the disclosure of the telephone records is required or authorised by or under law. Precisely which law requires or authorises the disclosure is not mentioned, but it’s pretty obvious that they mean the Inquiries Act 2014 under which the Board of Inquiry into the hotel quarantine program.
It is true that section 64 of the Inquiries Act exists and that it says that:
For the purposes of its inquiry, a Board of Inquiry
may serve written notice on a person requiring the
(a) produce a specified document or other thing
to the Board of Inquiry or a Board of Inquiry
officer before a specified time and in the
But when interpreting a statute, it is important to read the entire part because you never know when there is a section that modifies the application of a provision. And, lo, section 59 is real:
A Board of Inquiry may conduct its inquiry in any
manner that it considers appropriate, subject to—
(a) the requirements of procedural fairness
The powers given to boards of inquiry and Royal Commissions are phenomenal. You could even describe them as draconian. They have exceptional powers to compel evidence and we have the expectation that they will be used fairly and judiciously. Section 59 is part of a safeguard on the use of those powers.
Further, these powers are subject to the Victorian Charter of Human Rights and Responsibilities where there is a proportionality test for breaching privacy.
It was not a criminal act to make the decision to use private security. It was not an improper decision, as far as anybody can tell. There is no evidence to suggest that procuring the services was improper. It may have been a poor decision and it might not be clear precisely who was the decision maker.
None of this gives a ground to use the extraordinary powers of the Board of Inquiry to compel the production of the metadata. It would very likely not be a proportionate use of the power.
So what to conclude?
First, there was no lawful ground for Victoria Police to use s 179 of the TIA as suggested by the Guardian.
Second, because the Board of Inquiry had not used its power under s 64 of the Inquiries Act, the metadata could not be released under s 280 of the Telecommunications Act.
Third, because of the nature of the question for which the metadata was requested, it is unlikely to be appropriate for the Board of Inquiry to use its power under s 64 of the Inquiries Act, and it is likely that it would be a breach of the Charter of Human Rights and Responsibilities.
The analysis provided by Zalnieriute and Churches to the Guardian appears to be incorrect, if what it is reported they said is accurate.