The High Court of Australia, in pursuing coherence between common law and statute law, has limited itself to ensuring that the rules of common law and statute law should be free of contradiction. The Court does not appear to have embraced the idea, which lies at the core of some major theories of private law, that a set of rules is coherent only if the set can be explained as the outworking of a single principle. Applying that idea to the relationship between common law and statute law is confronted by some serious challenges. In the past, coherence as non-contradiction (combined with the idea of parliamentary supremacy) has worked well as a means of reconciling common law with statute law, but the proliferation of legislation in recent years and the character of much modern legislation has drawn attention to the limitations of such an approach to the question. A more exacting approach to coherence of common law and statute law, on the other hand, would require the revision of some widely-held assumptions about the nature of law, such as the core assumption of legal positivism that the ultimate criterion of the authority of the law is its pronouncement by an authoritative institution.'The passage of Australia’s data retention regime: national security, human rights, and media scrutiny' by Nicolas Suzor, Kylie Pappalardo and Natalie McIntosh in (2017) 6(1) Internet Policy Review comments
In 2015, the Australian government passed the Telecommunications (Interception and Access) Amendment (Data Retention) Act, which requires ISPs to collect metadata about their users and store this metadata for two years. From its conception, Australia’s data retention scheme has been controversial. In this article we examine how public interest concerns were addressed in Australian news media during the Act’s passage. The Act was ultimately passed with bipartisan support, despite serious deficiencies. We show how the Act’s complexity seemed to limit engaged critique in the mainstream media and how fears over terrorist attacks were exploited to secure the Act’s passage through parliament.The authors note
The final text of the act is complex, confusing, and lacks key safeguards to protect the privacy of Australians. In part II of this article, we review the obligations imposed by the act and the mechanisms that have been introduced to protect human rights. Experience from other jurisdictions and the recommendations of Australian reviews suggest that mass data retention obligations can only be justified if they are clearly necessary and curtailed to limit access to data for the purposes of addressing serious crimes with full judicial oversight. The act, as passed, does not contain these safeguards, and important terms are not defined in the act or are defined only in the negative or in explanatory materials.
Public interest concerns were raised consistently throughout the period in which the bill was under consideration, but were ultimately not directly addressed by the government. In part III, we review the history of the act’s introduction as represented in the Australian press media, in order to better understand how the act was passed without resolving these core human rights tensions. The final text of the act reflects the trauma the government suffered during its passage, resulting in a number of very specific limitations that address the most acute and politically problematic concerns raised by opponents. The larger-scale concerns about the necessity of introducing mass-scale surveillance obligations or the scheme's uncertain scope, vague specification of access rights, and limited judicial oversight, however, were not well represented in the media. Our analysis suggests that the government was able to exploit the complex and uncertain scope of the data retention obligations in its favour to marginalise opposition that hinged on quite technical questions of coverage and access. The government was also able to draw heavily on escalating national security rhetoric around several high-profile terrorist attacks to effectively sidestep scrutiny about why the new obligations were required. Ultimately, while the government had to make several concessions to particular interest groups, it was able to avoid substantively addressing key concerns about the scheme in the media by channelling attention to the more easily answered question about whether the proposed data set would be included in the legislation. Many of the issues raised during the passage of the act were effectively deferred to be resolved at a future date, either by a review committee or through ministerial regulations, giving the government the time it needed to secure bipartisan support for its passage.They conclude
The Telecommunications (Interception and Access) Amendment (Data Retention) Act was passed by the Australian government in April 2015, and is due to be reviewed by the PJCIS sometime in 2019 (s 187N). However, absent a high-profile court case or renewed vigour in the public debate, it is unlikely that a review will change much about Australia’s current data retention scheme. Our analysis of the mainstream media over the course of the passage of the act highlights significant shortcomings in the legislative process. In Australia, where the legislature is primarily responsible for defining (and by implication, protecting) the rights of individuals, we have shown that human rights concerns about mass data retention were poorly ventilated in major policy fora. Ultimately, the government was able to pass the legislation with very little interrogation of its claims that data retention is necessary to maintain national security. We suggest that this is particularly concerning in a system without a constitutional bill of rights that is enforceable by an independent judiciary.
In Europe, similar data retention schemes have been found disproportionate to the objective of fighting serious crime, even where that objective was deemed to be a legitimate objective of general interest. Factors that compelled the ECJ to hold that a wide-ranging metadata retention obligation was disproportionate included that the obligation impacted all citizens using electronic communications services regardless of involvement in criminal activity and that there was no requirement that law enforcement agencies obtain a warrant or seek prior review from a court or independent administrative body before accessing a person’s metadata. In Australia, similar shortcomings with the government’s data retention regime did not have any real impact on the success of the act’s passage through parliament. Unlike in other jurisdictions, there is little prospect that these concerns can be raised in any challenge to the validity of the act.
The government asserted, following terror attacks in Sydney in December 2014 and Paris in January 2015, that extensive data retention was necessary to protect national security. This assertion was not effectively questioned by the Australian mainstream press. But even if data retention is accepted as a necessary intrusion to maintain national security, the government has not included protections to make it a proportionate measure. In this article we have raised concerns about deficiencies in the act, including that the language of the act remains vague; the scope for ministerial discretion about what metadata must be retained and which agencies may access metadata is significant; and there is no judicial oversight before agencies may access Australians’ private information.