Data retention and your journalism      

How the new laws affect you - and what you can do to protect yourself and your sources. By Mike Dobbie

The recent amendments to the Telecommunications (Interception and Access) Act 1979, passed by the Parliament with bipartisan support, require telecommunications companies and internet service providers to collect and retain your telecommunications data.

In the case of your journalism, it is clear this is not a counter-terrorism measure; it is designed to pursue whistleblowers by using journalists’ relationships with confidential sources to track them down.

This is a threat to your journalism and your ethical obligation to your sources.

What’s retained

In 2013-2014, before the recent amendments, there were more than 334,000 authorisations granted to 77 government agencies allowing them to access telecommunications data – these required a warrant.

The new scheme, however, is warrantless. Access is currently limited to 21 government agencies but this can be expanded. This is what they can get access to:

•  Your account details.
•  Phone: the phone number of the call or SMS; the time and date of those communications; the duration of the calls; your location using the line, device and/or mobile tower used to send or receive the call or SMS.
•  Internet: the time, date, sender and recipient of your emails; the device used; the duration of your connection; your IP address; possibly the destination IP address (if your carrier retains that information); your upload and download volumes; your location.

Journalist Information Warrants

There was no consultation before the Parliament introduced and passed legislation for the creation of Journalist Information Warrants.

These will be required if a government agency wants to access a journalist’s telecommunications data or their employer’s telecommunications data for the express purpose of identifying a journalist’s source.

A government agency must apply to a judge of the Federal Court or a member of the Administrative Appeals Tribunal (known as the issuing authority) for the Warrant.

The 21 government agencies include the anti-corruption bodies, Border Force, the Australian Securities and Investments Commission and the Australian Crime Commission, and state and federal law police forces.  Asio doesn’t have to front a court or tribunal; it can apply for a Journalist Information Warrant directly to the Attorney-General.

A “journalist” is defined as “working in a professional capacity”, i.e. having “regular employment, adherence to enforceable ethical standards and membership of a professional body”.

Your ethical obligation as a MEAA member

The MEAA Journalist Code of Ethics is binding on every MEAA Media member. Many employers also cite MEAA’s Code as part of their own internal code of conduct.

Clause 3 of the code states: “Aim to attribute information to its source. Where a source seeks anonymity, do not agree without first considering the source's motives and any alternative attributable source. Where confidences are accepted, respect them in all circumstances.”

The code requires journalists to protect the identity of their confidential sources.

However, the aim of the Journalist Information Warrant scheme is to by-pass the code, by secretly circumventing any objections you have. The Journalist Information Warrant ignores your ethical obligation and allows the government to access your telecommunications data without your knowledge so that it can trawl through your data to discover the identity of your source(s) and, presumably, prosecute them.

Who can challenge a Journalist Information Warrant?

Not you. Everything about Journalist Information Warrants is secret. Even should you discover a Warrant has been issued, reporting its existence will result in a two years’ jail.

In short, journalists and their media employers will never know if a warrant has been sought for their telecommunications data and will never know if a warrant has been granted or refused. Not even your telecommunications company will be told a warrant has been issued – your data will be accessed without the telco that retains it having to confirm that a Warrant has been issued.

The last minute Warrant amendment also created Public Interest Advocates. Appointed by the Prime Minister of the day, they will be people with a legal, not a media, background and with high level security clearance.

They cannot be Commonwealth or State/Territory employees (or office holders if there is an apparent conflict of interest). A question arises about whether any role in engaging in defamation matters or suppression orders would disqualify them.

If the chosen PIA is unable to appear or make a submission to the issuing authority, an alternate PIA will be found.

A PIA will be required to submit all facts and considerations against the issuing of a JIW – but the Advocate will not “stand the shoes” of the journalist or media organisation to argue the public interest as a journalist or media employer might.

The Journalist Information Warrant allowing access to a journalist’s or media organisation’s telecommunication data will be issued if “the public interest in issuing the warrant outweighs the public interest in protecting the confidentiality of journalists’ source”.

All of those appearing before the Federal Court judge or the AAT member will be appointed by the government or Prime Minister. There is no one to argue in defence of the public interest from the media’s perspective or from the confidential source’s perspective.

How it will work

Government agencies will approach an issuing authority (or the Attorney General in the case of ASIO and the Director-General of Security in an emergency if the Minister is unavailable) to seek access to a journalist’s telecommunications data for the purpose of identifying a confidential source.

A PIA will be appointed to the matter within seven days. The PIA will determine whether to make a submission or attend at a hearing or will advise whether they are unable to do so.

Warrants could still be granted without a PIA’s submission or attendance but if they are unable to do the work it’s likely another Prime Minister-appointed PIA will be found. The government agency’s relevant Minister or the issuing authority may also seek additional information from the agency about why the warrant is sought.

A Journalist Information Warrant remains in force for up to six months. Its scope can include the entire cache of your telecommunications data that has been retained over two years – in one giant “fishing expedition” trawling through your metadata in the hunt for your sources, thereby exposing every source.

You will never know how much of your telecommunications data has been accessed, how many sources and how many news stories have been compromised. You will not know if a warrant on your data has up to six months left to run or when it expires.

Perhaps the only time you may know something happened is when your confidential source is being prosecuted.

What to do about your data

Confidential sources tend to fall into a journalist’s lap. We usually don’t seek them out, they find us.

Hopefully, despite the chilling effect of this legislation, sources may still be able to make the initial contact with journalists in a safe manner – given that digital communications are now compromised perhaps snail mail will be one method to get in contact.

Once that contact is made and you have made your ethical obligation to protect the identity of your confidential source, you must do everything to protect their identity.

You should consider using the tools of counter surveillance where necessary: encrypt and anonymise your telecommunications. But with every tool you use, remember that they can become vulnerable. Be sure you understand the vulnerabilities of what you use and be prepared to utilise other tools.

MEAA is obviously reluctant to endorse any particular product or service – it’s best you do your own research.

Virtual private networks (VPNs) should be considered to encrypt your internet data but think about how they work, what could happen, and keep searching for safe options.

Consider attending crypto-parties to learn about the latest tools and what their limitations are.

Importantly, media organisations have a role in this. Their telecommunications data is compromised too. Get your newsroom to adopt safe file-dropboxes that allow for secure information transfer and storage. Encourage your employer to train editorial staff in the latest tools for modern journalism – this is a global problem and there are many training opportunities becoming available where we can all learn.

If all else fails, perhaps adopt the advice of Wikileaks founder Julian Assange and arrange communications with your sources by snail mail.

Finally, continue campaigning with MEAA about this problem. It’s crucial we keep our audiences informed of these attacks on press freedom and the need to protect public-interest journalism.

Our sources must be satisfied that we can protect their identities and that we can continue to get vital news stories out to our audiences. Sign this petition and keep up-to-date through the Press Freedom website.

Finally, read UN special rapporteur on freedom of expression David Kaye on the global need for states to implement genuine measures to protect whistleblowers and journalists’ sources.