Data retention: Tax Office could get metadata access

Parliamentary report suggests adding ATO to list of organisations able to get warrant-free access to material stored under the data retention regime

If a key recommendation of a parliamentary inquiry is implemented, the Australian Taxation Office will able to gain warrant-free access to so-called 'metadata' retained under the government's data retention scheme.

The bipartisan report of the Parliament Joint Committee on Law Enforcement's inquiry into financial related crime was tabled today.

Among its recommendations are that the ATO be listed as a 'criminal law-enforcement agency' under the Telecommunications (Interception and Access) Act 1979.

Defining the ATO as a 'criminal law-enforcement agency' would allow it to apply for stored communications warrants and issue data preservation notices, but would also offer it warrant-free access to data covered by data retention.

"On balance the committee is persuaded that with appropriate safeguards, including adequate privacy and oversight arrangements, the ATO should be able to access intercepted telecommunications information for the purpose of protecting public finances from serious criminal activities such as major tax fraud," states the report, which doesn't mention it would also give the ATO access to 'metadata'.

Criminal law-enforcement agencies are able to self-authorise access to data stored as part of the data retention regime.

The report cites the outcomes of the cross-agency anti-tax-evasion operation 'Project Wickenby' as justification for adding the ATO to the list.

Seventy six people have been charged as part of Wickenby and $2.285 billion in tax liabilities raised, according to the ATO.

Under the data retention legislation, access to data kept by telcos and ISPs to comply with the regime was restricted to the Australian Federal Police, state police forces and anti-corruption commissions, customs, the Australian Crime Commission, the Australian Commission for Law Enforcement Integrity (ACLEI), the Australian Competition and Consumer Commission (ACCC), and the Australian Securities and Investments Commission (ASIC).

Read more: Your face is part of Australia's 'national security weapon': should you be concerned?

The legislation creating the Australian Border Force earlier this year also added it to the list of organisations able to access data covered by the scheme.

Prior to the passing of the data retention legislation, telco metadata could be accessed by any agency that met the definition of "enforcement agency" under the Telecommunications (Interception and Access) Act 1979.

That definition included any organisation that enforced a criminal law, a law imposing a pecuniary penalty or a law that protected public revenue.

ASIC and the ACCC were originally excluded from the list of criminal law-enforcement agencies in the data retention bill but later included on the recommendation of the Parliamentary Joint Committee on Intelligence and Security's data retention report.

The Attorney-General can also declare new criminal law-enforcement agencies; however, the declaration is temporary and would only last until 40 sitting days of the lower house or Senate after the declaration comes into force.

A bill to amend the list of enforcement agencies would need to be referred to the PJCIS for review.

The ATO has been approached for comment.

The data retention legislation was passed earlier this year.

Follow Rohan on Twitter: @rohan_p

Join the Computerworld newsletter!

Error: Please check your email address.

Tags civil libertiesdata retentionprivacy

More about Attorney-GeneralAustralian Commission for Law Enforcement IntegrityAustralian Competition and Consumer CommissionAustralian Crime CommissionAustralian Federal PoliceAustralian Securities and Investments CommissionAustralian Taxation OfficeFederal PoliceTwitter

Show Comments

Market Place