FOI 27 2016 Document 9 for release.pdf

For Official Use Only

SE14/482
ADDITIONAL ESTIMATES – FEBRUARY 2015
BACKPOCKET BRIEFING
USE OF TELECOMMUNICATIONS METADATA
Issue
On 7 October 2014, the ABC’s 7:30 Report aired a story on ‘Who should have access to your
metadata?’ The Clean Energy Regulator was identified as one of ‘dozens’ of government
agencies, separate to law enforcement and national security agencies, accessing metadata
under the Telecommunications (Interception and Access) Act 1979 (the TIA Act).
Headline Statement

The Clean Energy Regulator is an independent regulator responsible for administering a
number of climate change laws. These laws provide the Regulator with a range of
monitoring and enforcement powers.
–
These laws contain significant criminal and civil penalty provisions for persons or
organisations found to have breached the offence provisions contained in those
laws, or found to have engaged in dishonest or fraudulent conduct in connection
with schemes established by those laws.

The Clean Energy Regulator is an enforcement agency under the Telecommunications
(Interception and Access) Act 1979.

The Clean Energy Regulator has authorised the disclosure of telecommunications data on
two occasions in support of two separate investigations into breaches of climate change
law.
Talking Points

As part of its administration of climate change laws, the Clean Energy Regulator actively
pursues those who opportunistically or deliberately contravene these laws.
–
From 2 April 2012 to 31 December 2014, the agency finalised 117 investigations
and had 24 open investigations into allegations of breaches of climate change law.

The Clean Energy Regulator has a team of qualified and experienced investigators who
investigate alleged breaches of the legislation we administer.

The Clean Energy Regulator, as an enforcement agency under the TIA Act, can authorise
the disclosure of telecommunication when reasonably necessary for the enforcement of
the criminal law or a law imposing a pecuniary penalty, or for the protection of public
revenue.

While recognising the usefulness of telecommunications data as an enforcement tool, the
Clean Energy Regulator appreciates the potential sensitivity of this information source and
the legislative provisions in place to maintain integrity. In order to meet its legislative
obligations, the Clean Energy Regulator limits access to telecommunications data and has
established robust mechanisms for requesting, accessing and using this data.

In the period 2 April 2012 to 31 December 2014, there have been two authorisations for
the disclosure of telecommunication information by the Clean Energy Regulator.
Contact:
Peter Bache
Phone:
(02)

Division:
RCMD
Cleared by:
Ross Carter
Last Updated:
4.04.2017 4:06 PM
Version Control:
v1.0
For Official Use Only
Page 1 of 8

For Official Use Only

SE14/482

Authorisation for the disclosure of telecommunication information has been made on each
occasion by Senior Executive members of the Clean Energy Regulator.

The authorised officer must have regard to whether any interference with the privacy of
any person or persons that may result from the disclosure or use of telecommunications
data under request is justifiable, having regard to:
–
the likely relevance and usefulness of the information or documents, and
–
the reason why the disclosure or use concerned is proposed to be authorised.

These authorisations have been limited to the disclosure of telecommunications data on
the person of interest subject to an investigation, and only to verify information provided
by that person to allegedly claim benefits administered by the agency to which they were
not entitled.
–
In the first case, a subscriber check demonstrated that the phone number used in
support of a claim made to the Clean Energy Regulator was invalid (that is, the
phone number did not exist). This matter was subsequently referred to a State law
enforcement agency.
–
The second case relates to an investigation that is still ongoing.
:
A subscriber check demonstrated that the phone numbers used by a claimant
were subscribed to persons not associated to the claimant.
This supports allegations that the claims were fraudulent.

In accordance with s186 of the TIA Act, the Clean Energy Regulator reports annually to
the Attorney-General’s Department regarding access to telecommunications data for
inclusion in its annual report to Parliament.

The penalties contained in the climate change laws administered by the Regulator include
significant terms of imprisonment (e.g. a breach of s 66L of the ANREU Act – 10 years).

Additionally, for many of the matters investigated, offences under the Commonwealth and
state and territory criminal codes also apply.

Penalties applied by the courts for matters investigated by the Regulator include:
–
Civil penalties exceeding $200,000 applied to parties involved in a breach of the
Renewable Energy (Electricity) Act 2000 (REE Act) – MT Solar and others.
–
20 months imprisonment with a nine month non-parole period to be served by
way of home detention for breaches of the Criminal Code Act 1995 arising from
offences relating to the RET – John Testoni.
–
Two years imprisonment (served by way of intensive corrections order) for a
breach of the NSW criminal code – this matter arose form an investigation into
the improper creation of certificates and was referred to the NSW police who
prosecuted the matter – Lucie Yeung.

Contact:
Peter Bache
Phone:
(02)

Division:
RCMD
Cleared by:
Ross Carter
Last Updated:
4.04.2017 4:06 PM
Version Control:
v1.0
For Official Use Only
Page 2 of 8

For Official Use Only

SE14/482
Background

On 7 October 2014, the ABC’s 7:30 Report aired a story on ‘Who should have access to
your metadata? The Clean Energy Regulator was identified as one of ‘dozens’ of
government agencies, separate to law enforcement and national security agencies,
accessing metadata under the TIA Act.
–
ABC News ran a story on its website in parallel to the 7:30 Report programme titled,
Senate considers greater oversight for companies and councils accessing metadata
without warrants (see Attachment A).
–
On 29 August 2014,
from the 7:30 Report, contacted the agency
seeking further information in relation to this story (see Attachment B).
–
On 2 September 2014, the agency provided a response to the 7:30 Report (see
Attachment C). The response was prepared by the Investigations and Enforcement
Branch and cleared through the Acting Executive General Manager and General
Counsel.

On 12 December 2013, the Senate referred the following matter to the Legal and
Constitutional Affairs References Committee for inquiry and report:
Comprehensive  revision  of  the  Telecommunications (Interception and Access) Act 1979
(the Act), with regard to:
–
the recommendations of the Australian Law Reform Commission For Your
Information: Australian Privacy Law and Practice report, dated May 2008,
particularly recommendation 71.2; and
–
recommendations relating to the Act from the Parliamentary Joint Committee on
Intelligence and Security Inquiry into the potential reforms of Australia’s National
Security Legislation report, dated May 2013.
The initial reporting date was 10 June 2014. The Senate has granted two extensions for the
Committee to report. The final reporting date was 12 February 2015.

Contact:
Peter Bache
Phone:
(02)

Division:
RCMD
Cleared by:
Ross Carter
Last Updated:
4.04.2017 4:06 PM
Version Control:
v1.0
For Official Use Only
Page 3 of 8

For Official Use Only

SE14/482
ATTACHMENT A
Senate considers greater oversight for companies and councils accessing
metadata without warrants
ABC News, 7 October 2014.
Once considered the domain of senior police and spy agencies, metadata is now being used by dozens
of other government agencies for reasons as diverse as prosecuting unlicensed car dealers, investigating
dog attacks and forcing doctors to admit to ethical breaches.
Under the Telecommunications (Interception and Access) Act 1979, organisations ranging from the
RSPCA, Clean Energy Regulator and Racing Queensland can all obtain metadata without a warrant.
All they have to do is fill out a request form and send it directly to telecommunications companies like
Telstra, which are obliged by law to hand over the information which can include personal details, call
records and IP addresses.
Independent senator Nick Xenophon said most Australians would be shocked to learn exactly who can
get their hands on the material.
"There is a misconception that getting someone's metadata means that you have to be a law enforcement
agency, that it relates to national security or serious organised crime issues," he told 7.30.
"The fact is there are literally hundreds of thousands of metadata searches each year by organisations as
obscure as the Victorian Taxi Directorate and local councils."
Call records crucial to catching unlicensed car dealers
In the northern suburbs of Perth, investigators from the Department of Commerce are using metadata to
track down people involved in illegal car dealing.
Commissioner for Consumer Protection Anne Driscoll says it has been "fundamental" to catching
offenders, including a woman who had been prosecuted once before.
"We basically tracked the advertisements that were in a local newspaper over a period of about a year
and saw there was a continuing mobile phone number in use," she told 7.30.
The department requested subscriber information from the telecommunications service provider in order
to confirm the mobile number belonged to a woman named Jayde Ashleigh Grundy.
Ms Driscoll says Ms Grundy pleaded guilty to illegally selling 31 cars over a period of about a year and
was fined more than $11,000.
"I don't believe there would be any other way we could get a prosecution up along these lines without
metadata."
Metadata forces confession from doctor over ethics breach
Metadata is not only being used to expose illegal behaviour but immoral behaviour too.
Earlier this year, the Australian Health Practitioner Regulation Agency (AHPRA) received a complaint
about a doctor having an 'intimate and sexual relationship' with a patient's spouse.
The doctor initially claimed the relationship did not begin until after the patient was discharged from
hospital.
However, AHPRA used its powers to access call records in order to prove the pair had been in regular
contact while the patient was being treated for serious injuries.
"Without the telecommunications records, the severity of the breaches would not have been established,"
AHPRA told 7.30 in a statement.
Mr Xenophon says the intrusion of privacy was not necessary.
"It's a bit like locking down a CBD and having helicopters flying overhead if somebody is suspected of
shoplifting. That's the equivalent," he said.
"It's complete overkill. Let's concentrate on catching the bad guys, the terrorists and organised crime
figures and put our resources into that."
Contact:
Peter Bache
Phone:
(02)

Division:
RCMD
Cleared by:
Ross Carter
Last Updated:
4.04.2017 4:06 PM
Version Control:
v1.0
For Official Use Only
Page 4 of 8

For Official Use Only

SE14/482
Greens, telcos call for tighter controls on access to metadata
While metadata has proven useful to numerous government agencies, there are growing calls to place
limits on who can access the material.
A federal Senate inquiry into the Telecommunications Act is underway and Greens senator Scott Ludlam
is calling for greater judicial oversight.
"What we have at the moment are dozens of agencies, hundreds potentially, accessing material without a
warrant for a huge variety of different issues and the law really hasn't kept pace with technology," he told
7.30.
"You should be able to get the material but the request should go through a law enforcement agency
rather than just being able to fill out a piece of paper and say 'Hey, Telstra, tell me everything you've got
on this person'.
"You don't want to turn every little government agency in the land into little mini spy agencies."
The Australian Mobile Telecommunications Association is also concerned about the growing number of
organisations that can access private customer information.
CEO Chris Althaus says responding to each request for metadata is time consuming.
"This system is ballooning outside crime prevention, crime detection and national security issues. That
should be the core of any data-retention proposal," he said.
The Federal Government is considering forcing telecommunications companies to store metadata for at
least two years in case senior police and spy agencies need the material for counter-terrorism purposes.
Mr Althaus said the industry is happy to help with matters of national security but should not have to
respond to minor criminal investigations.
"The more people that have access, the more people that can be involved with this data set, the greater
the cost to industry," he said.
"We think the Government should put some significant limitations on the sort of data that's collected and
the sort of people who can access it."
The parliamentary joint committee on intelligence and security is due to report back at the end of the
month.
Local council makes no apologies for metadata use
However many organisations are unlikely to surrender their powers to access metadata without a fight.
Former Bankstown City Council Mayor Khal Asfour said the western Sydney community has become a
dumping ground and council needs to obtain call records and subscriber information to help tackle the
problem.
"I don't believe that you're invading privacy when you're helping to prosecute illegal dumpers in our city,"
he told 7.30.
"The cost of illegal dumping is in the hundreds of thousands annually. It is something the community
won't cop."
Bankstown City Council has made at least nine requests for metadata and the mayor says they all relate
to illegal dumping.
According to a report from the federal Attorney-General's Department, the most requests made in a single
financial year came from Centrelink, which contacted telecommunications companies 1,181 times in
2011-12.
There is also a push to expand the number of government agencies that can access the material, with
groups like the Australian Racing Board hoping to be added to the list.
Politicians disagree on definition of metadata
There has been confusion over what the term metadata actually means.
Prime Minister Tony Abbott has likened it to the material on the front of the envelope as opposed to the
content of the letter.
Contact:
Peter Bache
Phone:
(02)

Division:
RCMD
Cleared by:
Ross Carter
Last Updated:
4.04.2017 4:06 PM
Version Control:
v1.0
For Official Use Only
Page 5 of 8

For Official Use Only

SE14/482
Mr Xenophon says it is the equivalent of having a government agent following a person around and
writing down every address they have ever been to.
Greens Senator Scott Ludlam describes it as "data about data".
"It tells you everything you need to know about an email or phone call without actually disclosing the
content of the email or phone call," he told 7.30.

Contact:
Peter Bache
Phone:
(02)

Division:
RCMD
Cleared by:
Ross Carter
Last Updated:
4.04.2017 4:06 PM
Version Control:
v1.0
For Official Use Only
Page 6 of 8

For Official Use Only

SE14/482
ATTACHMENT B
From:

Sent: Friday, 29 August 2014 2:24 PM
To: CER - Media
Subject: ABC TV request
Good afternoon,
My name is
I’m a reporter with 7.30 on ABC TV.
I’m researching a story on the use of metadata, specifically the ability of certain organisations,
including Clean Energy Regulator, to access metadata for the purposes of “imposing a pecuniary
penalty or the protection of the public revenue”, as defined under the Telecommunications
(Interception and Access) Act 1979.
My story aims to present a series of case studies demonstrating how this has occurred in the past
and whether or not it has resulted in successful prosecutions. To give you some idea of what I
mean, a recent report from the Attorney-General detailed how Wyndham City Council in Victoria
was able to track down a woman whose dog had attacked a man. She had called paramedics
immediately after the incident but fled the scene before they arrived. The ambulance service
provided the council with the woman’s number and the metadata obtained from the
telecommunications provider detailed her call history and account information, which ultimately
resulted in her being prosecuted.
According to that same report, Clean Energy Regulator made one request to access metadata in
the 2012-13 financial year.
I would like to know:
  What was the purpose of this request?
  Was the request granted?
  What type of metadata was obtained? For example, call records.
  How did this information assist Clean Energy Regulator?
  In what way did it help Clean Energy Regulator in “imposing a pecuniary penalty or the
protection of the public revenue”?
  Did it result in the prosecution of any individuals? If so, how many and for what?
Thanks for your time. My contact details are below.


Contact:
Peter Bache
Phone:
(02)

Division:
RCMD
Cleared by:
Ross Carter
Last Updated:
4.04.2017 4:06 PM
Version Control:
v1.0
For Official Use Only
Page 7 of 8

For Official Use Only

SE14/482
ATTACHMENT C
From: CER - Media
Sent: Tuesday, 2 September 2014 3:52 PM
To:
Subject: Response to your enquiry [SEC=UNCLASSIFIED]
Hi

Thank you again for your enquiry. The following information can be attributed to a spokesperson
for the Clean Energy Regulator.
The Clean Energy Regulator can confirm one request was made to access metadata in the
2012-13 financial year.
A request was granted for access to subscriber details for use in an investigation into an
allegation of fraud against a Commonwealth benefits scheme.
The information obtained assisted the Clean Energy Regulator to investigate and take action to
ensure no further unlawful activity occurred.
As this investigation is ongoing, the agency cannot provide any further information.

Contact:
Peter Bache
Phone:
(02)

Division:
RCMD
Cleared by:
Ross Carter
Last Updated:
4.04.2017 4:06 PM
Version Control:
v1.0
For Official Use Only
Page 8 of 8