Privacy gurus want data access reform
PRIVACY experts have questioned whether Ipswich City Council should be allowed to access the names and addresses of registered owners of mobile telephone numbers by submitting a request to Telstra.
The QT revealed on Saturday how council had made six requests for metadata to Telstra regarding four mobile numbers on illegal signs, which were placed across the city in the 2012-13 financial year.
The owners of the phone numbers were successfully prosecuted as a result.
Cr Andrew Antoniolli said the council asked for only the name and address of the owners of the phone numbers, and nothing more.
He said council was "approved as an enforcement agency and we have certain abilities under the legislation to access information relative to people who own mobile phones".
"But we only apply for those details using the approved format, when we have exhausted all other avenues of inquiry. It is our last resort," he said.
The Australian Privacy Foundation made a submission to the Senate inquiry into a comprehensive revision of the Telecommunications (Interception and Access) Act 1979 voicing its concern at the number of organisations that could access metadata, which could include the location of a person making and receiving a call, along with the time and length of such calls.
Ipswich City Council was listed as one organisation that had made a request for metadata.
When told what Ipswich council had accessed and why, APF chairman Dr Roger Clarke said he could see no justification for their actions.
"We all get annoyed by illegal signs popping up around suburbs, but how far down the system are you going to allow access to data that is security sensitive?" he said.
"We've got to allow an organisation to come forward with an explanation and justification, but we can't see how they (council) could. No council has ever put forward a proposition that says 'this is really important and we should have access to sensitive data'.
"We are seriously dubious about any justification for this. The name and address of a subscriber is standing data stored on a service provider's data base.
"Our general attitude would be there have got to be processes whereby organisations can seek legal authority to get access to the name and contact point of a subscriber to a telecommunications service.
"We don't even think that ASIO and its ilk should have automatic access to such stuff. That is data that requires a judicial authority and shouldn't simply be decided by an organisation."
Cr Antoniolli said "maybe Roger Clarke should come and try a day of enforcing laws, and perhaps look at the way dodgy business operators are using these sorts of avenues to operate outside the law".
He said one of the phone numbers on the illegal signs was from a person based in Luxembourg and there were "people out there offering bogus services and products and hiding behind their mobile phone number as their only shopfront".
"If people want to promote their phone number as a point of contact, then it isn't private...and Mr Clarke should know that."
Cr Antoniolli stressed council did not need or require "anything other than the name and address of the owner of the mobile phone".
"We can't justify as a council getting any more of that data," he said.
"If we can't justify it, why is it open to us?"
Nigel Waters, the former deputy federal privacy commissioner who co-authored the APF's submission to the Senate inquiry, said the limits to council's powers were not legislated and that council "could have asked for more" information.
"But technically they (councils) are allowed to get everything the other law enforcement agencies can get, which includes time and date of calls and the duration of calls, and all the other stuff," he said.
"All the Attorney General Department's submissions have confirmed what we think is the position - that technically these councils and other bodies like the RSPCA can get access to all the metadata, which is one of the reasons why it is such a concern."