The Telecommunications Interception and Access Act 1979 (Cth) (TIAA), as amended in 2015, requires that Australian telecommunication companies retain specific data for a period of at least two years. The purpose of the TIAA is to permit access to retained data by Australian law enforcement and security agencies to assist in national security and serious criminal investigations. According to the Australian government’s 2014/15 annual report on the TIAA, enforcement agencies made 365,728 authorizations for access to historical telecommunications data in that financial year, of which the overwhelming majority was related to enforcement of criminal law.
While it is not uncommon for a party in civil proceedings to request a subpoena to compel a service provider (SP) to produce documents relating to telephone or internet communications, amendments to the TIAA due to come into effect in April 2017 will restrict access of data by subpoena where that data was retained by a SP to solely comply with the TIAA, provided no exclusion applies.
The Federal Attorney-General’s Department has recently invited submissions to widen the application of the TIAA to allow access to retained data in civil litigation. The Australian government’s reasons for this expansion are not immediately apparent as, apart from copyright rights holders, there appears to be limited support for the proposal when weighed against the compromise to personal privacy.
Currently under consideration by the Government is the Parliamentary Committee on Intelligence and Security’s recommendation that the TIAA include the ability for regulations to be made which exclude the new restriction for certain classes of matters. The Committee mentioned examples such as family law proceedings, including violence or international child abduction cases, but did not propose an exhaustive list of classes.
What Data is Retained under the TIAA?
Retained data under the TIAA includes information such as:
- a person’s name, address, contact information and device details;
- the source and destination of a communication including a phone number, email address or IP address;
- the duration and time of a communication or a session of data transfer; and
- the geographical location where the communication took place.
Access to Retained Data for Civil Litigation
Despite not including the content of a communication, such as the data transfer or web history, the retained data is by no means minimal and its significance to civil litigation ought not be underestimated. Such data may, and often can, substantially assist a litigant to prove elements of their case, and would have wide application in matters where, for example, defamation or breach of copyright is alleged.
Dallas Buyers Club LLC Litigation
One example which highlights the significance of retained data is the case of Dallas Buyers Club[A1] . In this case, Dallas Buyers Club LLC made an application to obtain preliminary discovery of the identifying information of 4,726 IP address holders who allegedly downloaded and shared the 2013 movie Dallas Buyer’s Club via BitTorrent (a peer to peer file sharing network), without consent and therefore in breach of Australian copyright laws.
A single judge of the Federal Court of Australia found that section 280 of the TIAA authorised an SP to disclose the identifying information by order of the Court. However, the Court was reluctant to permit the unconditional release of the identifying information and stayed the orders until Dallas Buyers Club LLC could satisfy the Court that the contents of letters addressed to the IP address holders was appropriate.
In a later hearing, Dallas Buyers Club LLC subsequently failed to satisfy the Court that the demands in their draft letter of demand were appropriate. The Court ordered that the stay would not be lifted until Dallas Buyers Club LLC provided an undertaking that the identifying information would not be used to demand payment of the cost of a licence fee or punitive damages, as set out in the draft letter, and provided a bond of $600,000.
Although that litigation appears to have been abandoned by Dallas Buyers Club LLC (given that it was prevented from engaging in speculative invoicing), it shows that Australian courts appreciate the ramifications of allowing unrestricted access to vast quantities of otherwise sensitive data.
Individual’s Access to Retained Data
Gaining access to retained data from SPs can be notoriously difficult. Early this year, the Full Federal Court in the case of Privacy Commissioner v Telstra dismissed an appeal against a decision that a journalist was not entitled to obtain access to all metadata retained by an SP related to his mobile phone usage. The Court considered that the SP had no obligations to provide such information as the data did not fall within the meaning of the term “personal information” for the purpose of the Privacy Act 1988 (Cth) at the time.
Whilst this case has a narrow application to the newly amended TIAA, it highlights the difficulty individuals face when seeking to obtain an understanding of and access to, data retained by SPs for the purpose of litigation.
 Dallas Buyers Club LLC v iiNet Limited  FCA 317
 An Internet Protocol address is a series of numbers assigned to identify electronic devices which form part of a network.
 Dallas Buyers Club LLC v iiNet Limited (No 4)  FCA 838
If you would like further information in relation to this matter or other legal matters please contact our office on Freecall 1800 609 945 or email us now.