Existing data retention laws sufficient

Last week, Attorney-General George Brandis described data retention as 'absolutely crucial in identifying terrorist networks and protecting the public'. On that basis, he argued for passage of the Government's data retention legislation.

This assertion is simply false. The government has all the power it needs.

French police and intelligence agencies had access to targeted real-time metadata to track suspected terrorists in the lead up to the Charlie Hebdo attacks. In addition, the terrorists in question were already on EU, UK, and US no-fly lists and had been banned from purchasing firearms.

Similarly, in Australia, Man Haron Monis was already well and truly on ASIO's radar, and Australia's security agencies have extensive surveillance capacities. They can, for example, obtain Data Preservation Orders that ensure metadata is retained and suspect activities on the internet examined. They can obtain warrants to intercept phone calls.

And yet, data retention didn't help the police – or the public – one bit.

To his credit, French PM Manuel Valls admitted 'a clear failing in security and intelligence'. It's become clear from the fall-out – as the Charlie Hebdo attacks are pored over by France's security experts – that part of the problem is too much data. Finding a needle in a haystack is not made any easier by adding more hay to the stack.

For Mr Brandis's benefit, I'm going to outline what his proposed mandatory data retention regime will achieve for everyone – not just individuals of interest.

Late last year, I undertook a controlled experiment: with assistance of Mark White of the Sydney Morning Herald, I had a technical firm record my metadata for a month to see what it revealed.

Before entering parliament I ran an agribusiness services company, Baron Strategic Services. Data monitoring equipment was installed in BSS's office and connected to the router. Because it only collected data relating to office traffic, there was no smartphone-derived geographical information.

The results were revealing. Without knowing any more than the name, metadata showed the sector in which BSS operates in less than a day. It was possible to work out which bank it uses and a complete record of its purchases and those of the staff – everything from furniture to renovations to compulsory third party insurance.

Metadata also revealed how often and for how long staff used social media like Facebook, where they planned to go on holiday, what one wanted to buy for Christmas, and when a female employee knocked off early.

As an employer, I've never been interested in monitoring employees in this way. I've always taken a dim view of people who time their employees' loo and cigarette breaks. That said, if the boss gets too invasive, an employee at least has a fighting chance of telling that person or company where to get off.