Interview with Matthew Doran, ABC Afternoon Briefing

SUBJECTS: Albanese Government’s proposed amendments to the Telecommunications Act 1997, corporate cyber security

MATTHEW DORAN, HOST: Minister, thank you for joining us on Afternoon Briefing today. This law that you’re rushing through Parliament to deal with being able to track people down using their mobile phones, can you explain a bit of the rationale there?

MICHELLE ROWLAND, MINISTER FOR COMMUNICATIONS: Three weeks ago, I received a letter from the New South Wales Coroner concerning the case of a missing person. The coroner specifically requested that amendments be made to the Telecommunications Act to better enable law enforcement agencies and carriers to utilise their data in order to be able to track missing persons.

We have taken the decision as a Government to act expeditiously. I as Minister understand it’s important to make these changes with the privacy of individuals in mind as well. And we are ready to bring forward to the Parliament our recommended amendments to this law.

DORAN: There’d be a lot of people wondering why this hasn’t been the case before, thinking that mobile phones, one of the, I guess, the uses of them is being able to keep track of people. What’s the current regime and how does this change differ?

ROWLAND: The actual regime for utilising that data won’t change. And the carriers and law enforcement agencies have long had processes in place to utilise data to find locations of people, including, of course, criminals. But what is changing here is the threshold at which that is enabled.

Currently, under the law there needs to be an imminent threat to a person’s life or health. The NSW Coroner determined that that threshold of imminent is often impossible to meet and it has been a significant factor in not enabling this type of location data to be used to track missing persons. So, this was a specific request from the Coroner, and I as Minister believe that this change should be made, that we should bring this to the Parliament and it should receive the support of the entire Parliament.

DORAN: Does it require cooperation from the telcos?

ROWLAND: The telcos already have that requirement to cooperate. Again, this is a long-established principle that has operated well in Australia in just about every context of law enforcement and national security. What we are doing here is lowering the threshold to something that the Coroner believes is more reasonable and could actually help law enforcement agencies and emergency personnel to do their jobs and save lives. We have some 30,000 people who go missing in Australia every year. If this enables at least one person to be found, you can imagine the solace that would give to the families and loved ones of those people.

DORAN: How quickly are you hoping to get this change through?

ROWLAND: We think that this amendment has merit and that if we bring this on, it can be dealt with expeditiously. We would hope that that would be the case.

DORAN: One other big issue that’s kicking around at the moment obviously is the latest data breach with Medibank. We’ve had news this morning from the health insurer that one of the alleged hackers here has posted some of that personal information online. How concerning is that development?

ROWLAND: It is deeply concerning. And I think just as in the case of Optus, this is a wake-up call for corporate Australia. It also highlights the very genuine concerns of all Australian consumers about where their data is held by big corporations, that that data be collected, used and disclosed in a proper way, and that appropriate security is maintained.

I know that the relevant agencies are doing their jobs to find the hackers and criminal investigations are underway so I’ll let that run its course. But it is deeply concerning for Australians yet again.

DORAN: I know shortly after the Optus hack you stood up alongside the Treasurer to announce changes to some of the rules surrounding notifications and the like. Would that also apply with a company like Medibank?

ROWLAND: Well, this is specifically in relation to information-sharing between the banks and other entities. But I do know that that is operating now at least in the case of a number of government agencies. And hopefully, that will also occur in relation to financial institutions as well.

DORAN: You mentioned this is a wake-up call for corporate Australia. Are we seeing more hacks or are we just learning about them more frequently?

ROWLAND: I certainly can’t comment on the quantum, but my message would be that it’s important for any business, any organisation that holds personal information, if they have been hacked or they suspect a hack, that needs to be reported because if that is done, then the appropriate authorities can kick in and do their jobs.

DORAN: There’s been a lot of discussion about data retention as a result of this. Do you think that over the last couple of years or so too much ground has been ceded in terms of national security and that desire to keep data on the books with certain companies, be they telcos, be they others, to be able to assist law enforcement and that’s then, as a result, opened companies up to hacks like this because they are holding a lot more than they used to?

ROWLAND: I think the key principle here is the welfare of consumers. And I know that the Attorney‑General continues to pursue reforms to the Privacy Act and is consulting on those. But also, the Attorney‑General and the Minister for Home Affairs have made it very clear that there needs to be a balance between appropriate collection use and disclosure. People need to have confidence in how their data is so being treated.

I think we always need to bring this back to the consumer. Consumers are viewing the latest hack through a privacy lens, and I think the Attorney-General by pursuing the reforms that he is a step in the right direction.

DORAN: Michelle Rowland, it’s a busy day in Parliament. We thank you for joining us.