Critics say “authority creep” is allowing increasing numbers of government agencies to access people’s data.

Laws passed last year compel telecommunications companies to retain customer data including who they call or text, where they make calls from, and who they email.

Access to the metadata was originally limited to 22 specific police and intelligence agencies, but that number has now blown out.

“There are many more than 22 agencies,” says John Stanton from industry lobby the Communications Alliance.

“Many state-based agencies have come forward and started using their own state-based powers to request metadata.

“Authority creep, I guess you might call it.”

The Communications Alliance told a recent parliamentary hearing that telcos get close to 1,000 requests for metadata each day.

The group says it is not clear just how many agencies can request access to stored metadata.

Because they are only accessing metadata and not the content of communications, they do not need a warrant.

Shadow Attorney-General Mark Dreyfus said access to stored metadata should be tightly restricted.

“It's a specified group of 22, reduced at the time of the mandatory data retention legislation going through from the previous very wide group of around 80,” he said.