Authorities are not interested in using the Abbott government’s proposed data retention scheme to go after internet pirates, the assistant commissioner of the Australian federal police, Tim Morris, has said.

Morris told a technology conference on Sunday that the $400m scheme, under which Australians’ metadata would be retained by internet service providers for up to two years, was essential to fight cybercrime and terrorism.

Phone numbers, the time and duration of calls, email addresses and, potentially, URLs would all be stored, but Morris reiterated that the AFP was “not interested in someone sitting down in their lounge room torrenting Game of Thrones”.

“We’re not going to have a taskforce come out to get [pirates] based on metadata collection. I need to make this clear. That’s a no,” he said on Sunday.

Meanwhile the commonwealth ombudsman told Guardian Australia that while he was consulted by the attorney general’s department (AGD) about the office’s role under the new laws, “it is not proposed that the commonwealth ombudsman will oversee the data retention regime and carriers”.

“The office has only provided comments to the AGD on provisions relating to the commonwealth ombudsman’s oversight role,” the ombudsman, Colin Neave, said in a written response to emailed questions.

“It is only proposed that the commonwealth attorney general may consult with the commonwealth ombudsman in determining which agencies may be declared eligible to access telecommunications data.”

Greens senator Scott Ludlam, who was also at the conference, said ombudsman’s oversight provided only “weak” protection and that the public could not take the AFP’s assurances the scope of the scheme would not expand in the future.

“We don’t know how ubiquitous or restrained this data retention scheme is because they simply refuse to say anything at all,” Ludlam said.

“The bill doesn’t say [what data will be collected]. It was written by lawyers inside the attorney general’s department, and they don’t have technical backgrounds,” he said.

“What if in six months’ time something horrible happens, they’re going to say actually we’re going to need to collect five years worth of data and now actually we’re going to need records, we’re going to need this, we’re going to need that.

“These things move in one direction only and it’s bloody hard to unwind them. It’s scope creep. All we’ve been able to get out of attorney general George Brandis is that Edward Snowden is a traitor.”

An Australian Lawyers Alliance spokesman, Greg Barns, said Australians should be wary of assurances made by police given what we know from Snowden’s revelations and the way in which police and security agencies have misled the public about how they have used data.

“I am not accusing Mr Morris of misleading the public, but I’m saying there is a track record that needs to be taken into account and the only way to ensure the AFP doesn’t use data is for there to be an independent ombudsman, or alternatively, a specific industry-type ombudsman,” Barns said.

Barns said it was “pointless” to have an ombudsman that had been appointed internally because the very nature of having an ombudsman is that it is independent of all agencies and government.

“It’s not up to the AFP to talk about appointing the ombudsman to oversee the scheme that can ensure metadata is not misused by law enforcement.

“The ombudsman needs to have to have sufficient teeth, that would be able to impose real sanctions against the AFP and other police departments for breaches, otherwise it’s a toothless tiger.”

Ludlam said Australian voters have simply not been shown any evidence that mandatory data retention works.

Courts in Germany, Romania and the Czech Republic have rolled back data retention schemes on privacy grounds. A study by German police found that it made a negligible impact on reducing crime.

While the AFP said it took Australians’ right to privacy seriously, Morris said that had to be balanced with the need for pre-emptive law enforcement.

“Those that have nothing to hide should have nothing to fear,” he said. “The chances that your data will be viewed by law enforcement are very low.”