Mandatory data retention is now law
Mandatory metadata retention is now official, following passage of the law through parliament.
The government's controversial mandatory data retention bill passed last week, requiring telecom operators to store metadata for two years to enable access by security and law enforcement agencies.
The bill passed the upper house with bipartisan support after the government agreed to a series of changes and and additional safeguards.
New and strengthened safeguards include reducing the number of agencies authorised to access the metadata from over 80 to just 21, and specific protections for journalists and their sources preventing retaliation through metadata discovery.
The government has also agreed to new oversight mechanisms for security and law enforcement agencies.
The Greens tried and failed to amend the bill to require agencies to obtain a warrant before accessing the metadata. Attorney-General George Brandis countered that this would be impractical because there were 340,000 instances of agencies requiring access to metadata last year alone.
Operators now have two years to implement a system for storing metadata and allowing access to the data by authorised agencies. But the Internet Society of Australia has warned that telcos and ISPs could well miss this deadline.
“There are more than 250 ISPs and they all collect and store metadata in different forms. It will be a massive task for them to reformat their systems to comply with the requirements of the new law,” the body said in a statement.
Communications Alliance, the industry body representing Australia’s telecom sector, had called on the Senate to delay passing the bill until the government provides clarity on its planned contribution to the costs of implementing the scheme.
After first calling for clarity earlier this month, the body issued a fresh request days before the bill was passed. Communications Alliance noted that some consultants estimate that the upfront capital costs could exceed $319 million, and compliance is estimated to cost the industry an additional $73.8 million per year.
Commenting prior to the bill being passed, Communications Alliance CEO John Stanton said that once it passes the senate, “any pressure on government to make its promised ‘reasonable’ or ‘substantial’ contribution to the cost impost disappears - and Australian consumers are at the mercy of the Expenditure Review Committee.”
But the calls went unheeded, and the government does not plan to detail its planned contribution to the costs of the scheme until the May budget.
Thousands of Australians protested the bill last Wednesday, the day before it passed, by installing anonymising software for the day. The protest, organised by GetUp, involved installing tools including anonymous browser Tor, VPNs or encrypted messaging apps, both to object to the data retention scheme and demonstrate how easy it will be to circumvent.
GetUp campaigner Alycia Gawthorne said forcing operators to store personal data on all Australians removes the presumption of innocence.
“The worst thing about this legislation is that it’s virtually useless in the face of criminals who are already operating online with anonymous browsers and rerouted locations,” she said. “A sweeping data retention scheme won’t stop criminals, but it will jeopardise the privacy of millions of Australians and pose a serious threat to our democracy.”
But in a joint statement announcing the passage of the bill, Senator Brandis and Communications Minister Malcolm Turnbull said accessing metadata is essential for investigations into terrorism, espionage, organised crime and child pornography.
“By passing this Bill, the parliament has ensured that our security and law enforcement agencies will continue to have access to the information they need to do their jobs,” the statement reads. “No responsible government can sit by while those who protect us lose access to vital information, particularly in the current high threat environment.”
Why the information lifecycle will be vital to data privacy in 2025
Data accessibility, accountability, confidentiality and integrity are becoming increasingly...
You can't win the AI game without a playmaker captain
Kubernetes and containers promise to bring cohesion to the otherwise complex world of modern apps.
Fixing the cybersecurity skills gap in Australia
Industry needs to mend the broken pathway from cybersecurity education to employment.