Government tables telco data retention Bill

The Abbott government has tabled legislation that would introduce mandatory retention of telecom data, but has not yet stipulated exactly what data would need to be stored.

The proposed amendment would require Australian telcos to keep a set of metadata available for access by law enforcement organisations for a period of up to two years.

Relevant metadata would include the identity of a subscriber, the source and destination of the communication, as well as the date, time, duration and type of the communication.

But the Bill spells out that telcos will not be obligated to store the content of a communication or web browsing history. The exact details of the data that will need to be stored will be introduced in later legislation.

The Bill will not grant any additional powers to law enforcement or intelligence agencies to access metadata beyond what they are already entitled to. It will, in fact, reduce the range of agencies able to request access the data to include only those with a clear need.

Announcing the proposed Bill, Attorney-General George Brandis and Communications Minister Malcolm Turnbull said law enforcement and intelligence agencies have been calling for mandatory metadata retention because the changing dynamics of the telco sector has left many telcos either not retaining some data or not retaining it for long enough.

The agencies need the data to aid with their investigations into cases including counterterrorism, counterespionage, cybersecurity, organised crime, murder, rape, kidnapping, child sex abuse and child pornography, the ministers said.

The government has proposed to give telcos up to two years to fully implement the metadata retention scheme, and to pay a share of the upfront capital costs associated with adopting the practice. The industry has estimated that the costs of implementing the scheme could run into the hundreds of millions of dollars.

Officials including the Commonwealth Ombudsman, the Privacy Commissioner and the Inspector-General of Intelligence and Security will serve as watchers to the watchmen, monitoring the access to and use of the stored data.

The government has been considering introducing data retention for some time. But as recently as July, the government had reportedly decided to shelve introducing such a policy due to potential complications. The Bill has now been introduced with just two sitting weeks left in the year.

Research from consulting firm Protiviti shows that 64% of Australian businesses support the government’s mandatory data retention scheme, but generally only on the proviso that strict safeguards are in place to protect the data and prevent abuse.

But 78% of respondents also believe that a data retention scheme should only be passed strictly on the proviso that authorities have a court-issued warrant to access the data. If there are to be exceptions for warrant-less access, respondents feel this should be limited only to high-risk national security investigations or serious crimes such as murder or child sexual abuse.

The desire for safeguards is in part motivated by the fact that 62% of respondents believe the scheme would lead to greater data security risks in the form of more targeted hacking and cybercrime activity. An overwhelming 86% of respondents believe that telcos should be required to apply specific security standards to the stored information.

“The business community appreciates that national security risks are a legitimate focus for the government at present. However, they also feel that retaining customer ‘metadata’ can amount to a significant privacy incursion as it can reveal a great deal about a person’s movements, relationships and day-to-day life,” Protiviti Managing Director Mark Harrison said.

“Ultimately, they believe that the best way to balance these opposing and competing interests is to ensure law enforcement and intelligence agencies receive court authorisation through a warrant, before they can access the information.”

Australia’s telecom sector is also open to the idea of a data retention scheme. In August, industry body Communications Alliance announced that the industry is ready and willing to engage with the government on such a policy.

But the industry has also been critical of a number of aspects of the proposal, as have the political opposition and privacy groups.

The government plans to conduct consultations with the telecom industry over the next few weeks to help hammer out the technical details of the proposed scheme. Because of the upcoming holiday, the vote on the Bill may not take place until parliament reopens in February.

Image: Malcolm Turnbull