Welcome to Eureka Street

back to site

Data regime will see us funding our own surveillance


Talk of 'metadata' has largely faded from the headlines outside the tech press. It's a conversation that needs to continue.

Man with laptop viewed through creepy dataFrom next Tuesday 13 October 2015, telcos such as Telstra, Optus and Vodafone will begin retaining your telecommunications data, as required by the data retention laws passed in March this year.

There's also roughly 400 small internet service providers who, together with the big players, will be required to comply with these retention obligations, subject to any approved Data Retention Implementation Plan and/or any relevant exemption or variation.

There seems to be still much confusion about exactly what data is going to be retained, the scope of the laws, and who will pay.

Data associated with communications services provided by your telco, such as email, mobile and landline phone calls, VoIP and text messaging, will be retained, as will data associated with your internet activity, with the express exception of web browsing history (or destination IP addresses).

Data related to the use of third-party services such as Gmail, Skype, FaceTime and Facebook, or popular messaging apps such as WhatsApp or Wikr, are not captured by Australian retention obligations.

But mandatory data retention is also a data creation regime. Then-communications minister Malcolm Turnbull, talking to ABC radio in March, claimed: 'The only thing the data retention law is requiring is that types of metadata which are currently retained will be retained in the future for at least two years.'

In fact the data retention laws include an obligation on service providers to 'create' data that falls within the data set to be retained, even if they do not currently collect or capture that data.

This isn't nitpicking. The more data that is created, the more the scheme will cost, and the greater intrusion on privacy and risk of data breach.

Australian companies are not compelled to notify their customers if their privacy may have been compromised by a data breach. We're still waiting to see the consultation on mandatory data breach notification laws which were promised to be introduced by the end of this year.

Who can access this data, and for what reason? The Australian stated in an editorial last month: 'We have no quarrel with the law's broad purpose to preserve metadata ... so counter-terror agencies can prevent attacks and prosecute wrongdoers.' But the truth is there aren't any safeguards to limit the access and use of your retained data to preventing or investigating terrorism or other serious crimes.

Unlike the laws relating to intercepts or access to stored communications, there is no threshold of gravity of conduct, such as a 'serious contravention' of the law, that applies to access to telecommunications data by law enforcement agencies.

The long list of enforcement agencies that are permitted to access telecommunications data includes regulators such as ASIC and the ACCC, which certainly aren't 'counter-terrorism agencies'.

And the new data retention laws do not limit the very broad range of agencies that can apply to be added to this list. A parliamentary committee recommended in early September that the Australian Tax Office be added. Will Centrelink be next?

In the very narrow context of a request for data belonging to a journalist for the purpose of identifying a source, a 'journalist information warrant' is required. However this column by Richard Ackland and this interactive game by Nick Evershed raise serious concerns about the level of protection provided.

I believe telecommunications data can be a useful tool for law enforcement. But that is not the same as asserting that a mass data retention scheme is necessary, proportionate, or likely to be effective.

In Germany, which has had no mandatory data retention laws after its scheme was found to be unconstitutional, a 2011 study found that data retention had no impact on either the effectiveness of criminal investigations or the crime rate. Similarly, in 2013, the Privacy and Civil Liberties Oversight Board found that there is little evidence that the metadata program has made the US safer.

And at what cost? The government has said it will pay a 'reasonable contribution' towards the service providers' up-front set up costs. Yet despite the looming start date, when and how this money will be allocated is still unknown.

We don't know what costs will be passed on to customers. But we do know the costs will be significant. The figures provided by PwC were given to the government before the parliamentary committee's recommendation that the data be encrypted, and do not include ongoing costs. We also know that the process of determining an estimate of costs was rushed, and many smaller players weren't consulted.

Ultimately we'll all pay — as tax payers, consumers and citizens.

Leanne O'DonnellLeanne O'Donnell is a senior lawyer with a focus on issues where technology and the law intersect. She tweets as @MsLods. This piece is written in her personal capacity.

Main image: Shutterstock

Topic tags: Leanne O'Donnell, data retention



submit a comment

Existing comments

Internet Australia has described the Data Retention Act as "fundamentally flawed". Even if you agree that "telecommunications data can be a useful tool for law enforcement" this Act is going to cost way more than the Government is providing and that means costs will be passed on to consumers.

Laurie Patton | 08 October 2015  

What our police and security services actually need if they are to make the country safer is to somehow provide our legislators and the back-room boys who actually run the place with some intelligence. You know, real intelligence - brainpower - the ability to think. Alas, it is not probable! So we will accrue enormous amounts of "data". Methinks they all watch too much American, CIA funded, television.

Vin Victory | 09 October 2015  

In the last 20 years, Australia has been a testing ground for the implementation of civil liberty erosion that is to next take place in the US. In the past decade, this has accelerated to an embarrassing police state which is now morphing into a medical police state, with the population still asleep at the wheel watching sports and a mainstream media feed that repeats the outdated assertion that we have one of the most impartial medias in the world. Clearly, the opposite is true. Most Aussies are unwilling to exercise their own voice in standing against these blatant attacks, with no end in sight as a result of this display of apathy. It's a shameful state of affairs when the informed in Australia are now labelled conspiracy theorists when referencing fact and mandated legal policy by a self-assured, ignorant population of uninformed, apathetic, entitled westerners who are about to have everything they value stolen by the banks in the upcoming collapse. Time to wake up and remember that 0.x% of the playground are bullying the rest of us. It's ridiculous and time we stopped it, by abandoing the programmed belief in this country that we are unempowered; ie: what could I possibly do about it? Well, the answer is, 99 people vs 1 person is an assured victory to those willing to stand up and simply point to the other 98 people standing behind them.

PW | 12 October 2015  

VPN technology could be used to remain unaffected from such data retention law. A normal internet user or business could connect to any VPN company based out of USA, Australia or Europe like “PureVPN” to remain secure.

Bryan | 13 October 2015  

Great informative article Leanne, well done and thanks.

IJK | 10 November 2015  

Similar Articles

Breaking the silence in the kingdom of the sick

  • Ellena Savage
  • 09 October 2015

While suffering from cancer, Susan Sontag suggested that it, like tuberculosis the previous century, was a disease shrouded in metaphor, morality, and silence. As time passed and the AIDS epidemic raged, she expanded her analysis to include that virus. What would she think of today's culture around mental illness? Like allergies, some of the origins of mental illnesses are societal. And the social and political conditions which produce illness are not generally a part of the medical project.


Corporate benefit trumps public welfare in TPP

  • Binoy Kampmark
  • 07 October 2015

According to WikiLeaks, the Trans-Pacific Partnership is the 'icebreaker agreement' for what will be a 'T-treaty triad' which will ultimately apply to 53 states, 1.6 billion people and two-thirds of the global economy. Each of the countries was being sold the implausible idea that the agreement was too large not to sign, that this was the train of history that needed to be occupied, even if seating was in third class. What was on sale, however, was a dogma of corporate benefit rather than public welfare.