A no BS guide to Australia’s proposed Data Retention Laws and Metadata

Prime Minister Tony Abbott's National Security Committee yesterday signed off on mandatory data retention laws designed to combat terrorism, bringing the controversial legislation one step closer to fruition. The NSC is chaired by Abbott and made up of Coalition members including Attorney-General George Brandis and Immigration Minister Scott Morrison. The committee's decisions do not require the endorsement of the larger Cabinet. However, the Government will need to be pass legislation in order to force ISPs and telcos to retain their customer's data.

By Alex Choros

Prime Minister Tony Abbott's National Security Committee yesterday signed off on mandatory data retention laws designed to combat terrorism, bringing the controversial legislation one step closer to fruition. The NSC is chaired by Abbott and made up of Coalition members including Attorney-General George Brandis and Immigration Minister Scott Morrison. The committee's decisions do not require the endorsement of the larger Cabinet. However, the Government will need to be pass legislation in order to force ISPs and telcos to retain their customer's data.

As such, Australians do not need to panic yet, we've still got our privacy, for now. According to Brandis, we may not see a draft of data retention legislation until September. This legislation will have to pass through both the House of Representatives and the Senate, and debate is expected at both stages.

Opposition Leader Bill Shortern described the Government's data retention plan as an "internet tax" that would push up prices for consumers, and expressed concerns in regards to Australian's privacy. Shorten told The Australian the following: "We’ve got to make sure that we don’t have the rights of individuals, their private conversations on the internet, being intruded upon by Big Brother, so it’s a matter of getting the balance right".

Greens Senator Adam Bandt has vowed to fight the laws, saying they "treat every online Australian as a suspect". Palmer United is somewhat of a wildcard, and is still considering its position in relation to issue, according to a party spokesman. Palmer United hold balance of power in the Senate and have proved unpredictable thus far.

If the legislation passes, the proposed laws may not come into effect immediately. Local internet service providers and telcos will require time to implement the infrastructure required to comply with the legislation. iiNet chief regulatory officer, Steve Dalby said "the telco industry may find itself coerced into processing petabytes of data every day". This would cost iiNet over AU$100 million over the first two years of such a scheme.

Michael Omeros, Managing Director of business telecommunications provider, Over the Wire, corroborated this sentiment. "The implementation of this kind of legislation is not going to be an inherently simple process," said Omeros, "while providers do currently retain some forms of metadata for internal purposes, it's simply not possible to estimate how easy it will be to comply with the proposed legislation until the Government is able to clarify exactly what they are after". Omeros said that it could take anywhere from a few weeks to years to comply. As a smaller telco, Omeros expressed concern about the fiscal viability of implementing such a scheme, stating it could require a "fundamental shake-up of current practices".

What does this legislation mean?
If data retention legislation passes, Australian internet service providers and telcos will be required to store two years of metadata detailing citizens' browsing history, emails and phone records. The content of these communications will not be stored, but the circumstantial information regards to them will.

For example, the content of a phone call will not be retained, but the number of the call and receiver, its duration and the time it was made will be. The same applies for email, the message will not be stored, but the sender, recipient and the time it was sent will be. With internet history, information about individual pages on a website will not be kept, but the overall time a user spends on a certain IP address will.

It should be noted that there is currently no legal definition of metadata in Australia.  

Why is this a problem?
According to iiNet's Steve Dalby, data retention is a scheme that fundamentally compromises the privacy of users for no reason. "The data collected can be incredibly sensitive – it can reveal who your friends are, where you go and what websites you visit. Indeed, it may even tell more than the content of a phone call or an email. Recent research from Stanford University showed that when analysed this data may create a revealing profile of a person’s life including medical conditions, political and religious views, friends and associations."

He added that under the Telecommunications Act, Australia already has systems in place to help catch criminals. Dalby said the surveillance of 23 million law-abiding citizens isn't necessary or proportionate. "It’s the equivalent of collecting and storing every single haystack in the country, indexing and filing all the straws, keeping them safe for two years, just in case there’s a needle, somewhere. We don’t know if there’s a needle, but there might be."

Should we panic?
Given that the legislation has not even passed through the House of Representatives, there is no need for Australians to panic – yet. Nonetheless, we can guarantee that whether you should or should not worry about these changes will be a debated topic over the coming months.

If you are concerned, it is recommended to speak with your local Member of Parliament.

Sources: Adam Bandt, The Australian, Cnet, iiNet Blog