Telstra pledges to keep customer metadata in Australia

Telstra today promised that it will store all information captured under the Government's mandatory data retention scheme in Australia. The telco's announcement follows yesterday's Senate vote that cemented the proposed legislation as law

While the Bill was under debate in the Senate, the Greens put forward an amendment to the Bill that would require all captured metadata be stored in Australia but was shot down. As such, internet service providers (ISPs) and telcos will not be restricted as to which country their customers' metadata is kept. Former iiNet chief regulatory officer Steve Dalby last year suggested that ISPs would likely find that lowest cost option for storing the required data, which at the time, was China.

Telstra chief information security officer Mike Burgess explained that telco is aware of the risks of storing metadata and will use the 18 months it has to implement the scheme to make sure "it has the right protections in place."

"We are still developing our implementation plans but we have already decided to store our customer metadata encrypted at facilities located here in Australia," said Burgess in a post on the Telstra blog. "While geography alone is not a good measure of security, storing the data in Australia should help allay the concerns of some customers."

"We understand that customer metadata has enormous value not just to our customers and law enforcement agencies but also to a range of malicious actors who may seek to gain access to our systems."

Burges said that the security strategies implemented for data retention will build on existing measures the telco already has in place, "including intrusion detection systems and other active network monitoring of our network to detect, analyse, and respond to identified security incidents".