The Parliamentary Joint Committee's report on the federal government’s proposed data retention scheme is scheduled to be tabled on 27 February – but it is looking less likely that Australia will have new data retention obligations any time soon.
While the new rules would apply to telecommunications providers such as Telstra, Optus, and Vodafone, along with internet service providers such as iiNet, Internode and Amaysim, they would not apply to organisations that offer services that aren't based in Australia, or that provide over the top services, such as Gmail, Twitter and Facebook.
Far from being a keystone to the government's anti-terrorism reforms, the proposed rules instead could encourage people to use overseas services while imposing additional costs on Australian organisations. The scale of the costs is as yet unclear as the government declined to provide the estimates prepared by PricewaterhouseCoopers to the Parliamentary Joint Committee. It is also opaque about how much it is prepared to stump up to help pay for the cost of retaining data.
Initially it pledged a “substantial contribution” to both the implementation and operation of the scheme, but this has now been reduced to a more lukewarm “reasonable coverage of capital cost.” Is this because the government itself still doesn't know how much it will cost due to a lack of clarity about what information would need to be kept and for how long?
The type of information to be retained will be set out in the regulations, rather than the legislation itself. The type of information that is currently being contemplated is:
- subscriber information such as name, address, and account details;
- who made the call or sent the email or text;
- who received the call, email or text;
- the date, time and length of the communication;
- the type of communication (email, text, mobile call) and service used;
- and the location of the equipment used for the communication – for example the location of your mobile when you made the call.
Regulations are much easier to change than the legislation itself, and this is exactly why the government has used this approach – it wants to ensure that it can respond quickly to changes in technology. However, the flip side of this is that changes to the type of information can easily be made without substantial debate, which creates concerns that there will be scope creep.
For example, the reforms currently exclude certain types of information, such as the content of the call, email or text, the web browsing history and any location based information not kept at the current time.
But for web browsing, the reforms already indicate that if web browsing history is also collected by the carrier or ISP through subscriber details, or as a result of providing another service such as VOIP calls, then the web browsing history will also need to be retained. So scope creep is already underway – names and addresses today, location-based information tomorrow and internet browsing history next week.
There are also issues with the length of time that data will need to be retained. The general period of data retention will be two years. However, the devil is in the detail, and some subscriber information will need to be kept for much longer than two years under the current proposal.
Australia is not alone in facing significant hurdles with regard to the passage of legislation regarding data retention. The US proposed reforms to limit the way the NSA accesses the metadata associated with Americans' telephone calls by requiring telecommunications companies to collect and hold metadata information. However, the proposed legislation failed to pass last year.
The UK government has also been trying to pass legislative reforms to allow communications data to be included in its suite of counter-terrorism reforms. Measures for the retention of communications data were soundly defeated in 2012, and a recent attempt to re-introduce them following the Paris shootings did not get any support.
Tony Abbott last week stated that he still wanted to fast-track the proposed changes, but the opposition is reserving its position. It is possible that the uncertainty and lack of transparency which still swirls around the implications of the proposal on the industry and in relation to privacy mean that, just like in the US and UK, the Australian government's proposal could prove unpalatable to the Parliament.
First published in Communications Day, which is Australia's leading telecom source of daily intelligence - http://www.commsday.com/