Government still considering telco data retention

Powered by SC Magazine
 

Data preservation rules separate - or a springboard for retention?

The Federal Government has revealed it is still considering the introduction of a data retention regime separately from preservation rules being debated in Canberra.

A spokesman for the Attorney-General's department said it was "still considering the merits of comparative data retention regimes".

She said the department remained committed to an “open and transparent consultation” once a proposal was "sufficiently developed".

The statements almost mirrored those of June last year when the data retention proposal was first leaked.

The proposed model for data retention in Australia was still the European Union's data retention directive, which had been reviewed by the EU since Australian consideration of a similar plan began.

The EU's directive allowed "competent national authorities to retrace telephone and internet behaviour of all persons in the EU whenever they use telephone or internet up to a period of two years", according to a report by Europe's data protection supervisor Peter Hustinx.

A report evaluating the application and effectiveness of the EU directive was released in April, attracting criticism from Hustinx [pdf].

Hustinx said the necessity for data retention had not been demonstrated and that it could be regulated in less privacy-intrusive ways.

Further, he said the directive left too much scope for the EU's member states to decide on the purposes for which the data might be used, who can access it and under what conditions.

A further review of the EU directive was underway with a report to be handed down later this year.

“Australia can learn from this review and its recommendations will be taken into consideration when assessing the applicability of a regime based on the EU Data Retention Directive to the Australian context," the Attorney-General's spokesman said.

Distinguising preservation from retention

The data retention regime being considered by the Attorney-General's Department was not to be confused with a preservation regime in the proposed Cybercrime Legislation Amendment Bill 2011, which had recently attracted concern from ISPs and privacy groups.

The preservation regime was prompted by Australia's proposed accession to the Council of Europe Convention on Cybercrime.

Government sources argued that preservation differed from data retention in two ways.

First, it dealt with different types of information. Where the preservation regime related to 'stored communications' - for example, the content of SMS messages or emails - retention was about information about communications traversing the network, such as traffic and location.

"The Directive relates only to data generated or processed as a consequence of a communication or a communication service and does not relate to data that are the content of the information communicated," its original explanatory notes stated.

Second, Federal Government sources argued the cybercrime bill provided for a targeted regime, where the agency making the order was conducting an investigation and communications linked to a particular person or identified service (such as a phone number or email address) could provide evidence associated with that investigation. 

Preservation was designed to ensure that information that may be relevant to a specific investigation was not lost as a consequence of normal deletion processes.

On the other hand, a data retention regime applied to specified data sets relevant to communications that pass over a provider's network for a prescribed period of time. 

The purpose of a data retention regime was to ensure that information other than the content of communications was still available for general law enforcement and national security purposes.

Privacy advocates argue that the preservation regime could merge into a data retention regime through scope creep with exploitive use, such as multiple requests for data storage are made.

However, because the preservation and retention two proposals dealt with different types of information and for different purposes, the former did not provide a platform that could be expanded to implement the latter, Government sources countered.

Copyright © iTnews.com.au . All rights reserved.


Government still considering telco data retention
circuit diagram with eye ball superimposed
 
 
 
Top Stories
The ethics of security
[Blog post] Where did that zero-day go?
 
Rio Tinto's big data play delivers promised ore
Returns trickle in from long-term technology investment.
 
Time management tips for CIOs
[Blog post] How to get to the genba.
 
 
circuit diagram with eye ball superimposed
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  70%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  10%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 1146

Vote