Govt mulls cloud, social intercepts

Powered by SC Magazine
 

Raises technical, regulatory issues.

Cloud providers and social networks could be obliged to capture and store customer information for lawful interception under a new proposal by the federal Attorney-General's department.

The proposal is part of a wide-ranging review of telecommunications interception and intelligence community legislation Attorney-General Nicola Roxon referred to a parliamentary committee in May for further consideration.

In a 61-page discussion paper released on Tuesday (pdf), the department said it was considering whether to expand the interception regime beyond its existing scope of telcos and internet service providers.

The department looked to include the "broad range of current telecommunications industry participants" that had grown since the law's inception in 1979.

It highlighted social networks and cloud computing providers, whose exclusion under current legislation created "potential vulnerabilities in the interception regime that are capable of being manipulated by criminals".

"Consideration should be given to extending the interception regime to such providers to remove uncertainty about the application of industry obligations in relation to agency requests and to better position Australia to meet domestic and international demands," the discussion paper notes.

Cloud providers and social networks would likely fall alongside telcos, under a three-tiered system the Government is simultaneously considering.

The system would look to reduce the onerous requirements on smaller telcos and ISPs to capture and store customer data, while ensuring those that were able to do so effectively would continue.

It was unclear whether the tiered model would be based simply on business size and cost of implementation, or also look to separate telcos and ISPs — which largely have an Australian presence — from cloud, social media and other application players that are often based in the US and may or may not host data locally.

The move to include cloud operators in particular could provide authorities with the ability to more easily decrypt data stored on infrastructure-, software- or storage-as-a-service solutions.

Consultant Rob Livingstone said subjecting cloud operators to interception obligations would likely work for Australia-based companies, while those with data based overseas would require multi-lateral agreements.

"If you have a cloud service provider, carrier and cloud consumers all in one legal jurisdiction ... it becomes a lot simpler," he told iTnews.

"But when you have a multi-national which operates across seven or eight international jurisdictions, not all jurisdictions have got equivalent back-to-back agreements as to who can do what in each other's jurisdictions, requesting information from a cross-jurisdictions point of view.

"It's not only a technical issue but it's also a governance issue of who can you go to, which jurisdiction are you able to go to seek that information then enforce the availability of that information."

Livingstone said the proposal's effect on Australian regulation was unlikely to deter multi-national cloud vendors such as Amazon and Google to host data onshore.

International governments have often requested data, or the removal of such data, from major websites and social networks including Twitter and Google, even when held in the US.

But these powers largely fall outside of existing interception laws.

A transparency report released recently by Twitter showed Australian authorities had requested data from the microblogging network less than ten times in the first six months of 2012, with the actual data being provided to government powers a third of the time.

The US, by comparison, had made 679 queries during the same time period, receiving the actual data three-quarters of the time.

The ability to request data from social media pales in comparison to the amount of data captured locally by telcos and ISPs, where authorities have spent $50 million and requested both stored and live data intercepts more than 250,000 times over the past 12 months.

But the inability to intercept and capture all data relating to a communication through the the ISP or telco — with many application services hosted overseas — made "the provision of assistance to Australian agencies challenging".

Data retention

The potential for further amendments to existing interception and intelligence gathering legislation has attracted criticism as an expansion to what Greens senator Scott Ludlam said was already a "phenomenal amount of government surveillance".

The proposal's referral to a committee in May was also the first time that the contentious data retention proposal was brought back into the spotlight since Roxon assumed office as Attorney-General.

The inquiry is the first public discussion of such a proposal, which would see ISPs collect and store customer data for up to two years, up from current requirements to store only transactional data for 180 days.

Unlike some other, more concrete proposals, the data retention aspect is currently only marked as the Attorney-General "seeking views" but Senator Ludlam said the inquiry failed to provide for stronger privacy safeguards on timing and rights around communication interceptions.

"This extreme proposal is based on the notion that all our personal data should be stored by service providers so that every move we make can be surveilled or recalled for later data mining," he said in a statement.

"It comes from a mindset that imagines all Australians as potential criminal suspects, or mindless consumer drones whose every transaction should be recorded and mapped."

Copyright © iTnews.com.au . All rights reserved.


Govt mulls cloud, social intercepts
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  21%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1453

Vote