Call for calm over data retention talks

The Internet Industry Association (IIA) has revealed that the Attorney General's Department has been discussing the possibility of data disclosure laws with Australia's ISPs for eleven years.

On Friday, ZDnet reported that the Australian Government seeks to introduce data retention laws similar to those enforced by a limited number of countries within the EU.

The Attorney General and Internet Industry Association have since confirmed that the topic of data retention laws have been a topic of discussion for eleven years, but that parties to the talks have been under non-disclosure agreement.

"The Attorney-General's Department is consulting broadly with industry in relation to the continuing availability of telecommunications data for law enforcement and national security purposes," a spokesman for the department said in a statement.

"These consultations have involved identifying the parties to a communication, where and when that communication is made and the communication's duration. It does not include the content of a communication such as people's conversations or contents of an internet banking session for example."

IIA chief Peter Coroneos said participants in the talks were bound by confidentiality agreements "as matters of national security" were discussed.

"Any document we were provided was subject to that confidentiality agreement. We are not at liberty to talk about anything but our general position on these issues," he said.

"But I wouldn't even call [the data disclosure law issue] a proposal," he added. "The department merely raised it as a topic of discussion."

A spokesman for The Attorney General's department told iTnews that the non-disclosure agreements signed as part of the discussions were "not unusual."

"When you are consulting with industry on matters relating to national security, all papers are marked 'in-confidence'," the spokesman said.

Any documents produced to date would be subject to change before a formal proposal was put forward. And in any case, any proposed data retention law - should one come into serious consideration - would have to made public by default. It would be need to be passed in parliament.

Guiding principles

In any case, both parties have today released information as to their position on data disclosure laws.

Coroneos told iTnews that the IIA won't be buying any conspiracy theories, and that the organisation understands the "Government's objective of having effective and accountable processes in place to address criminal activity.

"The internet industry has a track record of providing reasonable assistance to law enforcement agencies as required by law. Many successful prosecutions would not have been possible without the assistance of the internet sector in accordance with laws," the association said in a statement released this afternoon.

The IIA has raised general concerns about a "blanket data retention regime" with the Government since 1999, citing the need to balance national security needs with:

• privacy (the legitimate privacy expectations of users who interact online assuming that their communications are private and browsing activity are private, unless they have been clearly informed otherwise or otherwise agree);
• proportionality (whether the harm being addressed is outweighed by the economic or social burden or privacy intrusiveness of the measures proposed);
• security of data held (including by whom it is held, in what circumstances this data may be accessed and the scope for its misuse);
• cost (including the upfront and ongoing costs of compliance); 
• efficacy (the demonstrated need for such a policy and whether a policy will deliver on its stated objective); and
• transparency (whether the policy is understood by users to be a mandatory government requirement).

The IIA said it hoped a "full and open public consultation process" would be "undertaken before any policy is concluded."

The Attorney General's department said that the "Government has not as yet made any decision in relation to a data retention regime.

"However, any arrangement will strike the appropriate balance between individual privacy, commercial imperatives and community expectations that unlawful behaviour is investigated and prosecuted."