Telcos silenced by AGD on data retention exemptions

By on
Telcos silenced by AGD on data retention exemptions

Threatened with revocation should they go public.

Telecommunications and internet service providers that fall under the country's data retention legislation are being warned to keep quiet on whether they have been granted an exemption from the scheme or risk having it overturned.

The data retention laws - under which telcos and ISPs are required to store customer metadata for two years to aid law enforcement - will come into effect on October 13.

By this date, providers are required to either be compliant with the scheme or have submitted an implementation plan for compliance to the Attorney-General's Department.

ISPs and telcos can be granted exemptions to the scheme if approved by the AGD's communications access co-ordinator.

Exemptions can be granted in cases where an ISP's services aren't of much interest to law enforcement agencies, or where the cost of compliance would be too high.

However, in advice recently distributed to industry, the department advised it could revoke exemptions if an ISP failed to keep them confidential.

"Public knowledge of an exemption application adversely affects law enforcement and national security interests," the document advises.

"These are interests that the CAC is required to take into account when granting or revoking exemptions and variations. Failure to maintain confidentiality regarding the existence of an approved exemption may result in the exemption being revoked."

The warning is being repeated to those who submit exemption or variation requests to the department.

"Please note that we strongly recommend you keep all information relating to this decision confidential," one email to an ISP, sighted by iTnews, read.

"Disclosure of any information relating to this application may change the [CAC]'s decision."

The AGD said it would allow telcos and ISPs to share information on any exemption with a third-party contractor or vendor as necessary to develop compliant systems.

Service providers are also able to share the information with wholesale partners "where there is a commercial agreement to retain data on their behalf".

The data retention legislation does not explicitly require ISPs to stay silent on exemptions granted, but ISPs contacted by iTnews said the threat of having one overturned was enough to make them toe the line.

Industry had argued against keeping exemptions confidential, but failed to convince the AGD in the push for transparency.

"We said we didn't like case-by-case exemptions, we wanted class exemptions to the extent possible, which would have given everybody certainty up front," John Stanton, head of telco representative body the Communications Alliance, told iTnews.

"There's been a basic difference of views between government and industry on how best to handle exemptions. To the extent that you can clarify exemptions up front, it would reduce the regulatory burden."

Service providers can apply to the Australian Communications and Media Authority for a review of an exemption decision by the CAC.

The regulator would take into account the same factors considered by the CAC in its original decision, including the "interests of law enforcement and national security and the objects of the Telecommunications Act".

It would also look at the ISP's history of compliance with its data retention obligation, its costs for complying, any alternative data retention arrangement the ISP has identified, the company's number of subscribers and market share, and the degree to which an exemption would mitigate cash flow concerns.

The Attorney-General's Department has been contacted for comment.

Update: The department said the release of exemption details would "reveal gaps in data retention coverage that could be exploited by criminals".

"The co-ordinator must take into account the interests of law enforcement and national security in granting exemptions," a spokesperson said.

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?