The head of Australia’s domestic spy agency has promised that a mandatory data retention regime would not result in ‘Big Brother’-style surveillance during questioning by a parliamentary inquiry.
ASIO director general David Irvine offered several new insights into a proposal that would force telecommunications companies to hold data for at least two years to aid criminal investigations.
In a hearing of the parliamentary inquiry into potential revisions of the Telecommunications (Interception and Access) Act, Irvine restated his case for legislation that would require call data to be retained by telecommunications companies for two years.
This would help ASIO and other law enforcement agencies deal with “very considerable procedural and time-consuming bureaucratic processes", he said.
Irvine repeated calls for the Government to modernise existing intelligence legislation to allow ASIO and other similar agencies to keep up with technological changes.
He emphasised that such legislation would not result in a ‘Big Brother’-style approach.
“We are asking for the call data to be retained. In Australia that system has effectively been in place for 20 years or more; companies retain call data and somewhat more than just billing data for their own commercial purposes. What the law allows us to do, with an appropriate legal reason, is to access that data,” he said.
“We’re not asking for any change to that system. What we are asking for is not new. We’re not seeking a ‘Big Brother’ arrangement where the Government stores all of the data and leaves it open for it to manage and control. We want companies to keep that data.”
He claimed telecommunications companies were losing the commercial need to store data as they had in the past owing to improvements in technology, which had affected ASIO’s ability to access the dwindling pool of data.
Irvine expressed surprise that Australian citizens were more concerned about access to data by the likes of ASIO for law enforcement purposes, rather than the commercial use of personal data by telcos.
“If you’re going to be concerned about that, you’re going to be concerned about commercial use of your call data and the content of your messages - which we don’t access without a warrant - in order to sell you a new BMW,” he said.
“And for the life of me I can’t understand why it is correct for all your privacy to be invaded for a commercial purpose, and not for me to do so to save your life.”
Irvine declined to make public the number of warrant requests ASIO makes for content data each year due to national security concerns.
He said the department would not “add greatly” to the total number of warrant requests made by other law enforcement agencies surveyed under the TIA Act, which last sat at 3000 collectively.
“This is not an exercise in mass surveillance. It is carefully targeted warranted activity.”
iiNet chief regulatory officer Steve Dalby - one of the most vocal campaigners against mandatory data retention - today said in a blog post Australia already had sufficient legislation in place to catch criminals.
"The focus of this data retention proposal is not crooks; it’s the 23 million law-abiding men, women and children that will go about their daily lives without ever bothering law enforcement.
"We don’t believe that is either necessary or proportionate for law enforcement," he wrote.
"We’ve seen no evidence that justifies surveilling inoffensive customers on the chance that, two years later, some evidence might help an investigation.
"It’s the equivalent of collecting and storing every single haystack in the country, indexing and filing all the straws, keeping them safe for two years, just in case there’s a needle, somewhere. We don’t know if there’s a needle, but there might be."
How much data will be stored?
Irvine said the issue of costs as well as the physical amount of data to be stored would need to be nutted out by the Government.
“It will be a problem. At the same time I’m very conscious of the fact that the cost of storing data is coming down in equal proportions to the rate the acquisition of [data] is growing," he said.
"This is an issue for the Government if it decides to go ahead with the legislation, and that’s not for me to decide or comment on. If the Government decides to go ahead with the legislation there will need to be a very, very strong level of consultation with the current telecommunications suppliers."
In his blog post, iiNet's Dalby said the cost of collecting and keeping every customer's metadata would come in at tens or hundreds of millions of dollars.
"There is no suggestion that the government would pay these costs, so our customers will be expected to pick up these costs in the form of a new surveillance tax," Dalby wrote.
"If they need someone to process the full set of metadata down to metadata-minus-content, then there is a significant cost to process the collected metadata and redact it."
Onus for security is on the telcos
Irvine gave a small insight into what potential data retention legislation would look like, revealing the onus would be on telecommunications companies to secure the stored data from unlawful access.
“This is an issue that relates to, in my view, the responsibility of telco providers and doesn’t only relate to stored data,” he said.
In response to criticism from committee chair Senator Scott Ludlam around the unfairness of imposing responsibility and costs on parties who are against the proposal, Irvine said the obligation telcos already held to protect customer data should be sufficient to deal with additional regulatory requirements.
“In my view telecommunications providers have an obligation, regardless of whether they store your data or not, to protect your privacy when you use their services,” Irvine said.
“They have an obligation to ensure that your services are not interrupted by hackers and the like. Now in our view that obligation to protect the continuity of the service and the privacy of information would also apply to their retaining of metadata.”
The parliamentary committee was formed last December following a push from Greens Senator Scott Ludlam to review the “deeply flawed” Act as a result of the Snowden surveillance revelations.
Mandatory data retention was first proposed by the former Labor Government, but its scheme was shelved after the party failed to provide enough detail to the parliamentary committee investigating the draft legislation.
The scheme has re-appeared under the current Coalition Government, which has signalled its strong support for mandatory data retention, but did not include it in the latest package of surveillance legislation amendments ahead of further industry consultation.
The telco industry and privacy advocates have criticised the bill and said it would place a financial burden on carriers and intrude on the privacy of Australian citizens.