The Government must be responsible for the storage and protection of data held as part of its 'unnecessary and disproportionate' proposed mandatory data retention regime, according to the scheme's most vocal opponent, internet service provider iiNet.
In a hearing held today as part of the senate's investigation into the Telecommunications (Interception and Access) Act, iiNet chief regulatory officer Steve Dalby continued his assault on the Government for perpetuating 'misleading' claims about metadata and said iiNet did not accept the role proposed for ISPs under the proposed data retention scheme.
The suggested regime would require telecommunications companies to hold metadata (non-content data) for at least two years to aid criminal investigations.
“iiNet does not agree that it should accept the role proposed by those calling for an onerous data retention regime. If we are ultimately compelled by law to collect such data, the Government must be responsible for its storage and protection,” Dalby told the inquiry.
“Mandatory data retention regimes turn commercial companies, like iiNet, into unwilling agents of the state. We won’t volunteer to monitor and collect data on inoffensive Australian citizens but, if we are compelled to do so, the Government must accept and store this data.”
Dalby put the cost of such a proposal to ISPs at over $100 million, which he said would need to be passed on to customers in the form of a ‘surveillance tax’ at about $5 per month per customer.
He said it was “inappropriate” to impose costs and obligations on “unwilling commercial entities in order to create an intrusive police state”.
“Law enforcement is the responsibility of governments. They carry the costs of such work, on behalf of the population,” Dalby said.
“The telecommunications industry may find itself coerced, into not only the onerous requirement to collect, store and protect massive quantities of unwanted data, but will also have imposed upon it the obligation to process petabytes of data per day to remove content or links to content.”
‘Inconsistent and contradictory’ messaging
Dalby repeated his criticism of the Government’s 'misleading' efforts to ‘perpetuate the perception that there is a meaningful distinction between metadata and content’ as well as the ‘myth’ that telecommunications companies already routinely collect the data sought under the proposal.
In response to previous comments by the Attorney-General’s Department asserting service providers regularly retain data for business and commercial purposes, Dalby said the data generated by telecommunications traffic “massively outweighs” the data required for carriers to run their businesses.
“iiNet has no use for surveillance data, so there is no commercial driver to collect a massive volume of data, indexed to individuals, that we’ll never use. In the event that a specific data preservation order is received from law enforcement agencies, special steps are required to retain the information specified in that notice,” he said.
“If we don’t need the data at all, then it logically follows that we don’t keep it in the first place, as it only creates unnecessary overhead. We don’t build storage capacity for data we don’t keep.”
Dalby took issue with previous Government comments describing metadata as ‘like the envelope of a letter’. Metadata, or non-content data, involves information such as the date, time, sender and receiver of a call or email.
Dalby said the data can reveal even more about an individual than thecontent itself, and using "faulty analogies to explain complex issues" was "risky and misleading".
He called on the Government to clarify exactly what data would be required for retention, given ‘confusion’ around the existing government definition of metadata provided by the Attorney-General’s department - which Dalby said insinuates could include actual content.
“The communications industry and broader community does not know whether the government is only looking for the data already collected ‘routinely’ by telephone companies, or is actually seeking the full set of data as set out in their briefing paper,” he said.
“A definitive statement outlining the government’s requirements would reduce the uncertainty and enable us to more meaningfully respond to any proposed data retention regime.”
The Coalition has taken up the case for a mandatory data retention scheme since it came into power last year following a failed effort by the former Labor Government.
It has signalled its strong support for the proposal, but did not include it in a package of surveillance legislation amendments introduced last week, ahead of further industry consultation.
The parliamentary committee tasked with investigating the issue as well as potential changes to the TIA Act was formed last December following a push from Greens Senator Scott Ludlam in the wake of Edward Snowden's surveillance revelations.
The proposal has received strong criticism from the telco industry and privacy advocates, who claim it would both intrude the privacy of innocent Australian citizens and burden customers with the financial cost of the scheme.