Pirate Party blasts data retention risks

Pirate Party Australia has warned that the Federal Government's proposed data retention scheme could produce a "high value target" for potential hackers and identity thieves.

The party's president latched onto comments made by Attorney-General Nicola Roxon this week, in which she highlighted the dangers humans presented to the security of IT systems.

"We have to accept that one of the greatest risks we face comes from personal error or the behaviour of staff. Criminals know this and they exploit it," Roxon told this week's Security in Government conference.

"Staff can be confused, exploited or corrupted into providing access to systems. This can be deliberate or accidental.

"Combined, human factors and the online environment can create a very serious security threat."

Pirate Party Australia president David Campbell called the comments "amusing" given they described risks that could be applied in the context of the proposed data retention scheme.

The Government has proposed - through the Attorney-General's department - that telcos store subscriber traffic records for up to two years.

"How can she envision setting up a system for data retention, knowing these systems can be, and are being, subverted?" Campbell said.

"To a potential hacker or identity thief, the retention system itself is a treasure-trove of information – a high value target.

"Considering that it will be kept in private hands and telecom employees will have access to it – the very same risks she eloquently describes as a problem with government agencies would present an even greater risk for a privately owned system."

iiNet's chief regulatory officer Steve Dalby told a separate conference this week that iiNet would prefer not to store data onsite, but feed it directly to the Government.

"We suggest that rather than us store [the data] that we ... feed it off into a big black box in Canberra and make the Government store it," he said.

Copyright © SC Magazine, Australia