Australia's two largest telcos have called on the Government to make a substantial contribution to the cost of implementing its planned data retention regime, while raising concerns about the ambigious dataset contained within the Coalition's draft bill.
The comments mark the first time Optus has provided a detailed view on the proposal. The telco has until now left it to the Communications Alliance to comment on its behalf.
In its submission to the parliamentary committee investigating the bill, Optus outlined broad support for the proposal but highlighted concerns around the cost of implementation and the Government's refusal to make the regulations detailing the dataset public.
Optus argued that if the Government considered the data retention scheme to be in the national interest, it should be prepared to contribute to its cost.
"The data retention obligations will impose a substantial net cost, scheduling and resource impact on Optus, a provider that already makes a substantial ‘social licence’ contribution through its current levels of assistance to Government and agencies," the telco argued.
"The proposed obligations will require Optus to put in place a set of arrangements to collect, store and retrieve data that it does not currently have in place today (or only partially exist today) and bear an additional administrative and compliance burden, for example, to develop reporting arrangements and exemption requests."
While the Government has verbally stated its intention to contribute to the cost of the scheme, Optus argued it had not yet committed to the promise on paper, with no such provision included in the current draft legislation.
Optus also argued that it had so far been unable to work out the exact cost the scheme would impose because the Government had failed to make clear details on exemptions, approval for data retention improvement plans, and the finalisation of the dataset.
"Prior to the completion of the above steps Optus is not in a position to make precise predictions on implementation costs. However, it is clear from the review work which Optus has undertaken to date that the costs are likely to be significant."
Telstra echoed its rival's calls for a Government contribution to lessen the blow of what it claimed would be a "significant" cost burden.
"The draft dataset includes, among other things, originating IP addresses for internet browsing sessions from mobile devices, call records on attempted calls that are not connected and the size of emails," Telstra wrote in its own submission.
"These are forms of data that we do not currently retain in an accessible way as part of providing services to our customers.
"Telstra shares the general view of industry that as the cost of this new activity is unrelated to providing services to customers or managing our networks, but is being imposed by Government, public funding should be available to compensate for the upfront capital costs associated with the data retention bill."
Dataset 'basically workable'
While Optus said it considered the proposed dataset to be "basically workable", it raised concerns about the lack of definition within the draft dataset offered up by the Government.
The Government opted not to include specific details of the dataset contained within its proposed bill, promising it would be outlined in future "supporting regulations".
The bill outlines several categories of data telcos will be required to store, including subscriber details and devices under an account; the source and destination of a communication; the date, time and duration of a communication; the type of communication; and the location of the line, equipment or telecommunications device.
Optus said it had no issue with the Government's use of regulations to detail the dataset, but asked the Coalition to make those details clear as soon as possible to assist service providers in planning for the scheme.
The telco did however signal concerns that the draft bill didn't exclude the possibility that the content of communications could be determined by analysing IP address details.
"The bill excludes .. the internet packet address for packets sent from a telecommunications device, using an internet access service provided by the service provider," Optus wrote.
"The bill and the draft data set recognise that communication is inherently a two-way process and require the collection and retention of both the source and destination of a communication.
"However, it appears open for the regulations to require collection of the origin IP address by the service provider supplying the internet access service to the destination customer. If this occurred, it could enable the browsing history of the customer to be reconstructed by examination of where web browsing packets came from."
Optus recommended the Government revise the bill to exclude the collection of origin IP packet address details by the service provider providing the service to the end user.
Read on to hear how the AIIA and privacy groups have reacted to the bill.
Data retention critics, supporters come out in droves
The Telstra and Optus submissions were just two of more than 100 published today on the data retention bill.
White-collar crime agency ASIC, Tasmania Police, and the Attorney-General's Department came out in support of the bill, joining fellow law enforcement agencies who have long lobbied for a data retention scheme.
Australia's state police forces and national law enforcement agencies such as ASIO and the AFP say the scheme is vital to the ongoing success of Australia's crime-fighting efforts.
However, many others signalled their opposition to a proposal they say is an invasion of privacy and open to scope creep as well as the potential for data misuse.
Among dozens of individual submissions denouncing the proposal, human rights groups such as Privacy International, the Human Rights Commission (AHRC), Australian Lawyers for Human Rights, and Amnesty International - alongside consumer body ACCAN and free market thinktank the IPA - decried the bill as going beyond what was necessary.
All said the draft bill seriously impinged on the right to privacy and additionally failed to include sufficient minimum safeguards to prevent unlawful access to or abuse of data.
"It will seriously and unreasonably impinge upon the rights of law-abiding Australians. It amounts to an ‘indiscriminate, society-wide’ invasion of privacy which rebuts the presumption of innocence," Australian Lawyers for Human Rights argued in its submission.
"It chills freedom of expression and of assembly. It assumes that every Australian is potentially guilty and should be monitored. These consequences would be more akin to a police state."
The AHRC argued the Government needed to include the dataset in the primary legislation; that it shrink the two-year retention period to one year; that penalties apply for inappropriate access and misuse of data; and that the Government implement an independent authorisation system, controlled by a court or administrative body.
Tech vendors voice opposition
Australia's national IT vendor representative body, the AIIA, also hit out at a "costly" and "unjustifiably onerous" scheme it said lacked "clarity and precision" and created "increased ambiguity for a broad range of service providers".
The organisation, which represents the likes of Apple, Google, Lenovo, and Microsoft, among others, argued Australia's law enforcement agencies had failed to prove that the proposed data retention scheme would result in a net benefit to society.
The AIIA called on the Government to delay the bill until it could make clear to service providers what they would be subject to under the yet-to-be-detailed supporting regulations, and until the two-year retention period was brought in line with overseas examples down to six or 12 months.
The vendor body also advised the Government to undertake a cost-benefit analysis of the financial impact the changes would have on service providers, and how that cost would be covered.