iTnews

Telstra worried about how data retention scope-creepers store what they extract

By Ry Crozier on Jul 29, 2019 3:17PM
Telstra worried about how data retention scope-creepers store what they extract

Says they demand too much data, sometimes don’t pay.

Telstra says that non-law enforcement organisations accessing telecommunications metadata via a legislative loophole ask for too much data, sometimes don’t pay for it, and may be storing it in an unencrypted form.

Though warrantless access to telecommunications metadata was only ever intended for 22 law enforcement and security agencies defined in the Telecommunication Interception Act (TIA), many more organisations are using the separate Telecommunications Act to skirt that limitation.

The result is up to 100 - and potentially more - organisations demanding access to metadata for a range of different uses, leading to calls for the Section 280 loophole to be closed.

In a submission to a parliamentary review [pdf], Telstra accused some of the loophole users of issuing data demands that far exceed those of intended law enforcement users - and their actual needs.

The telco also suggested that some of the scope creepers may not be treating the data they receive from telcos to the same standards as law enforcement agencies do.

Telstra stopped short of demanding the Section 280 loophole be closed. 

However, it suggested those availing themselves of it should be required to meet the same standards as regular law enforcement agencies.

“For clarity, we are not proposing these agencies be added as law enforcement agencies; rather, they be required to follow the same process, making them subject to the same obligations and constraints (test of proportionality, contribution to costs, etc.) as the listed law enforcement agencies,” Telstra stated.

Telstra said that “in some cases, these [scope-creeping] agencies and bodies are ... not contributing to the cost recovery of the regime” - meaning telcos wear the full cost of the data provision."

“In our experience, non-enforcement agencies and bodies often request large amounts of data and are sometimes not able to properly interpret the data provided,” Telstra said.

Additionally, “Under the [data retention] regime, service providers are required to encrypt and securely protect retained data,” Telstra said.

“We are concerned that agencies and bodies not listed in Section 110A of the TIA Act may not have sufficiently strong security measures to protect received data.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
data retention metadata storage telco telco/isp telstra

Partner Content

Beat the DDoS blackmails in 2021
Partner Content Beat the DDoS blackmails in 2021
Why companies fail at picking cloud modernisation partners
Partner Content Why companies fail at picking cloud modernisation partners
Shut the door on ransomware
Partner Content Shut the door on ransomware
MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Ry Crozier
Jul 29 2019
3:17PM
0 Comments

Related Articles

  • Data retention 'ambiguity' sees cops given web browsing histories
  • Downer lands $330m Telstra field services contract
  • Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it
  • Telstra pilots its first neurodiversity recruitment program
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Australia Post is building a digital twin of its delivery network

Australia Post is building a digital twin of its delivery network

Trump pardons former Google self-driving car engineer

Trump pardons former Google self-driving car engineer

Google threatens to withdraw search engine in Australia

Google threatens to withdraw search engine in Australia

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.