​Data Retention Act requirements unclear to ISPs: Communications Alliance survey

The ALP passed a resolution at their national conference supporting a review of the mandatory data retention regime so we have a real opportunity to roll back the worst parts of this bill.

The survey involved 63 service providers, and indicated that two thirds were not confident at all or only somewhat confident that they understood exactly what is required from them, even though 81 per cent had lodged a Data Retention Implementation Plan or had indicated they still need to do it.

Most of the ISPs surveyed put the cost of setup to comply with the scheme at between $10,000 and $50,000 for the business.

“It is no surprise that many service providers won’t be compliant when the legislation comes into force – many of them because they are still waiting to hear from government as to whether their implementation plans have been approved”, said Communications Alliance CEO John Stanton. A further 12 percent said they expected costs to exceed AU$1 million. The government is reportedly providing A$130m in support, particularly for smaller providers.

For service providers, non-compliance with the metadata retention will cost them AUS$2m while a two-year jail sentence will be handed down to anyone caught revealing information about instances of metadata access.

“Labor is concerned about the Government’s apparent failure to take action on this commitment it made when the Data Retention Bill was passed”, they said.

The PWC report, which was commissioned by the Attorney-General’s Department, has found the upfront cost of the metadata retention regime is between $188.8 and $319 million.

The Data Retention Act has come into effect today, but 84 per cent of ISPs are not prepared to start encrypting and storing their customers’ metadata, according to a new survey from Communications Alliance.

Senator Brandis said there are no legal impediments for the NSW government to legislate to hold someone for 28 days without charge, but there may be for the Commonwealth.

The legislation made it through the senate despite a number of concerns being raised by various parties, covering privacy, security, cost and the necessity of two-year mass retention.

But requiring internet providers to store IP address will mean copyright holders will be able to use the courts to try to obtain access to this data.

When the Coalition announced the plans they sparked fears the massive amounts of information collected would be misused and enable serious breaches of privacy, provoking a Parliamentary Joint Committee on Intelligence and Security (PJCIS) inquiry to recommend the government introduce a so-called mandatory breach notification scheme.

Are there any good safeguards introduced by the bill?

It includes data on who called or texted whom and for how long, as well as location, volume of data exchanged, device information and email IP data.

Australian Green Party Senator Scott Ludlam tweeted that it was “absurdly expensive and complex for ISPs to implement, trivially easy for anyone to defeat” – a reference to the prime minister’s admission that he uses encrypted messaging apps himself.

TELSTRA says it is one of the few telcos that is ready to retain customers’ metadata under new laws that come into force on Tuesday.

“Between that and his helpful tips and tricks is a remarkably cavalier approach to everybody else’s privacy, while making sure his own communications are secure”, Ludlam said.

“I think Edward Snowden said it best when he said, “arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say”, he said.

“International experience has found that data retention is of limited, if any, value in the fight against terrorism, which was the government’s reason for the act”.