Australia’s National Security Proposals, which threaten to curtail the online freedoms of Aussie citizens, are currently being thrashed out in a series of joint parliamentary committees. The latest hearing, which took place last week, saw police officials call for new data retention laws and increased power to access Australian citizens’ online personal data. However, ISPs and storage experts have said the proposed plans would be hugely costly and complicated to implement.
Two years not enough
When discussing how long ISPs should hold onto customer data, Australia’s Federal Police Commissioner Tony Negus told the inquiry in Sydney he wants records of every website and email sent held indefinitely, so it could be accessed by police at any time. However, given the extremity of this request (not even China has implemented indefinite data retention policies), Mr Negus said that a two year data retention policy would be acceptable.
“The two-year proposal … we could live with,” he said. “It certainly wouldn’t be ideal, but we could live with [it].”
Growing pressure to change laws
Unlike in Europe, currently Australian ISPs are under no obligation to retain the personal data of citizens for any length of time. But they are obliged to give “necessary assistance” to any law enforcement agency of the Commonwealth States and Territories.
However, since July attorney-general Nicola Roxon has been steadily beating the drum for a crackdown on online privacy in the name of law enforcement and her proposals have been controversial to say the least. Roxon is not entirely clear what constitutes personal data, but she insists that the contents of emails will not be accessible. As with the EU’s Data Retention Directive, the data would likely consist of logs concerning who you’ve emailed, and when, as well as what websites you’ve visited and when you visited them. Roxon insists they are necessary for 21st century law enforcement ands points to the EU’s laws as further justification.
Costly and ineffective
But ISPs say the plans would be highly expensive to implement and would not even give law enforcement the information they are seeking. Australian ISP iiNet told the committee that the costs of setting up data capture points would reach around $60 and would ultimately be passed down to consumers, with a rise of $5 per connection. Rival ISP Telstra said a great deal of the data sought by the police would be held by “over the top” services such as Skype and Gmail, not ISPs.
“The other part that gets a little bit lost in all this is that some of the information that carriers may want is not something that carriers themselves can provide because it’s information that’s contained in applications that are used by over-the-top players,” said Telstra’s security spokesman Darren Kane.
Meanwhile, Hitachi Data Systems told ZDnet.com that the iiNet’s assessment is a “conservative estimate” of the costs involved in capturing such massive amounts of data. “There’s no doubt that there is going to be huge logs that need to be maintained,” said Hitachi’s Australian CTO. “The ability to find an email that was around two years ago from, potentially, a customer that no longer is with them, how do you go and do that easily? High levels of automation and understanding the context of information is going to be critical.”
Falling in line
It’s clear that governments around the world are trying to turn ISP data retention into an accepted standard policy, despite the protests of both ISPs, the wider online industry and of course regular online citizens. What’s worrying is that there’s an obvious snowball effect taking place, whereby governments justify such anti-online privacy laws pointing to their implementation in other countries. These justifications are powered by the insistence of law enforcement agencies that such laws are necessary to protect society. But, as with any organisation, the police will always want to increase their powers, as is illustrated by Police Commissioner Tony Negus’ comments that he wants “indefinite” data retention. They do not care about the privacy risks – it’s not their problem. Australia is lucky that it currently remains free of data retention laws; for its sake – and for the sake of other western democracies – it needs to resist Roxon’s proposed laws.