Civil libertarians, Internet and telecommunication industry groups, consumer groups, privacy advocates and everyday citizens gathered at Parliament house in Canberra today to protest against the government’s push for a mandatory data retention scheme.
A mandatory data retention scheme would mean telecommunication companies and Internet service providers would be required to retain records of people’s telephone and Internet communications for two years.
Greens Senator Scott Ludlam, who led today’s protest, said a draft bill for mandatory data retention was meant to be introduced into Parliament this week so it can be debated in November and passed before the end of the year.
“There’s no sign of the bill, it’s not on the draft notice paper, so there’s still a chance it could be dropped this week, but… it may well be that the bill is introduced in November,” he said.
Most of the organisations that made public statements today called for an exposure draft of the legislation.
Narelle Clark from the Australian Communications Consumer Action Network said there is not yet hard evidence or facts supporting the need for mandatory data retention.
“We would like to know that such a system is proportionate to the risk that is being claimed, yet we’ve not seen any full risk analysis of this type of system,” she said.
“Without a full risk analysis, and without an exposure draft to the legislation, we don’t know what services are to be measured, monitored and collected.”
Clark also pointed out the high level of risk in forcing organisations to store large volumes of data for long periods of time, as it’s a “honey pot” for cyber criminals to want to get their hands on.
“We have seen a significant history of data breaches with this country, large data stores that have been exposed to the public, even though they have taken their strongest efforts to secure that data.
“This data, which never goes away from the AFP system, could be subject to tampering if it’s not properly secured,” she added.
Another issue with mandatory data retention is the high costs of storing and securing “terabytes of data potentially per day” that would become the burden of telcos and ISPs, which would be passed onto consumers, Clark said.
“Consumers ultimately will be hit should such a regime come into place, with some sort of tax of the order of $10 a month, per consumer, per service.
“We have estimates coming from industry which are as small as $50 million a year to put in a system up to hundreds of millions of dollars per year. And collectively I know my colleagues in industry have pointed to some figure of $500 million to simply establish a baseline system to collect the sort of data that would be required for this.
"And if the government covers the full cost for this type of system, then we tax payers will pay that."
The government’s urgency to get mandatory data retention passed through Parliament is “disingenuous at best and perhaps quite remarkably dishonest”, according to Electronic Frontiers Australia’s John Lawrence.
“The Attorney General department has been working on this for some years, there is nothing urgent here,” he said.
He also pointed to the existing data preservation notice scheme – introduced in 2012 – and questioned whether it is really inadequate for the government to carry out its high level security initiatives.
“We ask that question: what's insufficient about that program? The government hasn’t even attempted to answer that.”
Government whistleblowers and journalists would also be affected under a mandatory data retention scheme. Paul Murphy from the Media, Entertainment and Arts Alliance said the government could use data retention to spy on whistleblowers and journalists, hindering their ability to act as a watchdog as they could be treated as targeted suspects.
“To write important stories journalists rely often on the bravery of whistleblowers, people like Thomas Drake and Edward Snowden,” he said.
“This push for greater data retention powers obviously poses great threats to those whistleblowers brave enough to bring information forward and put it into the public domain where they identify misuse of government power.”
In addition, national security legislation that will allow journalists and whistleblowers to be jailed if they reveal information about special intelligence operations passed this month.
Also, leaks of the Trans Pacific Partnership released by WikiLeaks this month reveal criminal penalties to those who disclose trade secrets “detrimental to a party's economic interests, international relations, or national defence or national security". This would affect whistleblowers and journalists.
Dr Clinton Fernandes Associate Professor at University of NSW, and former Australian Army officer, took a slightly different view at the protest.
“With metadata you can identify suspects very fast and there’s a real public service component to retaining that kind of metadata,” he said. “Metadata is an extremely valuable tool for investigators and has a real public safety component.”
He used the example of a man who broke into a Sydney home in 2011 and chained a fake bomb around a teenage girl’s neck, and then sent out an extortion email. The police were able to use metadata to trace the email to a video store at a public library on the mid north coast of NSW.
They also used CCTV cameras and worked with the Internet service provider to track him down and make an arrest.
However, Fernandes pointed out that the police were able to do this without any increased powers.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.