The Australian government today introduced a bill for mandatory data retention that will require telcos and ISPs to retain records of people's telephone and internet communications for two years.
The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 was introduced into the House of Representatives by Communications Minister Malcolm Turnbull on Thursday morning.
Turnbull said existing powers and laws are not adequate for law enforcement to carry out their ongoing investigations.
“Preservation notices under the Interception Act can require carriers to quick freeze records that they hold, but these notices cannot create records that have never been kept and cannot bring back records that carriers have deleted days, weeks, months before a crime is brought to an agencies attention," Turnbull said.
He said with more service providers keeping fewer records they no longer need, investigations are “failing” as a result.
“Last year, a major Australian ISP reduced the period for which it keeps IP address allocation records from many years to three months.
"In the 12 months prior to that decision, the Australian Security Intelligence Organisation obtained these records in relation to at least 10 national security investigations including counter terrorism and cyber security. If those investigations took place today, vital intelligence and evidence simply may not exist."
Turnbull also said that during a current child exploitation investigation, the Australian Federal Police (AFP) has been unable to identify 156 out 463 potential suspects. This is because certain ISPs do not retain the necessary IP address allocation records to enable the resolution of the IP address - the 32-bit number - to a particular account of the person in question, he said.
Metadata, which is what services providers would be required to store for two years, is defined in the <i>Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014</i> as:
- source of communication
- destination of communication
- date, time and duration of communication, or of its connection to a relevant service
- type of a communication, or a type of relevant service used in connection with a communication
- location of equipment, or a line, used in connection with a communication
According to the bill, metadata can be generated through a person’s device or account of an ISP or telecommunications company.
Turnbull said the contents of communication, such as subject lines of emails and posts on social media sites, will not be stored by service providers.
“The government recognises that data retention raises genuine concerns about privacy, and we are committed to addressing those concerns.
"As a starting point, the government will release the draft dataset and will refer it along with this bill the Parliamentary Joint Committee on Intelligence and Security for review and public inquiry.
“The Act will expressly exclude a person’s Web browsing history. Providers will not be required to keep detailed location records that would allow a person’s movements to be tracked akin to a surveillance device.
“Customer IP addresses will be retained for two years, but not the details of the IP addresses of the sites to which that customer may connect during the course of their Internet activity.
“Access to content, I stress, requires a warrant.”
He added that the government will carefully consider any recommendations led by the Parliamentary Joint Committee in Intelligence and Security about the dataset or the broader regime provider in the bill.
When it comes to the cost of service providers storing and securing the metadata, Turnbull said the government “expects to make a substantial contribution both to the cost of implementation and operation of this scheme”.
However, Narelle Clark from the Australian Communications Consumer Action Network said yesterday at a data retention protest held at Parliament House that even if the government covers the full cost of storing and protecting data for two years, taxpayers will ultimately pay.
Turnbull said that the government will work with industry to prioritise metadata that is most critical to investigations, which would allow service providers to keep their costs at bay by aligning any system changes with their internal business cycles.
“The government is also considering reform to strengthen the security and integrity of Australia’s telecommunication infrastructure by establishing a security framework for the telecommunications sector," he added.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.