Industry calls for more proportional limits to metadata retention
- 30 January, 2015 14:40
The federal government could substantially reduce the amount of data carriers need to store under its proposed metadata retention laws if its use was limited to investigations of higher-risk targets, Vodafone Australia says.
The legislation for the data retention scheme, which was introduced to parliament last October, requires carriers to collect and store customer metadata for two years.
The bill aims to preserve the ability of law enforcement agencies to investigate criminal and terrorist activity in the face of technology changes which could see IP communication overtake conventional switched telephone networks.
However, yesterday Vodafone Australia called on a joint parliamentary committee (to which the bill has been referred) for an inquiry to take a more proportionate response to the need to preserve national security.
Vodafone Australia has been pushing for the retention period to be limited to six months in response to concerns from its customers.
The carrier’s public policy chief Matthew Lobb told the committee that its customers concerns were driven by the scope of the scheme.
“I think it’s the fact that it’s every customer’s IP identifiers as opposed to a small sub set.
“For example, an arrangement could be put in place that identified particular IP identifiers for a particular web site. You could regularly provide a list within the six month period to enable (law enforcement) to have a list for future investigations.
“Accessing the information and protecting it appropriately for the bad people accessing bad web sites is where the operational focus should be. What we’re talking about here is retaining a substantial amount of data on everyone,” Mr Lobb told the committee.
The Australian Human Rights Commission (AHRC), which gave evidence to the committee later in the day, continued the theme.
The commission argued that the retention scheme was a “crude tool” that needed to take better account of the seriousness of the crimes it was called on to be used to investigate.
AHRC Professor Gillian Triggs said that the length of the data retention needed to be applied on a “sliding scale” suggesting that in some cases data might need to be held longer for the investigation of more serious matters.
Professor Triggs said that such decisions could be addressed by subjecting collection activity to tighter administrative controls prior to the collection of data.
“You need a process at the beginning in order to make these judgements rather than ex post facto by which time the damage is done and it’s going to be done on past performance leading to damage to a lot of Australians who will be very concerned about their rights to freedom of speech and privacy, along with other civil and criminal penalties,” Professor Triggs said.
The AHRC argued that the data retention scheme should be aligned with the European Union’s one-year retention period as a preliminary approach and, if necessary, revised after 18 months operation.
When challenged as to why the legislation shouldn’t err in favour of potential victims of crime, Professor Triggs said that 23 million Australians were effectively being asked to forfeit their rights for a small group.
“What we would say is that the more serious the offence the greater the right to interfere in the rights of the other 23 million. That’s the balance and the subjective judgement that constantly has to be made,” she said.
This article is brought to you by Enex TestLab, content directors for CSO Australia.
Upcoming IT Security Events
Feb 3rd, Feb 4th, Feb 6th 2015
Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective.
March 3rd, March 5th, March 9th 2015
Join CSO for the day@#csoperspectives and hear from @kimzetter @LeviathanSec
3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today
Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)