Comms Alliance calls govt plan a 'data creation regime'

The telecom industry has disputed the notion that the government’s proposed data retention regime will not create significant additional costs for the industry.

In a hearing today of the Parliamentary Joint Committee on Intelligence and Security, Communications Alliance CEO John Stanton and other telecom industry representatives said the costs of the data retention regime must be clarified before the government's bill becomes law.

The telecom industry “has grown a little weary of hearing this proposal described as a requirement to do no more than service providers do to today,” said Stanton.

“It’s in most cases far from that. It is a data creation regime as well as a data retention regime.”

While details remain fuzzy on the exact dataset that will be covered by the regime, Stanton pointed to several elements of the proposed dataset that providers do not retain today.

“There are elements of the dataset, for example, that require data to be collected and manipulated in ways it’s not today. Historical aggregate records of upload and download volumes, for example – I don’t know of any provider who manages to put that material today. There’s no business requirement for it, and the feedback from some of our members is that will be quite difficult to do.”

Michael Elsegood, Optus manager regulatory compliance and safeguards, said that data retention is more complex and costly for telcos than some have indicated. In particular, he highlighted additional costs from having systems that can index and search through stored data.

“It’s not just a matter of sticking it on drives that you bought from Dick Smith and Officeworks.”

In addition, the telecom industry representatives argued that having to retain data for two years would massively increase costs for service providers. It’s also needlessly long from a public safety perspective, said Stanton, because younger information tends to be more useful to law enforcement in ongoing cases.

That contrasted with testimony from law enforcement agencies heard earlier in the day, who argued that two years was the bare minimum length of time that data should be held.

Stanton warned of unintended consequences, including a possible competitive disadvantage for local providers if they have to comply with the proposed regime while offshore providers do not.

He also cautioned that smaller providers could have more difficulty complying with the proposed law than larger ISPs, an issue with which Shadow Communications Minister Jason Clare appeared sympathetic.

“The last thing you would want is a new impost that puts businesses out of business,” the Labor MP said.

Stanton added that one Comms Alliance member has said that costs of data retention not covered by the government would likely be passed onto consumers.

Tasmanian Liberal MP Andrew Nikolic questioned how the Comms Alliance could not see a need for a data retention scheme in light of claims from law enforcement and others that is essential to their operations.

“So you don’t agree that the available information on the public record since 2001 [about] the benefit of metadata for breaking a number of important, for example, counter-terrorism cases [and] child exploitation cases … that that does still not make the case in your view for a data retention regime?” he asked.

Stanton replied that the Comms Alliance has tried to be constructive about how to make a data retention regime sustainable.

“We’re not seeking to be obstructive in any way to the legitimate aims of the law enforcement agencies or the need to ensure Australia is secure,” Stanton said.

Stanton said there are a “range of views” among members in the Comms Alliance about whether the government has yet made its case for data retention.

“Notwithstanding this, legislation has been introduced to the parliament, and if parliament decides to bring the bill into law, we think it’s vital that the legislation be clear in its requirements, that it be practical in terms of the impositions it places on telecommunications service providers, that it avoids unintended consequences, that it is mindful of personal privacy and that it is proportionate to the security challenges facing Australia.”

Adam Bender covers telco and enterprise tech issues for Computerworld and is the author of dystopian sci-fi novels We, The Watched and Divided We Fall. Follow him on Twitter: @WatchAdam

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia