X
Government

Data retention goes beyond 'status quo'

The Australian Federal Police tells us that the government's consideration of data retention is all about maintaining the status quo, but it turns out that the status quo isn't all it's cracked up to be.
Written by Josh Taylor, Contributor

The Australian Federal Police (AFP) tells us that the government's consideration of data retention is all about maintaining the status quo, but it turns out that the status quo isn't all it's cracked up to be.

In its annual report released last week (PDF), the office of the Commonwealth Ombudsman criticised the way law enforcement agencies and telcos handle stored communications. Stored communications, the Ombudsman said, refers to electronically stored data held by telecommunications companies and internet service providers (ISPs) that has been sent or received to customers. This would generally include emails, images, videos and text messages. Law enforcement agencies can gain access to this material from the providers under the Telecommunications (Interception and Access) Act 1979 (TIA), provided that the agency gets a warrant.

Speaking at a Senate inquiry into the privacy of Australians online last month, AFP assistant commissioner Neil Gaughan said that telcos and ISPs generally keep communications information stored for a period between days and years. He indicated, however, that the telcos were intending to move away from storing this sort of data for longer periods of time.

A move to a data retention regime would force ISPs and telcos to keep this data for a set period of time and would merely be maintaining the "status quo" in terms of how long telcos keep data, according to Gaughan.

However, the "status quo" has its own issues, according to the Ombudsman's report.

In the 2010 financial year, the Ombudsman carried out 17 inspections of stored communications records held by 15 law enforcement agencies, including the Australia Federal Police, the Australian Crime Commission, the Queensland Police and the New South Wales police.

It's noted in the report that the storage requirements for data were a point of contention between carriers and law enforcement agencies.

"There also continues to be disagreement about the requirements that legislation places on both agencies and carriers. These difficulties have been compounded by a lack of record keeping demonstrating when warrants are executed. We have raised our concerns with the attorney-general."

Also, the report points out that although access to surveillance material from warrant-enabled wiretaps has tight restrictions, that's not the case for material obtained from stored communications.

"The legislative controls and restrictions governing access to stored communications are generally set at a lower level than those relating to telecommunications interception. This, together with tighter time frames for accessing stored communications, places a significant obligation on agencies to closely manage stored communications access if they are to be compliant with the TIA Act."

In my opinion, if record keeping on who is accessing what data and when is shaky, the system would be wide open to abuse. Will this change if legislation is introduced to force ISPs to keep data for a distinct period of time, enabling law enforcement agencies to access it whenever they like? Certainly maintaining such a status quo is anathema to me.

Also, if the report is right, and information gathered from stored information is treated with a more laissez-faire manner than that achieved by wiretaps, we're going well beyond the status quo and reducing our protections.

We can only hope that if the government introduces legislation to force ISPs to retain customer data information, then the legislation will also maintain the strict controls and record-keeping rules that surveillance enjoys.

Otherwise we would be giving law enforcement agencies unprecedented and undocumented access to every move we make online.

Editorial standards