Data retention analysis just funny numbers

Summary:Completing a cost-benefit analysis for data retention would be an exercise in sorting levels of grey that would result in a collective headache.

Completing a cost-benefit analysis for data retention would be an exercise in sorting levels of grey that would result in a collective headache.

A Senate Committee has recommended that a serious look be taken at the costs, benefits and risks of such a project before it is considered.

As usual, considering the material costs of such a program is easy, but what about the costs to privacy? What is the price of anonymity? What will it cost Australia as a nation if our anonymity is taken away?

And how do you cost the increased likelihood that someone could break into an enormous repository of data and mine it to create targeted hacking attacks or simply use the information to steal identities?

How much is someone's identity worth anyway? This is a question I was asking myself recently when I was at a conference where some executives were talking about biometric security.

The executives said companies need to be careful when customers first identify a biometric as their own, because if there is a mistake there, someone can use that biometric. And once that biometric is compromised, it can no longer be used.

So what happens in the future if you manage to compromise all of your biometrics?

This is what I think of when I think of my identity. Once someone else becomes Suzanne Tindal, who am I? And how much is the loss of that identity, which I can no longer really claim as mine, worth to me?

That's a difficult question. As difficult as medical payouts, which I think have never been representative.

And there aren't nearly as many medical stuff-ups as there would be digital stuff ups if someone got into a database full of Aussie comms data. If an identity is immeasurably precious, as we might suspect, then when thousands are lost as the result of a hack, who pays up? It seems that the bounds of economics must make us laugh at trying to cost such a disaster.

Then what about the cost of misuse? How much is it to my detriment if government agencies or telcos use the stored data opportunistically for uses other than those for which it's intended?

On the other side of this convoluted coin, the benefits are just as hard to quantify.

How do we measure how much catching a criminal is worth? And how can we measure whether we would have caught that criminal without keeping all that data?

I realise that the success of programs is often measured once they're in place, but do we want to put this in place only to measure if it works?

It's all a case of funny numbers, like the entertainment industry's reports on piracy's effects. I don't believe they can ever be accurate or representative.

So given all this, although I feel that we need to consider carefully whether we want to go down the path of data retention, I wouldn't spend a lot of money trying to make numbers out of something that can't be quantified.

Topics: Government, Government : AU, Privacy, Security

About

Suzanne Tindal cut her teeth at ZDNet.com.au as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for t... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.