Data retention supported by two-thirds of Australians: ANU

A poll by the Australian National University (ANU) has found that over two-thirds of respondents support the federal government's telecommunications data retention laws for the purpose of protecting national security.

The Attitudes to National Security: Balancing Safety and Privacy -- ANU poll July 2016 [PDF], conducted via a random phone survey of 1,200 individuals between June and July, found that 67 percent thought the retention of communications metadata is "justified as part of the effort to combat terrorism and protect national security".

In addition, almost 70 percent approve of data retention for counter-terrorism purposes.

"Looking more specifically at Australian government legislation introduced in 2015 -- the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 -- requiring Australian telecommunication companies to retain customers' computer and phone metadata in case of future police or national security investigations, reveals overwhelming popular support for the measure," the results report said.

"Two-thirds of Australians believe this legislation is 'justified as part of the effort to combat terrorism and protect national security'. The remaining one third believes that the retention of customer metadata 'is not justified, as it violates citizens' privacy'.

"Similar percentages of Australians approve and disapprove of the Australian government's collection of phone and internet data as part of counter-terrorism efforts. Almost seven in 10 (69 percent) either 'strongly approve' or 'approve' of this measure overall; 5 percent express no opinion in either direction, while 26 percent 'disapprove' or 'strongly disapprove'.

"In total, the government appears to have substantial support for actions it has taken so far with regard to data retention for counter-terrorism purposes."

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, passed by the Australian government in March 2015, came into effect last October and sees customers' call records, location information, IP addresses, billing information, and other data stored for two years by telecommunications carriers, accessible without a warrant by law-enforcement agencies.

While the ANU poll respondents supported the use of data retention in circumstances of national security and counter-terrorism, the Australian Federal Police admitted back in 2014 that telecommunications customer data could be used by rights holders to prosecute online piracy.

There is also yet to be a mandatory data breach notification implemented to protect the security of data collected by telcos and shared between government agencies, despite the Joint Parliamentary Committee on Intelligence and Security recommending in February 2015 that Australia have data-breach notification laws in place before the end of 2015, prior to the implementation phase of data retention .

It is only now slated to be heard during the 2016 spring sittings [PDF] of Parliament.

In response to small operators saying they were continuing to do nothing about data-retention compliance due to the costs associated, the government in January announced the AU$128.4 million data-retention grants program to cover the costs caused by upfront compliance with the data-retention legislation.

Under the grants [PDF], revealed in September, the money was divided between 180 internet service providers (ISPs), with the smallest amount being AU$10,000, received by ISP Arris, and the most received by Telstra, at AU$39.9 million.

Vodafone Australia received AU$28.8 million; Optus AU$14,8 million; Vocus and M2 -- now one company -- AU$3.4 million combined; MNF Group AU$3 million; TPG AU$2.2 million in combination with its now-subsidiary iiNet; Exetel AU$1.8 million; and the National Broadband Network (NBN) company AU$1,067,515.

Also receiving over AU$1 million are Broadband Solutions, with AU$2.2 million; Message4U, with AU$1.3 million; BigAir, with AU$1,042,666; and The Summit Group, with AU$1,032,000.

Australian Attorney-General George Brandis last month also said the government will introduce legislation during the spring sittings of Parliament to amend the Privacy Act to criminalise the re-identification of de-identified data for the purposes of protecting anonymised datasets that are collected and published by the Commonwealth.