Australian law-enforcement agencies will not have legal, direct, warrantless access to customer information for international companies such as Google, Facebook, Twitter, and other communications platforms under the mandatory data-retention legislation.
The legislation currently before the parliament will force Australian telecommunications companies to retain an as-yet-undefined set of customer data for a minimum of two years. It is expected that this will include call records, assigned IP addresses, email source and destination, and other such information.
Left out of the scheme will be third-party providers, such as internet cafes, universities, and other organisations that offer internet access to the public. The legislation has also been designed to exclude over-the-top players, including international companies such as Gmail, Twitter, Facebook, and WhatsApp.
If, however, the telcos themselves provide over-the-top services such as email or voice over IP, then those services would be caught by the mandatory data-retention scheme, according to Attorney-General's Department assistant secretary Anna Harmer.
"It would be the case that those would not fall within the obligation," she said in a parliamentary committee hearing on Monday.
Greens Senator Scott Ludlam said this would potentially drive people away from ISP-based email.
"All I need to do to avoid mandatory data retention is just to take a webmail service," Ludlam said.
Harmer said iiNet and Internode would be subject to it, but Google would not.
She also confirmed that as stated by Communications Minister Malcolm Turnbull, the data stored by Australian carriers would be accessible through civil litigation, such as lawsuits from content owners chasing down online copyright infringers. Harmer said that while access to the data would remain the same, rights holders would have much more data to access under the scheme.
"What will exist will be a range of data that is not necessarily retained for that set period," Harmer said.
The Attorney-General's Department again could not say when costs for the proposed scheme would be made available, and could not guarantee that the parliament would know how much the scheme would cost when debating the Bill later this year.
Both Optus and Telstra have given estimates of the cost impact of the mandatory data-retention scheme to PricewaterhouseCoopers, but have declined to reveal the cost publicly, citing commercial confidentiality reasons.
Earlier this morning, Communications Alliance CEO John Stanton revealed that he has yet to be advised of when the industry working group, set up to help the government determine the costs and the set of data that will be required to be retained, will meet again.
The government is looking to pass the legislation as soon as possible, but telcos will need up to two years to get systems in place to store the data for law-enforcement agencies.
Read on: Australian data retention