Turnbull rules out browsing history for data retention

Summary:Communications Minister Malcolm Turnbull has moved to correct the record on what telecommunications companies will be required to retain under a mandatory data retention regime.

After three days of conflicting definitions from his party colleagues, including the prime minister, Communications Minister Malcolm Turnbull has ruled out including the history of websites visited by every Australian resident as part of any mandatory data retention regime.

Special Feature

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.

Since the announcement on Tuesday Prime Minister Tony Abbott and Attorney-General George Brandis in separate interviews both indicated that the government would seek to retain a list of websites visited by Australians as part of a scheme to force telecommunications companies to retain customer "metadata" for up to two years for access by government agencies for law enforcement purposes.

Turnbull, who was briefed by the security agencies this week, and spoke to the three largest ISPs last night about the proposals told ABC's AM program this morning that contrary to the claims of his parliamentary colleagues, website history would not be included in the scheme.

"The police, the security services, ASIO and so forth, are not asking the government to require telcos to record or retain information they are not currently already recording," Turnbull said.

He indicated that the call records and billing records currently retained by the telcos and accessed by law enforcement agencies would be all that would be required, and moved to shut down concern that website history would be included.

"There has been some concern expressed that the government was proposing that telcos should retain for two years a record of the websites you visit when you're online, whether that's expressed in the form of their domain names or their IP addresses; in other words that there would be a requirement to keep a two-year record of your web browsing or web surfing history — that is not the case," he said.

"What they are seeking are the traditional telephone records that are kept, and by some ISPs and telcos for more than two years, that is the caller, the call party, the time of call, the duration of call. Those records they want to be kept for two years, and they also want the IP address. That is the number that is assigned to your phone or your computer when you go online via your ISP.

"The ISP knows that IP address is connected to your account, that's recorded in their records. They want that information to be kept for two years."

Turnbull declined to explain why there had been confusion about the government's policy, insisting that his statement today was "consistent" with what Abbott and Brandis had said.

"I'll leave you to talk about the last couple of days, my concern is to be crystal clear about what we're talking about. I think one of the difficulties with a term like metadata is that it can mean different things to different people, so you have to be very clear what we're talking about."

Turnbull said that the policy will be formed following discussions with the telecommunications companies, and once it is fleshed out in detail, there will be a public debate on the privacy, security, and cost implications of the mandatory data retention scheme.

In 2012, Turnbull was vehemently against the mandatory data retention proposal when it was up for consideration by the former Labor government.

"This data retention proposal is only the latest effort by the Gillard Government to restrain freedom of speech," he said at the time.

"I must record my very grave misgivings about the proposal. It seems to be heading in precisely the wrong direction.

"Surely as we reflect on the consequences of the digital shift from a default of forgetting to one of perpetual memory we should be seeking to restore as far as possible the individual's right not simply to their privacy but to having the right to delete that which they have created in the same way as can be done in the analogue world."

The minister today rejected the assertion that he had changed his position on the policy from 2012.

"My concern in 2012 was that the Labor government did not explain what they were talking about," he said.

"I'm part of this government [now], and I hope I've explained with clarity and precision what the agencies are seeking, and what they are seeking is simply the information that is currently recorded is kept for two years."

ASIO chief David Irvine and Australian Federal Police deputy commissioner Andrew Colvin also held a press conference this morning attempting to justify their need for metadata as part of law enforcement investigations.

Irvine said that ASIO, which doesn't publicly reveal how many access requests it makes per year, was only seeking the existing call and billing records, and IP addresses associated to connected customers, not a history of sites accessed by customers.

"Our ability [is] to access telecommunications call data, not examine minutely everyone's surfing the web," he said.

He said that ASIO only accessed metadata for very specific people or incidents, and didn't trawl through the data.

"You need to understand the regime in which we are allowed to access metadata. We don't get out a rake and go trawling for bundles of metadata. We seek access to metadata on very specific cases. Without metadata, police would not have been able to solve that crime as quickly as they did," he said.

Irvine clarified the only IP addresses ASIO was seeking was those associated with a customer when connected to the internet, and not the IP addresses of the sites they were visiting. He said in some cases where ASIO has obtained, through means other than metadata access, a list of Australian IP addresses that accessed a site, then ASIO would seek to match up those IP addresses to customers in Australia using metadata.

Irvine said that the larger internet service providers were already keeping this information, but it was the newer ISPs that were not keeping the data.

"Some of the major telecommunications providers have been doing this for many years, some of the start ups are either not collecting the data or not holding it," he said.

Topics: Privacy, Australia, Government, Government : AU

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.