Telstra CEO David Thodey has said that the impact of the Australian Government's proposal to require internet service providers (ISPs) to retain customer data for up to two years will not be that onerous, but said that the question will be who will have access to that data.
The Federal Government is currently reviewing Australia's telecommunications-interception laws with a public inquiry that will look into the possibility of forcing ISPs to retain customer data for up to two years.
The proposal has raised concerns with privacy advocates, libertarians and the Greens, who have warned that this is an encroachment on the privacy rights of all Australian citizens. The proposal was even given as the reason why hacker group Anonymous leaked AAPT customer data over the weekend.
As the head of Australia's largest telecommunications company, Thodey told journalists at an American Chamber of Commerce event in Sydney yesterday that Telstra's concern is not about how much it will cost Telstra to keep the data, but who will have access to it.
"It just depends what and how. Today, we hold a lot of data anyway. It's more about the accessibility to the data. Because of our role as the national carrier, we work very closely with security agencies anyway, so it's probably not a bigger impost on us," he said. "However, I think as long as we understand clearly what the government's challenges are, I'm sure we can find a way through it."
Part of the inquiry will look into limiting which agencies can access that data, Australian Federal Police (AFP) Assistant Commissioner Neil Gaughan, national manager of high-tech crime operations for the AFP, said on Patch Monday this week. Gaughan said that the critical part of the laws are the checks in place to ensure that law-enforcement agencies would not abuse this power.
"There are checks and balances when law enforcement requests this data. There is accountability. If we're seen to be overstepping the mark, the Commonwealth Ombudsman can step in and oversight what we're doing," he said.
Gaughan said that unless ISPs retain data for potential police investigations in the future, it is much more difficult for law-enforcement agencies to launch investigations today.
"Some preliminary investigations, and some preliminary checks we used to be able to do in the past, such as who called who and when, are very difficult to do in the internet environment because in some instances, the telecommunications companies aren't keeping that data," he said.
"If we don't get what we're seeking here, in some instances we won't be able to provide the same level of protection that we do."
Thodey said that at this stage of the inquiry, discussing the proposal with the government is vital before jumping to conclusions on what the government is seeking to do.
"I know that some people are painting it as an impost, but I think we just need to sit down and talk through it before we jump to conclusions."
Thodey's comments yesterday come in stark contrast to comments made by Telstra executives just short of a year ago to the government. Telstra director of government relations, James Shaw, said then that getting systems in line to store 180 days' worth of customer data would take more than 30 days to get ready, and would place a "significant resource burden" for cost and manpower on the telco.