Australian Attorney-General Nicola Roxon has said that the public reaction to the government's proposal to require internet service providers (ISPs) to retain customer data for up to two years has been hysterical, and that the government is asking for much less than has been claimed.
Roxon gave a speech on Tuesday stating that forcing ISPs to retain customer data for up to two years is required to ensure that law-enforcement agencies can continue to investigate crime. Reaction to Roxon's announcement saw an unusual alliance between organisations such as Electronic Frontiers Australia (EFA), the Institute of Public Affairs, GetUp, and the Greens, all of which expressed outrage over the plan. And although the Coalition hasn't made its position on the issue known formally, Liberal backbencher Steve Ciobo compared the proposal on Tuesday to something that would have been seen in Nazi Germany during World War II.
"I think that this proposal is akin, frankly, to tactics that we would have seen utilised by the Gestapo or groups like that," he told Lateline.
Roxon yesterday defended the proposal, saying that the government has sought feedback on it, along with a number of other telecommunications security legislation ideas as part of a parliamentary review that's currently underway. She said that claims that the government wants to obtain every bit of data are incorrect, and that there has been "hysteria" around the data-retention proposal.
"No decisions have yet been made," she told ABC Radio in Perth. "What [law-enforcement agencies are] asking for is not what has been reported.
"It's not to keep a record of every website that's visited. It's not to keep the content of every email. It's not to force people to give their passwords to police. It's actually keeping what's called metadata; so, a record potentially of the time that a phone call is made, the time or fact of an email being sent. Something that our law-enforcement agencies can already do, where they suspect crime."
Roxon said that people have jumped to the wrong conclusion that the government is going to enact the proposal, and that "they're going to be in your head virtually for everything you ever use on the computer."
"I really do think people need a little bit of a cold shower with this, because the government has not yet made the decision. It's why we're having the inquiry; so we can have the debate, test the ideas, see if there's an appropriate balance. And we'll only make our decisions at the end of the year, when the committee gives us their report."
But Roxon's claims that the government is only seeking metadata does not match the discussion paper that was released as part of the review.
The review states that the government is looking at "applying tailored data-retention periods for up to two years for parts of a dataset, with specific timeframes taking into account agency priorities and privacy and cost impacts", and does not specify the exact dataset it is after.
In fact, part of the paper states that the government may need to collect "communications content", not just the data, from companies such as Facebook and Google.
Communications Alliance CEO John Stanton told the Australian Communications Consumer Action Network (ACCAN) conference in Sydney yesterday that the government has failed to explain on a number of fronts what data needs to be retained for law-enforcement purposes.
"The proposal is gloriously ill defined in the discussion paper, where it talks about the potential desirability of retaining a dataset for two years," he said. "A dataset could be an inch or a mile long, and the obvious implications in terms of the breadth for it both in terms of carriers complying.
"We need a much better definition of that."
He said that the length of time that the government wants ISPs to keep the data does not fit with what the international experience with data retention has been.
"The data we see out of Europe suggests that the vast majority of instances where data is used by enforcement authorities to chase crime sees data used that is less than six months old, not two years," he said.
He said that it needs to be clearly defined which government agencies would be allowed access to the data, too.
"We've had instances [in the past] where there have been requests put to our members for access to their database because a local council has uncovered a piece of paper that is a piece of litter and the council wants to track down who it was that dropped that piece of litter, so they can whack them with a AU$15 fine," he said. "That doesn't make sense to us.
"There needs to be sensible restrictions around who can access any data that was retained, and it should be retained in use in combating serious crime."
Under the proposal, agencies with a warrant investigating crimes with at least three years' imprisonment associated will be able to access the data. It won't be just law-enforcement agencies, such as the Australian Federal Police (AFP), but also government revenue agencies, such as Customs and Border Protection, the Australian Competition and Consumer Commission (ACCC), Centrelink, and the Australian Tax Office (ATO).
Stanton's comments about the lack of definition for the proposal were echoed by Victorian Privacy Commissioner Dr Anthony Bendall, who yesterday told the committee undertaking the inquiry into the proposal that the government needs to flesh out the proposal, and have safeguards and mandatory data breach-notification laws to go with it.