'The elephant in the room': Data retention's controversial origins

'The elephant in the room': Data retention's controversial origins

Summary: Documents released under Freedom of Information laws show that the Australian government's data-retention policy has been controversial since its 2009 secret inception.


It began with a secret consultation paper in 2009, secret meetings were held with industry, it went public in 2010, and the government finally outed a proposal for requiring internet service providers (ISPs) to retain customer data for up to two years in 2012, leading to criticism from the public, privacy advocates, and industry. But the minutes of the original meetings show that the government knew the proposal would be controversial from the very beginning.

ZDNet first revealed in 2010 that the Attorney-General's Department had been meeting with the telecommunications industry over a potential proposal that would require them to retain customer data for law-enforcement investigations. Industry sources had said at the time that there was a consultation paper that the government had put together explaining the proposal, but this was never made public.

The paper, entitled Carrier-Carriage Service Provider Storage Model, was released yesterday with minutes from the meetings between 2009 and 2012, following a Freedom of Information request filed by Pirate Party Australia secretary Brendan Molloy.

The consultation paper shows that the government considered multiple methods to keep the data, including one where the carriers hand over the data to a government repository, with the law-enforcement agencies then able to access the data when required. The second model proposed the use of a private third-party provider to hold the data, while the third is the one that the government settled on — providers storing their own customers' data.

While heavily censored, the minutes from the 2009 meeting do show early concern about the system from the telcos, with one participant suggesting that two years was too long, one asking who would have access to the data, and another questioning who would bear the cost for implementing the data-retention system.

The minutes for meetings in 2010 (PDF) were almost completely censored, but in the minutes for the 2011 meetings (PDF), one unnamed telco revealed that it "generally keeps consumer stuff for two years for possible [Telecommunications Industry Ombudsman] investigations".

When questioned by one telco representative about how useful any change in law would be if technology adjusts again and makes the new law redundant, Attorney-General's Department first assistant secretary Catherine Smith said that the government couldn't make any guarantees.

"The reality is, government puts forward policies which the industry may or may not agree with. The reality is [the industry] has been reminded by law enforcement of the benefits to society of these particular policies (child safety, protection, etc)," the minutes recorded Smith as saying.

Tensions were mounting in the discussions, with the minutes referring to data retention as "the elephant in the room".

"Need to work more on this, have intense discussions just about data retention. Must discuss more in-house and with industry as well," the minutes said.

In the December 2011 meetings, the government proposed a potential co-regulatory model that would see the industry agree to hold data, but one industry stakeholder expressed concern about whether every internet service provider would participate in such a scheme.

By 2012, shortly before the release of the public discussion paper on telecommunications security legislation reform, the discussion had moved on to how it would be implemented. This included whether new entrants starting up on the National Broadband Network (NBN) would meet the threshold required to retain customer data.

"There may be a completely different set of circumstances as new players enter the industry, so current threshold requirements are likely to change," said an unnamed attendee.

A joint parliamentary committee is currently considering whether implementing a two-year data-retention scheme would be feasible. The committee has yet to report back to parliament with its findings, and it is unlikely that any legislation arising from this report would pass through the parliament before the September federal election.

Topics: Government, Government AU, Australia


Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • data retention laws

    If detailed data is kept then government must legislate the crimes to which this data can be used i.e. admissible in court.

    For example the purpose that they commonly describe, i.e. Child Protection. Surely its acceptable to retain data for the purpose of using it as evidence in a prosecution concering child sex crimes. Crimes involving terrorism, murder, arson, rape, stalking and AVO breaches could be added to the list. Maybe fraud.

    Crimes about drugs definitely not in my view. The same applies to civil matters such as copyright infringement (commercial or otherwise).

    Really this is the issue about retaining data. Who can use, when they can use and for what purpose it can be used for.

    I think the real problem here is that the government is too lazy to go into such detail. If the laws were written, and researched properly then it would be an easy sell to the public.

    Instead the government is pushing for a blanket data capture with barely any exceptions. This is in my view is dangerous and shouldn't be allowed.
  • The banality of evil...

    ... as another commentator has said.

    So after everyone asking the question "won't someone think about the children?", we now know it was a faceless AGs SES drone who was quietly plotting the largest assault on privacy in the nations history to fulfil the kiddy care meme. Should have gone down a treat at the performance bonus review. Now won't someone think about the vpns, proxies, carrier pigeons et al? Of course not.

    Oh, and good to see the isps supporting our privacy, as long as their bottom line is aok.

    Sometimes you pay more than peanuts and still get the monkeys, and as a former one I always thought fed public servants were slightly more cluey than politicians...