Turnbull admits limitations of data retention proposal

Turnbull admits limitations of data retention proposal

Summary: More holes appear in the government's mandatory data retention proposal as Communications Minister Malcolm Turnbull admits the tech-savvy will know how to avoid having their IP addresses logged against sites they visit, while the scheme may still be costly and impractical.


While recording IP addresses may be costly and impractical for telcos, those customers who know what they're doing will have no trouble getting around a mandatory data retention regime that logs IP addresses assigned to an ISP's customers, Communications Minister Malcolm Turnbull has admitted.

(Image: Screenshot by Josh Taylor/ZDNet)

The Australian government last week struggled to define its plans to implement a mandatory data retention regime in Australia that would force the telecommunications companies to retain so-called "metadata" for up to two years.

Attorney-General George Brandis and Prime Minister Tony Abbott both struggled to define what data the telcos would be required to retain, with both indicating early last week that a list of websites visited by telco customers would be retained in addition to the traditional call logs.

On Thursday and Friday Morning, Turnbull moved to clear up some of the confusion surrounding the scheme, explicitly ruled out retaining a log of the sites customers visit, and insisted only the IP addresses assigned to customers by their ISPs would be retained under any proposal.

Telecommunications companies were kept in the dark about the proposals until the government finally arranged industry meetings late last week.

Speaking at the GovHack awards in Brisbane on Sunday, Turnbull departed from his set speech after facing a number of questions from the audience on the proposal. He again clarified that web browsing history would not be retained and it would simply be the IP addresses for user accounts.

But he admitted that there were "costs and practicalities" that still needed to be addressed with the internet service providers, in particular with ISPs that have very rapid allocation of IP addresses to users.

He joked, however, that the tech-savvy audience members for the GovHack awards would have no trouble circumventing any data retention scheme that would be established by the government.

"Your web surfing history is a matter for you. You've all got VPNs [Virtual Private Networks] anyway, so all of you appear to be somewhere in Iowa when you go online, I know that. Anyway, I won't go on," he said.

People frequently use VPNs to mask their IP address or make it appear in a different location for the purposes of avoiding geo-blocking of services that are specific to a particular country, such as Netflix in the United States, or BBC iPlayer in the UK.

The government, in seeking to exclude browsing history, would need to obtain a list of IP addresses that had visited, for example, a terrorist website, from the host service of that service, and then match those IP addresses and time of access up with those recorded by the Australian ISPs under the data retention regime.

If a user is accessing the site through a VPN, the IP address assigned to them by their Australian ISP will not be recorded at the website they accessed.

Turnbull's admission that the data retention regime is likely to be easily circumvented, and may be costly and difficult for ISPs to implement comes as the government begins discussions with ISPs over how best to implement the scheme. A formal policy and legislation for the regime is expected to be made public before the end of the year.

Topics: Privacy, Government, Government AU, Australia


Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Why?

    So only the dumb and the innocent will be have all their data keep!.
    Cool can we now arrest Malcolm for aiding terrorist?, and acting to pervert the course of ASIO investigations. That is treason!
    • agree

      He should be arrested long time ago for willingly sabotaging the NBN. Never to be released :)
      • Sabotaging the NBN

        Que? Sabotaging the NBN is a good thing. I'm surprised to see support for that ill-conceived white elephant in a tech forum such as this.
        • White elephant?

          The idea was poorly implemented (politicians, huh?), but it most certainly was not a bad one. Ours is a world of communication. Businesses, academics, doctors, and ordinary everyday people like us rely upon, express opinions on and ultimately make nuisances of ourselves on the Internet.

          Or would you like to go to the old "carrier pigeon" forms of communication (don't worry, Tony Abbott will implement an "intercepting hawk" policy to monitor your communications for you ("It's not the message in the capsule we'll check, it's the source, destination and other information on the contents of the capsule we'll retain"))?
  • This sounds familiar...

    I seem to recall something very similar to this happening when Conroy was promoting his idiotic mandatory internet filter, and look where that ended up.

    This government knows their plan is completely ineffective at stopping criminals, they know it will be costly to implement, and yet they plan to go ahead anyway. Just like their "NBN" policy - it's a lot of time and money spent for next to no benefit. Great!

    So in other words, the only people that this massive invasion of privacy is going to catch are those like my 60 year old parents and 80 year old grandparents. In other words, those who have no clue how to use the internet for anything other than harmless web browsing. That's right Abbott. You stop those nasty pensioner terrorists! Idiot.
    • But the AFP/ASIO want this one...

      ...as they still believe most people using mobile phones don't bother with VPN services.

      /me regularly uses VPN on mobile, but not all the time. Unmetered content from Telstra in particular maybe one area where "criminals" slip up and receive or respond to an e-mail that comes in while watching a game.
    • Welcome to the Spy Tax from "No new Taxes" Tony

      Both Optus & iiNet have analysed & stated that gathering & storing all that data will add hundreds of millions to their costs leading to at least a $10/month increase in charges to their customers.
      Could be a good thing that Turnbull's crippled the NBN else there would have been far more data to store resulting in an even higher Spy Tax impost on internet users.
  • Looks like...

    ...the government needs to have those discussions first, then once they have a clearer idea about what they want to do, they can try to sell it to the public and their Parliamentary colleagues.
    John L. Ries
  • It's a bit too simplistic

    to lump all criminals and terrorists into the smart category, that is smart enough to use a VPN , some of them blow themselves up FFS.

    "Turnbull's admission that the data retention regime is likely to be easily circumvented"

    Turnbull was referring to the savvy crowd he was addressing, reassuring them that if they wanted to stay incognito he is sure they are capable of doing it, he was not referring to the targets of the legislation.

    The feds likely believe it would be beneficial to their effort to store IP meta data for a longer period. I'm sure they have some known knowns and known unknowns to go on.

    As far as cost to implement goes, TPG for one already only use static IPs for all ADSL customers, so I'd say that data already exists in that case, it's just the dynamic assigned cases where a cost would be incurred.

    Storm in a teacup ??
  • Primary use will be...

    Policing copyright.
  • Back to the old days.

    Now the crims and terrorists know their metadata will be stored, they will refrain from using their own computers and mobile phones when planning or carrying out their unlawful acts.
    There operations will all be down in secret going underground and out of sight from the law and national security agencies while the 99.9999% of innocent Australians have their privacy stripped away. Wake up to yourselves Abbott and Co.
  • Come on....

    "obtain a list of IP addresses that had visited, for example, a terrorist website"

    We all know this isn't just for ASIO, it's mostly for the AGD and "Big Copyright" to collect who torrented what...