Data retention a 'Pandora's box': Sophos

Data retention a 'Pandora's box': Sophos

Summary: There are many questions that need to be considered before the government could introduce a scheme to record users' activities on the internet, according to Sophos regional director Rob Forsyth, with one of them being: who pays when the data is leaked?

SHARE:

There are many questions that need to be considered before the government could introduce a scheme to record users' activities on the internet, according to Sophos regional director Rob Forsyth, with one of them being: who pays when the data is leaked?

There's a point of law, according to Forsyth, which says that if a river breaks its banks and destroys premises, then it's an act of god. But if a dam is built and then breaks, destroying property, someone has to pay.

He looked at the data retention scheme in the same light. The government would be ordering a river full of data to be contained behind a wall.

"If you capture data in a dam, who has the duty of care to mind that data?" Forsyth said.

Forsyth said that Sophos had good relationships with many government departments and would be happy to play a part in securing the data, but he pointed out that contracts for security would not be as lucrative as others for such a scheme.

"Securing of data would be a fraction of cost compared with the terabytes [of storage] to contain the data," he said, joking that there would need to be "storage the size of Tasmania".

Since internet service providers would be capturing data and providing it to government, the data would also likely "replicate itself in many ways", exacerbating storage and security concerns.

It was like "Pandora's box", according to Forsyth.

Then, there were also concerns of scope creep with who gets access to the data, he said, posing a number of questions: is it just law enforcement agencies or can the taxation officer go after tax offenders with the data? Can Centrelink use it?

"You could save it all and give no one access to it, but then it would defeat the purpose," he said.

Thought was also needed to go into how internet service providers collected the data, Forsyth said, since not all of the providers would currently be storing information in the same way.

"We now have a real muddle of data matching to deal with," he said.

However, considering that this idea was first discussed with the Australian industry back in 1999, Forsyth believed it was unlikely it would progress quickly, especially with the coming election. Forsyth doubted that any party would want to run with such a policy. "I'm not sure that's politically palatable," he said.

(Front page image credit: Camera video de surveillance image by Frédéric Bisson, CC2.0)

Topics: Government, Big Data, Government AU, Privacy, Security

Suzanne Tindal

About Suzanne Tindal

Suzanne Tindal cut her teeth at ZDNet.com.au as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for the site.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion