Data retention analysis just funny numbers

Data retention analysis just funny numbers

Summary: Completing a cost-benefit analysis for data retention would be an exercise in sorting levels of grey that would result in a collective headache.


Completing a cost-benefit analysis for data retention would be an exercise in sorting levels of grey that would result in a collective headache.

A Senate Committee has recommended that a serious look be taken at the costs, benefits and risks of such a project before it is considered.

As usual, considering the material costs of such a program is easy, but what about the costs to privacy? What is the price of anonymity? What will it cost Australia as a nation if our anonymity is taken away?

And how do you cost the increased likelihood that someone could break into an enormous repository of data and mine it to create targeted hacking attacks or simply use the information to steal identities?

How much is someone's identity worth anyway? This is a question I was asking myself recently when I was at a conference where some executives were talking about biometric security.

The executives said companies need to be careful when customers first identify a biometric as their own, because if there is a mistake there, someone can use that biometric. And once that biometric is compromised, it can no longer be used.

So what happens in the future if you manage to compromise all of your biometrics?

This is what I think of when I think of my identity. Once someone else becomes Suzanne Tindal, who am I? And how much is the loss of that identity, which I can no longer really claim as mine, worth to me?

That's a difficult question. As difficult as medical payouts, which I think have never been representative.

And there aren't nearly as many medical stuff-ups as there would be digital stuff ups if someone got into a database full of Aussie comms data. If an identity is immeasurably precious, as we might suspect, then when thousands are lost as the result of a hack, who pays up? It seems that the bounds of economics must make us laugh at trying to cost such a disaster.

Then what about the cost of misuse? How much is it to my detriment if government agencies or telcos use the stored data opportunistically for uses other than those for which it's intended?

On the other side of this convoluted coin, the benefits are just as hard to quantify.

How do we measure how much catching a criminal is worth? And how can we measure whether we would have caught that criminal without keeping all that data?

I realise that the success of programs is often measured once they're in place, but do we want to put this in place only to measure if it works?

It's all a case of funny numbers, like the entertainment industry's reports on piracy's effects. I don't believe they can ever be accurate or representative.

So given all this, although I feel that we need to consider carefully whether we want to go down the path of data retention, I wouldn't spend a lot of money trying to make numbers out of something that can't be quantified.

Topics: Government, Government AU, Privacy, Security

Suzanne Tindal

About Suzanne Tindal

Suzanne Tindal cut her teeth at as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for the site.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Today we have no privacy: privacy laws not withstanding. In fact other laws demand that we hand over all manner of private information to whatever organisation says they want it before they'll deal with us. The government has put us all at needless risk. I don't like that at all and recommend you read what Project ERNA as has to say under Benefits/Privacy. That project would provide us all with a great deal of privacy, amongst many other benefits.
  • With the internet really being global and things like cloud computing being common place I think this is a waste of time. The argument should be made for ISPs and content service providers to keep netflow data for a period of time. Netflow data is basically a count on the amount of internet traffic between two IP addresses. So like stats would be: -> 1700

    I think this would be very worthwhile to law enforcement as well as the security of ISPs and should not be too burdersom on them. Hell ISPs should be (and probably already are) collecting this stuff for billing purposes and you hope for security purposes. If you look at your phone bill and read the data section, sometimes they list the IP address your phone communicated with and how much data was sent to/from it. In my opinion this ought to be mandated on ISPs and content service providers in Australia - nothing more, nothing less - people can figure out what websites you've visited out of this or what emails you've been sent.