The politics of data retention

The politics of data retention

Summary: What are the implications of making ISPs store customer data for up to two years?


Law enforcement agencies pitch data retention by internet service providers (ISPs) as extending their power to conduct phone intercepts to the internet, but it isn't that clear.

Is giving the police access the logs of people's internet activities really the equivalent of giving them your phone records? Or is the internet something different? And what are the implications of ISPs storing months or even years of data?

On this week's Patch Monday podcast, we dig into the politics of data retention in Australia. It's in the news because it's one of the ideas being floated as part of the inquiry into potential reforms of national security legislation, being conducted by the Joint Parliamentary Committee on Intelligence and Security.

Putting the case for data retention is Assistant Commissioner Neil Gaughan, national manager of high tech crime operations for the Australian Federal Police.

"The majority of the communication is now encrypted, and the majority of the communication now, obviously, is passing over IP [internet protocol]... If someone from the Anonymous group is hacking into a company in Australia, through a telco that isn't keeping IP data, we can't start an investigation." he said.

Putting data retention into its political context is Bernard Keane, Canberra correspondent for independent news site Crikey.

"This is a proposal that, certainly amongst the Anglophone intelligence community, there is a real desire to put in place data retention," he said.

Keane rejects the view that data retention is simply the internet equivalent of the telephone interception powers outlined in the Telecommunications (Interception and Access) Act 1979.

"What we use the telephone for back in 1979 is fundamentally different to how we use the internet. We didn't put vast amounts of personal information on the telephone. We didn't put our financial data on the telephone. Companies didn't put all their intellectual property and their most critical data on the telephone... It is far more fundamental to our entire life, than the phone was.

And network engineer Mark Newton explains the implications data retention would have for ISPs.

Data retention is also in the news because it's the reason Anonymous gave for hacking AAPT. As ZDNet's Suzanne Tindal wrote, it's unlikely to affect government policy. Is it an example of what Barrett Brown described on a previous episode of Patch Monday as Anonymous losing focus?

To leave an audio comment on the program, Skype to stilgherrian or phone Sydney +61 2 8011 3733.

Running time 50 minutes, 35 seconds.

Topics: Security, Government, Government AU


Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • IP Addresses

    It's a pity Neil Gaughan put so much emphasis on IP addresses as a means of identifying people.
  • Class actions and indemnity insurance

    Assuming the legislation goes through, and the ISPs are required to maintain this store.... and assuming one of them gets hacked (which seems pretty safe) ... then you would have to anticipate a class action from all the people inconvenienced/injured by the loss of their online histories. Hard to calculate, but I'm thinking big numbers.

    So - will the government indemnify the ISPs provided they meet some pre-defined security standards, or do they all need to up their professional liability insurance by a few thousand percent?