What will make the govt rethink data retention?

What will make the govt rethink data retention?

Summary: Will lobby group GetUp be able to force the Australian government to back down on its data-retention proposals?

SHARE:

National lobby group GetUp this week launched a new petition to get the Australian Government to withdraw its proposal to store internet-browsing data for up to two years, but will it actually work?

GetUp brands itself as a grassroots progressive lobby group that represents more than 600,000 people. It's usually derided by conservatives for being a shill for the Labor Party, but this time, it has taken on a fight against the Labor Government.

The Commonwealth Government has commissioned an inquiry into Australia's telecommunications-interception laws, proposing a number of overhauls, including requiring internet service providers (ISPs) to keep every piece of data sent across their networks by their customers for a period of two years, just in case a government agency needs the data for a criminal investigation.

The proposal has come under fire from Greens communications spokesperson Scott Ludlam, who said last week that the proposal is a "systematic erosion of privacy".

"This extreme proposal is based on the notion that all our personal data should be stored by service providers so that every move we make can be surveilled or recalled for later data mining," he said. "It comes from a mindset that imagines all Australians as potential criminal suspects, or mindless consumer drones whose every transaction should be recorded and mapped."

Electronic Frontiers Australia (EFA) branded the proposal as a "threat to civil liberties and privacy".

And now GetUp is getting on-board the bandwagon, with a petition calling for Attorney-General Nicola Roxon to "withdraw the government's support" for the proposal.

It's difficult not to be cynical about online petitions, particularly those from groups like GetUp that put one out on a different pet topic almost every week. The group's own recent effort to get hundreds of thousands of signatures in favour of same-sex marriage was derided by the Australian Christian Lobby for failing to get many signatures, and that's a pretty mainstream issue.

I don't imagine that GetUp is going to get all that many signatures outside of the core group of geeks and libertarians concerned about this plan. Trying to get the average Joe on the street interested in the privacy concerns around data retention is much different to signing a petition about same-sex marriage or the carbon tax or asylum seekers.

I can't imagine the question coming up on Q&A any time soon.

And even if you can get people to listen, how do you get the public concerned about these changes, when you've got the government invoking the 11 September attacks (page 4 of the discussion paper) and stating that it's fighting terrorists in calling for these extra powers?

Author John Birmingham has tried to get people fired up on the issue, suggesting that the Australian Security Intelligence Organisation (ASIO) could be looking through your pr0n. He reckons that the only way the issue will capture the attention of the public is if it becomes the centre of leadership tensions in the Labor Party, and thus every media outlet in the country begins reporting on it.

It's hardly going to be an election-deciding issue, either. At the most, I think you can currently compare it to the internet filter. In the 2010 election, the Coalition came out against mandatory internet filtering, while Labor was still committed to the policy. In the end, I doubt it had much of an effect on the outcome of that election. The National Broadband Network (NBN) did for sure; internet filtering, not so much.

We don't even know where the Coalition stands on data retention at this point. Shadow Attorney-General George Brandis is on the committee reviewing these proposals, and hasn't yet indicated whether the Coalition will support or reject them.

Instead of online petitions, I think that the key to getting the government to reconsider this proposal will be the internet service providers (ISPs). Requiring them to retain two years' worth of data for every customer is a huge ask, and will come with massive storage and security costs for the ISP. If the government isn't willing to pay for this, then the ISPs are going to pass that cost onto their customers. At the same time, the government is trying to show off how prices for services on the NBN are also going to end up being cheaper than what we're paying for ADSL today.

How will the government be able to argue that the NBN is leading to cheaper internet costs, when a government policy may force ISPs to raise their prices?

Add to that the leak scenario: all it takes is for one ISP not to secure this data, and everyone's tentacle pr0n and private details could be exposed to the wide world.

I suspect that these two arguments will be much more convincing than an e-petition.

What do you think? What's the best way to get people fired up about data retention?

Topics: Government, Government AU, Privacy, Security

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • We still haven't been told exactly what data is supposed to be retained.

    When I go on a research binge, my own computer cannot keep up with the history of sites visited and I may find that I have to dump 500GB of temp files all at once. Therefore, over the course of two years, my IAP is probably going to need a 2TB drive just to keep a HISTORY of sites visited. Are IAPs going to be required to buffer those sites every time they're visited as well? Better make that 2PB--if your browser has a "look ahead" function, how many pages could have been downloaded without your knowledge that you never even viewed?

    I am in the middle of a case where the retention of sites visited would have come in very handy, except that such a history would have to go back at least FIVE years although, as far as I am concerned, the amount of data discovered already is enough for a conviction, even if it is only the tip of the iceberg.

    How accurate will this data-retention be? Will it be tied to the IAP's assigned IP, meaning that all machines on my network can be confiscated, or will it invade my privacy by recording internal IP addresses as well, so that the specific culprit's machine can be identified? "Oh, look! My network printer has been accessing inappropriate material!"

    If one is NOT on a fixed IP address, what are the chances of being accused in relation to what someone else did using that same IP address? If we all end up having to invest in "lock-down-the-user" security grade servers, who's going to pay for the hardware and the electricity bill?
    Treknology