AFP can't get data on how long it needs data

One of the strongest backers for Australian telecommunications companies to hold customer data for access by government agencies can't itself provide data on how long it usually requires that data for crime investigation to be stored.
Written by Josh Taylor, Contributor

The Australian Federal Police (AFP), which wants telcos to retain customer data indefinitely, can't say how long it usually requires the data to be kept.

The Australian government is currently reviewing Australian telecommunications interception laws, and as part of that review, the government has asked the parliamentary committee reviewing the legislation to consider requiring telecommunications companies to keep so-called "non-content" communications data of their customers — such as logs on when calls were made, or the destination IP addresses for internet use — for up to two years.

Speaking before a committee hearing in September last year, AFP commissioner Tony Negus said that two years was a compromise that law-enforcement agencies had made with the Attorney-General's Department, and said that the AFP would like the data held indefinitely.

"We would like to have it indefinitely, and if we had [our way], we would definitely like to see this held indefinitely, and then we can go back and reconstruct issues or crime scene events that happened many, many years ago, but we understand that is not practical in the context of costs associated with that," he said.

In answer to a question on notice of how long, on average, the AFP needs to keep the data, the AFP responded late last year that it didn't keep data on telecommunications requests in an easily-retrievable form.

"Automated AFP systems record the dates Historical Telecommunication Requests (Historical Subscriber Requests and Call Charge Requests) under the Telecommunications (Interception and Access) Act 1979 (TIA Act) are created and processed. This enables the AFP to report against its obligations under Section 186 of the TIA Act, to provide the Attorney General with the total number of Authorisations made under the TIA Act annually," the AFP said.

"Current AFP systems do not record the information requested by this Question on Notice (QoN) in a retrievable form. Therefore, the AFP is not able to automatically retrieve and collate the requested information for this QoN, being the number of Historical Telecommunication Requests categorised by the actual retention period e.g. the date/s the information came into existence against the date the request for information was made."

Getting hold of the data would be impractical, the AFP said, because it would require significant manual intervention.

Much of the controversy over the data retention proposal has come from the lack of a clear definition of what the government had considered to be "non-content data", and whether this would include web-browsing history. The government has since moved to state that this data would not be included, but in its own answers to questions on notice, the Attorney-General's Department said that the government could potentially create different data traffic classes that would only be available to certain agencies. Under the current system, the data is available to Commonwealth, state and territory departments and agencies, and local councils.

"As communications technology and use has changed, some data types have become more privacy intrusive. Access to the more privacy intrusive 'traffic data' could then be limited to those agencies that have a demonstrated need to access this information for undertaking their investigative functions. The less privacy intrusive category of 'account-holder data' would be available to the broader range of enforcement agencies."

iiNet has estimated that the cost for it to set up to collect and store customer data, as outlined by the government, would cost around AU$60 million to set up, and would amount to a AU$5 tax on every customer. The Attorney-General's Department denied that it would cost much for the ISPs to retain this data.

"We are not aware of purpose built facilities previously being required to store this information, and understand from discussions with most of industry that these will not be required," the department said.

"Anecdotal estimates before the inquiry regarding retention of IP address allocations are that this information can be stored '...a very long time at very little cost'. It is noteworthy that the per unit cost of storage is decreasing worldwide."

The committee was due to report on its findings by the end of 2012, however the committee failed to meet its deadline by the end of December. Crikey's Bernard Keane noted late last year that it will be unlikely that the committee will report back before the last week of January, and given the timing of the 2013 Federal Election, it is unlikely that any legislation relating to the report will pass before the election.

Editorial standards