Data retention a barrier for IoT

Australia's mandatory data-retention laws could stymie growth in the IoT, dissuading companies from combining data storage with carriage service provision.
Written by Corinne Reichert, Contributor

Mandatory data-retention laws could act as a deterrent for Australia's efforts to jump on the Internet of Things (IoT) bandwagon, as companies that wish to combine carriage services with data management would then have to shoulder the cost and burden of storing large amounts of data, according to an Australian lawyer.

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, passed by the government in March, came into effect last month. It will see customers' call records, location information, IP addresses, billing information, and other data stored by telcos for two years, accessible without a warrant by law-enforcement agencies.

Rather than simply smartphones, tablets, and desktop computers being connected, however, the IoT will lead to 26 billion things -- 9 billion mobile phones, 10 billion consumer electronics, and 7 billion machine-to-machine (M2M) devices -- being connected to the internet by 2020, according to Ericsson, with Cisco predicting 50 billion things.

Patrick Fair, a partner at law firm Baker and McKenzie, pointed out that becoming subject to these laws would lead to a slowdown in IoT development nationwide.

"Mandatory data-retention rules, which are, of course, a huge regulatory imposition, not only captures CSPs [carriage service providers] and ISPs as well as carriers, but also operates as a positive disincentive for people doing services which combine carriage with data management, which is a key thing in the IoT," Fair said, speaking at CommsDay's Unwired conference in Sydney on Tuesday.

"So, if I'm an information processing service provider and I say to you, 'Look, I can take your office system and I can put it in my datacentre', good, no problem, I can do that. But the minute I throw in some resold carriage, I become a CSP, and I pick up mandatory data-retention obligations, and I have to look at the messaging systems and the carriage systems that are involved in taking on that customer's implementation and what data I'm going to have to retain about that, which wouldn't have been retained if the system had been implemented by the customer in their own premises or on their own terms, or if I hadn't done bundled carriage with information processing.

"Very stupid system. It's been ill conceived by the government."

The government announced in its 2015 Budget in May that it would allocate AU$131.3 million to the scheme, but Communications Alliance CEO John Stanton said that this would likely cover between only one-third and half of the estimated cost to ISPs.

With the IoT not about things themselves, but rather about the data analytics collected from interconnected things -- according to Cisco CTO for Australia and New Zealand Kevin Bloch -- it's not only the logistics and cost of retaining the data that is the issue.

The sheer amount of data retained under the IoT will provide an even more lucrative "honey pot" for would-be hackers, resulting in privacy and security implications.

Prior to the law's passing, Australian Privacy Commissioner Timothy Pilgrim attempted to argue that the two-year retention period should be assessed against the risk to privacy of storing such a large amount of personal data. He pointed out that 90 percent of investigations relying on retained data only use data that is less than one year old.

"If a decision is made to implement a scheme such as this which is going to require, as I said, the holding or the collection and retaining of huge volumes of data and personal information about people for a long period of time, we need to look at what else we can put in place to do our best to secure that information," Pilgrim said.

In July, the Labor opposition party called for a review of the data-retention legislation despite helping to pass the law, saying the retention period and cost need to be revisited.

Electronic Frontiers Australia had previously pushed amendments to the legislation to shorten the "unjustifiably long" two-year retention period. Comparable laws in other countries have much shorter retention periods; a Bill facing German Parliament will see data stored for just 10 weeks.

There has also been debate about what networks should form the backbone of the IoT, with the CEO of startup National Narrowband Network (NNN), Rob Zagarella, saying the biggest barrier to establishing the IoT is the inherent expense in connecting so many "things".

"Some of the challenges -- and there are many -- I think the greatest challenge is the cost of actually installing and managing comprehensive coverage across a broad range of these applications, across millions and millions of endpoints," Zagarella said.

"For small amounts of data transferred frequently, it needs to be low cost from a business case perspective. We're talking about a few dollars per annum for a device."

Zagarella said today's mobile networks "aren't necessarily ideal to meet some of these IoT challenges", as they have been set up with high ARPU in mind, with significant costs and investments in spectrum.

The data doesn't need to be managed by one big player, he argued. Instead of cellular networks, low-power, long-range wide-area networks such as LoRa that use available, unlicensed radio spectrum should be rolled out.

"Low-power wide-area network technology was designed specifically to meet the low-power, low-throughput and link budget requirements of IoT," he said.

"It's adaptable, it doesn't need to be planned in the same way that an existing carrier technology does; it's designed to deal with a high level of interference, with random, unexpected signals, so there's no need to set aside specific spectrum for it; it uses a distributed RAN -- radio access network -- that accesses very low-cost and not very smart base stations that collect the data and transmit it back over a very large distance to the core without a lot of significant processing required, which again produces costs. And then, of course, there's a centralised network management infrastructure that manages that traffic across the network in a very optimal, efficient way."

Most significantly, LoRa is a more collaborative technology, allowing a low-cost point of entry for more users to make use of the IoT.

"From NNN Co's perspective, we're in the business of enabling IoT, and we believe that to make IoT happen, we need the collection and use of data to be as simple and cost effective as possible."

The NNN began trialling its technology on Sydney's North Shore in August across 10 base stations covering 50-100 square kilometres, with the company aiming to roll out its wireless network nationwide. In Australia, the LoRa technology operates across the 918MHz-928MHz spectrum band.

NNN co-founder David Spence told ZDNet in August that the company has been "getting a lot of interest from all sorts of sectors".

Earlier this month, Telstra likewise announced a trial of LoRaWAN technology in Melbourne with unknown suppliers, scheduled to take place between November 28 and December 3.

"This trial will help inform our view on the role for the technology," a Telstra spokesperson told ZDNet.

"The IoT Challenge will help Telstra understand applications that operate within the constraints of a low rate, highly efficient wireless data service of which there are several solutions available."

Ericsson is continuing to push a cellular network for IoT, however, with senior engagement manager for Mobile Broadband Practice Southeast Asia and Oceania Stephen Coffey saying that Australia is in a position to leverage its broad 2G, 3G, and 4G coverage towards 5G.

"The cellular industry -- I think we have a clear path as we move towards 5G. 5G is an enabler for new applications ... particularly the critical machine-type communication, but then what we will do is take the current technology we have, which is 2G, 3G, and 4G, we're going to focus on evolving the 2G and the 4G," Coffey said at CommsDay Unwired.

"At the same time, we've got this target towards LTE machine type -- LTE-M -- and the narrow-band LTE, so we've got these two parallel paths, which at the same time are going towards an evolution towards 5G.

"So it will sit there, with a beautiful network underneath in the right frequency bands that gets the coverage, in this country we've got 700MHz, we've got 850MHz, we've got 1800MHz, and then we're going to go up to 2600[MHz]. So that will form this large foundation of a LTE network that will evolve, which will address these IoT type of requirements, and on top of that you can have the 5G type of access where and when you need it sitting on top of it in that 2020 timeframe."

Editorial standards