Data retention grants provided too much funding to telcos: ANAO

The data retention grants program covered 100 percent of some providers' compliance costs, and in aggregate 79 percent of reported implementation costs, ANAO has revealed.

Australia's data retention grants program provided too much assistance to help telecommunications carriers comply with the new laws, a report from the Australian National Audit Office (ANAO) has revealed.

The Administration of the Data Retention Industry Grants Program report [PDF], published on Tuesday by the Attorney-General's Department (AGD), revealed that instead of covering 50 percent of implementation costs, the grants covered around 81 percent on average.

"The 172 providers had reported total implementation costs of AU$154.3 million. Total grants of AU$122.4 million had been paid to those providers, meaning the Australian government has contributed in aggregate 79 percent of industry's reported implementation costs," the report says.

"On average, the Australian government contributed 81 percent towards each of the 172 providers' reported actual costs. This included 26 providers where the grant fully met the provider's reported actual costs (which aggregated to AU$23 million), meaning the provider reported not making any financial contribution towards the cost of implementing mandatory data retention.

"This was inconsistent with the program guidelines, which had stated that grant funding allocations would not fully meet the costs of individual providers."

The ANAO found the design of the grants program by AGD "not fully effective" and its implementation "not to an appropriate standard" after supplying "substantially" more than was decided reasonable by the government.

"The design of the program exposed the Australian government to the risk that it would make a more generous contribution than the 50 percent of total industry costs the government had considered reasonable," the report argues.

"This risk was realised."

The ANAO also said conflicts of interest were not managed well; there were "significant errors and delays" in developing and signing grant agreements; and grant-reporting arrangements provided a low standard of assurance.

The audit office made four recommendations, with AGD and the Department of Industry, Innovation and Science agreeing with all of them. The first recommendation was for AGD to design and administer any future grant programs in "a way that reflects and preserves the intended cost-sharing arrangements"; and the second that AGD include mechanisms for the identification and management of conflicts of interest.

The third recommendation was for AGD to ensure details on the accuracy and timeliness of the drafting, negotiation, and finalisation of grant agreements be agreed with the department providing the grants hub service.

Lastly, ANAO recommended that AGD "determine the nature, content, and frequency of reporting requirements for grant programs proportional to the risks involved and policy outcomes being sought".

The ANAO report follows the Australian Communications and Media Authority (ACMA) revealing in December that administrative compliance costs for telcos implementing obligations was less than expected, reaching AU$176.2 million by mid-2017, despite previous predictions from AGD that compliance costs would reach AU$198.5 million by mid-2017.

Under the grants announced two years ago, Telstra had received AU$39.9 million; Vodafone Australia AU$28.8 million; Optus AU$14.8 million; Vocus AU$3.4 million; MNF Group AU$3 million; TPG AU$2.2 million; Exetel AU$1.8 million; and the National Broadband Network (NBN) company almost AU$1.1 million.

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, passed by the Australian government in March 2015, came into effect in October that year. It mandates that customer call records, location information, IP addresses, billing information, and other data be stored by telcos for two years, accessible without a warrant by law-enforcement agencies with the exception of journalist metadata.

While the purpose of the Act was to use retained data in an effort to combat national security threats such as terrorism, an AGD report in August last year revealed that it is mainly being used to investigate drug-related offences.

During October 13, 2015, to June 30, 2016, the AGD report said illicit drug offences involved 57,166 authorisations to view telco data. This was followed by miscellaneous, homicide, robbery, fraud, theft, and abduction.

Terrorism offences ranked below property damage and cybercrime, with 4,454 data retention authorisations made during that period.

An Ombudsman investigation into the "accidental" use of journalist metadata by the Australian Federal Police (AFP) last year found that the AFP was unaware of the legal requirements.

Related Coverage

Data retention compliance cost AU$50m less than anticipated: ACMA

The total cost of complying with Australia's data retention laws was AU$176.2 million by June 2017, which was partially offset by the AU$128 million grants and AU$26.6 million in costs recovered from agencies.

Data retention's value for money still not proven: Criminologist

The AU$750 million being spent on Australia's mandatory metadata retention scheme could buy a lot of crime-fighting, says criminologist Rick Sarre. Meanwhile, police are challenged by the rise of cyber crime.

Former Irish Chief Justice slams data retention as mass surveillance and threat to fundamental rights

On the plus side, at least Irish authorities will have to get juridical approval to access retained data under proposed government amendments.

Hiring kit: Android developer (Tech Pro Research)

Companies are increasingly dependent on mobile platforms to power their business operations and to enable a productive workforce - and that means hiring topnotch developers to build the apps they need.