Ending metadata usage in civil cases would introduce 'practical compliance issues': Telstra

Telstra has said there would be a number of "practical compliance issues" for telcos if laws limiting the use of data stored under Australia's data retention scheme by telecommunications companies in civil legal proceedings come into effect next month.

As Australia's data retention laws currently stand, law-enforcement agencies are able to warrantly access customer call records, location information, IP addresses, billing information, and other data stored for two years by telecommunications carriers.

However, under Section 280 of the Telecommunications Act, from April 13 any data stored solely for compliance with the data retention laws will not be able to be used in a civil court case. Data that is used for other purposes by carriers will remain available for civil proceedings.

Writing in a submission [PDF] to the Attorney-General's Department, Telstra said it is not always straightforward to determine whether data is stored solely for data retention purposes.

Telstra said it is possible telcos feed metadata stored under the data retention scheme into a central data store that would require the telco to sift through which data was kept for business purposes.

"This will create uncertainty for staff in having to differentiate between what telecommunications data is retained for the purposes of s187AA of the TIA Act, and what data is retained for other business purposes," Telstra said.

"This may be the case particularly if [carriers] are put in a position where they have to determine at what point in their systems the data retained is in compliance with the TIA Act, or whether the data is retained solely for day-to-day business purposes.

"This added logistical hurdle adds costs to the process of compliance. The differences in approach may also make it complicated for parties to litigation to know what data they will be permitted to have access to."

Australian's dominant telco warned that "potential inadvertent disclosures" may happen if carriers need to determine whether a data request was for a civil proceeding or not.

"We do not think [carriers] should be placed in a position where they are required to make a judgment call on every lawful request as whether or not to release retained data or distinguish between retained or business data," Telstra wrote.

"This will only increase the regulatory and cost burdens on society, which is already high in this regard."

Under Telstra's preferred approach, courts would decide whether metadata stored would be allowed in a civil case, and thus remove any need for the telcos to make decisions on the release of data.

In its submission [PDF], the Communications Alliance (CA) said many telcos wanted an "all or nothing" approach from AGD's review.

"Either a continuation of the currently existing disclosure rules (albeit with a clearer, more limited regime of which agencies can lawfully access retained metadata or other data) or a regime that allows access to all retained data in civil proceedings independent of the civil matter under consideration," it said.

CA also said government agencies restricted from accessing telco data by Australia's metadata laws are still able to demand data by falling back on their own statutes, and the laws forcing telcos to respond to lawful information requests.

"Such agencies include local councils (who request access to data to manage minor traffic offences, unlawful removal of trees, illegal rubbish dumping and billposters), the RSPCA, the Environment Protection Authority and state coroners, to name a few," it said.

"The use of these other powers to access communications data appears to circumvent protections in the Act and TIA Act."

Lining up to shoot down the idea of widening access to telco metadata were the Australian Privacy Foundation, Electronic Frontiers Australia, Victorian Commissioner for Privacy and Data Protection David Watts, and the Australian Communications Consumer Action Network.

Of those submissions against a relaxation of the prohibition, Labor MP Terri Butler said the government should further restrict access to metadata.

"In situations where retained telecommunications data can still be obtained without a warrant, albeit by fewer agencies than before, the government should consider whether there should be greater restrictions on access to retained data," she said.

Butler's party was crucial in passing Australia data retention laws, complete with the loopholes pointed out by CA, and a lack of data breach notification legislation until last month.

The Attorney-General's Department in December announced that it would be reviewing the law, as recommended, to look into whether retained telco data could be used in civil proceedings.

This was despite Attorney-General George Brandis saying in 2014 that data retention would not be used for copyright infringement cases -- although the Australian Federal Police admitted at the time that telecommunications customer data could be used by rights holders to prosecute online piracy -- and was being introduced only for the "highest levels of crime" including terrorism, transnational crime, and paedophilia.