Telcos and law enforcement split over data-retention period

Telecommunications companies have argued that the period of mandatory data-retention in Australia should be less than two years, while law-enforcement agencies have indicated that they would like the data retained for as long as possible.
Written by Josh Taylor, Contributor

Australian telcos have said that most requests for access to store customer data are for data that is less than 12 months old, but law-enforcement agencies have said that older data is just as valuable for criminal investigation as brand new data.

The government's legislation to require Australian communications companies to retain an as-yet-undefined set of telecommunications customer data for two years is currently being reviewed by the Joint Parliamentary Standing Committee on Intelligence and Security, ahead of being debated in parliament in February next year.

The legislation is strongly backed by law-enforcement agencies, who complain that criminal investigations are being hindered because they rely on "luck" for telcos to retain this data for access by law enforcement for criminal investigations.

Despite all law-enforcement agencies highlighting the critical need for the data, none of them were able to quantify in submissions to the inquiry exactly how many criminal investigations have been aided by access to telecommunications customer data.

"The usefulness of historical data is not captured," Victoria Police said in its submission.

"The information is not collected," South Australia Police said.

"WA Police is unable to provide the information sought as the databases used to request, record, and disseminate telecommunications records do not record court outcomes," Western Australia Police said.

"Historical communications data is a fundamental building block of most investigations. However, it is not possible to precisely report on how many cases are assisted in securing a criminal conviction," the Australian Federal Police stated.

Nevertheless, the agencies are keen for the data to be retained for at least two years at a bare minimum. Australian Federal Police (AFP) commissioner Andrew Colvin told the committee on Wednesday that approximately 92 percent of counter-terrorism investigations use stored communications data.

When asked by Liberal MP Philip Ruddock whether data should be retained for longer than two years, Attorney-General's Department assistant secretary Anna Harmer indicated that telcos are under no obligation under the legislation to destroy the data after two years, and Colvin said he would like it kept for longer.

"The longer the data is kept, the better," he said.

The telecommunications industry is fighting to retain the data for a shorter time period than the mandated two years under the legislation, however. In the Communications Alliance's submission to the inquiry, it recommended that the limit be set to six months for internet data, and up to two years on a voluntary basis.

Colvin indicated that 90 percent of the data obtained by the AFP is less than 12 months old, but that the 10 percent is just as important as the other 90 percent.

"It could be the 2 percent outside of the longest length of retention is the most crucial piece of information you're looking for," he said.

"It's about trying to find the compromise between the security and privacy concerns."

AFP deputy commissioner Michael Phelan said the age of the data IS relatively irrelevant to law enforcement.

"There's no correlation between the length of time, and the value of that information. It could be as important as if it were five years old, or 10 years old, as if it was two days old," he said.

The government still does not have a defined data set for the data to be retained. Harmer indicated that the set would be decided based on negotiations with industry, and the outcome of the committee's report.

Ultimately, the data will be set in regulation, rather than in legislation, meaning the attorney-general of the day will decide what data telcos must retain.

The government has also yet to work out the cost to internet service providers to retain the data for two years.

"That costings work is ongoing, and industry is providing information to support that," Harmer said.

Editorial standards