Telstra, Optus welcome mandatory data retention

Both Telstra and Optus have praised the Australian government's approach to the mandatory data-retention legislation.

The legislation, which was surprisingly introduced into the House of Representatives on Thursday by Communications Minister Malcolm Turnbull, will force telecommunications companies such as Telstra and Optus to retain an as-yet-undetermined set of customer data for a period of two years.

The legislation has been referred to the Joint Standing Committee on Intelligence and Security for further scrutiny, while the government continues to negotiate with the industry over the set of data that would be retained. The legislation, as it stands, seeks to specifically exclude content of data and so-called metadata that could reveal the content of a communication, such as the URL or IP address of a website a person has visited.

Last week, Telstra CEO David Thodey indicated that the company already retains a lot of data, and said he believes that the legislation isn't directed at his company. Today, a spokesperson for the telco giant welcomed the government's approach.

"Lawful access to telco data is an important tool for law enforcement and national security agencies that has helped save lives and solved serious crimes. In a sector with rapid technological change, it makes sense to look at clarifying the obligations on industry," the spokesperson said.

"In introducing the legislation today, we welcome the process outlined by the government to resolve outstanding issues. It continues the commitment they have shown in industry consultation in recent weeks to meet national security objectives, while minimising the impact on industry and consumers."

The spokesperson said that Telstra also welcomed the government's promise to contribute to the costs of implementing mandatory data retention.

"Complying with the legislation will go beyond Telstra's current business practices, but we are encouraged by the government's statements on costs that the type and volume of data is limited, and that web browsing history will not be part of the scheme."

A spokesperson for Optus welcomed the government's "balanced" approach to the legislation.

"The government is taking a balanced approach to managing the challenges of community security with effective safeguards. We are pleased that the path proposed for the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 reflects views put to the government by telecommunications carriers," a spokesperson said in a statement.

It's important to resolve practical details in ways that provide clarity for all stakeholders. We will continue to consult on the detail of the Bill over the coming weeks."

iiNet's chief regulatory officer Steve Dalby questioned the government's push to rush the legislation into parliament before the end of the year.

"Although we are encouraged by a move away from some more Orwellian aspects of the government's data surveillance proposal, we maintain there is no urgency for this bill to be passed. This is now at least the fourth data set of a retention regime floated by the government, and, given this type of confusion, we need to take a deep breath, step back, and have a good look at this new Bill. There is still no explanation of why there is any need for urgency or why the existing law is insufficient," he said.

"At a first reading, the devil is certainly in the detail of the proposed Bill. In particular, there is a need for clear definition of terms, including what type of personal information may be captured by this proposed legislation. It needs to be openly reviewed so the Australian public can understand the true scope of this proposal. iiNet will work with government, the opposition, and the cross bench to ensure the concerns of our customers are addressed in any final version of this data-retention legislation."

John Stanton, CEO of industry lobby group the Communications Alliance, welcomed the government's moves to limit the agencies that can access the stored data to criminal law-enforcement agencies, but said that the government needs to ensure that there isn't "scope creep".

"We welcome the move to restrict the number of agencies that can access metadata and the indication from government that it is willing to make a substantial contribution to the cost imposts on service providers that may flow from the creation of the data-retention regime," Stanton said.

"We are still digesting the detail of the legislation, and have no doubt that there are many issues that will need to be better refined around the implementation of any such scheme. These might include whether it is necessary or appropriate for all data to be stored for as long as two years, and how to adequately deal with the complexity of over-the-top services such as messaging platforms, which generate many forms of metadata that originate and terminate on many different applications.

"We would also like to ensure that any regime is not susceptible to 'scope creep' over time."

The legislation has set out which agencies can access the data, but the legislation also allows the Attorney-General to specify additional agencies to get access to stored telecommunications data.

Telecommunications companies appear to be the only organisations captured by the legislation, with the explanatory memorandum stating that universities, corporations, and cafes that provide free Wi-Fi and others that provide limited networks would not be required to retain data for law-enforcement purposes. However, there are hundreds of telecommunications providers in Australia that would likely be caught by the mandatory data-retention obligations.