Home & Office

Confusion reigns as data-retention planning deadline looms

With less than two months left for ISPs to provide the government with a plan of how they intend to implement the storage of data captured under Australia's data-retention scheme, many questions remain unanswered.
Written by Chris Duckett, Contributor

An industry event to discuss implementation details of the upcoming Australian data-retention scheme has shown that many of those affected are needing guidance on what data is to be collected, while an August 13 deadline looms for ISPs to submit implementation plans to the Attorney-General's Department (AGD) for approval.

Hosted by the Communications Alliance, the event showed that many entities cannot get a handle on what is meant to be collected, and what is not. Non-public guidance distributed by the Attorney-General's Department to companies that have requested it is still yet to be crystallised, six weeks out from the implementation plan submission deadline.

"That is genuinely an evolving document," AGD spokesperson Anna Harmer said. "We are working iteratively on a principles-based data set.

"Worked examples ... [on] how the dataset applies to services, that is a work in progress."

Harmer said the guidance is tiered between what is defined in the legislation, its explanatory memorandum, the guidance documentation prepared by the AGD, and, beneath that, a matrix that is currently being worked on by the Communications Alliance to provide examples for specific services.

Skeeve Stevens from Eintellego Networks said he was unimpressed by the arguments on offer.

"We seem to be bullied and pushed down a specific path with the dates and the timeframes that are being thrown at us," he said.

"There is such a mess, and so many unanswered questions, and [AGD] needs what I am going to do in six weeks? Get serious, people, this is just ridiculous."

During the discussion, it was clarified that any Australian carrier or carriage service provider that offers on-shore DNS to its customers would be required to store the metadata of the DNS requests.

Patrick Fair, representing the Communications Alliance and Baker & McKenzie, reiterated that if any of the data captured under the data-retention scheme is used by service providers in any manner -- such as having the data run through a big data-style analysis product -- then the captured data would be able to be subpoenaed in civil proceedings.

Mandatory data-retention legislation made its way through the Australian parliament in March this year, mandating that call records, assigned IP addresses, location information, billing information, and other customer data be stored by service providers for two years.

In this year's federal Budget, AU$131 million was allocated by the government towards covering the cost of creating and maintaining systems to store all Australians' telecommunications metadata for warrantless access by law enforcement.

On Thursday, the AGD said AU$128.4 million would be available to industry, beginning in the third quarter of this year.

Service providers have until August 13 to submit their plans to the AGD, leaving the department two months to approve plans before the legislation comes into force on October 13.

ISPs that are struggling to meet the October 13 deadline are able to ask the department for an extension of up to 18 months, meaning all service providers will retain data by April 2017.

Editorial standards