iiNet's chief regulatory officer Steve Dalby has said that the Attorney-General's Department's confidential briefing on the data telcos would be required to retain under law enforcement proposals is far wider than that being explained to the public.
Last week, the head of the Australian Security Intelligence Organisation, David Irvine, told the parliamentary committee investigating telecommunications interception and access legislation that a controversial proposal supported by ASIO to require telecommunications companies to retain customer data for up to two years for law enforcement investigation was similar to the call record and billing data already stored by telcos for customer records today, and not more.
But Dalby today contradicted Irvine's statement, telling the committee in Sydney that the Attorney-General's department has asked for much more than what he says the government refers to as "just metadata".
He said if it was just limited to call records "we can probably pack up today and we won't speak again", but said that confidential documents provided to the industry by the Attorney-General's department highlight a much more expansive collection of data required.
"This broader data set has been described as consistent with that adopted in the European Data Retention Directive and is the data necessary to trace and identify the source and destination of communications (including unsuccessful or un-tariffed communications) on fixed network and mobile network telephony as well as Internet access, Internet email and Internet telephony," he said in iiNet's submission (PDF).
"It is further described as necessary for agencies to have access to the data to 'reveal the daily habits of targets to enable targeted surveillance.' We were also told that the additional data collection results from '… the use of new technologies, such as Voice over Internet Protocol (VoIP) and encryption, increases among agency targets.'"
He said the government had an inconsistent and contradictory message about the data it is considering forcing ISPs to retain, creating uncertainty for the telecommunications industry.
"A definitive statement outlining the government's requirements would reduce uncertainty," he told the committee.
Under the confidential definition, Dalby said he has revised his original estimation of AU$60 million per year to retain the data up to $100 million per year for the first two years, and increasing after that as more data is collected.
He said iiNet would also need to hire someone to strip out petabytes of content from the metadata collected every day.
"If the suggestion that content is not required, someone will be required to process the metadata that is collected to ensure content is stripped out," he said.
"You will need super computers to strip out that data."
iiNet would only collect data on "inoffensive Australian citizens" when required to by law, but it must be up to the government to store the data.
"Law enforcement is the responsibility of governments. They carry the costs of such work, on behalf of the population. It is inappropriate to impose costs and obligations on unwilling commercial entities in order to create an intrusive police state," he said.
"A regime obsessed with surveillance of the general population, and the compilation of digital dossiers on every citizen, including children and the innocent, is incongruous in Australia. In the event that a police state is established, we accept we will have no option. In the meantime, we find it 'off brand' for iiNet and in conflict with our corporate values."
iiNet's view that it should be the government's responsibility to store the data is in contrast with ASIO's, with Irvine stating last week that telcos retaining responsibility for storing the data would ensure it wouldn't evolve into a "Big Brother" type regime of government data collection similar to that operating in the United States by the NSA.
"We're not seeking a Big Brother arrangement where the government itself stores all that data. We want the companies to keep that data. The problem is that as technology advances, the companies don't have the commercial need to keep that data as they once did," he said last week.
Communications Alliance CEO John Stanton said that it would cost the industry upwards of AU$500 million to implement a mandatory data retention regime, and it would have to be stored externally to protect the data.
"We'd have to duplicate the data because this data comes from a multitude of IT systems within carriers, aggregated, and then we'd have to store it," he said.
"I'm sure there's a vacant suburb somewhere where we can build a datacentre," Australian Mobile Telecommunications Association CEO Chris Althaus said.
Stanton said it would be easy for a large company like Telstra to build a way to meet the requirements for mandatory data retention, but smaller telcos would struggle.
"If you go down to the smallest of players, you've got a simpler task, but you've got the situation where they may end up doing this manually," he said.
He suggested that individual agencies that make data access requests to agencies be required to pay for it, to ensure that it is not over used in a tight budgetary environment."
Liberal Senator Ian Macdonald told the executives providing evidence at the committee that he often didn't understand what they were talking about.
"When I log on to my cloud, I don't quite know what it means, but I thought it was something in heaven," he said.