Vague data retention proposal draws IIA ire and friendly fire
Meanwhile, government also mulls better privacy protection for Australians
The vagueness of the Australian government discussion paper for “potential reforms of National Security legislation” is becoming the focus of the country’s data retention debate.
On Friday, September 14, Senator John Faulkner, a member of the joint parliamentary committee conducting hearings into the proposals, expressed frustration at the way the debate was being conducted. In particular – and probably to the irritation of attorney-general Nicola Roxon – Faulkner complained that the vague wording in the discussion paper (PDF here) didn’t assist the debate.
The attorney-general has repeatedly stated that the data retention proposals would only cover “metadata” – most recently and notoriously in this YouTube clip – however, even the extent (or definition) of “metadata” cannot be inferred from the discussion paper.
As documented in Crikey, the vague data retention proposal is becoming a theme for Faulkner. Here are some of his statements:
“I have said before that there are no safeguards outlined. In fact, the detail about the proposal itself is obviously very limited.”
“It [the data retention proposal] is two-and-a-half lines … There is not a lot of certainty about what it does mean.”
“We would be better off if we had the government’s draft legislation or some of those proposals before us.”
The Internet Industry Society, in its recently-published submission (PDF here), agrees.
It calls for the government to clearly define “the types of data sets that would be required to be collected and retained”, something which has not been detailed in public.
The IIA is also fearful that lopsided data retention – impacting Australian businesses but unable to be imposed on international over-the-top services – “could make it difficult for [Australian businesses] to compete on a level playing field”.
“Potential reforms need to be considered with an appropriate level of checks and balances that do not unnecessarily impact on the rights or privacy of an individual, business or the community that society rightly demands”, the submission states.
Recalling the Anonymous attack that saw data lifted from AAPT, the IIA also expressed concerns about the security of retained data, and the cost of managing the regime - which would also depend on just how much data the government hopes to get service providers to keep.
In an odd irony, a different committee has just recommended that Australia strengthen the very privacy protections that the data retention proposal would erode. The House of Representatives Standing Committee on Social Policy and Legal Affairs, in its inquiry into the Privacy Amendment (Enhancing Privacy Protection) bill has recommended that Australians receive stronger privacy protection.
That committee’s report recommends, among other things, an overhaul of the powers of the Privacy Commissioner, and improvements to the Australian Privacy Principles under which both government and the private sector operate – and which the commissioner oversees.
The full report is available here (PDF). ®
I'd rather be terrorised
In fact let me make my position really clear.
I'd rather suffer the occasional terrorist attack than have my communications monitored.
I can see exactly one implementation of this scheme I could accept.
That is the carriers collect the data and had it over to a well funded statutory body t hold - who will not release it without a warrant/court order.
Of course that body would need to be really well funded, because I am positive the feds would be able to subvert or crack it otherwise.
No no no.
The govt has the laws it needs now to get our data.
If they suspect us of a crime they go to a court and ask for a warrant, present to the carriage provider and the carriage provider provides the data - as well as the meta data.
This is the exact same as requiring couriers and Australia Post to photo copy/scan every document and photograph the contents of every package they carry and retain hte images for however long.
No No no.
I think I might become a politcal refugee if this goes forward.
From the Universal Declaration of HUman Rights:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
Roxon: right let's just keep all the data!
Sounds pretty arbitary to me.
No no no.
How long do we keep mistakes?
Do you know how full of real data that meta-data will be?
Take a look at email addresses. Do you know how many people have an email address like 411...111@gmail or go to www.some_thing_private.site.com? I don't know if they are accidents or not but if you run something like Card Recon on your web, email or dns logs, it will find credit card numbers for any large organization.
Hackers don't care if your card database is encrypted, they can just grab the "name on field" or "telephone" number and find plenty of valid card numbers unless they are scrubbed.