Vague data retention proposal draws IIA ire and friendly fire

Meanwhile, government also mulls better privacy protection for Australians

Spyeye logo

The vagueness of the Australian government discussion paper for “potential reforms of National Security legislation” is becoming the focus of the country’s data retention debate.

On Friday, September 14, Senator John Faulkner, a member of the joint parliamentary committee conducting hearings into the proposals, expressed frustration at the way the debate was being conducted. In particular – and probably to the irritation of attorney-general Nicola Roxon – Faulkner complained that the vague wording in the discussion paper (PDF here) didn’t assist the debate.

The attorney-general has repeatedly stated that the data retention proposals would only cover “metadata” – most recently and notoriously in this YouTube clip – however, even the extent (or definition) of “metadata” cannot be inferred from the discussion paper.

As documented in Crikey, the vague data retention proposal is becoming a theme for Faulkner. Here are some of his statements:

“I have said before that there are no safeguards outlined. In fact, the detail about the proposal itself is obviously very limited.”

“It [the data retention proposal] is two-and-a-half lines … There is not a lot of certainty about what it does mean.”

“We would be better off if we had the government’s draft legislation or some of those proposals before us.”

The Internet Industry Society, in its recently-published submission (PDF here), agrees.

It calls for the government to clearly define “the types of data sets that would be required to be collected and retained”, something which has not been detailed in public.

The IIA is also fearful that lopsided data retention – impacting Australian businesses but unable to be imposed on international over-the-top services – “could make it difficult for [Australian businesses] to compete on a level playing field”.

“Potential reforms need to be considered with an appropriate level of checks and balances that do not unnecessarily impact on the rights or privacy of an individual, business or the community that society rightly demands”, the submission states.

Recalling the Anonymous attack that saw data lifted from AAPT, the IIA also expressed concerns about the security of retained data, and the cost of managing the regime - which would also depend on just how much data the government hopes to get service providers to keep.

In an odd irony, a different committee has just recommended that Australia strengthen the very privacy protections that the data retention proposal would erode. The House of Representatives Standing Committee on Social Policy and Legal Affairs, in its inquiry into the Privacy Amendment (Enhancing Privacy Protection) bill has recommended that Australians receive stronger privacy protection.

That committee’s report recommends, among other things, an overhaul of the powers of the Privacy Commissioner, and improvements to the Australian Privacy Principles under which both government and the private sector operate – and which the commissioner oversees.

The full report is available here (PDF). ®

Sponsored: 5 critical considerations for enterprise cloud backup