Feeds

Data retention: ASIO says Web browsing habits would need a warrant

E-mail logs yes, browser history no

Internet Security Threat Report 2014

The Australian Security Intelligence Organisation (ASIO) has renewed its call for Australia to implement a data retention regime, with director-general David Irvine telling a Senate committee that it's asking for nothing that doesn't already happen, and promising that it will treat Web browsing differently to e-mail communications.

Irvine also said that it was not up to ASIO to try and work out the likely costs of such a regime, telling the Senate committee looking at changes to Australia's Telecommunications Interception Act that it would be up to the government to consult with the telecommunications industry if it were to create a data retention regime.

Noting that agencies have to pay telcos to access retained data, Irvine said a too-broad retention regime would be ruinous: “If ASIO had to pay for mass surveillance, we'd be broke in a week”, he said.

Some of the remarks Irvine made to the committee will be uncontroversial and in some quarters perhaps even welcomed. For example, a key aspect of the changes that have been brought to parliament are designed, he said, to reduce the number of warrants needed because at the moment, if an individual has a number of mobile phones, the aim is to eliminate the need to secure one warrant for each device by applying the warrant to the person instead of the device.

Irvine also explained ASIO's view of the ability to snoop on third-party computers, saying that it's necessary to prevent attacks against critical infrastructure.

“Hacker attacks on our national infrastructure [or] espionage attempts to obtain our secrets – these use innocent third-party computers,” he said. “If we can watch traffic going through that third-party computer, discarding anything we don't need, simply looking at the malicious signatures and where they come from, we have taken a great stride forward,” Irvine told the committee.

Irvine, under questioning from Senators on the committee (including Scott Ludlam [Greens], Susan Reynolds [Liberal] and Jacinta Collins [ALP]), said “ASIO is not asking for any change to the principles, definitions or rules under which we seek access to call data. What we are asking for is that the call data be retained.”

That led to an extended discussion about the distinction between metadata and content, particularly with respect to Internet browsing (for example, is the IP address of a Web server content or metadata?).

Irvine put ASIO's view that the agency considers e-mails and Web browsing as different creatures: e-mails, he said, involve an individual at each end of the communication, and therefore their associated metadata should be retained; Web browsing, he said, is considered content and could not be included in a data retention regime.

However, he said, where an individual is accessing e-mail using a Web browser: “Under the current definitions if it's an e-mail – whether you're using a browser or not, it's using a communication.

“The principle is that web surfing … or, indeed, Googling 'Al-Qaeda atrocities' … is not picked up by us, not regarded by us as metadata,” he said.

Irvine repeated a complaint that he has made in the past, that people allow commercial enterprises to invade their privacy “in order to sell you a new BMW … I cannot understand why it is correct for all your privacy to be invaded for a commercial purpose, but not by me to save your life.”

Regarding the struck-down European Data Directive, Irvine considers the court case under which it was struck down to be concerned with implementation detail rather than fundamental principles.

“The court said it didn't contain sufficient safeguards for implementation across EU member states, and the way it was framed it violated the principle of proportionality under EU law,” he said.

However, he said the court's judgement acknowledged there is a legitimate purpose to be served by data retention. “The legal processes are not yet completed, and it would be wrong of us … to rule out [data retention] as a gross violation of human rights across the board.” ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Big Content outs piracy hotbeds: São Paulo, Beijing ... TORONTO?
MPAA calls Canadians a bunch of bootlegging movie thieves
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.