Telcos renew calls to limit metadata retention
ASIO boss “doesn't understand” says iiNet's Dalby
Australian internet service provider (ISP) iiNet's chief regulatory officer Steve Dalby has (once again) come out swinging against proposals in Australia to introduce a mass data retention regime, telling a senate committee that the head of ASIO doesn't understand what law enforcement is asking for.
Dalby was addressing the Senate Committee reviewing the Telecommunications Interception Act.
After discussing what the ISP considers to be potentially onerous and intrusive metadata storage requirements (which iiNet has put at costing more than $AU80 million), Dalby criticised what he believes are widespread misconceptions about metadata collection – particularly that it would be easy to accomplish, and that collecting “just metadata” is no more intrusive than looking at envelopes rather than the letters in them.
Dalby reiterated statements (and, for that matter, articles) he's previously made regarding how revealing metadata is, saying that in the online environment, metadata is “pervasive and intrusive”.
“Metadata reveals more about the individual than the content itself,” Dalby added.
ASIO inspector-general David Irvine was singled out for particular attention by Dalby over remarks he made last week to the same inquiry.
“I don't think he understands or has had advice that makes it clear to him what he's asking of the industry”, Dalby said to the committee.
Dalby also criticised inconsistent government messaging about the metadata question: while public statements from law enforcement and the attorney-general's department (under various political masters) suggest that the amount of metadata sought for storage would be minimal, the confidential brief that carriers and ISPs received two years ago suggested a far more extensive regime is under consideration.
“The inconsistent and contradictory messaging from government sources is unhelpful,” Dalby said.
He also remarked that the widespread belief that “service providers routinely engage in data retention for their business purposes” is “seriously overstated”. For example, what an ISP might collect (such as data usage to enforce quotas) is far less than tracking URLs, source and destination IP addresses, e-mail headers and the like.
The presentation used by iiNet at the hearing is here.
$AUD500 million industry bill
Earlier in the day, AMTA – the Australian Mobile Telecommunications Association – pushed back against widespread reports that Australian carriers provide “cell dumps” or “tower dumps” to law enforcement.
Such “dumps” refer to agencies requesting that carriers record and provide all activity at a particular mobile phone base station, for a particular time, a practise that has caused controversy in the US.
AMTA's Chris Althaus said Australian carriers are more likely to respond to a request that stipulates an individual, based on the Telecommunications Interception Act and the Telecommunications Act.
Requests from agencies, Althaus said, generally ask for the location of a single individual handset.
“I understand that you do get requests sometime … you are asked to provide all the traffic that passed through that tower at that time?” asked committee chair Senator Scott Ludlam of the Greens.
“We request that agency to supply the handsets,” was the answer, “the telephone number of those handsets. We don't like the agencies fishing for information,” Althuas said. “We are very prescriptive in when we respond”.
AMTA and the Communications Alliance also put to the inquiry that the cost of industry-wide data retention would approach $AUD500 million.
The hawkish view of interception represented to the committee by former assistant secretary of the US Department of Homeland Security Stewart Baker, who said the right to privacy in America is a “bunch of peculiar laws”.
Baker said the failure to prevent terrorism is due to “an unholy alliance of business and privacy activists … making it very difficult even when you can see a disaster coming, to take action against that disaster.”
He also complained that Edward Snowden's leaks exposed US practises “in a fashion designed to create a bad reaction”. ®
Sponsored: DevOps and continuous delivery