Industry calls for more proportional limits to metadata retention

The federal government could substantially reduce the amount of data carriers need to store under its proposed metadata retention laws if its use was limited to investigations of higher-risk targets, Vodafone Australia says.

The legislation for the data retention scheme, which was introduced to parliament last October, requires carriers to collect and store customer metadata for two years.

The bill aims to preserve the ability of law enforcement agencies to investigate criminal and terrorist activity in the face of technology changes which could see IP communication overtake conventional switched telephone networks.

However, yesterday Vodafone Australia called on a joint parliamentary committee (to which the bill has been referred) for an inquiry to take a more proportionate response to the need to preserve national security.

Vodafone Australia has been pushing for the retention period to be limited to six months in response to concerns from its customers.

The carrier’s public policy chief Matthew Lobb told the committee that its customers concerns were driven by the scope of the scheme.

“I think it’s the fact that it’s every customer’s IP identifiers as opposed to a small sub set.

“For example, an arrangement could be put in place that identified particular IP identifiers for a particular web site. You could regularly provide a list within the six month period to enable (law enforcement) to have a list for future investigations.

“Accessing the information and protecting it appropriately for the bad people accessing bad web sites is where the operational focus should be. What we’re talking about here is retaining a substantial amount of data on everyone,” Mr Lobb told the committee.

The Australian Human Rights Commission (AHRC), which gave evidence to the committee later in the day, continued the theme.

The commission argued that the retention scheme was a “crude tool” that needed to take better account of the seriousness of the crimes it was called on to be used to investigate.

AHRC Professor Gillian Triggs said that the length of the data retention needed to be applied on a “sliding scale” suggesting that in some cases data might need to be held longer for the investigation of more serious matters.

Professor Triggs said that such decisions could be addressed by subjecting collection activity to tighter administrative controls prior to the collection of data.

“You need a process at the beginning in order to make these judgements rather than ex post facto by which time the damage is done and it’s going to be done on past performance leading to damage to a lot of Australians who will be very concerned about their rights to freedom of speech and privacy, along with other civil and criminal penalties,” Professor Triggs said.

The AHRC argued that the data retention scheme should be aligned with the European Union’s one-year retention period as a preliminary approach and, if necessary, revised after 18 months operation.

When challenged as to why the legislation shouldn’t err in favour of potential victims of crime, Professor Triggs said that 23 million Australians were effectively being asked to forfeit their rights for a small group.

“What we would say is that the more serious the offence the greater the right to interfere in the rights of the other 23 million. That’s the balance and the subjective judgement that constantly has to be made,” she said.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Upcoming IT Security Events

Feb 3rd, Feb 4th, Feb 6th 2015

Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective. 

Register Today Seats are limited

March 3rd, March 5th, March 9th 2015

Join CSO for the day@#csoperspectives and hear from @kimzetter @LeviathanSec

3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today

Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)

Join the CSO newsletter!

Error: Please check your email address.

Tags Professor Gillian Triggsfederal governmentVodafone AustraliaAustralian Human Rights Commission (AHRC)metadata retentionlaw enforcement agenciesindustry

More about Australian Human Rights CommissionCSOEnex TestLabIT SecurityVodafone

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Andrew Colley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts