denisovd - Fotolia

Australia expands communication data retention programme

Australia has introduced a communications data retention law along the same lines proposed for UK legislation, despite opposition from citizens

The Australian government has enacted a controversial data law that requires telecommunications companies to retain a wider range of call and text data for two years.

The law was pushed through parliament despite opposition from Australian citizens, the Green Party and six independent senators, mirroring the way the UK's equally controversial Data Retention and Investigatory Powers Act was pushed through parliament in July 2014.

Some communcations data was retained in the past on an ad hoc basis, but the new law enforces and expands what data must be retained – which now includes what parties were connected, duration of calls, location of callers, volume of data exchanged, device information, IP addresses and email addresses.

In response to opposition to the legislation, the Australian government has emphasised that the law calls for the retention of only metadata that does not include the content of calls or messages.

However, opponents to the law have pointed out that metadata still paints a detailed picture of what people are doing, even if the content of messages is not included.

Metadata can be immensely valuable to intelligence agencies as, while it may not reveal the details of what you said or wrote, it can still paint a surprisingly full picture of your private life,” wrote independent security consultant Graham Cluley in a blog post

“And yet governments argue that the information is harmless for them to collect, often making the comparison to the information stored on the outside of any envelope when a letter is sent,” he wrote. “Well, if it's so benign, why do they have so much interest in collecting metadata?”

Like the UK’s proposed Investigatory Powers Bill, the Australian law is aimed at making it easier for Austrian authorities to access telecommunications data. Such data may be accessed in many cases without a warrant.  

However, unlike the proposed UK legislation, third-party email, video, and social media platforms such as Gmail, Hotmail, Facebook and Skype are exempt from some of the data-retention requirements, according to the BBC.

Security vs civil liberties

The bill was introduced by Australian prime minister Malcolm Turnbull while he was still communications minister.

Turnbull said the legislation was "critical" for security and law enforcement agency investigations into terrorism.

Announcing its intention to move forward with the Investigatory Powers Bill in May 2015, the UK government said communications monitoring powers are necessary to address “ongoing capability gaps” in combating terrorism and other serious crime by building intelligence and evidence about suspects.

Read more about the UK Investigatory Powers Bill

Critics of the Australian law say it is expensive and complex for internet service providers (ISPs) to implement, while wrong-doers can easily hide their activities by using encrypted messaging services.

According to the Communication Alliance industry body, the cost of compliance for smaller telecoms firms will be between A$10,000 (£4,800) and A$250,000. The government is reportedly providing A$130m in support, particularly for smaller providers.

In July 2011, the US House of Representatives approved a similar piece of legislation requiring ISPs to save logs of all their customers' activities for 12 months.

The House Judiciary Committee said the data could help future police investigations concerning child pornography.

Supporters of the bill said the legislation would help lift law enforcement out of the "dark ages" by enabling agents to subpoena IP information instead of needing a court-ordered warrant, but opponents said expressed concerns that it would create a database of every US internet user that could be used for purposes other than protecting children from pornographers.

Read more on Privacy and data protection