ihorga - Fotolia

Mixed signals fuel mixed feelings about Australia's data-retention plan

There are mixed feelings about Australia's data retention plans as the telecommunications industry weighs up the costs of compliance

Australian telecommunications companies are up in arms after the government halved the amount of financial support it will give them to comply with new laws mandating the collection and retention of phone-call and internet-use metadata for two years.

The new requirements – which were passed into law in June as the Telecommunications (Interception and Access) Amendment (Data Retention) – impose conditions on telecommunications license holders that came into effect in October 2015, thanks to controversial legislation introduced despite broad opposition by the country's attorney general and prime minister Malcolm Turnbull, in his previous portfolio role as communications minister.

Reports suggest that most telcos still have yet to implement the databases and archiving capabilities necessary to handle the long-term retention of so much data, with a Communications Alliance survey in October suggesting that 84% of Australian internet service providers (ISPs) wouldn't meet the implementation deadline. Yet recent statements by the attorny general’s office and telecoms regulator Australian Communications and Media Authority (ACMA) did little to bolster ISPs' confidence in the legislation – or the government's previous promises that it would help them comply.

Speaking in October to a Senate Estimates committee, ACMA content, consumer and citizen division general manager Jennifer McNeill said that, as the scheme had only been in effect for a week, it was too early to know how much it would cost telcos to comply. The attorny general's office added: “We do not have a view or information on the cost. Our role will be to report the actual cost that industry explains to us on an annual basis.”

Some 227 ISPs had lodged formal data retention implementation plans (DRIPs) with the attorny general since the act was passed, assistant secretary for the attorny general's Data Retention Taskforce Executive Samantha Chard testified, noting that 79 of those DRIPs had been approved to date.

The DRIP lodged by the country's largest telecommunications provider, Telstra, was recently approved and took advantage of an 18-month grace period to plan a staggered implementation that will finish in April 2017. Other telcos are awaiting approval of their lodgments, which is expected to be complete before year's end.

The biggest surprise for Australian ISPs came when Chard revealed that, despite the compliance deadline having already passed, the government had allocated A$2.9m for internal administrative systems – and paid ISPs nothing so far to support their implementation of the data-retention requirements.

Furthermore, Chard revealed, just A$63.5m of the total allocation would be distributed in the full year 2015-16 – half of the A$131.3m allocated in the government's latest Budget to support implementation of the data retention legislation, which includes A$128.4m to be distributed to providers under a grants programme.

That's an average of A$320,000 per ISP, although the top-heavy nature of the ISP market means large carriers Telstra, Optus, iiNet and TPG would likely receive far more while smaller ISPs received just five or even four-figure amounts commensurate with their user base.

While 58% of Communications Alliance survey respondents said compliance would cost A$10,000 to A$250,000, some 12% of respondents expected data-retention compliance would cost A$1m or more, with the largest ISPs expecting costs of A$10m or more.

Earlier this year, a PricewaterhouseCoopers assessment of the legislation – which introduces significant costs around data storage, management and security – pegged the cost of compliance with the scheme at A$189m to A$319m, although telecommunications industry figures argued it could be much higher.

Read more about data retention in Australia

With just A$63.5m available to the industry for compliance in the first year, there are growing concerns that data-retention legislation will create a significant financial burden on the country's 400-plus ISPs.

“Our ISP members will have to pay up front for their equipment and salaries,” Laurie Patton, CEO of peak industry body Internet Australia said, “So why should they have to wait to get all their funding from the government?”

“From our ISP members' point of view, the government is now asking them to bankroll the implementation process. Our ISPs members are already incurring costs with no idea how out of pocket they will be.”

Those costs are likely to translate into increased costs for consumers as ISPs move to recoup the expenses they incur while implementing their DRIPs. Communications Alliance was vocally demanding cost clarity in March 2015 and Internet Australia has pushed for the fast-tracking of a planned 2018 review into the data-retention legislation, warning that the “fundamentally flawed” legislation has created a situation that is “far from acceptable”.

Data retention has been highly contentious in Australia, where it was pushed through Parliament in 2015 as part of a raft of anti-terrorism legislative changes that echo similar concerns in other countries. As well as ongoing concerns about the government's vagueness on the costs of compliance and its level of support, opponents have also raised concerns that the step is retrograde, given that data retention has previously struggled in the UK before being re-introduced and had been struck down as unconstitutional in Germany, Romania, Austria and the Czech Republic before being declared unconstitutional by the European Union Court of Justice in April 2015.

Read more on Data protection, backup and archiving