ASIO weighs in on data retention proposals
- 21 September, 2012 11:00
A submission by intelligence agency ASIO to the Joint Parliamentary Committee on Intelligence and Security's inquiry on new data retention laws has been made public, with the organisation stating the interception of telecommunications data is critical for law enforcement agencies to do their job.
In its five-page submission, ASIO outlined the power law enforcement agencies already have when it comes to accessing communications data.
ASIO can currently access the content of communications relevant to investigations by seeking a warrant, but can access the information about communications -- such as parties involved in the communication and the date time and duration of communication of the parties -- with just internal authorisation.
The submission states that this metadata, or ‘communications associated data (CAD)’, as ASIO describes it, has become increasingly scarce due to changes in the telecommunications industry such as the shift to increased use of IP for communications and volume billing instead of transaction-based (per message or per call) billing.
“For many years law enforcement and security agencies (as well as many others) have been able to request CAD [communications associated data] from any carrier or carriage service provider. Agencies access … this information through an internal authorisation. This power already exists; a brand new power is not being sought,” ASIO stated in its submission.
"To the extent possible, agencies are seeking greater certainty that the information needed to protect the community will be there when they need it.
"In that sense agencies are looking to access the same general information they have been accessing for many years; information that would enable them to trace the participants of a communication in retrospect, when the communication occurred and ideally where the parties were."
This information could include information about the parties involved in the communication; the date, time and duration of communication; the method of communication, such as an email or phone call; and identify the location of the parties involved.
“In this context, agencies are not seeking access to the content of communications,” it says in its submission.
Like Attorney-General Nicola Roxon, who has stepped up her campaign to quell public and industry concern over the data retention proposals, ASIO has indicated that it is not seeking new powers to access the content of communications.
ASIO devotes several pages of its submission detailing its requirement to seek warrants when it wishes to access the content of communication, with warrants to be approved by the Attorney-General or authorised under the Telecommunications (Interception and Access) Act.
However, accessing communications metadata is "vital to law enforcement and security intelligence agencies for pre-warrant checks, investigative leads, intelligence and evidentiary corroboration,” ASIO’s submission states.
ASIO has also backed the proposals to retain data for two years due to investigations typically taking years to complete – shorter time periods could pose a risk to agencies not being able to progress an investigation properly, it said.
“The reform proposals are about properly equipping our law enforcement, security and intelligence professionals to do the job that Australians have entrusted to them. They are also about continuing to ensure that the Australian telecommunications sector is properly protected,” ASIO said.
ASIO’s submission also highlights the potential privacy implications of data retention, with it suggesting new penalties be introduced for people misusing stored data and a data breach notification scheme to be set up.
Follow Stephanie McDonald on Twitter: @stephmcdonald0
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Advanced Persistent Threats and Real-Time Threat Management
- Getting Real About Security Management and Big Data – A Roadmap for Big Data in Security Analytics
- Endpoint Security and Virtualisation
- How Web Security Improves Productivity and Compliance
- 2013 Global Information Security Survey: Initial findings
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Real-Time Protection Against Malware Infection
Malware is at such high levels (more than 60 million unique samples per year) that protecting an endpoint with traditional antivirus software, has become futile. More than 100,000 new types of malware are now released every day, and antivirus vendors are racing to add new protection features to try to keep their protection levels up. Read more.
Deploying Flash in the Enterprise
Flash is quickly emerging as the preferred way to overcome the nagging performance limitations of hard disk drives. However, because flash comes at a significant price premium, outright replacement of HDDs with flash only makes sense in situations in which capacity requirements are relatively small and performance requirements are high. Learn how deployment approaches-including hybrid storage arrays, server flash, and all-flash arrays-that combine the performance of flash with the capacity of HDDs can be cost effective for a broad range of performance requirements.
Vodafone Ireland Implements World-Class Service Excellence with HP BSM
Shane Gaffney, head of IT operations explain how HP Business Service Manager solutions have helped Vodafone to transform from a reactive to a proactive IT Operations function, and to align their priorities to match the business and drive business value, delivering 300% ROI in one year. Download today.