ASIO weighs in on data retention proposals
- 21 September, 2012 11:00
- Comments
A submission by intelligence agency ASIO to the Joint Parliamentary Committee on Intelligence and Security's inquiry on new data retention laws has been made public, with the organisation stating the interception of telecommunications data is critical for law enforcement agencies to do their job.
In its five-page submission, ASIO outlined the power law enforcement agencies already have when it comes to accessing communications data.
ASIO can currently access the content of communications relevant to investigations by seeking a warrant, but can access the information about communications -- such as parties involved in the communication and the date time and duration of communication of the parties -- with just internal authorisation.
The submission states that this metadata, or ‘communications associated data (CAD)’, as ASIO describes it, has become increasingly scarce due to changes in the telecommunications industry such as the shift to increased use of IP for communications and volume billing instead of transaction-based (per message or per call) billing.
“For many years law enforcement and security agencies (as well as many others) have been able to request CAD [communications associated data] from any carrier or carriage service provider. Agencies access … this information through an internal authorisation. This power already exists; a brand new power is not being sought,” ASIO stated in its submission.
"To the extent possible, agencies are seeking greater certainty that the information needed to protect the community will be there when they need it.
"In that sense agencies are looking to access the same general information they have been accessing for many years; information that would enable them to trace the participants of a communication in retrospect, when the communication occurred and ideally where the parties were."
This information could include information about the parties involved in the communication; the date, time and duration of communication; the method of communication, such as an email or phone call; and identify the location of the parties involved.
“In this context, agencies are not seeking access to the content of communications,” it says in its submission.
Like Attorney-General Nicola Roxon, who has stepped up her campaign to quell public and industry concern over the data retention proposals, ASIO has indicated that it is not seeking new powers to access the content of communications.
ASIO devotes several pages of its submission detailing its requirement to seek warrants when it wishes to access the content of communication, with warrants to be approved by the Attorney-General or authorised under the Telecommunications (Interception and Access) Act.
However, accessing communications metadata is "vital to law enforcement and security intelligence agencies for pre-warrant checks, investigative leads, intelligence and evidentiary corroboration,” ASIO’s submission states.
ASIO has also backed the proposals to retain data for two years due to investigations typically taking years to complete – shorter time periods could pose a risk to agencies not being able to progress an investigation properly, it said.
“The reform proposals are about properly equipping our law enforcement, security and intelligence professionals to do the job that Australians have entrusted to them. They are also about continuing to ensure that the Australian telecommunications sector is properly protected,” ASIO said.
ASIO’s submission also highlights the potential privacy implications of data retention, with it suggesting new penalties be introduced for people misusing stored data and a data breach notification scheme to be set up.
Follow Stephanie McDonald on Twitter: @stephmcdonald0
Follow Computerworld Australia on Twitter: @ComputerworldAU
Recommended
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Larry Page wants to see your medical records
-
Dual-Persona Smartphones Not a BYOD Panacea
-
After two-year hiatus, EFF accepts bitcoin donations again
-
CIOs struggle to deliver timely mobile business apps: survey
-
Spiceworks' free management software gets integrated MDM
-
New Demands for Real-time Threat Management
Many organisations are evaluating a new security model based upon IT risk management best practices. This is a good idea, but not enough for today’s dynamic and malevolent threat landscape. To keep up with IT changes and external threats, large organisations need to embrace two new security practices: real-time risk management for day-to-day security adjustments and real-time threat management to detect and remediate sophisticated, stealthy, and damaging security breaches (i.e., advanced persistent threats, or APTs). Learn more. -
BYOD and Beyond - Implementing a Unified Access Solution
The rise of BYOD programs is the single most radical shift in the economics of client computing for business since PCs invaded the workplace. Whether you are contemplating the creation of a BYOD program or currently trying to establish one, this fact cannot be overstated. Find out how to overcome these challenges. -
NetApp FAS6240 Clustered SAN Champion of Champions
Storage systems today must match agility with diversified I/O performance to satisfy an enterprise’s changing needs. In their review, Silverton Consulting ranks the NetApp FAS6240 Clustered SAN, as an Enterprise OLTP “Champion of Champions.” Read the results of their benchmark testing and the features that impressed them the most.
Get exclusive access to Invitation only events CIO, reports & analysis. 
