A parliamentary inquiry has recommended that any data retention laws should include provisions to protect privacy and provide oversight.
The inquiry by the Parliamentary Joint Committee on Intelligence and Security examined proposals for changes to telecommunications interception, telecommunications sector security and Australian intelligence community legislation.
These included a proposal for a data retention regime in Australia, provoking a backlash from civil libertarians, the public and the Greens.
The committee recommended that any data retention legal framework cover only metadata and exclude the content of electronic communications, such as emails and text messages. Where content cannot be separated from metadata, a warrant should be requested.
The report also recommended Web browsing be excluded; stored data should be encrypted; data should be held for two years at most; and a data breach notification scheme be introduced.
The committee said that it should provide oversight for a data retention scheme, in addition to the ombudsmen and the Inspector-General of Intelligence and Security. Any scheme should be reviewed by the committee three years after it is established.
Costs incurred by providers to comply with a data regime should be borne by the government, not providers, the committee's report recommended. ISP iiNet has previously stated it would cost up to $60 million for the government to comply with a data retention regime.
The Australian Mobile Telecommunications Association and the Communications Alliance have said detailed data retention reforms could cost the industry over half a billion dollars.
The report also recommended reviewing the number of organisations that can access telco data.
“This review should focus on reducing the number of agencies able to access telecommunications data by using gravity of conduct which may be investigated utilising telecommunications data as the threshold on which access is allowed,” the committee said.
During the inquiry, Telstra revealed that non-police and intelligence agencies, such as the RSPCA and local councils, request customer information from the telco to aid with investigations.
Greens Senator Scott Ludlam has strongly opposed any potential data retention regime and said the proposals should be rejected by the federal government.
“Ninety eight point nine per cent of public submissions to the national security inquiry were opposed to mandatory data retention. This report refused to endorse data retention and condemned [the] government’s secretive approach,” Ludlam said in a statement.
“Also troubling, the report recommends making the refusal to assist in decryption of communications a criminal offence. This has serious ramifications for protecting whistleblowers, journalists’ sources, and general privacy – and should be rejected outright by the government.”
Ludlam has previously told Computerworld Australia he suspects if the Coalition wins the September election it will forge ahead with data retention legislation.
In total the committee made 43 recommendations. It noted there were several challenges in carrying out the inquiry, including a lack of information from the Attorney-General’s department around the scope of the inquiry.
“First, it meant that submitters to the Inquiry could not be sure as to what they were being asked to comment on,” Anthony Byrne, chair of the committee, said in the report.
“Second, as the Committee was not sure of the exact nature of what the Attorney-General and her department was proposing it was seriously hampered in the conduct of the inquiry and the process of obtaining evidence from witnesses.
“Importantly the committee was very disconcerted to find, once it commenced its inquiry, that the Attorney-General’s Department had much more detailed information on the topic of data retention.”
The committee has recommended exposure draft legislation around data retention should be examined before any legislation is introduced.
Follow Stephanie McDonald on Twitter: @stephmcdonald0
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.