Published on the 03/03/2015 | Written by Beverley Head
The Government’s proposed metadata retention Bill is expected to be introduced to the Parliament today – though the real debate will come later in the Senate…
A series of 39 recommendations have emerged from a review of the Government’s proposed metadata retention legislation – the final one being that the legislation be passed if the amendments are accepted. The amendments however inject even more uncertainty regarding cost for industry into the debate.
Under the Bill as it stands ISPs will be required to store metadata for a period of not less than two years, so that, if required by law enforcement agencies, it can be made available for analysis. Over the top service providers such as Google’s Gmail would not be required to store metadata.
In its original form the Bill leaves the definition of metadata to the accompanying regulations – ostensibly to allow for the pace of technology innovation, but there has been concern raised regarding the risk of scope creep. The Advisory Report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 recommends that the metadata to be collected actually be defined in the legislation, and that this make explicit that ISPs will not be required to store passwords or PINs, or web browsing histories or destination information.
It nevertheless also provides the Attorney General with some limited emergency powers to add items for inclusion in that data set if required.
As far as industry costs go the recommendations propose that Government make a “substantial contribution to the upfront capital costs of service providers implementing their data retention obligations” which had been estimated as being north of $300 million. However the recommendation that metadata is encrypted before being stored, and the extension of the Australian Privacy Principles to all ISPs (even those with revenues below A$3 million which is the general threshold) may add further costs if accepted by the Senate.
Perhaps the most significant recommendation to enterprises across Australia is that mandatory breach notification be introduced in Australia by the end of 2015. That would not just impact ISPs but every enterprise in the country, and bring Australia into line with many other Western economies.
The Parliament will now debate the recommendations. While it is looking likely that Labor will support the Government if the amendments are accepted, the Greens remain firmly opposed to the proposed legislation which communications spokesman Senator Scott Ludlam has said would allow the Government to “map your entire life without a warrant” and push Australia “further down the track of a surveillance dystopia”.
