Mandatory data retention is set to come into effect on 13 October 2015. Despite the certainty of this date, there remains considerable uncertainty within the communications industry as to what data needs to be retained to comply with the law. Among this confusion the Attorney-General’s Department has advised the industry that exemptions to the data retention regime will be revoked if their existence is publicised[1]. This is despite the legislation not specifically requiring exemptions remain confidential. The Department has argued that this is to “prevent exposing gaps in data retention legislation to be exposed to criminals”.
“The Government and the Attorney-General’s Department would have the communications industry lie down and accept its fate,” commented Michael Keating, Deputy President of the Pirate Party. “The fact is that the industry has been ignored in the Government’s push to involve itself in every individual’s and business’ communication in Australia. Not only are they dismantling the right to privacy, they want to silence anyone who challenges them, while at the same time expecting everyone to pay for the ‘privilege’. There should be no room for attacking transparency in Australia, but the Attorney-General’s Department seems willing to do this on the flimsy excuse provided.”
With the commencement of the mandatory data retention regime just around the corner, both Kmart[2] and David Jones[3] recently experienced online data breaches resulting in unauthorised access to customer details. These breaches raise serious concerns around the storage of individual’s data once the data retention regime is in operation. Internet service providers have already indicated that they would have no hesitation in storying the data overseas[4], but there is little information about security measures to prevent unauthorised access. With the stored data being capable of exposing individual’s day-to-day activities (as ABC reporter Will Ockenden’s social experiment demonstrated in August[5]), it is the perfect target for hackers wishing to access and abuse that data. The Government appears happy to use smoke and mirrors to cover this issue.
“All in all this is a messy, convoluted and potentially damaging approach to public policy and legislation. The requirement for secrecy around exemptions that the Attorney-General’s Department seems hellbent on pursuing prevents public scrutiny of the data retention regime. Individuals and businesses should be aware of the implications that this legislation brings, where warrantless and potentially unauthorised access to the data can expose an unthinkable level of detail about them and their customers,” Mr Keating continued. “For business and charities the uncertainty about where their metadata will be stored and how it will be destroyed is a massive headache.”
“The Pirate Party encourages individuals and businesses to stand up to this bullying by Governments that think it is okay to silence the communications sector over what is poorly considered, impractical and damaging legislation,” Mr Keating concluded.
The Pirate Party continues to campaign against mandatory data retention and promote awareness to individuals about what it means for them. The Pirate Party’s core tenets are centred upon protecting civil liberties and promoting transparency and open government. People looking to help protect themselves from data retention may wish to look at the Pirate Party’s guide at https://pirateparty.org.au/dataretention/
[1] http://www.itnews.com.au/news/telcos-silenced-by-agd-on-data-retention-exemptions-409637
[2] http://www.itnews.com.au/news/customer-data-stolen-in-kmart-australia-hack-409944
[3] http://www.itnews.com.au/news/david-jones-website-hacked-customer-data-stolen-410027
[4] http://www.itnews.com.au/news/offshore-storage-to-be-allowed-for-australian-data-retention-401876
[5] http://www.abc.net.au/news/2015-08-24/metadata-what-you-found-will-ockenden/6703626