Online
Brought to you by

Australian Government's Data Retention Plan: Everything You Need To Know

You may have heard some scary words this afternoon about new laws to fight terrorism. Inside those words is a proposal for something called “data retention”. This is what it means, and whether you need to start proverbially flushing your internet history.

(By the way: loljks, flushing your internet history does nothing.)

Wait, What’s Happening?

For those who have been left massively out of the loop, data retention is a system that will see telcos and ISPs retain metadata on their customers for a prescribed period of time. The data would then be used by law enforcement agencies to catch bad guys and home-grown terror threats according to the announcement from Prime Minister Tony Abbott today.

The nation, and key members of Parliament, have been divided on the issue, with one politician saying that the system would treat all Australians “like criminals”. Others say that if you’ve got nothing to hide, you’ve got nothing to fear. Hmmmmm.

New legislation set to be introduced by the Government will compel industry players to retain the data, meaning that there’s no escape.

Privacy groups, telcos and ISPs alike see it as a privacy nightmare, simply because it scoops up everyone’s data at once, treating everyone as a suspect when no real crime has been committed by the overwhelming majority of users. Spy agencies see it as a blessing because all the relevant evidence needed to score a conviction against a suspected terrorist is there in black and white and easily accessible.

Where Did This All Come From?

Even though it was Prime Minister Tony Abbott, Foreign Minister Julie Bishop and Attorney-General George Brandis who presented this scheme in a press conference today, this plan wasn’t their idea to start with. It originated a long time ago with the former Labor government who wanted a data retention scheme for similar reasons: to help out law enforcement catch bad guys and get the all-important conviction without having to go back in time to get a warranted wire-tap.

We all thought the data retention scheme was dead when the former Joint Select Committee on Security and Intelligence tabled a report to the former Labor government and then-Attorney General Nicola Roxon saying that it would be “up to the government” to decide what happened with data retention. Labor Attorney General Mark Dreyfus later dropped the government’s plan for data retention.

When Will It Take Effect?

The Government will need to pass legislation in order to legally compel ISPs and telcos to retain data on their users. That means a lot of negotiation and red tape to get around for the Government. The short answer is that right now, our privacy is safe, but it won’t be forever.

Attorney General George Brandis said that he expects data retention legislation to form the “third tranche” of the Government’s new counter-terrorist plan. The second is new laws for police and spy agencies and lowering the burden of proof for search warrants (among other policies). The Government plans to enter legislation into the House for the second tranche in the first two weeks of the Spring Sitting Session.

The third tranche, the data retention legislation, would come “later in the year”. We have until at least September before we even see a draft of the legislation, according to the AG.

What Will They Store?

Spooks will try and tell you that metadata never contains any identifying information about the contents of calls, emails, messages or traffic sent over web connections. It just stores the info on how long you’ve been on a particular site, or a particular call, or when you sent a particular message and who to. Privacy advocates believe that metadata actually fingers a user for more than just that.

Philip Branch from Swinburne University writes on the implications of metadata collection and what it means for the privacy of users:

Even before smartphones and the internet, metadata from the mobile phone system was surprisingly rich. Metadata could provide information as to whether the call was forwarded and where it was forwarded to, whether or not it was answered, and so on.

Such information is invaluable in building up a model of relationships. But not only did the phone network provide information about the participants to a call, it could also provide approximate information about where the call was made.

Since mobile phones are connected to the network via nearby base stations usually located only a few kilometres away, metadata reporting which basestation the handset is attached to gives location information accurate to a few kilometres.

Also, since the phone is connected to a basestation whenever it is switched on, the phone can provide continuous location information regardless as to whether or not calls are made.



Mobile internet has been both a blessing and a curse for investigators. Smartphones are used for many more purposes than voice only telephones.

Generally, people use a smartphone much more than they used older types of telephones. Consequently, many new forms of metadata have become available. Email addresses, websites visited, files downloaded all present many new opportunities for investigators to gather metadata.

Not only is material downloaded, but a considerable amount of material is also uploaded.

Pictures, videos, social media updates all provide metadata that could be of use in an investigation. For example, images captured on a smartphone will, unless steps are taken to remove it, contain GPS location information accurate to within a few metres.

Other metadata that might be of interest includes when the image was created, who created it and the device it was created on. Metadata might even be added, perhaps unwittingly, when people tag images with comments.

Who Will Pay For It?

Good question. Right now, we don’t really know.

Industry heavyweights like Steve Dalby from iiNet believes that ISPs will be compelled to pay for it themselves, meaning that costs will eventually be passed onto users.

Dalby said at a Senate Hearing that any mandatory data retention scheme would see the ISP saddled with an additional cost of $5 per user per month, which would arguably be passed on and charged to customers.

That number stems from the storage costs of data collected, which would cost $100 million in the first two years and double after that due to the explosion of data on the internet.

Is There A Way I Can Fight Back Against This BS?

Not really, not yet.

The Greens have vowed to fight the legislation which means there’s some hope of it being slowed down when it comes to a vote, but that won’t hold it off forever. The best thing you can do is make noise to the right people.

It’s definitely worth getting in touch with your local MP to tell him or her that you really hate the idea that all your data will be scooped up, despite the fact that you may not have done anything wrong in the first place.

We’ll bring you more on the Government’s data retention proposal.

Image: New Line Cinema


Have you subscribed to Gizmodo Australia's email newsletter? You can also follow us on Facebook, Twitter, Instagram and YouTube.