Ah the internet. What a wonderful place. The place where, if you say something once, a vast “series of tubes” remembers it for you, and stores it forever. That can be problematic for people fond of changing their positions on certain polices, like Malcolm Turnbull and his new data retention legislation he introduced into Parliament yesterday. Not too long ago, Turnbull gave a speech — one that he’d like you all to forget — about how he didn’t want Australia to end up with a mandatory data retention regime. It certainly makes for interesting reading today.
Delivering the Alfred Deakin lecture at the University of Melbourne in 2012, Turnbull expressed “grave misgivings” about any plan for data retention.
Back then Turnbull was the Shadow Communications Minister, shouting the then Labor Government down on everything from the design of the NBN through to the implementation of mandatory data retention.
Here are some of his more choice comments from a lecture that focussed on liberty in a digital age (emphasis added):
Is a deleted email really deleted? How do we know the web page we thought we had deleted has not been cached somewhere. How can we be sure the embarrassing photo has not been copied, the stupid blog post or tweet captured in a screen shot.
Put another way, if we have the right to record something, and it is of a private quality unlike company or financial records which must be retained, should we not have the right to delete it?
And how far should a right to delete go? Just like we cannot delete an email or a letter we have sent to someone else, how can we delete the photograph we posted on line which was then copied by another? How can we have a right to be digitally forgotten without impinging on others’ right of free speech?
This issue has been brought into sharp focus by the Attorney-General’s vague but at face value far-reaching plan to expand data interception, mandatory data retention, and government access to private digital information.
And the most striking proposed expansion of government power over private data is the least clearly explained. These are amendments which provide for what is described as: “tailored data retention periods for up to 2 years for parts of a data set, with specific timeframes taking into account agency priorities, and privacy and cost impacts.”
Internet companies will apparently be required to store parts of everyone’s data, although there is no clarity as to which material will be kept or why.
In fact there is little clarity; period. A recent letter from Nicola Roxon to the Herald-Sun bemoaning its coverage of the data retention issue provided more information about this measure than a 61-page discussion paper released by her department.
While the purported intent is that only metadata – data about data – will be available to law enforcement, security and intelligence agencies, there is no explanation of how metadata will be distinguished from data (the two are often commingled, as in the ‘subject’ line of emails), why both would not be readily available once a message has been handed over and decrypted, and indeed how readily in an IP world it is possible to keep a record of the time, date, size, sender, receiver and possibly subject of an email without also retaining the contents.
Nor has there been an explanation of what costs and benefits have been estimated for this sweeping and intrusive new power, how these were arrived at, what (if any) cost was ascribed to its chilling effect on free speech, and whether any gains in national security or law enforcement asserted as justification for the changes will be monitored and verified should they be enacted.
ASIO’s submission to the parliamentary inquiry considering the discussion paper argues that the type of information it seeks is not very different from what it has hitherto been able to obtain from telcos who retain details of telephone calls (but not the content) for the purpose of billing. In an IP world where charging is done on the basis of total bandwidth utilisation, ASIO argues these details are not required by the telcos or web companies and so they can be deleted.
As you read this, keep in mind this is the same Malcolm Turnbull that introduced his own data retention legislation into Parliament just over 24 hours ago.
His speech goes on:
Leaving aside the central issue of the right to privacy, there are formidable practical objections. The carriers, including Telstra, have argued that the cost of complying with a new data retention regime would be very considerable with the consequence of higher charges for their customers.
….
And finally – why do we imagine that the criminals of the greatest concern to our security agencies will not be able to use any of numerous available means to anonymise their communications or indeed choose new services that are not captured by legislated data retention rules?
Without wanting to pre-empt the conclusions of the Parliamentary Committee, I must record my very grave misgivings about the proposal. It seems to be heading in precisely the wrong direction. Surely as we reflect on the consequences of the digital shift from a default of forgetting to one of perpetual memory we should be seeking to restore as far as possible the individual’s right not simply to their privacy but to having the right to delete that which they have created in the same way as can be done in the analogue world.
Seems that a lot can change in two years, Minister.
There’s also some conjecture online about Turnbull attempting to remove this particular speech from his website, but thankfully Google has it cached so you can read the whole thing here.
To give you an idea of just how much the Minister’s views on data retention have changed, listen to him introduce new legislation for the exact same program into Parliament yesterday.