By Ben Grubb
Any device connected to the internet such as a computer, smartphone or tablet could soon have its web history logged and retained for up to two years by telecommunications companies for law enforcement purposes under reforms being proposed by the Gillard government.
Attorney-General Nicola Roxon announced last Friday that the federal government would review national security legislation, part of which concerns preserving telecommunications data.
Nicola Roxon.Credit: Alex Ellinghausen
Roxon said she had asked the Parliamentary Joint Committee on Intelligence and Security to consider the potential reforms through public hearings and emphasised that referring them to the committee was the beginning of the review process, adding that the government would "be seeking diverse views" before determining which reforms to pursue.
A terms of reference for the committee is yet to be released, but a draft copy circulating around parliament which Fairfax, publisher of IT Pro, has seen indicates that the committee will be asked to look at a controversial data retention proposal for telcos. A spokesman for Nicola Roxon said it would be released when it was finalised by the committee.
The spokesman added that it was important to note that the government had "made no decisions" about data retention and said many of IT Pro's questions regarding what exactly telcos would need to potentially log were up "for consideration" of the committee in the first instance, not the government.
The draft terms of reference states the committee will be tasked with looking at a tailored data retention period "for up to 2 years for parts of a data set". It doesn't define what the data set will consist of but some fear it will include any data telcos can log and store on customers, including their web browsing history.
Plans to force telcos like Telstra and Optus to log and retain the internet activities of every internet connection - regardless of whether a customer has been suspected of any wrongdoing - were first revealed in June 2010 when telco industry sources disclosed that they were involved in secret discussions with government officials.
A data retention scheme already exists in the European Union and has been adopted by certain member states. In Romania and the Czech Republic, however, it was ruled to be unconstitutional while in Germany a court ordered the records be deleted.
Where internet access is concerned, telcos in European Union member states must retain for a period of between six months and 2 years the necessary data as specified in the Data Retention Directive. The directive specifies the categories of data to be retained, namely data necessary for identifying:
(a) the source of a communication;
(b) the destination of a communication;
(c) the date, time and duration of a communication;
(d) the type of a communication;
(e) users' communication equipment or what purports to be their equipment; and
(f) the location of mobile communication equipment.
The EU directive doesn't indicate that telcos store the content of a communication but telco sources in Australia said in 2010 that the data that they were being asked to log and keep for law enforcement did include web browsing history, a claim which was rejected by the spokesman for the then Attorney-General, Robert McClelland.
Telco sources fired back, with one of them saying the spokesman's claims were "not accurate". Another said the spokesman was being "a bit cute" to say web browsing history wasn't included.
Greens communications spokesman Scott Ludlam said on Friday that he didn't support the data retention proposal and believed it was "premised on the unjustified paranoia that all Australians are potential criminal suspects". He believes its introduction would be based on "an ambit claim for surveillance overkill".
In a telephone interview yesterday, he said the data retention proposal would be similar to government proposing Australia Post start opening every single envelope and item that is transacted through the postal network, making a quick photocopy, and sticking it in a filing cabinet "just in case you turned out to be a terrorist down the track".
"Now that is effectively what is being proposed over much more intimate and wide-raging sets of data than what the postal service carries," Ludlam said.
Telstra said it did not generally comment on law enforcement and national security issues but referred IT Pro to a submission it supported to an inquiry by the Communications Alliance on data retention.
That inquiry came about in 2010 when Senator Ludlam raised his concerns in parliament regarding data retention and wanted the government to answer questions about it publicly.
The Communications Alliance submission said that any capture and storage of data generated by customers using a telecommunications service raised "issues of data access, protection and privacy".
It added that storing such data became "complex and difficult" when the storage became "mandated by government on every citizen of Australia on a 'just in case' basis".
The exact details of the web browsing data the government was proposing ISPs collect is contained in a document that was released under freedom of information laws in 2010.
But from the highly censored document released (of which about 90 per cent was blacked out with a permanent marker) it was impossible to know how far the government was planning to take the policy.
The idea behind making telcos keep customer data - which they wouldn't normally store as they have no use for it - is believed to have been primarily driven by law enforcement. The Australian Federal Police, for example, has been pressuring the government to implement the data retention scheme and has made it clear that it wants web searches and history stored by telcos.
"It is important that we have the ability to retain the data," AFP assistant commissioner and national manager of high tech crime operations Neil Gaughan was quoted to have told reporters in Sydney in 2010. "We don't want to see what people are watching on TV, we want to see what people are looking at on the internet."
The AFP said in a statement today that as the data retention proposal was a policy currently under consideration by federal government, it would not be appropriate to comment.