Blog

The thoughts, opinions, happenings, and just plain ramblings of a seemingly boring person.

Compulsory ISP Data Retention

Government internet spyingFor all the goodwill that this government has generated among IT people with the NBN, it always seems to have something up their sleeve that goes way too far in terms of people's "safety".

Previous plans for compulsory internet filtering have thankfully (and hopefully permanently) been shelved. Now the Government seems to be proceeding with plans to make ISPs and telecommunications providers compulsorily store and retain customer usage data for two years. Whilst it hasn't yet been revealed specifically what 'customer data' will be retained, one can presume that for ISPs it will contain customers' internet browsing histories.

This type of 'record keeping' alarms me and a lot of other people very greatly.

Firstly, it places the onus on ISPs as private companies to pay for and be responsible for this data collection. As the cost of such data collection and storage is enormous, there's no way that ISPs will wear this cost themselves. That means that prices charged to consumers will inevitably increase to cover it.

Then there's the responsibility issue. Would anyone really trust private companies with this data? Other than possible 'internal' security lapses like Vodafone's and Telstra's recent debacles of having customer databases open publicly to the internet, there's the constant 'external' threat of third parties like hacking groups gaining access to the data through various means. The recent hacking of AAPT's customer records by Anonymous is evidence of this.

Then there's the obvious massive privacy issues. Essentially it could make retroactively available to government agencies everything you have done on the internet. I do not buy the argument from the Attorney-General Nicola Roxon that this is 100% needed for law enforcement.

Depending on the level of retention, these type of measures are akin to police wire-tapping a phone line. However, in addition to being able to see communications in effect after the warrant is issued, with retained data, law-enforcement agencies will be able to see a history too. Can we really trust that it will be used responsibly? What if the law-enforcement agencies discover other minor crimes (like copyright infringement) in the retained data that the warrant wasn't originally issued for?

There's a lot of questions like that which need to be answered.

The scope and reach of the data stored, and the consequential potential for misuse, abuse, and unauthorised access of such data, as well as the ease of expanding and modifying such data collection in the future, makes me very nervous.

In essence, the Government through private telecommunications companies wants to be able to digitally spy on what every single person in Australia does on their phone and on the internet, and then keep that information for two years just in case it might need that evidence to prosecute you for something you may do in the future. Are you happy for them to do that? I know I'm not.

Leave a comment