Telco industry body Communications Alliance has pitched for more appropriate compensation for its members to help them meet the costs of mandatory data retention, and pointed out loopholes in the scheme it says increase compliance costs.
In a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) review on the data retention (DR) regime, Communications Alliance argued telcos incurred at least $171 million to meet data retention requirements, a sum that exceeded the $128.4 million in grants the federal government offered in 2016.
“Industry has worked hard to comply with the DR Regime and to continue its long and commendable record of cooperation with police and security agencies on law enforcement matters,” the submission read.
“Compliance has not, however, been without significant financial cost to industry – and
therefore to consumers also.”
The Alliance's submission also called out loophole that unintentionally saw “scores of agencies” access metadata on a warrantless basis. The scheme's intent was for 14 agencies to enjoy access, but around 27 other entities have also sought access to telecommunications data without a warrant. The agencies included bodies representing veterinarians, the fishing industry, mining industry, child protection interests, regulators, local councils, among others.
Another beef is that agencies accessing metadata aren't compensating telcos for their time assisting with metadata access requests.
And meeting those requests can take quite a lot of time, because "departments and entities that are not officially authorised to request warrantless telecommunications data – but do so – often are unable to interpret the data they have received. They then take up more of the CSPs’ time to explain the data, then sometimes also call on CSPs to appear in court on relatively minor issues as expert technical witnesses. These additional impositions on the time and resources of CSPs also, of course, go unreimbursed."
The Alliance therefore called for changes to the Telecommunications (Interception and Access) Act so that exemptions to compensation are removed, and the definition of which entities are permitted to make metadata requests is tightened.
The submission also said the DR regime needs some changes to address the following:
- clarification on what categories of data carriage service providers (CSPs) can release;
- if releasing metadata for use in civil cases is appropriate;
- addressing concerns with agencies “repeatedly failing” to meet their reporting requirements;
- if the two-year mandatory duration period is appropriate; and if the current authorisation threshold is still appropriate.
The Alliance's submission, and those of other interested parties, can be found here.