CNET también está disponible en español.

Ir a español

Don't show this again


​Leaked whitepaper defines metadata for the first time

A leaked document from the Attorney-General's Department has clarified the mandatory data retention debate, outlining the nature of 'metadata'.

Attorney-General George Brandis.Image by CeBIT Australia, CC BY 2.0

A leaked discussion paper issued by the Attorney-General's Department has revealed the scope of what the Federal Government is looking to include in proposed data retention policies.

After months of speculation, the Government finally confirmed it would be tabling legislation requiring the mandatory retention of metadata by ISPs and telcos; however, the nature of just what would need to be retained by providers was unclear.

Now, according to documents published by Fairfax Media, the attorney-general has outlined the reach of mandatory data retention.

While ministers from both sides of politics have struggled with vague metaphors to describe telecommunications data, the paper outlines the scope of the data set that the Government is seeking to be retained under its legislation, issuing seven requirements that essentially define the term 'metadata'.

The first of these requirements is "information necessary to identify, and supplementary information regarding the subscriber or user of a service," including the name and address of the user of an account, contact information, billing information, and information about the usage of an account. This information can either be current or historical.

Part of the leaked discussion paper, issued by the Attorney-General's Department. Screen Capture by Claire Reilly

In addition, the data set includes information that identifies the source and destination of a communication; the date, start and end time and duration of communications; and information that identifies the user's communication equipment and its location.

However, after the high-profile gaffes of both the prime minister and attorney-general (both of whom indicated browsing history could be part of a mandatory scheme), the paper specifies that URLs are not part of the data set.

"Nothing in this data set applies to or requires the retention of destination web address identifiers, such as destination IP addresses or URLs," it reads. "This exception is intended to ensure that providers of retail and wholesale internet access services are not required to engage in session logging."