CNET también está disponible en español.

Ir a español

Don't show this again

Security

​Telcos and ISPs in the dark on 'confusing' data retention laws

As data retention laws come into force, new research shows that the majority of telcos and ISPs don't understand what is required of them, and only a fraction are "ready" to encrypt and store data.

Seamus Byrne/CNET

As Australia rings in the first day of a new mandatory data retention scheme, research shows the majority of Australian telcos and ISPs are not ready to implement the scheme and don't actually understand what they're required to retain.

A survey conducted by Communications Alliance, the industry body that represents more than 100 companies across the communications industry, indicates that the industry is woefully unprepared for the new scheme, which is legislated to come into force today.

Parliament passed the data retention laws in March this year, requiring all Australian telcos and internet service providers to retain metadata associated with their customers for a minimum of two years. The Government argued access to metadata, which includes information such as call durations and text message time stamps, assists in criminal investigations. However, privacy advocates have condemned the scheme saying it equates to state-sanctioned surveillance.

Ahead of the laws coming into force, Comms Alliance surveyed 63 telecommunications and internet service providers, and found that more than two thirds "were not confident at all or only somewhat confident that they had actually understood what exactly is required of them."

The survey also found that only 16 percent of telcos and ISPs surveyed were "ready to retain and encrypt the data as required."

In a further sign that the scheme may not be destined to work in practice as it appears in the legislation, Comms Alliance found that 61 percent of respondents had lodged an application for an exemption or variation of the scheme requirements (or had indicated that intend to lodge an application).

While Australians are coming to terms with what the new data retention scheme means in practical terms, Comms Alliance CEO John Stanton said the telecommunications companies themselves were still struggling to get a grip on the laws, largely because of a lack of clarity from the government.

"It is no surprise that many service providers won't be compliant when the legislation comes into force -- many of these because they are still waiting to hear from Government as to whether their implementation plans have been approved," Stanton said.

"All providers are still waiting to hear from Government as to how it will apportion the AU$131.3 million that has been pledged in assistance to partially meet the set-up costs that service providers -- and ultimately their customers -- are facing as a result of the regime."

Of the companies surveyed, more than half (58 percent) said they expected their set-up costs to comply with the scheme to be in the order of AU$10,000 to $250,000. A further 12 percent said they expected costs to exceed AU$1 million.

With expenses for industry predicted to be high, the Australian Privacy Foundation has warned that "costs will be passed on to consumers, and Australians will be left in the unenviable position of funding their own surveillance."

The Attorney-General's Department today said telecommunications companies could now apply for an extension of up to 18 months "to comply with the legislation," giving them until April 2017 to fall into line. The AGD said the Government would work with the industry to achieve compliance by this date, but Stanton said a steady approach would be required.

"In light of the survey results, the onus remains on Government to work constructively with industry -- and not rush to enforcement -- over coming months to help providers come into line with what is proving to be a very challenging and somewhat confusing impost on the industry."