The chief regulatory officer of iiNet Steve Dalby has warned against a mandatory data retention scheme for Australia, saying metadata is not just a simple envelope that carries a message, but actually a far more complex set of information that "reveals even more about an individual than the content itself".
Dalby's comments came at a public Senate Committee hearing on the Telecommunications (Interception and Access) Act, which brought together industry experts and privacy advocates to discuss the implications of introducing stricter data retention policies in Australia.
Speaking to the committee, Dalby sought to explain the "poorly defined but freely used term 'metadata'," and to clarify what its collection would mean for ISPs and individuals in Australia, saying it was "fundamentally misleading to downplay" data retention schemes.
"In an IP online environment, metadata is pervasive and extensive -- metadata underlies all communications," he said. "Metadata reveals even more about an individual than the content itself.
"If you have the metadata, you have the content. So [law enforcement and government agencies] suggesting 'We don't want the content, we just want the metadata' -- it's a little misleading."
Using the example of a 140-character tweet, Dalby said that content could contain as many as 40 separate fields of communication in terms of metadata. Dalby drew on other online examples (also recently posted on iiNet's blog), showing just how much metadata could accompany online communication. He noted that the data generated by online users was fundamentally different to fixed line telephony metadata and was not easily bundled under the same framework.
iiNet has also called for more clarity from the government on what kinds of data would need to be collected under proposed regulations, and how it would be collected and processed. According to Dalby, "inconsistent and contradictory messaging" from the government on this front has been "unhelpful".
"The Attorney General's department has asserted that service providers routinely engage in data retention," said Dalby. "We believe this is overstated. There is a world of difference between data collected to bill a customer...versus the collection of a mass of data generated by their sessions online."
Dalby contested that iiNet has worked hard to keep to the credo "if you don't need it, don't keep it" and that retention of greater amounts of user data would result in a significant investment from the company, both in bricks and mortar data storage facilities as well as communications infrastructure.
With the quantity of metadata available to be captured, this could cost in the order of AU$100 million over the first two years of a new scheme, or $5 per iiNet customer per month. This figure could be significantly higher if the ISP was required to process data after collecting it.
"The telco industry may find itself coerced into...processing petabytes of data every day," he said. "The point is, we don't see it as our job to collect that metadata."