Australia Begins Mass Data Retention

 

Large amounts of telecommunications metadata must now be kept for, at least, two years by Australian telecommunications companies after a new law that came into effect recently.

It includes data on who called or texted whom and for how long, as well as location, volume of data exchanged, device information and email IP data. Some data was already being retained but the new rules expand on this. It also makes it much easier for authorities to access the records.

The new law has caused heated debate among Australians with some justifying the expanded data retention and others pointing out flaws in the plan.

The bill was introduced to the Australian parliament when current prime minister, Malcolm Turnbull, was communications minister. He called it "critical" for security agencies and law enforcement, citing investigations into domestic terrorism.

"No responsible government can sit by while those who protect us lose access to vital information, particularly in the current high threat environment," he said at the time, in a joint statement with Attorney-General George Brandis.
 
The government has stressed that the data retained is only "metadata" and does not include the content of calls and messages themselves. The law also does not require firms hold on to a web users' browsing history. The authorities also point out that some of this data was already being retained by telecommunications companies, albeit on an ad hoc basis.

Third-party email, video, and social media platforms such as Gmail, Hotmail, Facebook and Skype are also exempt from some of the data retention requirements, as are internal email and telephone networks, such as those provided by corporate firms and universities.
 

_86087254_7f9c2a99-60a2-43c0-8d83-f99968c9fa65.jpg

NSA leaker Edward Snowden weighed in on the new rules

Opponents point out that, considered in entirety, such metadata paints a detailed picture of what people are doing, even if the content of messages is not included. They also point out that while terrorism and child abuse investigations are often cited, the new rules allow for data to be requested for much more minor crimes. The process of request has also become much easier. Typically it will not now require a warrant. It will still take a warrant to access a journalist's data to identify their sources, but that hearing will take place in private. And no warrant is needed for government agencies to search the data of its own ranks if that is where they suspect the source lies. 

There are fears too that having introduced the legislation, it will be tightened further in future. The multi-million dollar scheme has also come under fire for its cost, which will be partially borne by the government.

Australian Green Party Senator Scott Ludlam tweeted that it was "absurdly expensive and complex for ISPs to implement, trivially easy for anyone to defeat" - a reference to the prime minister's admission that he also uses encrypted messaging apps.

The Green Party voted against the bill, along with six independent senators, but was overwhelmingly defeated.

The security of the servers used to hold the data has also been a question, with mass data breaches becoming increasingly common around the world.

There have also been reports that some companies are unsure whether they are covered by the new laws and exactly what data they need to keep.

BBC:http://http://bbc.in/1QmW9pt

 

 

« Second Snowden Has Leaked Drone Docs
Cyberattack: Millions Stolen From UK Bank Accounts »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA)

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing

Mobile Mentor

Mobile Mentor

Mobile Mentor is an independent provider of enterprise mobility solutions in New Zealand and Australia.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

GuidePoint Security

GuidePoint Security

GuidePoint Security provide information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals.

Aujas Cybersecurity

Aujas Cybersecurity

Aujas has deep expertise and capabilities in Identity and Access Management, Risk Advisory, Security Verification, Security Engineering, & Managed Detection and Response services.

Infortec

Infortec

Infortec provide consultancy and solutions for the protection of digital information and the management of computer resources.

National Cybersecurity Society (NCSS) - USA

National Cybersecurity Society (NCSS) - USA

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

Careerjet

Careerjet

Careerjet is a leading online job search engine with a large presence worldwide, sourcing millions of job ads from thousands of websites from all over the world in areas including Cybersecurity.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

Switchfast Technologies

Switchfast Technologies

Switchfast Technologies is an IT consulting and managed services provider, offering IT support and consulting to Chicagoland small businesses.

ENSCO

ENSCO

The ENSCO group of companies provides engineering, science and advanced technology solutions that guarantee mission success, safety and security to governments and private industries worldwide.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Atomic Data

Atomic Data

Atomic Data is an on-demand, always-on, pay-as-you-go expert extension of your enterprise IT team and infrastructure.

Applied Connective Technologies

Applied Connective Technologies

Applied Connective is one team for all your technology needs, from IT to phones, cyber security to physical security, audio/video and the infrastructure to support it.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

rThreat

rThreat

rThreat is a cloud-based SaaS solution that challenges your cyber defenses using real-world and custom threats in a secure environment, ensuring your readiness for attacks.