It’s the secret industry consultation paper the Australian federal government didn’t want you to see.
Produced by the Attorney-General’s Department and distributed to telecommunications industry members on Friday, the nine-page document attempts to clarify what customer internet and phone records the government wants companies such as Telstra, Optus and iiNet to store for the purpose of law enforcement and counterterrorism.
The requirement is part of a proposed data retention regime, which has been given “in principle” approval by the Abbott government. It seeks to continue to allow law enforcement and spy agencies to access customer identifiable data without a warrant as prescribed by law, but would ensure the data is not deleted for a mandated period of two years.
When it comes to metadata, the AG’s department wants telcos to store a few things, including:
• present and past subscriber name
• address information
• 64-bit IMSI ID and other network identifiers
• financial/billing information
• account state and billing type
• upload/download volumes on mobile devices
• upload/download allowances on the plan
• phone number
• type of service used (network type, i.e. ADSL, 4G LTE)
• IMEI device identifiers
• location of devices used
The paper explicitly rules out the retention of data that indicates what sites internet customers access but it does not rule out agencies asking for a customer’s web history if a telco does hold it for other purposes. Recently, it was revealed Telstra handed over URL information without a warrant to agencies.
Costs associated with storing the data are mentioned briefly, the paper does not go into detail on this. Internet and phone providers iiNet and Optus have previously estimated the costs could be in the hundreds of millions of dollars depending on the amount of data required.
The paper also concedes what many have known in industry circles for some time: that telecommunications data, commonly called metadata, is not defined in the Telecommunications (Interception and Access) Act 1979. Instead, the paper states that such data is “negatively defined”. “The TIA Act does not positively define what is data; only what is not data,” it says.
On Wednesday afternoon when pressed for a definition of metadata by Greens Senator Scott Ludlam, Attorney General George Brandis told parliament a “statutory definition” of metadata would be part of the legislation, meaning it would include technical specifications.
The leak comes the same day that the head of Australia’s largest spy agency, ASIO Director General David Irvine, admitted that without warrantless access to metadata, intelligence operations would “come to a halt“.
A similar paper distributed to telecommunications companies between 2009 and 2010 by the previous government explicitly included destination IP addresses in the data required to be stored. A copy of the 2009-10 document was obtained under freedom of information but was highly redacted out of fear it could cause “premature, unnecessary debate“.