The Federal Attorney-General department’s proposed data retention regime would bolster evidence used to combat cybercrime, but would not add significant information that isn’t currently accessible.
National manager of the Australian Federal Police’s (AFP) High Tech Crime Operations and Assistant Commissioner, Neil Gaughan, told Computerworld Australia the regime revealed earlier this year would have little effect on how the AFP curbed crime.
“At the moment we’re satisfied that if the regime remained as it was today and into the future, we’d be satisfied that it would address our concerns and issues,” he said.
“The issue of data retention boils down to how long an ISP or how long a content service provider stores data without a warrant in place. At the moment, in this country, most of the telcos will store data for a period of time. In other countries they basically get rid of the data as soon as they use it so we need to find a balancing act.”
Gaughan said the AFP’s cybercrime unit worked extensively with Google, Microsoft and other large US corporations in dealing with the issue, and were able to source user data where required from telcos and service providers through warrants.
“Through lawful means we can obviously obtain intercept on computers, intercept on telephones, intercept on pretty much everything."
The Attorney-General's department is a sponsor of the AFP High Tech Crime Conference, held this week to foster collaboration between the public and private sectors on issues relating to cybercrime, defence and legislation. While the AFP have already established clear relationships with private corporations, Gaughan said a lot of the communication with service providers was done on the Attorney-General's end.
However, it remains unclear what the regime, if one is properly formulated, may actually entail. Service providers largely collect user data for “billing purposes”, including user information, IP address and when they accessed the internet. However, Australian providers continue to deny they collect user search data or logs of web addresses visited.
Computerworld Australia asked major service providers how long this data is retained for, but did not receive a response at time of writing.
Search engines and cloud-based mail providers like Google do collect search data and subsequent web address visits, while also scanning mail content and collecting user information where possible. According to Google, this data is retained for a limited period of time and used to target advertisements to users, but never distributed to third parties.
ZDNet reported those involved in negotiations around the new regime expressed concern that service providers didn’t currently log and retain the data wanted by law enforcement agencies. Meeting notes from the negotiations also indicated the AFP had made 16,000 requests to more than 50 telcos for data during 2008 and 2009 without a warrant.
Greens Senator, Scott Ludlam, will head a Senate committee into the proposed regime, inquiring into the collection and use of data by telcos as well as law enforcement and government agencies.
“Obviously, from an evidentiary perspective [the new regime] adds weight to our investigation process if we have evidence that we are able to obtain,” Gaughan said.
“It’s a balancing act if you like in relation to what the private sector would like to do based on the cost and what we would like to receive based on history and law enforcement capabilities.
“The government will ultimately make a decision in where they strand in relation to privacy and where they stand in relation to what they want.”