Australia’s best known intelligence agency, ASIO, says that current data retention rules that require telcos to keep a range of information about their customers' use of Internet and phone services for two years should be considered a “minimum requirement”.
However, in a submission to a review of the data retention regime, ASIO says that an “increased retention period” would boost its counter-terrorism and counter-espionage work. The ASIO submission to the inquiry, which is being conducted by the Parliamentary Joint Committee on Intelligence and Security (PJCIS), is the agency’s second. ASIO in July made an initial, classified submission to the PJCIS’s inquiry.
“ASIO supports two years as a minimum retention period,” states the unclassified submission, dated 16 September. “We appreciate that the two-year retention period serves to balance the competing needs of privacy, business needs and security and law enforcement.”
The document adds, however, that the agency’s “continued operational experience in dealing with both counter-espionage and counter-terrorism investigations demonstrates that a longer retention period can greatly assist our ability to manage such threats.”
ASIO did not make a concrete suggestion as to how long data retention obligations should potentially be extended to. However, in its submission to the inquiry Queensland Police has argued data retention should be extended to seven years. The Department of Home Affairs has supported retaining the current two-year retention period.
Telco industry group Communications Alliance in its submission to the PCJIS said that “a shorter retention period may be more appropriate,” citing government-compiled statistics that indicate in 2016-17 94 per cent of the relevant data sought by law enforcement had been retained for 12 months or less.
Seventy nine per cent of requests from agencies for ‘metadata’ related to data that was at most three months old, according the 2016-17 annual report on the operation of the Telecommunications (Interception and Access) Act, which is produced by the Department of Home Affairs.
The PJCIS inquiry into the 2014 data retention bill endorsed a 24-month retention period, with its report saying that “effective conduct of serious national security and criminal investigations must be balanced against the degree to which a two-year retention period could interfere with the privacy, freedom of expression and other rights of ordinary Australians”.