Telstra, Vodafone at odds over data retention

Brandistan in the antipodes: government eyes your Twitter metadata

9 Reg comments Got Tips?

As the government's new national security legislation returns to the House of Representatives to be rubber-stamped, division is emerging among Australian carriers about what metadata they might consider retaining.

Data retention isn't in the current tranche of legislation, but the government intends to put its metadata retention scheme to parliament before the end of 2014. At a parliamentary committee into proposed revisions to the Telecommunications Interception Act, Telstra and Vodafone have given an insight into their different attitudes to holding customer data.

Speaking to the inquiry on Friday September 26, Vodafone said it's trialling systems that would retain customer Web browsing habits, telling the Senate committee that the aim of the system would be service improvement rather than data retention compliance.

The company said as a service trial, the association of IP address with customer browsing (at the site level rather than tracking individual pages) would only be held for 90 days – long enough to help with things like resolving billing disputes. To extend the same system to the two years that intelligence and law enforcement agencies want would cost millions or tens of millions of dollars, the company claimed.

While storage is cheap, Voda said, surrounding the customer data with security, databases to retrieve data, and business processes to make sure the right data is deleted at the end of the data retention period would all load up the costs of the system.

Telstra told the same committee it has no intention to retain mobile users' browsing data, with chief risk officer Kate Hughes saying the carrier only wants to keep “what we need for billing purposes or network assurance purposes.”

In a reference to the security honeypot data retention would create, Hughes noted that if the carrier isn't holding the customer data, “we can't inadvertently breach a customer's privacy and we're not then required to secure it”.

The Register notes that Telstra has previously toyed with collecting mobile users' URL history, in 2012, when its use of Netsweeper software became public knowledge.

It would appear from Telstra's evidence to the Senate committee, that Netsweeper is no longer in the Telstra network.

Not just carrier data?

It has also emerged, via a drop to The Australian, that the government is looking at services like Skype, Twitter and Facebook in its metadata proposals.

The Australian says the consultation paper proposes that “any company” providing communications services to Australians be swept up in the regime.

The Oz quotes from the paper that “Data-retention obligations should not be limited to licensed carriers but should also extend to any entity that provides communications services to the Australian public”.

User information like date of birth, name and address would be retained, the discussion paper says, and if The Australian is correct, services delivered “directly or through contracts involving third parties” are on the wish-list of attorney-general George Brandis. ®


Keep Reading

Privacy activists prep legal challenge against UK plan to keep coronavirus contact-tracing data for two decades

It's too long a retention period, say digital rights campaigners

Australia sues Google over data collection practices that merged DoubleClick data to create single user profiles

Alleges opt-in that promised “more control” actually sent more data without informed consent. Google 'strongly disagrees'

Irony isn't dead... Facebook sues EU on data privacy grounds for requesting too much personal data

'Exceptionally broad' demands reveal too much about our staff!

Apple and Google tweak key bits of contact-tracing privacy plan

As European nations back decentralised plan that leaves data on the device until users call in sick

Android user chucks potential $10bn+ sueball at Google over 'spying', 'harvesting data'... this time to build supposed rival to TikTok called 'Shorts'

These are the class-action-suit-joining 'droids lawyers are looking for. (We'll get our coats)

Former UK Labour deputy leader wants to know how the NHS's contact-tracing app will ensure user privacy

This is the Apple-Google API one, not the 'world-beating' one

Google Maps gets Incognito fig leaf: We'll give you vague peace of mind if you hold off those privacy laws

Location data is likely to remain accessible to web ads giant, network service providers, apps

Paying Arizona: Google sued by state for location data revenues after tracking state's citizens via mobiles

Chocolate Factory insists its practices have been mischaracterized

Biting the hand that feeds IT © 1998–2020