Yet again, the coaching that spooks and bureaucrats have given Australia's Attorney-General George Brandis has proven to be at odds with the realities of the telecommunications industry.
In today's hearing into the government's
metadata retention scheme, dominant telco Telstra said it does not retain any IP address assignments on its mobile network, and that it doesn't see any value in retaining missed call data.
Straightforward and unsurprising statements, except that Brandis – with the public support of the Australian Federal Police and ASIO – has repeatedly and unequivocally said the data retention scheme imposes no new demands on telecommunications carriers.
On the political side, both Brandis and prime minister Tony Abbott are adamant that they merely want carriers to retain what they already keep for business purposes.
Brandis separately told the Senate that “will not give the national security agencies any more powers than they currently have, nor will it require the telecommunication providers to do anything more than they currently do.”
That's been backed up by various agency personnel, both in pleading their case to the public and in evidence to the Joint Parliamentary Committee for Intelligence and Security.
Telstra putting its statements on the record in a parliamentary inquiry merely reconfirms several warnings that the government has seemingly chosen to ignore.
Commonwealth Ombudsman Colin Neave told the committee that trying to oversee government agencies' compliance with data retention (and destruction) requirements would cost more than $AU2 million to establish and $AU1.6 million to operate each year.
Vulture South would presume this is contingent on the scope both of the legislation and the regulations attached to it remaining as they are now understood.
Privacy Commissioner Tim Pilgrim reiterated to the Joint Committee for Intelligence and Security that he believed all telecommunications carriers ought to be subject both to the Privacy Act (because of the nature of the data involved), and to a mandatory data breach notification scheme for data collected under the regime. ®