Data Backup Digest

Have you ever thought about how much of your data your internet provider stores about you and for how long they keep it?

The Abbot government in Australia are planning to force internet providers and telecommunication companies to store the private data of their customers for two years. This data includes information such as name, address, date of birth, financial information, identification/verification details (e.g. passport), and much more.

The plans are being set as part of counter-terrorism steps, but the proposal has concerned many within the industry. iiNet are one of Australia’s largest internet service providers; they recently published a paper discussing the consultations they’ve had with the attorney general’s department about the data retention plans.

According to iiNet, there have been no mentions of any security issues while talking about the plans. Considering the NSA revelations, it’s concerning that thus far no attention has been paid to keeping private data safe. iiNet state that no guidance has been issued to communications providers, like whether they’ll be able to opt for the cheapest possible solution (which perhaps lacks in advanced security features).

“The retention of a vast set of personal information would likely prove to be an appealing target for hackers all around the world – creating a risk of identity theft in the event of a data breach,” writes iiNet.

This is something that will make hacker’s eyes light up; especially if they know that some companies won’t be aware of the security risks. But this is a story that will ring alarm bells for every customer too. If their data isn’t going to be stored safely and protected with everything possible, they might just take their business elsewhere.

However, John Stanton from the telecommunications industry body has said that although security requirements haven’t been detailed just yet, he imagines it’s an issue that they’ll be visiting at a later stage.

The industry isn’t just worried about the privacy, but also the costs associated with such a scheme. Storing every single customer’s data for two years is going to take up a lot of space and require vast amounts of investment for some. The government have yet to indicate whether this would be subsidised or indeed covered totally. iiNet fear, however, that the customer will pay the price.

In their paper iiNet also highlight another troubling issue: the range of bodies that can access metadata far exceeds what is necessary. Groups like the RSPCA and the Victorian taxi directorate can gain access to consumer metadata and federal officers have yet to propose any changes to this.

Although storing customer data can be good for business purposes (in terms of analytics), the fact that this is being proposed purely as a counter-terrorism measure is truly worrying. It shows the intent of the government to be accessing this data and browsing it to help with their investigations. If the data is called ‘private’, surely it should remain that way? Draft legislation for this scheme could exist within two weeks’ time for parliamentary consideration.