The Sydney Morning Herald | 17 December 2014
By Ben Grubb
Australian citizens should not be allowed to gain access to their internet and phone metadata from companies like Telstra and Optus despite government agencies being able to access it without sign off from a magistrate, Australian telecommunications companies say.
In a joint submission to the federal government's inquiry examining the introduction of a mandatory two-year data retention regime, telco industry bodies the Communications Alliance and the Australian Mobile Telecommunications Association note a complaint by this journalist to the federal Privacy Commissioner regarding access to metadata held by Telstra. The Commissioner has not yet made his determination.
If the commissioner found in the journalist's favour, the industry bodies said it "would be enormously problematic" for telcos.
"The prospect of potentially millions of Australians making such requests [to carriage service providers] is little short of frightening," the associations said.
They added that it "would generate enormous expense and resource demands" on telecommunications companies "for no clear or positive outcome".
Telcos would also need to create purpose-built security and management systems to meet the additional demands imposed on them, they said.
They recommend the Abbott government's proposed data retention legislation include an explicit clause exempting telcos from having to comply with such demands from customers.
Last week, Telstra chief executive David Thodey questioned the concept of metadata ownership by customers.
"Metadata, anyone want to define it? It's a very unhelpful term. Whose data is it? Is it our data or your data? These are big issues," he told the audience at an American Chamber of Commerce in Australia event in Melbourne.
Wilson da Silva, an Australian science journalist, has argued that allowing people to access their metadata – rather than just telcos allowing access to agencies – might actually improve the lives of the people who are generating that data.
This writer has previously argued the metadata should be released under the Privacy Act's National Privacy Principles, which gives people the right to access the "personal information" a company holds about them, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.
The industry bodies also warned of mandatory data retention becoming a "honey-pot" for civil litigants, who may seek court orders to obtain access to metadata for use in court proceedings.
Such actions could stem "from Family Law cases and all manner of commercial disputes", they said.
"If such a practice were to become commonplace there are serious financial implications for [carriage service providers]," the bodies said.
"Moreover, such a practice would be manifestly outside the intended objectives of a data retention regime, and therefore should be guarded against."
The bodies therefore recommended that the committee investigate ways to "prevent the intent of the data retention regime being abused" in civil court matters.