Internet service provider iiNet has again condemned the government's proposed data retention scheme as "mass surveillance". In a response to a government consultation paper on the scheme, the ISP also takes issue with what it describes as ambiguity regarding the data that telcos would have to retain.
iiNet has previously contradicted government claims that a data retention scheme would only cover data already retained by telcos. The attorney-general, George Brandis, has said that the scheme will not "require the telecommunications providers to do anything more than they currently do".
However, in its response (PDF) to the government consultation paper, the ISP said that retaining the particular datasets that interest the government "is not something that we currently do, and would add significant costs to the way we do business".
The ISPs internal systems "are geared towards how our customers’ services and settings are presently configured," iiNet's response to the consultation paper says.
"In many instances we don’t store how a customer used to have their service and settings configured as we provide the service in response to how our customer has requested it that particular day."
The ISP's submission summarises the basis of its objections as including:
• a lack of evidence suggesting changes to the current laws will prove more effective than existing laws, where we already cooperate with law enforcement agencies;
• a lack of justification as to why we should be monitoring our customers for two years on the chance this data may help an investigation;
• no explanation why the existing (and less than two-year-old) preservation notice regime is insufficient;
• ISPs are not ‘agents of the state’ but if we are compelled to take this role, the government should be responsible for the storage and security of this data; and
• an international trend away from blanket data retention by progressive governments, particularly in Europe.
The data that the ISP will be obliged to collect under the government's proposals are in many cases "vaguely defined". iiNet also criticises "the use of ambiguous terms such as 'internet identifiers' and 'network identifiers'".
A proposed obligation for a service provider to identify when networking equipment at a customer's home or office is active or inactive is one of the examples of how the proposed scheme would create a logistical nightmare for ISPs, iiNet argued.
Even with the information provided by the government in its discussion paper, estimating the cost of data retention remains difficult, iiNet said.
iiNet's chief regulatory officer, Steve Dalby, has previously estimated that a data retention scheme could cost the ISP $100 million in the first two years of its operation.
Costs include not just the capital expenditure for infrastructure to store and query the data collected but also significant costs to secure retained data.
The ISP said that if legislation for a mandatory data retention scheme is introduced, the government should be responsible for storing and protecting the data collected.
iiNet also reiterated its call for a more targeted way of collecting data for criminal investigations.
The government issued an initial consultation paper in August.
Ludlam slams government over scheme's cost
Greens Senator Scott Ludlam has criticised an attempt by the government ahead of the introduction of data retention legislation to determine the cost for telcos of such a scheme.
The Australian reported yesterday that the government had enlisted PricewaterhouseCoopers to cost the scheme.
"This last-ditch costing effort starkly displays the government's complete lack of understanding of the fundamentals of this policy," Ludlam said.
"It beggars belief that the Attorney-General's Department would start trying to determine the full cost of the data retention policy just weeks before the legislation is due to be introduced."
Follow Rohan on Twitter: @rohan_p