Australia Begins Mass Data Retention

Uploaded on 2015-10-18 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Law Enforcement, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

 

Large amounts of telecommunications metadata must now be kept for, at least, two years by Australian telecommunications companies after a new law that came into effect recently.

It includes data on who called or texted whom and for how long, as well as location, volume of data exchanged, device information and email IP data. Some data was already being retained but the new rules expand on this. It also makes it much easier for authorities to access the records.

The new law has caused heated debate among Australians with some justifying the expanded data retention and others pointing out flaws in the plan.

The bill was introduced to the Australian parliament when current prime minister, Malcolm Turnbull, was communications minister. He called it "critical" for security agencies and law enforcement, citing investigations into domestic terrorism.

"No responsible government can sit by while those who protect us lose access to vital information, particularly in the current high threat environment," he said at the time, in a joint statement with Attorney-General George Brandis.
 
The government has stressed that the data retained is only "metadata" and does not include the content of calls and messages themselves. The law also does not require firms hold on to a web users' browsing history. The authorities also point out that some of this data was already being retained by telecommunications companies, albeit on an ad hoc basis.

Third-party email, video, and social media platforms such as Gmail, Hotmail, Facebook and Skype are also exempt from some of the data retention requirements, as are internal email and telephone networks, such as those provided by corporate firms and universities.
 

_86087254_7f9c2a99-60a2-43c0-8d83-f99968c9fa65.jpg

NSA leaker Edward Snowden weighed in on the new rules

Opponents point out that, considered in entirety, such metadata paints a detailed picture of what people are doing, even if the content of messages is not included. They also point out that while terrorism and child abuse investigations are often cited, the new rules allow for data to be requested for much more minor crimes. The process of request has also become much easier. Typically it will not now require a warrant. It will still take a warrant to access a journalist's data to identify their sources, but that hearing will take place in private. And no warrant is needed for government agencies to search the data of its own ranks if that is where they suspect the source lies. 

There are fears too that having introduced the legislation, it will be tightened further in future. The multi-million dollar scheme has also come under fire for its cost, which will be partially borne by the government.

Australian Green Party Senator Scott Ludlam tweeted that it was "absurdly expensive and complex for ISPs to implement, trivially easy for anyone to defeat" - a reference to the prime minister's admission that he also uses encrypted messaging apps.

The Green Party voted against the bill, along with six independent senators, but was overwhelmingly defeated.

The security of the servers used to hold the data has also been a question, with mass data breaches becoming increasingly common around the world.

There have also been reports that some companies are unsure whether they are covered by the new laws and exactly what data they need to keep.

BBC:http://http://bbc.in/1QmW9pt

 

 

« Second Snowden Has Leaked Drone Docs
Cyberattack: Millions Stolen From UK Bank Accounts »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

inBay Technologies

inBay Technologies

inBay Technologies' idQ Trust as a Service (TaaS) is a unique and innovative SaaS that eliminates the need for user names and passwords.

Antiy Labs

Antiy Labs

Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services for confronting PC malware and mobile malware.

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID) is the first platform in Indonesia to collect and validate reports from hackers (referred to as Bug Hunter) regarding vulnerabilities that exist in an organization.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

Charterhouse Müller UK

Charterhouse Müller UK

Charterhouse Müller UK are a leading service provider for end of life IT services including data erasure and secure IT asset disposal.

SynerLeap

SynerLeap

SynerLeap is ABB's innovation growth hub. Our aim is to help startups accelerate and expand across industries, ranging from industrial automation and robotics to grid technologies and smart cities.

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp is the world’s largest network of multi-corporate backed accelerators helping startups scale internationally.

Com Laude

Com Laude

Com Laude is a domain name management company that provides strategic consulting to help companies strengthen digital brand, safeguard customers & protect brand IP.

WisePlant

WisePlant

WisePlant's portfolio of solutions and services includes process measurement, secure automation, industrial cybersecurity, functional safety and more.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

SkyePoint Decisions

SkyePoint Decisions

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

Avalon Cyber

Avalon Cyber

Arm your organization in the fight against cyberattacks by partnering with the experts at Avalon Cyber.

FluidOne

FluidOne

FluidOne are an award-winning Connected Cloud Solutions provider. We design tailored solutions to help customers and partners digitally transform their IT and communications.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.

Increase Your Skills (IYS)

Increase Your Skills (IYS)

Armed and ready: raise awareness of cyberattacks in your company with the Full-Service Awareness Platform from IYS – fast and effective. We help you develop a robust, sustainable security strategy.