Submission on Federal Government Data Retention

5th January 2015Committee Secretary, Parliamentary Joint Committee on Intelligence and Security Parliament House, CANBERRA ACT 2600

Dear Secretary,

Inquiry into Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014

Thank you for the opportunity to make a submission to this inquiry. This submission proposes an approach to Data Retention that is low cost and high value. It will provide law enforcement with access to any data it requires for law enforcement; not just Telecommunications Metadata.  It will provide protection to Australians from the inappropriate use of data retained and accessed by Government.  In particular it prevents widespread unnecessary and costly electronic surveillance.

The proposal does this by addressing the mechanics of how Data is retained and who has access to it.

The method can be used for the retention of any data the government requires for law enforcement or administrative reasons. It does this by designing Privacy into the Data Retention systems. The method gives individuals the option of retaining their own data through the use of trusted third parties.

Privacy is achieved by retaining data in a place where it is visible and usable by the individual concerned and where Law Enforcement can gain access through an appropriate judicial process.  Cost reductions are achieved by allowing the persons associated with the data to use the data for other purposes. These other purposes can offset the cost of retention.  A simple illustration is the use of Data for Billing purposes. Currently communications metadata is held by Telcos and/or ISPs for billing purposes.  Instead of this data being stored by the Third Party Telco or ISP the data could be stored in storage controlled by the persons concerned with the Telcos having access to the data as and when required. The Telcos and ISP would pay for this storage as they need to have it for billing purposes. If all the data from all the Telcos and ISP are stored by the person then all the records for a particular individual will be stored in the same place and it will be possible for Telcos to access the data as needed for their purposes and it will be possible for an individual to access the data for their own purposes.  An example of why a person might access their own consolidated billing data is for the person to reduce their telecommunications costs by using the information to better negotiate plans and billing.  The person would pay for this service and the income could be used to offset the storage cost.

If law enforcement requires access then they can also pay for the access.  This is particularly relevant to non criminal access to data such as data Piracy.

Data Retention by the Person of their own personal data applies to more than Telecommunications MetaData. It can be applied to other data which will assist the government, reduce costs and provide greater Privacy to Australians.  That is, the same system used for Telecommunications MetaData can be applied to health data, taxation data, social security data, education data etc. All of this data can use the same type of system as Telecommunications MetaData with the same benefits.

The fundamental change in this proposal is that instead of organisations being the only place where personal data is kept the individual is able to keep their own copy of their own personal data - if they so wish.  Organisations, if they have a need, can access the data to which they are permitted by the individual. For Commercial in Confidence reasons organisations can have control over who is allowed to access personal information if that access also identifies the organisation.

The cost of this change will be low and can be achieved incrementally one application at a time.  The software systems required to implement these systems are well known and will require little or no change to existing systems.

Other examples of the use of the approach can be found in the following submissions to the Murray Finance Inquiry

Government Support for a user centric Identity System

Privacy and Cross Border Transfer of Information

The system can be paid for with the use of Tradeable Claims for Infrastructure where the future uses of the data pay for the development costs. This approach will not require government appropriations or an increase in debt by the government to fund the implementation and will not put a compliance burden on private industry.

The approach advocated here does not require any changes to legislation nor does it require the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. It requires a change in approach from requiring third party organisations to retain personal data and make it available to law enforcement, to allowing individuals to look after their own personal data through third parties.

Kevin Cox

CEO White Label Personal Clouds