How much will Australia's metadata retention plan really cost?
Thursday 19 February 2015
Analysis for The Conversation by Philip Branch, Swinburne Univeristy of Technology
The metadata retention debate is heating up with Prime Minister Tony Abbott telling us the cost of not going ahead with compulsory retention of metadata will be incalculable and will represent a form of unilateral disarmament in the face of criminals.
Interestingly, he also gave an indication of the likely implementation cost as being around A$400 million.
There are a range of figures which have been taken to the committee, but even at the highest estimate it’s less than 1% of this A$40 billion a year and growing sector.
But Mr Shorten has written to the prime minister this week saying Labor still has concerns about three areas of the metadata bill which he felt should be addressed before the legislation is passed.
- how (or whether) press freedom is to be guaranteed
- the cost of the scheme and how much (if anything) the commonwealth will contribute towards it
- exactly what data will be retained.
For those of us who have taken an interest in this area, all of these issues are of concern. But it is the last one upon which everything else depends and has to be addressed before there can be any real debate.
How can we have any idea of the cost of the scheme or what threats to privacy or press freedom it represents if we don’t know what will be stored?
As has been pointed out many times before, there are many different types of data that can be classified as metadata. Some of it is very sensitive, some of it less so.
Storing all the metadata that is generated by the entire Australian population would be so expensive that it appears to have been ruled out.
But we are still left with no real understanding of just what has been ruled in. There are also unanswered questions regarding who can access the information and for what purposes.
The main justification for the compulsory retention of metadata was, in the words of outgoing head of the Australian Security Intelligence Organisation (ASIO), David Irvine, to provide an internet “telephone book” for the law enforcement agencies.
We use it [metadata] as frequently as any of us in the old days used to go and look up a telephone book. But we don’t have telephone books in the same way for all of this sort of stuff and yet we need this kind of information.
(Of course the internet is not a telephone, but that is another discussion altogether.)
So in other words, the purpose of metadata retention is mainly to give the law enforcement agencies information that links identity to traffic.
In the same way that telephone numbers used to set up a telephone call can be linked to a person’s identity by using a telephone book, the security agencies want to be able to examine intercepted internet traffic and determine who initiated or received it.
The Internet Protocol (IP) address of where the traffic came from is the only identifier that remotely matches that of an internet “telephone number”. Unfortunately for the law enforcement agencies, these are allocated as needed and can change over time.
Consequently, keeping track of who had what IP address at what time is the metadata necessary to provide the law enforcement agencies with their internet “telephone book”.
To achieve that, all that would be required would be the retention of the log files from a few systems that allocate IP addresses. It is unlikely the volume of such data would be particularly large.
Confusion in the bill
But there has been a great deal of confusion as to whether the metadata to be retained would be limited to IP address allocation.
Until it was explicitly excluded, it seemed that the metadata to be retained might include IP addresses of websites visited. It might still include details of which network towers a mobile phone connects to, when and for how long.
It might also include volumes of traffic uploaded and downloaded; it might be used to track copyright violations; it might include some vaguely defined metadata regarding “messaging”.
It all seems a very long way from an internet “telephone book”.
How about those costs?
Which, in a roundabout way, takes us back to the news that the cost of the scheme will be about A$400 million.
Mr Abbott revealed the figures during a visit to a child protection group in Queensland yesterday and he said the risk of losing the metadata would be “an explosion in unsolved crime”.
It’s very important if we are to protect our kids that the police have access to appropriate telecommunications data.
Of course anything to do with telecommunications systems is expensive but that does seem a great deal of money to spend on storing records of IP address allocation. It suggests that something much more ambitious is planned.
It also suggests that someone somewhere must have a very good idea of exactly what is to be retained.
If we are going to have a sensible debate about metadata retention it is long past time they shared their knowledge with the rest of us.