The Federal Government has confirmed it is considering a policy requiring Australian internet providers to retain precise data on how their users are using the internet, with the potential to include information on emails sent and — reportedly — their web browsing history.
“The Attorney-General’s Department has been looking at the European Directive on Data Retention, to consider whether such a regime is appropriate within Australia’s law enforcement and security context,” a spokesperson for the department confirmed via email today. “It has consulted broadly with the telecommunications industry.”
The spokesperson’s confirmation was also contained in a report by ZDNet.com.au (which broke this story), which stated that ISP industry sources had flagged the potential for the new regime to require ISPs to record each internet address (also known as URL) that an internet user visited.
Delimiter has contacted spokespeople from major ISPs such as Telstra, Optus, iiNet, Internode and Adam Internet to ask for a response on the matter, as well as the Internet Industry Association, a group which represents the ISPs. The office Communications Minister Stephen Conroy and the office of Attorney-General Robert McLelland have also been contacted for comment on the matter.
The European Directive on Data Retention (2006) requires communications providers to retain a number of categories of data relating to their users.
Broadly speaking, they must retain data necessary to trace and identify the source, destination, date, type, time and duration of communications — and even what communication equipment is being used by customers and the location of mobile transmissions.
According to the directive, where internet access is concerned, this means the ISPs must retain the user ID of users, email addresses of senders and recipients of email, the date and time that users logged on and off from a service, and their IP address — whether dynamic or static applied to their user ID.
For telephone conversations, this means the number from which calls were placed and the number that received the call, the owner of the telephone service and similar data such as the time and date of the call’s commencement and completion. For mobile phone numbers, geographic location data would also be included.
The EU directive requires that no data regarding the content of communications be included, however, and it has directives regarding privacy, including the fact that data would be retained for periods of not less than six months and not more than two years from the date of the communication.
Any data collected is to be destroyed at the end of that period.