Data retention soggy with SPAM

Telcos will be required to retain data on spam, failed email, and borked voice over IP phone calls under the Australian Federal Government's looming data retention plan.

Data retention comes into effect 15 October. It requires telecommunications providers retain metadata information on subscribers but not the content of communications for two years in a bid to assist law enforcement investigations.

Telcos have long known and long objected to the requirement to retain customer metadata information on the grounds of cost and privacy.

But it appears that many are unsure of the minutiae of what is to be retained and what is not.

Networking engineers representing Australian carriers say they were unaware when it was revealed providers would need to retain metadata information on spam, failed emails, and uncompleted VoIP calls from their services, until the issue was raised at the AusNOG annual conference in Melbourne Friday.

Internet Australia president George Fong chaired a panel with Attorney Generals Department assistant secretary Anna Harmer, and Greg Sadler of the Electronic Surveillance Policy Branch and Electronic Surveillance Capability and Engagement Section, two areas responsible for much of the data retention technical specifications.

Fong and Internet Australia vice president Paul Brooks ran through questions on perceived contradictions and edge cases from some of the gathering of what amounts to a cross-section of Australia's telecommunications network operators.

"The legislation requires you to retain data about connection attempts that were unsuccessful," Fong says.

"If a customer makes a VoIP call and it doesn't connect, your VoIP server needs to retain that attempt. It needs to keep logs for incoming calls, which isn't something many do because you don't bill for it.

"Those of us who run commercial mail servers if you are spamming and an RBL (blacklist) has picked up that's a failed communication and needs to be kept."

Network operators were told email providers would be covered by the data retention scheme if they moved their mail services offshore but had even small infrastructure left in Australia such as billing.

Few of the network providers appeared to be fully compliant with just over two weeks to go before the data retention deadline, and many had not submitted a request for an extension.

This prompted Harmer to offer an olive branch and ask telcos to send even an email to request an extension. "There will be no one start date where everybody will be required to be compliant," Harmer says. "Implementation is progressive and can continue over 18 months. "If you don't have a plan in make sure you have a chat with us and we'll work with you."

Fong who has worked closely with the Department on the specifics of data retention says there will be a "level of forbearance" for those showing some effort for compliance.

Telcos are urged to call or email the department requesting time off in lieu of filling out a formal Data Retention Implementation Plan (DRIP). ®