Dalby has previously said that the retention of metadata generated by user devices collects sensitive information that law enforcement agencies has no need for. “The data collected can be incredibly sensitive – it can reveal who your friends are, where you go and what websites you visit.
And as long as data just sits in a data centre waiting to be analysed by law enforcement, it can arguably be accessed by enterprising hackers. “Retaining the data would create a massive security risk if an ISP suffers a breach of security, including a significant risk of identity theft.
This suggestion from the Attorney General’s Department could be likened to saying, “You are going to the shops to get a litre of milk anyway, and so it’s no big deal to bring me the whole supermarket”. iiNet has no use for surveillance data, so there is no commercial driver to collect a massive volume of data, indexed to individuals, that we’ll never use.
Browsing data, posts to RSVP, Twitter, Instagram, Facebook, Weibo or Google+, purchases from iTunes, Netflix, Amazon, eBay, Alibaba, searches via bing, Google, YouTube, Baidu or Yahoo, transactions for on-line banking, ticket purchases, hotels or PayPal are not routinely retained by iiNet for our business purposes.
To demonstrate the rocky nature of data security when at rest, Anonymous held a demonstration and hacked an AAPT server full of customer details to protest any data retention scheme.
That number stems from the storage costs of data collected, which would cost $100 million in the first two years and double after that due to the explosion of data on the internet. …while also putting a user’s security at risk.
According to iiNet’s Steve Dalby, that’s exactly what will happen under a mandatory data retention scheme that holds your metadata for two years.
iiNet has stuck its objections to mandatory data retention to the man today, telling a Senate Inquiry just how infeasible the concept of mandatory data retention would be, both from security, privacy, technological and financial standpoints.
Dalby said at today’s hearing that any mandatory data retention scheme would see the ISP saddled with an additional cost of $5 per user per month, which would arguably be passed on and charged to customers.
For those reasons and more, iiNet objects to data retention. “iiNet does not agree that it should accept the role proposed by those calling for an onerous data retention regime.
Read more here: Gizmodo