Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Legal and Constitutional Affairs References Committee
Comprehensive revision of the Telecommunications (Interception and Access) Act 1979

DALBY, Mr Steve, Chief Regulatory Officer, iiNet Limited

O'DONNELL, Ms Leanne, Regulatory Manager, iiNet Limited

YERRAMSETTI, Mr Roger, Operations Manager, iiNet Limited

CHAIR: I welcome iiNet Limited to today's hearing. Thanks very much for talking to us today. The committee has received your submission as submission 38. Do you wish to make any amendments or alterations to your submission?

Mr Dalby : No.

CHAIR: If you wish, you can kick off with a brief opening statement, and then we will take you to questions.

Mr Dalby : In this statement there are some illustrations, which probably did not reproduce too well in the submission, so I have handed them around and will talk you through them when we get to them—the slides in a slightly larger format. I was hoping to be able to step you through that on PowerPoint slides, because the slides build, but we will have to just work with the paper version.

As mentioned, we previously provided a written submission in which we elaborated on our concerns with a proposed mandatory data retention regime. Our conclusion in that submission was that proponents of such a scheme grossly underestimated the volume of data to be collected and the consequential costs flowing to those companies forced to undertake the proposed surveillance of the Australian population. On this occasion we offer additional information on the poorly defined but freely used term 'metadata'. Given that various public comments have indicated that the full set of metadata may not be required to be retained, we will illustrate our observations that stem from an apparent requirement for ISPs and carriers not only to collect metadata but also to process the metadata to redact or remove the content from the metadata which appears to be surplus to requirements according to some comments.

It is important for us to note that the contradictory and confusing comments from law enforcement agencies and government sources regarding this subject have led us to base our comments on a range of inputs as well as interpretations and assumptions of those inputs. The documented descriptions of metadata that have been provided lead us to believe that a full set of metadata is preferred. However, public comments have also suggested that a much smaller subset is acceptable. A definitive statement outlining the government's requirements would reduce the uncertainty and enable us to more meaningfully respond to any proposed data retention regime. We like to say it is not 'just metadata'. In an internet protocol or IP online environment metadata is pervasive and extensive. Metadata underlies all communications. It is fundamentally misleading to downplay the degree of intrusion of data retention regimes such as those that operate at the European directive level. A false assertion is that such regimes do not include the actual content of what our customers might be communicating. These inaccurate distinctions are dangerous and inappropriate. It is misleading to assert that such data is 'only metadata' or 'just metadata'. Metadata reveals even more about an individual than the content itself.

As I will expand on shortly, a post or a tweet on the social media platform Twitter is considered to be a very limited or concise form of messaging. A single tweet is only allowed 140 characters, but it is important to understand that as a piece of communication a tweet can contain 40 fields of metadata, comprising thousands of characters. This metadata can be used to extract more information than the content. In May this year David Cole, a professor in law and public policy at Georgetown University Law Center, reported a number of points. He included a comment from NSA General Counsel Stewart Baker, who said:

Metadata absolutely tells you everything about somebody's life. If you have enough metadata, you don't really need content.

He also reported that General Michael Hayden, former director of the NSA and CIA, called Baker's comment 'absolutely correct' and, frighteningly, raised anxiety levels by asserting, 'We kill people based on metadata'.

Conversely, the Privacy and Civil Liberties Oversight Board found that there is little evidence that the metadata program—that is, the data retention program—has made us safer. Caspar Bowden, a specialist in EU data protection and European and US surveillance law, has argued that:

… retention is like having a CCTV camera installed “inside your head” i.e. that it invades the subjective interior space of our thoughts and intentions, because these can be inferred from Internet and other metadata.

He went on to say:

It is incompatible with human rights in a democracy to collect all communications or metadata all the time indiscriminately. The essence of the freedom conferred by the right to private life is that infringements must be justified and exceptional.

Additionally, the EU Advocate General, Pedro Cruz Villalon, in his opinion supported the overturning of the EU data retention directive. He argued that the retention of such data 'may make it possible to create a both faithful and exhaustive map of a large portion of a person’s conduct strictly forming part of his private life, or even a complete and accurate picture of his private identity'. He also highlighted the risk that the retained data might be used illegally, in ways that are potentially detrimental to privacy or more broadly fraudulent or even malicious. He went on to express concerns that data retained under the directive is not held by public authorities but by the providers themselves and that it does not need to be physically stored in the EU but can be kept on servers anywhere in the world.

The complex, voluminous, often sensitive and private nature of the data sought under a mandatory data retention regime exposes the hollowness of the claim that communications data or metadata is 'just like the envelope without its contents'. The difficulty with such a poor analogy is that it attempts to compare a piece of paper, the envelope, with a chain of events and multiple links to myriad other data, meticulously described and recorded. In the case of Twitter, this may include who wrote the tweet, their biography, their location, when it was written, how many other tweets have been written on that user's account, where the author was when the tweet was posted, what time it was, whom it was sent to, where the author is normally based and, surprisingly in the case of Twitter, the 140 characters of the content of the tweet as well.

Using faulty analogies to explain complex issues with the frequent use of the word 'just' is risky and misleading. As the ACLU explained in their report on metadata and privacy, a URL is both metadata—that is, a delivery instruction—and also content. It requests a webpage, which essentially means sending a message saying, 'Please send me the page and all the content found at this URL.' A single URL, or universal resource locator, reveals exactly which page was sought and, thus, exactly what content was received. The data generated as a result of our customers using the internet and telephone networks is certainly different in nature and volume than traditional fixed-line analog phone records. This data can reveal even more about an individual than the content itself.

I would like to move to the first page—it has 'Followers on Twitter' at the top. On the right-hand side, in the white box, you can see a screenshot of the original tweet. It has some red boxes over it, but it says: 'Need to catch up? Our complete coverage is here.' Then, in the larger box below that, the metadata, you can see a red box highlighting that the content is in the metadata. So, when people suggest, 'We don't want the content; we just want the metadata,' it is difficult to see how you can separate the two.

Senator MARSHALL: Is that just from a tweet?

Mr Dalby : That is just a tweet, yes. If we go to the next one—

CHAIR: Before you move on, your slide makes it look as though it is dropping off the bottom and fading out.

Mr Dalby : It does, yes.

CHAIR: How many more pages are there?

Mr Dalby : Sorry, that was just for presentation purposes. There is probably as much again—about an A4 page.

CHAIR: So the metadata is maybe 100 times the size of the content itself?

Mr Dalby : Yes. The tweet content is limited to 140 characters. In that case, there are not 140 characters there, but, yes, there could be thousands of characters in the metadata.

The next one is a webpage rather than a tweet. We chose the ABC. Typically, on average, behind a webpage there are something like 90 IP addresses or other URLs. You can see on the right-hand side a screenshot of the ABC website. It has all sorts of pictures and links to other stories and bits and pieces. On the left-hand side, again, there is a screenshot of the metadata behind that page. In that metadata there are all sorts of trivial things like what colour the text should be, the fonts and where it should be placed, but, bracketed in red, there are also a variety of files which live elsewhere on the internet. That is the instruction on how to get that content which sits elsewhere. On the ABC webpage itself, I have put a box around two of the pictures, and the arrow points to the URL that locates those pictures in the metadata elsewhere on the internet. Again, if you have the metadata, you have the content, so suggesting that we do not want the content but just want the metadata is, I think, a little misleading.

Finally, with Facebook it is the same story again. In this case it might be a little bit easier to see that. That is a snap of one of the iiNet Facebook pages. There is a green or teal coloured box with a quote in it, and it shows the link on the metadata page below. That, again, goes much further down the page. The link, which is a very long string of characters there that you can just make out, links to box No. 3, the content box up the page, and that shows that as an image just sitting elsewhere on the internet. Again, it is probably hard to read, but in the URL at the top of that internet page it shows the location. All that is sitting at that location is that green box with that quote in it. It is a piece of discrete content on its own. There are other linkages there to the author's profile and to another Facebook page, and so we could take that on again. I have tried not to make that too complex.

Senator IAN MACDONALD: That is very good.

Mr Dalby : But you can imagine that, when we are talking about metadata at iiNet, we are not thinking about phone call records with the number being used to originate the call, the number that has been dialled, the time it started and the time it finished. That metadata is trivial to us, and we have done some number crunching on it. In fact, we think we could store the amount of metadata for our telephone traffic on a USB stick. It is trivial. We do not need to build a new building. But we will get to the numbers. Roger Yerramsetti is going to give us some additional numbers shortly.

We could go on and on about showing different examples, but I think it is important to note—before I get back to reading my statement—that we are seeing exponential growth of devices and of computing power and storage. So this is not a 'snapshot in time' issue for us; it is what it is going to be in two years time. We are already seeing wearable devices, with people wearing watches and other devices on their bodies as they train, exercise or just go about their daily lives.

Senator IAN MACDONALD: Dick Tracy used to do that in the fifties.

Mr Dalby : That is right, but I do not think anybody was collecting his data. So we see data from a range of wearable personal devices, home automation systems and security monitoring systems also all generating metadata. Wearable devices measure and record biometric data—such as sleep patterns, pulse rate, temperature and metabolic activity—distance travelled, altitude and GPS coordinates, as well as any calls made or received and photographs taken with that wearable device, all of which will be generating metadata which would need to be collected under this regime.

In its submission to this inquiry, the Attorney-General's Department asserted:

Service providers routinely engage in telecommunications data retention for their business purposes.

We believe this assertion is overstated. Carriers only collect appropriate data for their businesses. There is a world of difference between the data collected in order to bill a customer for their internet or telephone usage and the collection of a mass of data generated by a customer during their sessions online. The data generated by telecommunications traffic massively outweighs the data required for ISPs and carriers to run their businesses. This suggestion of routine collection from the Attorney-General's Department could be likened to saying, 'You're going to the shops to get a litre of milk anyway, so it's no big deal to bring me the whole supermarket.' iiNet has no use for surveillance data, so there is no commercial driver to collect a massive volume of data, indexed to individuals, that we will never use. In the event that a specific data preservation order is received from law enforcement agencies, special steps are required to retain the information specified in that notice.

We note that other reports emphasise the word 'telephone' in comments attributed to government sources. If the requests for metadata are to be restricted to telephony traffic, this limited approach conflicts with previous confidential documents provided to the industry by the Attorney-General's Department, which have clearly spelled out a much broader dataset to be collected. This broader dataset has been described as consistent with that adopted in the European Data Retention Directive and is the data necessary to trace and identify the source and destination of communications, including unsuccessful or untariffed communications, on fixed network and mobile network telephony as well as internet access, internet email and internet telephony. It is further described as necessary for agencies to have access to the data to reveal the daily habits of targets, to enable targeted surveillance. We were also told that the additional data collection results from the use of new technologies such as Voice-over-Internet Protocol and encryption, which increases among agency targets.

The inconsistent and contradictory messaging from government sources is confusing and unhelpful. The communications industry and broader community do not know whether the government is only looking for the data already collected routinely by telephone companies or is actually seeking the full set of data as set out in its briefing paper. Is it the metadata such as that described by the European directive or is it a much smaller subset of metadata which has had the content processed and redacted?

Additionally the Privacy Act prohibits the collection of data beyond that which is required for the service provider to conduct their business. iiNet has worked hard to ensure that it is compliant with this obligation, which I can broadly paraphrase as: if you do not need it, do not keep it. Browsing data; posts to RSVP, Twitter, Instagram, Facebook, Weibo, Google Plus; purchases from iTunes, Netflix, Amazon, eBay, Alibaba; searches via Bing, Google, YouTube, Baidu, Yahoo; and transactions for online banking, ticket purchases, hotel bookings or PayPal are not routinely retained by iiNet for our business purposes. These are private and irrelevant to the provision of our services. If we do not need the data at all, then it logically follows that we do not keep it in the first place. It only creates unnecessary overhead. We do not build storage capacity for data we do not keep. The company has a formal data retention policy which operates in line with my comments here.

Assumptions have been made about how our business operates which lead to erroneous conclusions. Recent public assertions have been made, for example, that 'the ISP, as they do with their billing system, will be able to match the specific time and date stamp and IP address with a customer account.' These sorts of assertions are misleading, as iiNet and probably most Australian ISPs do nothing of the sort.

CHAIR: Who is that quote attributed to?

Mr Dalby : That was Graham Burke from Village Roadshow. This demonstrates the danger of making assumptions and comments in the absence of facts and the consequent risk of creating a false impression. Suggesting that it is no big deal because carriers are already doing it, when carriers are not doing it, is misleading.

Senator IAN MACDONALD: But don't you keep all that for your own billing purposes—the time, date and—

Mr Dalby : Certainly time and date are important for telephone calls, but we are primarily internet access. We do it for the telephone traffic, certainly.

Senator IAN MACDONALD: Sorry.

Mr Dalby : That is not a problem. A careless approach is unacceptable for public policy development. Indeed, in a recent policy background paper, the Department of Communications highlighted to us that the design of regulatory interventions requires an in-depth understanding of markets, supply chains, revenue flows, technical developments, expected regulatory costs and consumer and end-user expectations. I am almost to the end.

CHAIR: I was just checking, because we are a little bit pressed for time.

Mr Dalby : Shall I just move on to the implications for industry and leave it there?

CHAIR: As you wish, because we are going to turn these folk loose on you, and I am sure they have got lots of questions.

Mr Dalby : Mandatory data retention regimes turn commercial companies like iiNet into unwilling agents of the state. As the Office of the Victorian Privacy Commissioner submitted, the proposal for a two-year data retention scheme is characteristic of a police state. Law enforcement agencies already have the power to undertake targeted requests for data retention—for example, by using an ongoing data preservation notice.

We believe the community and our industry view these vague proposals with a great deal of uncertainty. Descriptions of metadata have ranged from just routine data already collected for the purposes of telephone billing through to the full suite of data covered by the European directive. The telecommunications industry may not only find itself coerced into the onerous requirements to collect, store and protect massive quantities of unwanted data but also have imposed upon it the obligation to process petabytes of data per day to remove content or links to content.

CHAIR: Thank you, Mr Dalby. There are two procedural matters to deal with. Firstly, there is a gentleman here from the media who is just testing the will of the committee that photographs be taken, using the usual courtesies. There being no objection, that is agreed to. Secondly, our colleague Senator Xenophon is now with us, on the phone from Adelaide.

Senator MARSHALL: Mr Dalby, do you think that anyone who uses Twitter, Facebook or a web page as a form of communication has any expectation that these are private communications?

Mr Dalby : No, but I do not think they have an expectation either that law enforcement is stripping out the metadata that is behind it. Most people are not aware of the metadata at all.

Senator IAN MACDONALD: Can I just interpose and say that this was very useful to me. Now I understand what people are talking about.

Senator MARSHALL: And I think most of that is meaningless to most people too. What is the big deal?

Mr Dalby : The big deal is collecting the data on people that are not suspected of any offence.

Senator MARSHALL: Someone is going to know that, yes, you did send a message by Twitter, you did do it at this time, you did do it from this location and you did do it using this device. So what?

Mr Dalby : Personally, I find that unacceptable.

Senator MARSHALL: Why—did you not do that tweet?

Mr Dalby : Yes, I did.

Senator MARSHALL: And did you have an expectation that this was a secret, private tweet?

Mr Dalby : Senator, no, I do not expect that it was a secret, private tweet; it is very public. I generally post on other forums. However, the collection of the metadata is what I object to. The collection of that metadata is far more information than in the tweet itself.

Senator MARSHALL: I have to get the tweet, but I am not allowed to get the metadata that comes behind it?

Mr Dalby : You are welcome to the tweet—that is right.

Senator MARSHALL: I would like privacy from the tweets, to be honest.

Senator IAN MACDONALD: That is easy—you can just turn it off.

Mr Dalby : The point is that we do not see it is our job to collect that metadata.

Senator IAN MACDONALD: Yours is not a philosophical argument; it is a commercial/storage argument.

Mr Dalby : It is both. Certainly from a corporate perspective the imposition of those costs and the additional risks of storing sensitive information are of great concern to us. At a philosophical level, we think there is a civil rights issue here—that people should be entitled to their own privacy at whatever level they deem rather than a level that the law enforcement agencies deem.

Senator IAN MACDONALD: Mr Dalby, doesn't that come down to a question of whether you believe, in this modern day and age, the fight against terrorists or all the bad guys—whoever they are—justifies you doing this? I assume that what you have told us in a simplified way was how the Americans knew where Osama bin Laden was and sent a drone to get rid of him, and could send it to get rid of me right at this moment, I guess.

Mr Dalby : That is an excellent example. I understand that Osama bin Laden operated in a completely electronic-free environment. So the answer to that question is probably no, they did not use that process.

Senator IAN MACDONALD: So they would get me but not him!

Mr Dalby : Yes, possibly.

Senator IAN MACDONALD: But, if I am a bad guy, isn't it in the world's interest that someone be able to find out where I am?

Mr Dalby : Yes, but it is entirely hypothetical and speculative, because there is no evidence, there has been no argument put, that shows that the collection of this data has helped anybody to catch anything. Denmark has been running with a scheme very similar to this for at least five years. The debate is now that they should stop doing it because it has not achieved anything. The crime rate has gone up and the amount of data collected is far too cumbersome and massive for law enforcement agencies to get any value from it.

Senator MARSHALL: On the flip side, if there is nothing useful in this information and it does not help anyone, what is the big deal? Let people have it.

Mr Dalby : Nobody is suggesting there isn't anything useful in it. If I was in the law enforcement agency's shoes, I would be wanting this very rich information as well. What I am suggesting is that all of us here in this room are possibly not targets of law enforcement, so why collect our data? My 12-year-old niece, why collect her data? My 93-year-old mother, why collect her data? It is not right.

Senator IAN MACDONALD: You do not know that until you have analysed the data of your 93-year-old mother.

Mr Dalby : I can vouch for my mother.

Senator IAN MACDONALD: Okay, but you cannot vouch for me or someone with my name, for example.

Mr Dalby : That is law enforcement's job to target the individuals that are under suspicion.

Senator IAN MACDONALD: But how can they get that if they do not have this wide body of stuff to—

Mr Dalby : How have they got it for the last 100 years?

Senator MARSHALL: The internet has not been there for that long, has it.

Senator LEYONHJELM: First of all, can you tell us how a data preservation order works? I agree with you, by the way, about your civil liberty points. That would seem to me to answer the questions of Senator Marshall and Senator Macdonald in relation to catching a bad guy, in that you want to get information about them. Does a data preservation order do that?

Mr Dalby : Yes. In general terms, a data preservation order is a very specific request for information and it is prospective. So it goes forward and it expires after 90 days. So they will send the order to us—

Senator LEYONHJELM: They cannot ask you to store the data?

Mr Dalby : Yes, they can, but prospectively. So the data preservation order says: 'We've got Steve Dalby in our sights. Here's the service that we would like the information about and we want all his emails or his web browsing history for the next 90 days'—though they do not say for the next 90 days; they just say they want it—and that expires after 90 days. It is specific and it is about an individual, and it is a person of interest to that law enforcement agency.

Senator LEYONHJELM: Who issues them?

Mr Dalby : They will come from a law enforcement agency. The AFP, typically.

Senator LEYONHJELM: The AFP directly?

Mr Dalby : Yes.

Senator LEYONHJELM: Are they subject to a warrant process?

Mr Dalby : Yes, I understand that that is correct. If you like, I could take on notice and provide back a process and show you exactly step by step what happens.

Senator LEYONHJELM: Yes, if you could take on notice how they work. In a way, I understand Senator Marshall's point about the triviality of a tweet, but emails are not trivial and neither are VOIP phone conversations. What is the metadata associated with them?

Mr Dalby : A VOIP, a voice over internet protocol, telephone call is much the same as any other format. In fact, VOIP has been used in the network for a very long time. The metadata is the originating point, the address, typically, a phone number—but some VOIP services like Skype may not use a phone number, they use an IP address; the destination; and the time it started and the time it finished. If we are not billing for that—a customer may have just downloaded an app to their phone or to their laptop—it is just data to us.

Senator LEYONHJELM: Correct. But what I am getting at is this: you said metadata includes content—so it is a lot more revealing than just content itself. In the case of a VOIP phone call or an email, if you get the metadata how much content do you get?

Mr Dalby : On an email, you would get the subject line as part of the metadata and that can be quite revealing; the 'from' address and all the 'to', 'cc' and blind 'cc' addresses. Is there anything else, Roger?

Mr Yerramsetti : Information about how many attachments and possibly even the name of the attachment but not the attachment itself.

Senator LEYONHJELM: I did not know about Denmark and its data retention system. Could you elaborate a little more on how they do it, who pays for it and how much it costs there?

Mr Dalby : I would have to take that on notice. I am relying on news reports on that front that the Danes are now considering that the value of that five-year process that they have undertaken is not delivering what the original expectation was.

Senator XENOPHON: Can I just ask about the interception capability plans you have to submit every year pursuant to the act. Can you explain in broad terms—I do not want the tactical details of your specific ICP—and provide a skeleton outline of that.

Mr Dalby : I will ask Mr Yerramsetti to answer that.

Mr Yerramsetti : Can you clarify specifically a bit more about what it is you want.

Senator XENOPHON: Under the legislation, as I understand it, you are required to provide an interception capability plan to the Attorney's office each year, pursuant to the act. Can you outline what that involves in respect of the requirement under the act?

Mr Yerramsetti : Inside the ICP that we lodge annually we outline the services and products that we offer, some information about the volumes, so how many customers or how many services have we got. We outline our capability to intercept those services and we also specifically outline what we can intercept, how long it might take, how long we might be able to store it for and things like that.

Senator XENOPHON: Do the intelligence or law enforcement agencies have input into your interception capability plans from year to year?

Mr Yerramsetti : They provide feedback on our plans and we do work closely with some to ensure that there is capability for any products of interest.

Senator XENOPHON: Sure. Sometimes you change your interception capability plan depending on that feedback from intelligence or law enforcement agencies?

Mr Dalby : That is correct. In our own case, having grown through the acquisition of many other companies over the years, the predominant amount of feedback we get is: how do we integrate those new companies into our ICP capability? Because there is a technical basis to this collection and interception we have on occasions had to, if you like, dispense with the existing infrastructure and replace it with stuff that is compatible with the broader group. So we have had a fair bit of toing and froing with the AFP, particularly on that issue. We have a reputation for constantly buying other companies. It has been live for the 11 years that I have been in the iiNet Group.

Senator XENOPHON: Can I just go to this issue. iiNet possesses experience in providing phone services as well as internet services. If the proposed legislation were enacted in terms of data retention, is it possible for two people in Australia, one a whistleblower and the other a journalist, to contact each other without law enforcement agencies finding out that they have been in contact?

Mr Dalby : Do you mean electronically?

Senator XENOPHON: Electronically?

Mr Dalby : I would say yes. I think there are devices and services like VPNs and encryption services that would be readily available and would allow people to do that. They might even use a third party to swap information—a dropbox or something similar.

Senator XENOPHON: But with respect to the encryption and the services you refer to, there would still need to be that first contact between a whistleblower and a journalist or, for that matter, a member of parliament that the whistleblower wishes to contact?

Mr Dalby : Yes, that is true. I guess it would depend on how familiar they are with the means to remain anonymous. It is quite possible to use a public phone box, for example, to ring somebody remotely.

Senator XENOPHON: But in terms of electronic communications it would be much more difficult for their anonymity to be preserved, with mass data retention?

Mr Yerramsetti : I would not agree. I think there are many places that have relative public access that you cannot pinpoint an individual—you might be able to see a device possibly, but to determine who the individual was behind that—

Mr Dalby : Public wi-fi is growing as a service across the country. I do not know if that would—

Senator XENOPHON: So you are saying that mass data retention would not necessarily have a chilling effect on whistleblowers going to journalists or members of parliament?

Mr Dalby : I could not possibly comment on that. I do not know. I would argue that it would possibly have a chilling effect, but I do not know.

Senator XENOPHON: Let us just go back a step. Are you familiar with President Obama's review group on intelligence and communications technologies that comprised attorneys and former national security officials? Are you familiar with their conclusion that mass data retention did not actually add anything to catching the bad guys—and I think Senator Macdonald quite rightly put that—and targeted surveillance of data retention or targeted metadata was much more effective in establishing whether a crime had been committed or was about to be committed?

Mr Dalby : Yes, and we would be sympathetic to the point of view that a targeted approach is much more likely to yield results than just mass data retention.

Senator XENOPHON: You say that what has been proposed would cost iiNet in the order of $60 million. Is that a one-off cost?

Mr Dalby : That was our first-year cost, which we calculated the last time I appeared at this committee, which may have been 18 months ago. We have done some maths since then and we have seen the proliferation of metadata on websites and other places doubling every 18 months to two years, so our costs would increase. I know the cost of storage is coming down, but we believe that doubling every two years of the volume of data that would need to be collected would mean that this would be an ongoing increase. We are now talking more in the order of $100 million for that first two-year period of data collection—

Senator XENOPHON: And this is just for your customers, your clients?

Mr Dalby : That is right. We are only talking on behalf of the iiNet group of companies, which represents about 15 per cent of the broadband market.

Senator XENOPHON: What would that mean in terms of an increase in charges for the users of your services? Would it be a 10 per cent increase or a 20 per cent increase? Can you give us a ballpark range?

Mr Dalby : We originally calculated the $60 million to be an increase of about $5 per month per customer if we just passed the costs through. I have tried to make this point today: we are very confused about what is required so it is very difficult for us to calculate what the costs will be. If we are only required to keep routine metadata for telephone calls we can probably pack up today and not speak again. If, however, the confidential briefing paper that was provided by the Attorney-General's Department is to be interpreted the way we have then yes, there will be massive costs. As I said, we are talking now about $100 million for the first two years and growing over time as that data grows. And then there is another potential cost on top. If the suggestion is that content is not required—that somebody will be required to process the metadata that is collected to strip out the content—that would be petabytes of data a day for our own organisation. You would need supercomputers to extract that data. Frankly, we do not want that job. That is not what we do.

Senator XENOPHON: So you are saying that the costs of $100 million every two years would actually increase significantly if you had to do that as well?

Mr Dalby : The cost of storage might go down a fraction, but if we have to store it in the first place and then redact it it is just costs upon costs.

Senator IAN MACDONALD: I understand your commercial obligation, but I want to make it clear that your concern is mainly commercial?

Mr Dalby : Yes.

Senator IAN MACDONALD: I think we have answered most of the questions I had. You have referred to this with Senator Xenophon: what you are seeking is a definitive statement by the government—I think you said this earlier in your evidence—on just what they require.

Mr Dalby : Yes.

Senator IAN MACDONALD: Have you mentioned that to the government?

Mr Dalby : Yes, we have.

Senator IAN MACDONALD: Have you been consulted by the government on what you need to know in the definitive statement?

Mr Dalby : It has been some time since we were approached or invited, other than in this process.

Senator IAN MACDONALD: Again, as I said to a previous witness, perhaps those of us on this committee can help. You are more or less saying that if you have to collect everything you have to collect everything, but at least you want an unambiguous statement about what the government wants and who is going to pay for it.

Mr Dalby : Who is going to pay. We would also add that we are not particularly enamoured of the idea of storing this data. If we were obliged through a change in legislation to start collecting this data, we would prefer to hand it over to law enforcement somewhere and let them build a place up near Alice Springs in the desert and run a power station to power that and tell us what the data feed ought to look like. We will collect it and feed it to them, and they can look after it.

Senator IAN MACDONALD: Is it technically possible to do that?

Mr Dalby : Yes.

CHAIR: That is the US model. Effectively that is what the NSA has been doing.

Senator LEYONHJELM: The NSA is doing that, yes. That is why I am interested in what Denmark is doing. The only other model that I know of is the NSA model.

Senator IAN MACDONALD: All right. Thanks, Mr Dalby.

CHAIR: I just have one or two to wrap up. Can you just confirm for us, as we did with the other industry folk, that you are not in present discussions of a formal nature with the A-G's Department or anybody else on this?

Mr Dalby : No, we are not.

CHAIR: How much can you tell about a person from simply an IP address? For the benefit of all of us here from a non-technical background, just define, firstly, what we mean by an IP address. How much can you tell from that?

Mr Dalby : An IP address, or internet protocol address, is the definition of a location on the internet. The internet is not just a single thing; it is a mesh of networks. In order to operate, we use IP addresses either to set up a service—so you set a service up at my house in the first instance and you make it live with an IP address—or to route traffic, whether it is a telephone call, a Skype session, an email, web browsing or downloading some information. We use IP addresses for all of that for the internet to know where you are going, what you want and where to bring it back. So when you say, 'What can you find out about a person from an IP address?' the primary thing an IP address might provide is a link to me. In iiNet, in my account, I could take the IP address of the service that has been provided to me by iiNet and link it, through a process of investigation, to my name and address, my contacts, the accounts that I have, all the email accounts that might be associated with that account, any telephone numbers that are associated with that and the billing history. Interestingly, that Attorney-General's briefing paper from 2010, which is still the only piece of documented briefing that we have, also asks for details of drivers' licences, credit cards, passports, banking arrangements—direct debit or credit—and a variety of other material which we generally do not keep but which I understand other companies keep, maybe for purposes of identification. So, at a personal level, the IP address could provide that sort of information. Then, if you had a lot of other IP addresses of where I travelled in my surfing of the internet, you would get access, really, to everything I do.

Ms O'Donnell : It could be your wife doing it on your account.

Mr Dalby : Yes, it could be my wife or my children using my account to do stuff too.

CHAIR: So it does not identify you; it identifies a device.

Mr Dalby : No, it identifies a service.

Ms O'Donnell : It links to a service, not an individual.

CHAIR: So people are making inferences about who is using the service, rather than—

Mr Dalby : Yes.

Ms O'Donnell : That is the issue of where you have an IP address at a university, for example, or at a library. It is not going to link to an individual in that case.

CHAIR: Yes. Finally on security, sketch for us briefly an ISP. You have a number of different businesses within the iiNet family but what you do to secure peoples' personal material, that which does exist which you host? How was that material made secure?

Mr Dalby : There are some industry standards. Probably most strict is the banking standard, the PCI-compliant—the payment card industry standards—which means that for things like credit cards we do not keep the record at all. We have a process where the customer supplies it into our system themselves, it is checked with the bank and validated, but if you are talking to is on the telephone we do not get the information or if you are doing a self-service application on the net it goes into an application which, again, is not stored. The rest of the information—which is personal details about name and address and other services attached to that account—is stored again in compliant systems which are compliant with the Privacy Act, for example. For other standards—

Ms O'Donnell : There is a whole range of ISO standards.

CHAIR: I guess where I am heading with my final question is the security implications of creating this vast data store on people going back at least two years and some of the agencies are now talking about five or more. I imagine that is a fairly serious security risk which presumably accrues to you guys as the ones who need to look after it.

Mr Dalby : Yes.

CHAIR: What would you need to do to safeguard it?

Mr Dalby : We do not want to go there, but I guess if we have to we are likely to need to build new data centres to store this. So there are bricks and mortar and communication facilities to link those data centres to the rest of the network. That is where the $60 million, $100 million come in—to build that infrastructure. It would be built to standards with security, privacy and so on. We are not suggesting that we could not do that. We do not want to do that but again, as the previous witness said, you can build anything with time and money and I guess this is the same thing. We can build the security, we can build the privacy, but the question is: how much money do you want to spend?

CHAIR: The reason I am putting this to you is that we asked these questions very directly to Mr Irvine from ASIO the other day and they do not really know.

Mr Dalby : Yes.

CHAIR: And it is all going to be made to your problem.

Mr Dalby : That is right.

CHAIR: I am just putting you on notice.

Mr Dalby : We are clear on that—that he has made that comment and made suggestions about selling BMWs and other things. They are far-fetched comments. I do not think he understands or has had advice which makes it clear to him what he is asking of the industry. There is no way that there is an informed comment coming from ASIO.

Senator IAN MACDONALD: But in the end result, it is either you billing taxpayers through your billing system to pay for storage or us collecting it from taxpayers as taxes to build a storage system. It all comes from the same source in the end result.

Senator LEYONHJELM: That assumes there is a storage system, if there is to be one.

Mr Dalby : Yes.

Senator IAN MACDONALD: If there is one, yes.

Senator MARSHALL: And not all customers pay tax.

CHAIR: Yes. It is either billed to your customer base or to the taxpayer, but somebody has to pay for it.

Mr Dalby : That is right.

CHAIR: We had best let you go. We have taken you well over time and greatly appreciate your time and expertise this morning.

Mr Dalby : Thank you, Senators.