Senate passes mandatory data retention laws, Australia-based storage not required

The controversial Mandatory Data Retention Bill has passed Federal Parliament this evening, after both major parties voted in favour of the legislation in the Senate. The new laws will require internet service providers (ISPs) and telcos to store their customers' metadata for two years and allow over 80 securities agencies warrantless access.

Captured data will include:

The sender and recipient's phone number or email
The time, date and duration of a communication
A user's IP address
The location of the communication equipment used
The type of communication
Bandwidth usage such as the amount of data uploaded and downloaded

The content of messages, phone calls and text messages will not be stored, and neither will a user's web browsing history.

The Federal Government, who proposed the bill, believes it is essential in fighting terrorism, child abuse and other serious crimes.

"By passing this Bill, the Parliament has ensured that our security and law enforcement agencies will continue to have access to the information they need to do their jobs," wrote Attorney General George Brandis and Communications Minister Malcom Turnbull in a joint media release. "No responsible government can sit by while those who protect us lose access to vital information, particularly in the current high threat environment."

International over-the-top services such as Facebook Messenger, Wickr, Gmail, Skype, Viber, iMessage and WhatsApp will not be subject to the scheme. Turnbull said that the use of these services will effectively mask a user's communications during an interview last night on Sky News.

"There are always ways for people to get around things, but of course a lot of people don’t," said Turnbull. "That’s why I’ve always said the metadata, the data retention laws, the use of metadata is not a silver bullet, it’s not a 100% guarantee, it is one tool in many tools."

The Greens put forward several amendments while the Bill was debated in Senate, but each was shot down. These included that data be stored for a maximum of three months rather than two years, and that all captured data be stored in Australia. As such, ISPs and telcos will not be restricted as to which country their customers' metadata is kept. Former iiNet chief regulatory officer Steve Dalby last year suggested that ISPs would likely find that lowest cost option for storing the required data, which at the time, was China.

Greens Senator Scott Ludlam was a vocal opponent of the Bill, going as far as calling it "massive, passive surveillance". While addressing the Senate on Tuesday, he encouraged Australians to find ways to bypass the scheme, such as the use of a Virtual Private Network (VPN).

"Circumvention and anonymity is not illegal," said Ludlam. "What I'm proposing is that we take the power back from our Government who have clearly drunk the surveillance kool-aid."

ISPs and telcos will now have 18 months implement systems to support the scheme. The cost of implementing such systems is expected to be as high as AUD$319.1 million according to an estimate provided by professional services film PricewaterhouseCoopers. The government has said it will contribute to these costs, but has yet to specify how much it will provide.