The high cost of outsourcing surveillance

Australian police and security agencies are pushing for greater surveillance powers and that could hurt consumers in more ways than one.

Public outcry over the Coalition’s purported ambition to get internet service providers to police the internet may have died down a touch but the re-emergence of mandatory retention of data as an issue should once again mobilise those worried by its potential implications.

The law enforcement agencies have extolled the virtues of mandatory detention in unison with the parliamentary inquiry into potential changes to telecommunications laws, and the Attorney-General seems inclined to entertain their viewpoint.

As it turns out, an inquiry initiated after allegations that the Australian intelligence agency, formerly known as the Defence Signals Electorate (DSD) had potentially operated "outside its legal mandate" has provided an opportunity for the agencies to push for even greater power.

The Snowden effect

The catalyst for their new-found vigour is none other than NSA whistle blower Edward Snowden, who has not only managed to shake up the halls of power in Washington but also galvanised public opinion on why privacy matters and how it can be protected.

Snowden's prescribed mode of protection is to use encryption, enable browser plug-ins that combat tracking and cover your tracks with Tor.

For enforcement agencies, this is exactly the kind of talk that greases their ambition for getting telcos to store customer metadata, which the Northern Territory Police says should include web browser history.

And their helplessness is further inflamed when outfits like Phantom Secure, a Canadian-based peddler of encrypted Blackberries, start hitting the headlines in daily news.

Earlier this year, the ABC highlighted how a number of these uncrackable phones found their way to some of Australia’s biggest crime syndicates, with law enforcement officials saying the phones were linked to a series of the underworld killings in Sydney.

Meanwhile, the Mobile World Congress saw the launch of the Blackphone, a device that purportedly prioritises privacy and control ahead of everything else.

There is some justification in what the agencies are saying, but is it enough to validate their push for stricter retention laws?  

According to data provided by Sinefa, an online service that measures network performance, the amount of encrypted traffic across networks is growing not only in size but also in terms of percentage of total traffic.

The likes of Tor, Encrypted Google and HTTPS Everywhere are providing enhanced privacy for users, often free of charge.

A high cost for consumers?

Electronic Frontiers Australia’s executive director Jon Lawrence says while he understands the point raised by law enforcement agencies, their demands push the envelope too far.  

Lawrence contends that some of what ASIO is saying is tantamount to a phishing expedition.

“They are dressing it up as a national security issue but it really is a grab for more access to information, and essentially saying they would like to go on phishing expeditions,” he says.

The Attorney-General's Department has wisely said that implementing any concrete measures will require further consultation. The issue of justification has to be clearly defined and there has to be a system of checks and balances put in place.

One key stakeholder group that will have a few things to say during the detailed consultation process, if and when it’s implemented, is the telco sector.

The prospect of turning telcos into copyright police is already seen as a loathsome imposition by some telcos as well as ISPs, and using mandatory data retention laws to potentially outsource the surveillance state to the ISPs isn’t going to float their boat.

This isn’t altruism on their part -- there’s a serious cost impost here for telcos, who will be expected to bear costs potentially running into the hundreds of millions.

It isn’t just the upfront cost of setting up the technology to capture the information. There are ongoing costs involved (storage, security) and the greater the demand from the agencies, the more it hurts the wallets of the telcos.

David Epstein, the head of regulatory affairs at Australia’s second largest telco, Optus, has been a long running critic of the mandatory data retention scheme and says that at some point the cost impost placed on the telcos will have to be passed on to customers.

According to Epstein, the impact on the telcos is often overlooked in the broader debate but the industry has consistently made its position clear to the law enforcement agencies.

With the Attorney-General's Department highlighting the need for greater consultation, Epstein says that telcos will be gearing up for a robust, and hopefully fruitful, discussion.

It will be interesting to see how the telco sector and the government can break the impasse -- the cost burden will be a critical talking point but the defining the parameters that govern the amount and type of data will be crucial.

Australian citizens are unlikely to appreciate an outcome that not only threatens their right to privacy but also hurts their hip pocket.