Warns of hacker’s paradise.
Australia’s largest telco Telstra has refused to disclose how much it expects the Government’s data retention scheme will cost to implement, claiming the figure as commercial-in-confidence.
The telco refused to budge under sustained questioning by Labor MP Mark Dreyfus on the cost of the scheme today as part of hearings into the Government’s proposed data retention legislation today.
Representatives from the telco said a dollar figure had been provided to PriceWaterhouseCoopers – which was appointed last October to calculate how much telcos would need to spend installing and maintaining the IT systems underpinning the scheme – but it was commercial-in-confidence.
Dreyfus said the parliamentary committee investigating the bill had not been provided with any cost estimates – apart from those stated in the public domain by the likes of iiNet – which was hindering its ability to review the proposed legislation.
“At some point this is going to have to stop being commercial-in-confidence because the taxpayer is going to have to pick up the bill,” Dreyfus said.
Telstra director of government relations James Shaw said the figure had been provided to PwC and the Attorney-General’s Department, and it was up to the agency as to how that information was shared.
“Is there any way that the public and this committee can get some feel for this? Are we talking hundreds of millions of dollars or tens of millions of dollars?” Drefyus asked.
“We have been willing to share that with the Government and I presume they have some plan about how they will draw together inputs from the various contributors in the industry in comparing the advice to Government on the cost of the scheme,” Shaw said.
Internet service provider iiNet has previously put the cost of the scheme at over $100 million in the first two years, which it has said would need to be passed on to consumers via additional costs to monthly bills.
Telstra and rival Optus – which has outlined similar broad support to the proposal as Telstra – last week called on the Government to deliver on its promise to make a substantial contribution to the costs of delivering the planned data retention scheme.
Dreyfus today asked Telstra whether the Government had committed to fund a certain portion of the scheme, but Shaw said negotiatons had not yet progressed to an actual dollar figure.
The telco’s representatives also revealed during the hearing that Telstra CEO David Thodey and executive director of regulatory affairs Jane Van Beelen had met with Prime Minister Tony Abbott in the days before the Government introduced the data retention bill in late October.
Telstra today repeated warnings made by other industry members that the centralised systems telcos would need to create to store data under the planned regime would create an attractive target for hackers.
The telco told the committee that it currently fields hundreds of thousands of requests for metadata from up to 70 agencies, which it attempts to service across 13 different systems.
The scheme would force the telco to centralise its storage of the data to be retained, making it an appealing target for attack.
Chief information security officer Mike Burgess said such centralisation would make the data much easier for an attacker to access, compared to penetrating the telco’s 13 current systems.
“You would go for that system because it would give you the pot of gold, rather than working through our multitude of systems today to find that data,” Burgess told the committee.
“[The bill would require us] to have that data in a location or a system where it can be accessed. And it would be associated with a particular customer, as opposed to transient data,” Van Beelen said.