Telstra has moved to assure customers any information it collects as part of the government's mandatory data retention regime will be safe, having previously warned the scheme could create a honey pot for hackers.
Australia's mandatory data retention scheme passed both houses of parliament on Thursday in the face of objections on privacy grounds, and a lack of clarity over the cost to telcos and internet service providers (ISPs) of implementing the new regime.
It remains unclear how much it will cost the industry, although Attorney-General George Brandis said on Friday that the midpoint in assessments of the "set-up" cost was about $250 million, to which the government would make a substantial contribution.
Senator Brandis has previously said the operating cost of the scheme would be approximately $4 per customer per year.
The contribution to be made by taxpayers would be decided as part of the budget process, he said.
Telcos and ISPs will be required to store customers' metadata for two years, including the time and duration of phone calls, originating IP addresses, the mobile phone tower connected to when initiating a call and email records.
The content of communications will not be collected.
The nation's biggest telecommunications company Telstra says it is still developing its implementation plan - the government has set a two-year deadline - but has confirmed its customers' metadata will be encrypted and stored at facilities located in Australia.
"While geography alone is not a good measure of security, storing the data in Australia should help allay the concerns of some customers," Telstra's chief information security officer Mike Burgess said on Friday.
But Mr Burgess also again pointed to concerns that the scheme - which the government argues is in the interests of national security, particularly in view of growing concerns over terrorism - could also create security risks for customers.
"Previously, we have highlighted the increased security risk associated with retaining more customer metadata we don't currently need in the delivery of our services to our customers," he said.
"If some of this is stored and made accessible, then we are creating what has been called a `honey pot' for hackers and criminals to target."
"We understand that customer metadata has enormous value not just to our customers and law enforcement agencies but also to a range of malicious actors who may seek to gain access to our systems."
Mr Burgess said Telstra would build on existing measures already in place to secure its networks and customer data, including intrusion detection systems and other active monitoring systems.
Share
