According to industry lobby group Communications Alliance 84% of ISPs say they are not ready and will not be collecting metadata on time. It also found that 66% were not ‘entirely sure’ what type of metadata the Government wants to collect.
Communications Alliance chief executive John Stanton said ISPs have had to start collecting a significant amount of new data, and complying with the laws has been difficult and time consuming. "The Government's claim that what they are asking for is retention of the status quo has never been correct. The vast majority of ISPS are saying: 'We're trying, but we're not there yet'."
Contrary to the Attorney General’s April 2017 deadline for compliance, ISPs must start retaining metadata as of today unless they have been granted an extension – that then gives them another 18 months. Getting an extension – also known as DRIP (which is perhaps an appropriate acronym for Data Retention and Investigatory Powers Act 2014) – is not easy. 81% of ISPs have presented a plan [application] and only 10% have been approved so far.
“ISPs were not given enough time to get ready. I think the survey shows that very clearly. The way that the legislation is drafted does not provide us with all of the detail about what exactly is required in all of their services. There are a thousand different nuances that I have seen flying around as to what needs to be retained in respect of a particular service. The complexity has always been part of the bedevilling aspect of this regime. There are still many providers, as the survey highlights, that aren't certain that they've got their requirements completely figured out," he said.
What is the result of non-compliance?
Apparently, the process of complying with DRIP involves a tsunami of paperwork – many smaller ISP believe it will be unviable for them to stay in business. These are predominately from regional or niche areas servicing what the bigger Telcos will not.
“It is possible smaller ISPs would close down rather than struggle on. I have seen the emails from smaller providers who are really questioning whether they ought to try to stay in business in the light of this cost of compliance. If you're a small family-owned operator in a regional town, with a few hundred customers, this is exactly the sort of regulatory cost that could convince you to try and find another way to earn your living," he said.
Internet Australia, a not-for-profit peak body representing everyone who uses the Internet is equally damning in its findings.
CEO Laurie Patton said that a statutory review of the Act, scheduled for three years after it is operational, should be brought forward so that problems are sorted out sooner rather than later. “We maintain that the process is so flawed that it should not be allowed to go unchecked for that long. We are talking about major security issues and significant costs that need to be dealt with now.”
According to Mr Patton, “Our industry intelligence tells us that the implementation process is way behind schedule – with many ISP’s affected by the legislation still struggling to understand their obligations and therefore still compiling their implementation plans.”
Read the earlier iTWire article on what Internet Australia would like done.