We’ve long known the Attorney-General’s Department and its portfolio agencies in Canberra are not merely among the most evil, but also the least competent, in the country. Now add to that laziness.
This is the portfolio that has, over the last 15 years, systematically destroyed some of the most basic freedoms and legal protections that Australians enjoy, and continues to push to undermine legal protections and give ever-greater powers and funding to security agencies.
But AGD and its portfolio agencies have done so with an incompetence that at times bordered on the comic. This is the agency that even today, many years on from beginning its push for data retention and a year after the scheme came into effect, still hasn’t defined “data”, that couldn’t keep its story straight on why mass surveillance laws were needed, changed its evidence to parliamentary committees, has still yet to pass a mandatory data breach notification bill (it’s only just reintroduced one) and was unable to answer simple questions from politicians.
Remarkably, we had to wait until now for AGD to say who would be receiving funding allocated by the government in 2015 to help offset the cost burden imposed on ISPs under AGD’s mass surveillance scheme: $131 million was allocated in the 2015-16 budget, now nearly 18 months ago, to help ISPs with the additional costs of data retention — even though it was estimated that the scheme would cost a minimum of $319 million to build and maintain systems for data retention in the format the government agencies want.
And that’s despite AGD and the government insisting ISPs and telcos were already collecting the information.
AGD very expeditiously siphoned off several million dollars of the money for itself almost immediately — but industry has yet to see a cent of it. Finally, eight months after opening up applications for the program and more than a year since the legislation passed into law, the department quietly announced the list of recipients on its website today.
[Data retention will hurt YOU, not criminals. Here’s how]
The biggest slice of the pie, unsurprisingly, goes to Australia’s largest telecommunications company, Telstra, which received close to $40 million, followed by Vodafone on $29 million and Optus on $14 million. Curiously, one of Australia’s largest fixed internet companies, TPG, received just over $1.4 million. TPG-owned iiNet is also separately listed receiving $814,000.
Many of the other companies receiving funding are internet service providers including BigAir, Bendigo Telco, Exetel, and M2. The government is also effectively paying itself with $1 million being paid to NBN Co to get its systems in order to comply with the legislation.
Crikey sought comment from NBN on what its obligations under mandatory data retention actually include. According to an FAQ from the department, it indicates that wholesale companies like NBN (i.e. companies that don’t supply services directly to end users) need to comply to hand over data such as physical address information.
A number of universities also received funding under the plan, with RMIT receiving $680,000, while University of Queensland received $576,000. The universities running their own networks with telco licences meant that they were required to build systems in order to comply with the mandatory data retention legislation.
Questions have been raised about the amount of funding allocated to smaller providers, but the government’s methodology was designed to give weight to smaller providers with a maximum average annual revenue of $3 million where the cost per user to build new systems in order to store all the data the government requires under the legislation would be much higher than for larger organisations.
“One of the consequences of a pure allocation on this basis is that smaller providers would be on average overcompensated relative to their estimated costs,” the department stated.
[Your guide to the data retention debate: what it is and why it’s bad]
Points are otherwise granted based on the number of services, subscribers, revenue and storage requirements.
The methodology document developed by PwC for the Attorney-General’s Department explains that 25 of a total of 100 points available for grant applications to be successful depend on the size of the organisation. Funds were set aside in the total allocation for smaller companies where the cost of compliance would be higher.
In a statement today Attorney-General George Brandis said most of the 180 companies getting funding would receive grants to the value of 80% of their implementation costs, and 50% of the funding would be handed over once a funding agreement was signed.
Crikey understands many telecommunications companies had been frustrated with the lengthy delays in allocating the funding for the scheme, while also being required to be compliant with the scheme.
The allocated funding is only the cost for building the systems, not the operation of the systems. Brandis stated last year that a PricewaterhouseCoopers analysis had determined it would cost between $1.83 and $6.12 per customer per year to keep the data.