Wednesday, 17 July 2019 09:10

Home Affairs seeks retention of IP and MAC addresses and port numbers Featured

Home Affairs seeks retention of IP and MAC addresses and port numbers Image by Gerd Altmann from Pixabay

The Department of Home Affairs wants IP addresses, MAC addresses and port numbers to be added to the list of data retained by providers under the existing data retention regime, according to a submission made to a review of the law.

The submission, made to the Parliamentary Joint Committee on Intelligence and Security review of the mandatory data retention regime that is part of the Telecommunications (Interception and Access) Act, also suggested that the period of data retention be extended beyond the current two years, though this point was not argued forcefully.

In arguing for retaining MAC addresses, the department submission said: "For example, including media access control (MAC) addresses and devices which identify serials would provide better information as to which device was being used at the time of an offence."

One case was cited as evidence for this: "In a recent case in Victoria, a mobile phone containing pictures of a terminally ill child was stolen at a shopping centre.

"Victoria Police were able to use the shopping centre’s security infrastructure to track MAC addresses in order to obtain surveillance footage of possible offenders. Charges have since been laid."

The department's argument for retaining IP addresses and port numbers was limited to one sentence: "Similarly, including IP addresses and port numbers to attribute data accessed on mobile phones, would allow agencies to make better use of mobile phone data."

While the department submission conceded that retaining the current period of data retention — two years — was "the most appropriate way forward", it also advanced several arguments about the use of older data in cases which it claimed backed its contention "that data held by commercial entities for longer periods can prove critical to prolonged investigations".

The demand for release of data fell after introduction of the law — in 2014-15 the number of requests was 363,336 and this dropped to 295.676 in the first full year of operation of the law — but the submission claimed "while the rate of use of telecommunications data has not significantly altered since the introduction of the Data Retention Act, the consistent volume of use demonstrates that this data remains a highly valued tool for law enforcement and intelligence agencies in their efforts to provide a safe and secure environment".

In 2017, the Australian Federal Police confessed to having illegally obtained the metadata of a journalist, due to what was put down to "just human error". The submission claimed the Commonwealth Ombudsman had found this was due to "a failure of administrative process and not an attempt to evade the oversight protections".

At the time, the then AFP chief Andrew Colvin told the media on a Friday afternoon that the officers were unaware that they needed to obtain a warrant to access the metadata of the journalist in question. The AFP informed the Ombudsman of the screw-up on the Wednesday of that week.

Regarding this, the submission said: "The timely and transparent investigation of this matter demonstrates that the considerations and oversight mechanisms governing the oversight of journalist information are effective."

The PJCIS has to submit its report on the review to Parliament by 13 April 2020.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments