Metadata can include the time, location, sender and receiver, and some have argued it could also include URLs and IP addresses accessed. With metadata volumes doubling every two years, iiNet estimates the cost of complying with a data retention scheme could be $100 million over two years – up from $60 million previously estimated. This would see consumers hit by cost rises of $5 to $10 extra a month – an increase Mr Dalby has described as a “surveillance tax”. The Australian Mobile Telecommunications Association estimates compulsory data retention could cost the industry $500 million a year – an amount that would be passed on to consumers. Both iiNet and the AMTA acknowledge the confusion about how broad a data retention regime would be makes estimating any cost rises difficult. “The communications industry and broader community does not know whether the government is only looking for the data already collected routinely by telephone companies, or is actually seeking the full set of data as set out in their [confidential] briefing paper,” Mr Dalby said. “A definitive statement outlining the government’s requirements would reduce the uncertainty and enable us to more meaningfully respond to any proposed data retention regime.” Mr Dalby said in his statement that mandatory data retention regimes turn commercial companies into “unwilling agents of the state”.

“IiNet does not agree that it should accept the role proposed by those calling for an onerous data retention regime,” he said. “If we are ultimately compelled by law to collect such data, the government must be responsible for its storage and protection … iiNet has no use for surveillance data, so there is no commercial driver to collect a massive volume of data, indexed to individuals, that we’ll never use.” Communications Alliance chief executive John Stanton said government proposals for compulsory data retention and anti-piracy measures "have the potential to dwarf the entire red tape reduction achieved across all portfolios”. Forcing security agencies such as ASIO to pay the cost of administering a scheme would act as “a natural curb against excessive requests”, he said, adding that telecommunications companies lack the expertise to deal with complicated surveillance requests. "It's not just the shifting of costs that we're worried about, but also obligations to service providers, who at the end of the day are not police and can sometimes struggle to deal with requests if they're required to process issues in which, frankly, they're not trained," he said. ASIO chief David Irvine told the committee last week “the public should not be concerned that there’s going to be gross misuse” of data retention powers.

“For the life of me, I cannot understand why it is correct for all your privacy to be invaded for a commercial purpose, and not for me to do so to save your life,” he said. Mr Irvine said the actual content of communications – for example the text of emails – would continue to be accessible only with a warrant. Former NSA chief legal adviser Stewart Baker told the Senate inquiry on Tuesday that ''an unholy alliance of business and privacy activists'' was preventing authorities from combating terrorism. Mr Baker said there should not be limits on what data is collected but there should be limits on how authorities access and use it. Liberal senator Ian MacDonald said he would ''rather be alive and lack privacy than dead with my privacy intact''.

Thomas Drake, who was indicted by the Obama administration for leaking information about the NSA, told Fairfax Media he was concerned telcos holding vast amounts of data about customers would be targeted by hackers. ''Metadata is extremely rich information - it can give you an index on a person's entire life,'' he said. ''This would let the government off the hook by forcing the telcos to hold on to the data.'' John Stanton, CEO of peak telecom body the Communications Alliance, said many telecommunications companies lacked the expertise to deal with complicated surveillance requests. ''It's not just the shifting of costs that we're worried about, but also obligations to service providers who at the end of the day are not police and can sometimes struggle to deal with requests if they're required to process issues in which frankly they're not trained,'' he said. He said security agencies should bear the cost of companies storing any additional data or storing data for longer than they already would.