"This is a very live discussion in Australia," said Crompton. Australia should discuss PRISM in the context of its own laws rather than just to "beat up on America," he said.
Australian law enforcement has sought a requirement to require retention of the metadata, as well as a legal distinction between the content of a call and metadata about the call so as to make it easier for law enforcement to access the metadata.
Crompton disagreed there should be a distinction because he said "we're now getting such density of data about the data that the insight that it reveals about the way people lead their lives is reaching the point where it's more informative than the content of the calls."
Vines said metadata could be used to piece together valuable insights about a business and its clients. "There's really not a big difference there; the risk to a private company and the risk to a private individual are still the same."
Crompton called for law enforcement to be more transparent about its use of metadata. "If they've got nothing to fear or nothing to hide, then they should be much more straightforward and clear with the people about what they're doing."
Senator Scott Ludlam for the Greens has also raised concerns about collection of metadata.
"Dozens of government agencies are vacuuming this material up, and there's really no judicial oversight whatsoever," Ludlam said last month at the CeBIT security conference in Sydney.
Smartphones "can place you anywhere at any time", he said. "That is going to be very useful for law enforcement from time to time, but I am very, very concerned about a proposal that says every Australian citizen is treated as a criminal suspect until proven otherwise."
The reveal of PRISM could have an impact on the Australian data retention debate, said Crompton. "I think it should because I don't think there's been enough engagement in it."
Sign up for CIO Asia eNewsletters.