Unless you’re reading this far into the future or a jail cell because you downloaded Dallas Buyers Club, then you would know that metadata retention laws have just been passed in the Australian senate.
Australian Parliament (with cooperation from the Coalition and ALP) passed amendments to the Telecommunications (Interception and Access) Act 1979 requiring telecommunication service providers to retain for two years certain telecommunications metadata prescribed by regulations.
What is metadata?
The analogy being thrown around is metadata is not the contents of the envelope, but rather what is on the outside of the envelope. It is pieces of descriptive information that describe or give one or more pieces of data additional context and meaning.
Take for example a photo taken on your iPhone 6. Besides the date the photo was taken, your photo will have the exposure level, location the photo was taken and other numerous pieces of metadata.
What is metadata retention?
The Australian government will require all telecommunication service providers to retain data on your activities for a maximum of two years. Meaning the IP addresses of the sites you visit, the people you email, text and call. Anything that you do that can be tracked can and will.
What will be retained?
Going off the previous point, any activity online can be tracked.
- Who you called (or who called you)
- When you call (or someone called you)
- Where you were when you called (or answered)
- How long the call lasted
- Anyone either party called afterwards\
- Chat aliases and usernames
- The names of applications you use online (including port numbers)
- What you do on the internet. Not your browsing history, but your IP address (the same), connection time and duration, the bandwidth used, files downloaded (name, length and extension), number of times you visit a certain website
- Who you email; when you emailed them, subject line, attachment filenames, carbon copy (CC), everything except the message body is metadata
- Social media activity; Not the text, but who you communicate with, length of messages you send and any public activity that can easily be saved
Honestly, don’t be surprised now legislation has been passed if what data is collected is bulked up now that the foot is well and truly in the door. This is only the beginning (and it is already worrying).
Why do we need a metadata scheme?
Cause’ terrorism. As always, terrorism is used as the driving force behind decision making when it comes to policies that impact the freedom of citizens. Look no further than the Patriot Act in the US which takes away the basic rights of suspected terrorists under the name of national security.
Even though Australia has never fallen to the hands of terrorists in any kind of attack, that doesn’t stop the government from using it as justification. The truth is, we don’t need a metadata scheme and it is worrying that we have one (not even the US has such a legislated scheme).
Who will pay for it?
While who will pay for telecommunication providers to retain metadata for two years has yet to be determined, you can almost guarantee that the consumer is who will be paying. Any cost imposed on a provider will be passed onto a customer meaning we could see internet and phone bills rise by $10 or more (per month). Either that or we will be seeing a new tax introduced.
Who will have access to your metadata?
There is no special committee, no oversight process or (process at all). You would be surprised to read who can access this trove of metadata.
- Federal, state and territory police
- Local councils
- The taxation office
- Australia Post
- ASIO (exempt from having to report the number of metadata requests they make)
- Corporations (conducting criminal and financial investigations)
I am not entirely sure what the process will be for metadata, but it does not seem like it will be difficult for various entities to get access if they provide the right paperwork.
Metadata retention: Hollywood’s dream
At present publishers, studios and rights holders are having to pay third parties to monitor P2P (torrent and file sharing traffic), but with metadata retention laws in Australia, they don’t have to pay anyone anymore (except their lawyers).
Consider this situation: a studio like Universal wants to trawl through metadata to find out who downloaded its “original” latest comic book movie adaption. Armed with just some vague IP addresses, they could theoretically be able to get access to the data due to the fact they could mask it as a legal investigation.
Maybe I am over-thinking things here, but this coupled with the Attorney Generals push to police copyright infringement in Australia, it all feels a little too convenient the pieces are starting to fall into place like this.
Will there be misuse?
You can almost guarantee there will be misuse. Look no further than Bankstown Council making a request for metadata to find illegal rubbish dumpers. Yes, you read that correctly. A local council is able to request metadata to track down supposed illegal dumpers, if that is not the definition of unfair overreach I don’t know what is.
The Queensland Police also did something similar in accessing police officers phone records to find out if they were faking sick days, having sexual relationships at academies or missing for several hours.
What can you do to protect yourself?
It is sad that things have come to this. Even if you are not doing anything wrong online, your data is still being collected and could be misused. There are steps to take online that can make you almost anonymous, but as always there can be no guarantees (thanks to agreements like Five Eyes with the US).
Use a reputable VPN and tunnel all of your internet traffic through it. Downloading, web surfing, social media and email. A VPN will actually bypass the scheme almost entirely, all your data will store is a connection to various offshore VPN nodes.
As for phone calls and phone usuage in general, there is very little you can do. A lot of people rarely use their phones these days to make calls, opting for Facebook or Snapchat instead. Use an application like Viber or WhatsApp if you want to make phone calls anonymously (keep in mind this will require data and a paid subscription to these services).
Don’t think of this scheme as only being for targeting the bad guys, anyone at anytime can be a target thanks to metadata. Who knows, even your employer if they follow the right process (whatever that is) can use your own metadata against you (visiting job websites, emailing rival employers) and more.