Tuesday, October 13, 2015

Today by Nick Feik

Metadata retention begins
New anti-privacy law is another step down a dangerous path

Today, the new metadata retention law comes into effect in Australia. Data about your communications must be retained by communications providers for at least two years.

Don’t care?

This data includes every number you call or message, the time at which you do it, and where you were at the time. If you email or use the internet, it includes the time and duration of your web connections, the location and volume of data.

You data will be accessible without warrants by all state and territory police forces and at least 13 other organisations (including, for instance, the Australian Competition and Consumer Commission), as well as any other agency the Attorney General publicly declares.

Not concerned yet?

Metadata is a fairly bland and inoffensive term, which is probably why this legislation got through parliament (voted through by both Labor and Liberal parties). But in the modern world it covers our most intimate communications.

“If you call a suicide prevention hotline,” as cryptographer and computer security expert Bruce Schneier explained to Lateline, “it doesn’t matter what you say; it’s the fact that you called them. (Metadata reveals) who we associate with, what our interests are, who we are, what we are.”  Not to mention where we are, and when we are there. Health websites, calls to specialist doctors, browser histories, activist forums …

Some elements of the new regime are dangerous and some are simply absurd: Two-thirds of local internet service providers aren’t confident they fully understand what data the government wants collected; none know how much it’s going to cost; none are ready for it or understand details about exemptions or the legal details around aspects such as encryption or how securely all this data needs to be stored. To remind readers: this law is supposed to be implemented from today. (ISPs have until April 2017 to become “fully compliant”.)

But the most absurd thing about new data retention regime is how arbitrary it is. It doesn’t collect data from non-Australian email providers, for example.

What is the national-security value of a data-collection regime that doesn’t collect Gmail data? Or that can be circumvented by using Facebook messenger, Twitter direct messages or Google chat?

In these circumstances, data collection is not a means to fight terrorism; ASIO and other security organisations already have far greater surveillance capacities than these. This kind of collection regime simply extends powers that were created to track genuine security risks to all citizens.

Without any oversight, it is open to abuse: arbitrary powers are always distributed unevenly, it’s an iron rule.

In Australia’s case, we have no way of knowing how and when our data will be used. You may trust what you don’t know, of course, but it wouldn’t be very clever.

Still don’t care?

As Edward Snowden has said, “Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.”


Today’s links

Nick Feik

Nick Feik is the editor of The Monthly.



The Monthly Today


Today’s humiliating backdown could jeopardise the return to surplus

Bring Assange Home: MPs

The US extradition case against the Australian journalist sets a dangerous precedent

2009 forever

Blame the Coalition, not the Greens, for Australia’s decade of climate dysfunction

Go figure

The NDIS minister can rattle off stats, but he’s not convincing everyone

From the front page


Today’s humiliating backdown could jeopardise the return to surplus

Bring Assange Home: MPs

The US extradition case against the Australian journalist sets a dangerous precedent

Image of Steve Kilbey

The Church frontman Steve Kilbey

The prolific singer-songwriter reflects on four decades and counting in music


Bait and switch

Lumping dingoes in with “wild dogs” means the native animals are being deliberately culled