The government wants to know more about you. Edward Snowden warned Americans about this threat several years ago, and while there’s been some pushback agencies like the NSA continue to champion the creation of data retention laws that would force Internet service providers (ISPs) to disclose user “metadata” on demand. Think it can’t happen here? It may only be a matter of time — in Australia, a new data retention legislation has just been approved. The government says it will help protect citizens; critics argue it’s invasive and unnecessary. Here’s what you need to know.
So what is metadata, anyway? Why does it matter? According to government agencies, collecting this kind of data is no big deal, since it doesn’t really reveal any private details. But that’s not entirely true.
Under Australia’s new law, for example, the content of your communications (so long as they’re encrypted) is off-limits. So if you send off an email to your doctor’s office using a secure email service, the government can’t read it. But they can discover the recipient of your email — that’s metadata. What’s more, the law compels ISPs to keep records of IP address assignments, meaning that without a warrant the Australian Security Intelligence Organisation (ASIO) can discover who’s using an IP, who they’re sending emails to and what time the emails were sent. It also sticks ISPs with the bill for setting up and maintaining these retention systems; part of this cost will undoubtedly get passed on to Internet users.
The argument here is that by letting all this metadata go, providers are handicapping law enforcement efforts to stop Internet crimes. And while better access to this kind of data could give police and intelligence agencies a leg up when it comes to terrorism or illicit dealings online, innocent citizens can easily get caught up the rush to find “bad guys” and have their personal data compromised without warning or acknowledgement.
New Law, New Challenges
So what does Australia’s new law look like? Amendments to the Telecommunications Act of 1979 now require providers to retain specific pieces of metadata for two years. It also outlaws the use of “warrant canaries”, which are signals sent out by providers to indicate that they’re not under a gag order or have been asked to disclose user data. If the signal stops, citizens know something has gone wrong — but the new law views them as too much of a risk.
According to IT News, opposition parties tried push through amendments and provisions to limit the scope of the new bill — everything from mandated destruction of data after two years to a reduction in the overall storage period and the creation of “protected class” warrants which would compel the government to seek legislative approval before accessing the metadata of certain professionals who deal with sensitive information, such as lawyers. Each amendment was defeated.
There’s a small silver lining; as noted by The Guardian, Coalition members came to an agreement with Labor to protect the metadata of journalists in certain circumstances. If seeking this metadata would “identify another person whom the authorised officer knows or reasonably believes to be a source,” then government agencies must seek a journalist information warrant. The problem? Journalists aren’t notified of these warrants, government agents could simply claim they “didn’t know” sources would be revealed, and those not classified as “professional” journalists — such as bloggers or policy advisers — may not be covered under the warrant protocol.
So what’s the solution to dealing with data problems down under? According to Green Party Senator Scott Ludlum, it’s simple: Use an overseas provider or one that specialises in anonymity. For example, email providers like Gmail and Yahoo aren’t beholden to the Australian government, and self-destructing messaging apps like Wickr are also an option. For greater protection, user can opt for software tools like Tor or VPN services which obfuscate their IP address and location, in effect placing their metadata out of government reach.
Like many countries considering data retention laws, Australia has good intentions: The protection of the nation and its citizens. The narrow range of that protection, however, has many users’ up in arms — and actively seeking ways to keep their privacy intact.
About the Author
David Lang works in Network Operations at ExpressVPN– A leading provider of privacy and online security VPNs with over 78 different country locations.