For those unaware, the concept of data retention has been floating around for a long while now. These plans are likely to have bipartisan support from both the LNP and Labor Governments. The former Labor Government introduced plans for data retention last year, but shelved it in June last year as the Government approached election-gear. Just yesterday, the Prime Minister Tony Abbott re-announced the plans of data retention which have been rumoured for some time now.
What is data retention?
But what is data retention? The details are still sketchy at the moment, but we know that the current plan involves asking internet service providers and mobile phone carriers to keep so-called “metadata” on its customer’s traffic and network use for up to 2 years. This data can then be accessed by Government and law enforcement agencies without a warrant. I’ll come to what this “metadata” is further down… but I’ll focus more on the internet side of things as that’s a far more relevant component of society especially in terms of crime.
It’s not targeted at terror groups!
The thing is, however, data retention is not targeted at terror groups. Terror groups who are seriously concerned planning on committing malicious attacks will not be using standard web traffic to share their plans. Quite simply, visiting a secure website (like your internet banking) would circumvent the data retention because of the strong encryption present. Downloading simple tools like Tor or using VPN (virtual private networks) will also circumvent this data retention completely. Considering setting up a network browser like Tor takes little over one minute and a few clicks, I have no doubt that a terror group or organisation would be able to circumvent this without issue.
So, if we’re not targeting terrorists as Prime Minister, Tony Abbott was implying at the presser yesterday… why are we storing all this data when circumventing it simply requires downloading a small piece of software? It’s not about terrorism, it’s not about fighting crime… it’s about invading the privacy of all Australians. I’m envisaging this data would be used to solve petty crimes… who downloaded “copyrighted material” from the internet, who bought performance-enhancing drugs from an online store?
But what are the risks at play here? It’s about being able to securely store all this data at hundreds of different locations by service providers… without any of the data leaking out or being hacked into. Storing troves of data is not easy, storing it securely is just another mountain-high obstacle. If you think about WikiLeaks or the whole Snowden fiasco, we see that data is never secure. One day, our browsing history and all the metadata (see below) will be leaked to malicious attackers and impersonators… in essence, our identities will be stolen.
Now, what is meta data?
“Metadata” includes troves of information with the only exclusion being the actual content being returned from your request – i.e. the response. Here is a representation of what’s generally accepted as being the metadata of visiting my blog, for example:
Information such as:
- What site and what page did you visited?
- In search engines: what keywords did you use, how many pages did you browse?
- What time did you visit this website?
- What browser did you use to visit this website? (user agent)
- Were you logged in to a website? (cookies)
- Who sent you to this website? (referrer)
- Potentially your username and password when you login through an unsecured website? (post data)
- What images were loaded while you were on that page? (network)
There is a wealth of data being captured and stored here for two years, and it will be a security and logistical nightmare to manage and securely store this data. That’s a huge cost to all Australians who will have to subsidise the cost of storing and managing this data. And don’t forget… none of this requires a warrant to be accessed. Let’s just ponder about this… the Government is really just playing big brother.