Data retention may well be a valuable resource to fight serious crime and terrorism, but it’s not, when, if you decide to be a terrorist, you can also decide to evade the whole system by using Gmail.
(this post appears in The Conversation and is expanded upon here to offer new details – and a bit more emotion)
The purpose and implementation of the Australian government proposed metadata retention scheme is making less and less sense – but the political knives are coming out to get it passed. So what’s going on?
Last week the Prime Minister of Australia explicitly used the “you’re with us or with the pedophiles” argument to push the legislation ahead. However, the bill as written and explained in committee suggests it’s laughably easy for criminals to ‘opt out’ of data collection, while the rest of Australians still have their communications spied on, retained for two years, and kept in commercial data centres at tax payers’ expense with no assurances of security.
The Australian Greens senator Scott Ludlam recently poked glaring holes in a bill that has already met strong opposition from privacy advocates.
(you should really watch these videos, they sting)
Yet even before the PM dropped the pedo-bomb, he had urged the opposition leader Bill Shorten to quickly pass the bill in parliament, before its cost or data scheme are finalised.
Why?
It doesn’t seem to be to catch child abusers or terrorists. To be blunt, people who abuse children and share that online use Tor hidden services to do so, not the open web.
Further, as written, the bill’s worth as a tool to specifically fight terrorism, or any other serious crime, seems dubious. Anyone in Australia can easily ‘opt out’ of having their data retained simply by choosing any internet messaging service where the persons operating the service do not own or operate “in Australia, infrastructure that enables” that service.
So what does that mean for the apps commonly used on smartphones today?
Whatsapp, the popular mobile messaging app with 700 Million users, around 10% of which come from the Middle East, or Viber, a similar app with 20 Million users in Pakistan alone, are both excluded from data retention. These are some of the apps that David Cameron recently mused about baning in the UK.
According to answers given by Australian Attorney General’s (AG) department staff during the Senate Legal and Constitutional Affairs Reference Committee, the ‘in Austrlia’ provision also means that even .
With all these reports of what the bill leaves out or doesn’t do, no one seems to acknowledge what is actually in the draft bill, and how that language might affect policing, government, and privacy. The bill, good for nothing, bad for most things, presents a bit of a puzzle.
There are a few explanations for this puzzle.
The first explanation, is that the AG department literally has no idea how the Internet works. This is more plausible than you’d imagine (see below). But performances such as AG staffer Anna Harmer’s frenetically precise attempts to prove the contrary show that stiff minded people are thinking hard about data retention. (Bless you Anna, you won my moot at ‘I don’t know that its quite as simple as that for the reasons I set out previously, in relation to the provision of telecommunications services’, as delivered in less than 0.73 seconds. Full video ).
The second explanation, suggests that Australia is carrying out its obligations as part as a member of the five-eyesnetwork of English speaking intelligence partners (you remember POMs right?).
In this scenario, instead of the expensive “collect it all” mentality of the NSA under Gen. K Alexander, Australia’s AG department is pushing the political costs of data-retention schemes onto Australian corporations.
The logic here is that it makes economic and political sense to have Australian Internet service providers such as Telstra and iinet retain what’s theirs, rather than have the NSA hoover it up via a special collection service. Then, once data is stacked up in Telstra for two years, it becomes easier to institute backdoor access when the five-eyes require a peak. Not that the NSA and its partners are doing that anymore, right?? Nothing to see here comrade, move along.
The third explanation is more plausible, but is worse for Australians. It suggests, that contrary to the PM’s politiking, the data to be retained is not valued by the government for its national security or anti-child abuse value.
Instead, Australians are spied on for data that will become valuable for other state functions including the expanded reach of civil litigation. This includes “normal” policing, civil subpoenas, and even copyright disputes.
So, let’s detail why, while the first explanation might be plausible, it hides serious security and privacy concerns that expose how data retention will affect Australians in their everyday life.
It has been six months since the Australian Attorney-General’s catastrophic interview on the Sky News made international headlines.
This is the interview in which the Attorney-General George Brandis attempts to explain how web browsing habits will not be captured, even though, in the words of Brandis:
[…] what will be caught is the, um, is is, is the, um, is the, is the web address they communicate to.
Regardless of the then communicated confusion (between URLs and IP addresses?), the current draft of the bill actually proves the Attorney-General half right!
By doing so, the bill’s language provides insight to why this data retention scheme offers an palpable loss of privacy, and creates a significant ‘gold mine’ for hackers and civil litigants alike.
Apparently, the Australian government is not explicitly interested in IP addresses that you visit. The bill in its current form states in section 187A that the government:
[…] does not require a service provider to keep, or cause to be kept […] [information that] states an address to which a communication was sent on the internet, from a telecommunications device.
In more detail, the helpful “explanatory memorandum” codifies that:
Under proposed paragraph 187A(4)(b), the retention obligation is explicitly expressed to exclude the retention of destination web address identifiers, such as destination internet Protocol (IP) addresses or uniform resource locators (URLs).
Fine. What are we talking about then?
What the government does seem to be after is “destination” data that basically amounts to an assortment of ‘dummy’ variables that help identify you, and who you are communicating with. Instead of IP address or webpage, they are interested in retaining email accounts, and Skype handles, and phone numbers, etc. for the connections you have made.
The government’s definition of “destination” is multiple (click here, search for “destination”), but we can isolate a key phrase:
This information can then assist with determining the subscribers who sent or received relevant communications.
That is to say, who you’re talking to online, not where you went.
The government’s “destination” is in many ways more invasive than IP addresses or web URLs alone. For instance, think about how each person in Australia connects to the IP address 69.63.176.13. That’s Facebook.com. Retaining the metadata of time spent at that address would not produce much actionable intelligence on you or the other 8 million Australians who browse Facebook each day. Nor would it be all that invasive to privacy.
“Destination” data is different. “Destination” data seeks to capture who, specifically, you’re spending time with online; who is the destination that you are messaging through email, Skype, or possibly even Facebook’s real-time apps and services?
Think of it this way: two ‘destinations’ pass data through the same communications service at a series of very specific times, again, again and again. No other two ‘destinations’ share this unique pattern of time and confection.
Analysing how these ‘destinations’ link together with other metadata (eg. geo-location, device type/operating system, etc.) allows the government – or anyone else who snoops in on the retained data – to predict, for instance, that these communications were yours, and whether you targeted them to, let’s say, your spouse, or an “old friend” across town. And whether you meet up with that person from time to time. And where. And for how long.
Geolocation data alone is incredibly powerful when we all carry devices that connect to the internet in our pockets. And the Australian press is just starting to understand how powerful metadata is.
Retaining all of that metadata provides an incredible amount of information for that can ask for it through a subpoena. As an former iiinet lawyer wrote:
The Data Retention Bill does not impose any limitation on access to the retained data by other legal avenues. This means there’s nothing stopping your ex-husband, your employer, the tax office or a bank using a subpoena to get access to that data if it is relevant to a court case.
All this data aslo creates a very valuable target for hackers, including ‘adversarial intelligence agencies’ trying to infiltrate your identity, ransom you for your secrets, or run some form of economic espionage.
I hope Australian service providers can keep all the data safe once they’ve accumulated two years worth of intimate connections for each Australian who uses any sort of telecommunications device.
Sadly, recent security breaches at companies as diverse as Apple, Target, and the latest 1 Billion (that’s a B) USD heist from ‘100 banks and other financial institutions in 30 nations’ suggest otherwise.
This leaves the current idea of ‘Made in Australia’ data retention a seemingly disproportional mix of intrusion and risk, for minimal gain.
The need for such blanket spying on Australians that may or may not have conducted crimes, or may or may not be thinking of doing so, seems drastically oversold, while the consequences to privacy, and potential for abuse is very real.
For more erudite commentary on Australia’s data retention, check out the work done by my colleagues at the EFA.
Image: CC-BY-SA-3.0. (Original text : National Australia Day Council)
Australia, data retention, metadata, Scott Ludlam
.jpg){kind=link}