Does The Australian Government Know Anything About Internet?

Ever since the Prime Minister confirmed that we're getting a data retention scheme, confusion has been rife over what metadata the government is coming for. From the looks of things, it has no earthly idea. Attorney General George Brandis took to Sky News last night, and made a right mess of it.

First question, right off the bat from Sky News' David Speers was "what exactly is metadata?".

Brandis begins: "Metadata is...the best metaphor I can use for metadata is..."

Let me stop you right there, Mr Attorney-General. 28 seconds in and already we have an issue.

Metaphors are what got us to this place of confusion and fear over the government's use of metadata. If we don't know what you're coming for — what you're going to use it for — how we can be assured our privacy is going to be protected?

For those wondering, the metaphor Brandis regurgitated is the one about how metadata is collecting the information that's on the front of the envelope, not the contents of the letter. But because we live in 2014 (fancy that!), David Speers sensibly asked the follow-up: "what if I'm online, though?"

The phone number from and to, the identity of the owners of those numbers, the location from which the call is made and the time. "It's what's retained by the telcos for bill purposes," Brandis assured.

It's easy for the Attorney General to talk about metadata as it relates to phone calls; the AG was likely there when the first phone call was made so he's had some time to study the system. The real problem comes when the Attorney General — and anyone in the government for that matter — tries to explain something that happens on the magical series of tubes we call the internet.

Challenge: try and get through this next part without headdesking.

"[Metadata collection] wouldn't extend to, for example, web surfing," Brandis confidently assures. "What people are viewing on the internet is not going to be caught."

"So it's not the sites your visiting [that will be tracked]?" Speers asks.

"Well, um, what people are viewing on the internet when they web surf will not be caught. What will be caught is the, um, is the um...the web address they communicate to...the electronic address of the website."

"What you're viewing on the internet is not what we're interested in...but what the security agencies want to know and be retained is the electronic address of the website that the web user [goes to]."

"When you go to a website, you browse from one site to the next. That browsing history won't be retained. There won't be any capacity to access that."

Speers correctly points out that "if you are retaining the 'web address' you are retaining the name of the 'web site'". That's correct: a simple search of any WHOIS database matches IP addresses to plain-text web addresses and vice-versa. Cue more Brandis stammering.

"Well...every website has an electronic address, right? And when a connection is made between one computer terminal and a web address, that fact and the time of the connection and the duration of the connection is what we mean by metadata in that context. It...it...it, it it...it records the electronic web address that has been accessed."

Another point to Speers as he points out that THOSE ARE THE SAME FUCKING THINGS (edited for context). Does your forehead hurt from smacking it on your desk yet? Mine does.

Eventually we move on from one derptastic voyage to another: what about stuff on social media? How will that be retained?

We've already seen a technical demo on how metadata is scooped up from iiNet during a Senate Hearing into the matter...

...so how does AG Brandis think it can be done?

"The extent to which social media is being absorbed into this is still something that's under discussion," he said.

"I think we're going down the wrong path here. Because what the agencies are mostly interested in right now is mobile phone traffic," Brandis adds with authority. Ok, now we're getting somewhere: agencies are prioritising the metadata they want already.

Brandis crosses the border back into crazytown when the interview swings towards FaceTime, Skype and GChat conversations. Surely the government doesn't want to listen in on those, right?

Wrong.

"If terrorists are talking on Skype, that may not be caught," Speers warns hypothetically. Brandis confidently responds: "We want it to be caught but in terms of data retention...not all Skype conversations are going to respond to the description of metadata."

Well, George, a few minutes ago you said metadata was a fucking envelope, then it was "electronic addresses" but not "web addresses" and links. Now we're listening into Skype conversations and ruling in things that you can eavesdrop on. Would you like to take a minute to collect yourself? No? Ok, moving on.

"Our primary focus is terrorism but the fact is that access to metadata is a very useful investigative tool." Translation: terrorism-shmerrorism, we're here to be the #TeamAustralia Internet Police.

Brandis makes a sensible and indeed sobering point that with a warrant, law enforcement agencies were able to track down the man at the centre of the Jill Meagher murder, and the UK is using metadata to stop child sex offences. Great work! The problem is that law enforcement agencies going forward likely won't need a warrant to access your metadata. The Jill Meagher example was likely filed under the Telecommunications Interception Act, which is what we're changing in order to store all your metadata (whatever that may be).

Finally, Speers rightly asks whether the government will be pinging people who "download illegal content". Read: everything from illegal movies and TV shows through to child exploitation material.

"We're not interested in that," Brandis says before repeating it. So that's something.

Eventually, we got a few substantive answers out of the Attorney General when it comes to metadata. We know that the spooks want to track our phones first and our internet second; we know that metadata can be useful but it's likely to be abused by internet cops and finally, that George Brandis, nor anyone in the Cabinet (including Prime Minister Tony "I'm No Bill Gates" Abbott") knows how the internet works.

We have an grandfather clock government in a world where everyone just checks the time on their phones, and that's a terrifying prospect for the future of progress and internet freedom.

At least we have a dubstep remix of Brandis' interview to distract us from said derp.

Cover Image: Getty


Comments

    I don't know whether to laugh or cry.

      I do the former to stop me from doing the latter.

        Thank you for sharing this and taking the time to write a proper article on it rather than posting a video and a paragraph.
        I will share it and do the crying for you while you laugh to "stop from doing the latter".

          back handed compliments? you trying to get into his pants?

            back handed compliments? you trying to get into his pants?

            It's working...

              LOL, shucks you guys....

              Being serious again it was a genuine compliment. Nothing backhanded about the other short articles with Kotaku etc. It is much easier to get on my soap box when I can share something like this. I have been saved trying to tone down my anger on a subject I feel strongly about to make it a coherent point to friends etc.

            I think he is commenting on the recent dive in quality content on tech sites, including this one. This is actually an informative article, not regurgitated reddit posts with a quick paragraph slapped on the end...which is becoming regular

          1086 words .... a little more than a paragraph and Luke is no Diaz....

            Thank Christ, Diaz could take lessons from Luke. This is at a good length; informative and to the point, without being glib and empty like Dias or over-exhaustive like some of the overly long posts by the others.

    It's pretty obvious they don't have a clue, if they did we wouldn't be hearing about these stupid schemes such as collecting metadata.

    I don't put any claim on myself that I truely understand the internet but I know enough to understand what works and what doesn't.

    The basic fact; we the general population understand it, we know what's best for it and at the end of the day we pay for it.

      The "general population" probably understands even less than George Brandis.

      However, there is a portion of the general population which does understand it.

      Unfortunately the only portion of that population which is part of the Federal cabinet at the moment would appear to be Malcolm Turnbull, and he's not the one making policy here. The intelligence community, who do understand what they are asking, are basically feeding their requests to Cabinet and getting a free ride because, terrorism.

      And as well all know terrorism justifies anything. There have been (by my count from the Wikipedia articles) 107 Australian deaths from terrorism, including exactly six on Australian soil (All six were at least 25 years ago, but let's not be petty.)

      This is on the same order as (actually rather less than) deaths from lightning strike in Australia. Watch out for the next big Government crackdown, which will require us all to wear personal lightning rods.

    "No we are nothing like the Gilliard government.." Yep another failed policy done on the fly on the back of a napkin with no idea of what they were doing, nothing like the previous government at all, they did everything on the fly on the back of a napkin.

      You are 100% correct.
      Though why I get more upset with the Libs though is one 1. They are now hypocrites, 2. They are doing napkin policy way more than Labor did 3. This is not a minority government where they need to break promises to stay in government ala carbon tax and 4. Every little facet of the election campaign was say one thing do other.

      At least Obama keeping the data on people is a long and calculated decision to screw us policy, this though seems to be a "quick do a NSA now before the next election is due" rush job.

    He's like Porky Pig with glasses.

    https://www.youtube.com/watch?v=33-5MbIE7eQ

    What's going to happen, is the Terrorist/Badguys/Pirates, will disappear behind a VPN, and only the completely innocent will be tracked..! Absolutely ridiculous..!!

      Fuck that, I'm innocent, and there's no way I'm letting the liberal scum track me. EAD Tones, I'm getting a VPN if this goes through.

        Fuck that, I'm innocentC'mon now..? :)

        @camogizmo Why the downvote, don't you recognise a friggin joke..? I'm sure dk did..!

        Last edited 07/08/14 12:33 pm

        I got a VPN already - just yesterday - with Private Internet Access based on recommendations from others here on Giz. US$39.95 a year, five simultaneous clients, software for Mac, Android, and presumably others as well as OpenVPN, L2TP and PPTP support. Performance so far seems pretty good. I haven't noticed any performance drop at all with ordinary browsing, but I haven't tried downloading substantial.

        CyberGhost VPN has a special offer at the moment to get 1 year VPN access on a limited subset of their servers for AU$14.99. They call it it the 'Snowden Edition'. Scroll down to see it.
        I tried their free VPN and had frequent drop-outs on my laptop so opted to go for PIA instead (also because I use multiple devices).

        I figured that some form of data retention was inevitable, and I was tired of crappy performance when watching The Daily Show with Jon Steward anyway, so I just bit the bullet.

          Can you do a speed test to Sydney with it on and off? I'm curious at how badly it impacts speed and ping, which is why I've used smart DNS services until now.

            I've been able to DL with PIA's Switzerland VPN at ~1MB/s (which is as fast as my internet goes). I'm not in Sydney.

            I've had traffic stop altogether (stopped, not leaked) when trying to simultaneously torrent and download via HTTP, but if I leave it doing one or the other I have no such issue. I think PIA has servers specifically set up for P2P, so frequent downloading with both simultaneously confuses their setup about which server to connect you to. (^Speculation, not fact)

            I also don't seem to get many peers when seeding. I can download okay, but unless I'm actively uploading to the same swarm from which I'm downloading, my torrents just idle once complete.

              You may well already know this, but one thing to keep an eye on when torrenting is that you're not hitting your maximum upstream capacity. If you are, then TCP acknowledgement (ACK) packets can be delayed due to congestion, and that can make servers at the other end wait before transferring more data. It is possible, sometimes, to do prioritisation of ACK packets but it requires a lot of messing about with command-line tools generally. You're better off just trying make sure you leave at least a few kbps of headroom for your outgoing packets.
              (You'll see the same thing if you're uploading a video to YouTube or Vimeo and you are hitting your upstream capacity. Unfortunately, that's much harder to rate-limit than bittorrent).

              Of course, it could be totally unrelated.

          Any chance you could do a download speed test on Private Internet Access? I'm looking for a VPN, but I'm slated to receive NBN in the next 2 months, so I'd like to retain as much speed as possible.

            @jacrench @dknigs
            Speed tests at ~10:20am AEST on Thursday
            Bare connection to Sydney (i.e. no VPN): Ping 30ms, 6.82Mbps down, 0.54Mbps up
            Bare connection to New Jersey: Ping 258ms, 2.09Mbps down, 0.50Mbps up

            Sydney via US California: Ping I didn't check; 7.85Mbps down, 0.47Mbps up
            New Jersey via US California: Ping I didn't check; 8.09Mbps down, 0.47Mbps up

            Sydney via France: Ping 650ms, 5.11Mbps down, 0.44Mbps up (tried twice; about the same both times)
            France via France: Ping 344ms, 13.48Mbps down, 0.54Mbps up (note: this is higher than I normally get on my bare connection so is probably an anomaly)

            Sydney via Germany: Ping 721ms, 4.67Mbps down, 0.41Mbps up
            Germany via Germany: Ping 352ms, 9.78Mbps down, 0.47Mbps up.

            I did see poorer speeds than this on US servers, but I found that changing servers sorted that out. Not so helpful if you're using a permanently connected link from your router to a specific server, though.

            A really important thing to keep in mind is that (based on what I've seen) if you're connected to a VPN, you're more exposed in that you're not sitting behind your own little NAT/Firewall device any more. As soon as I was connected, I was getting scans to my SSH port from China, which are normally blocked at my router.

            Also, if you start connecting devices via the VPNs Google will start giving you hassles about connecting from new locations. You basically need to identify that 'yes, this is me' a few times and it will sort itself out. Seems to be less of a problem if you use 2FA, but unsure.

            If there are other specific locations you want me to check, let me know.

              Ah super thanks for that. Looks pretty good to me. PIA here I come!

                If you haven't already purchased PIA, and you're willing to gamble $15 AUD, then you could try the 'Snowden Edition' from CyberGhost. I tried their free account and found it pretty slow and flaky on my Mac, but the paid version is apparently faster.
                It is limited to 1 concurrent device (rather than 5 with PIA), but if that's all you need then it may be a cheaper way to get a VPN. (I got PIA because I use multiple devices)

        Get a VPN anyway as other countries (America) are tracking you regardless. Not tinfoil hat - it really is happening to any data through the USA which is a legal grey area that the USA shrugs its shoulders at and does anyway.

        And KRudd and JuLiar. It is their policy after all. They just didn't have time to get it made into law before the last election.

          No. It was their policy, but the retracted it before the election.

            Because they knew it was unpopular and they knew they were going to lose the election and didn't want to make it worse. Not because they thought it was bad policy.

          I can't take seriously anyone who actually writes JuLiar.

            But calling someone named Tony "Tones" is OK?

              1. If you can find anywhere that I said 'Tones' then you're welcome to criticise
              2. Relatively, yes, because the whole point of 'JuLiar' is the incorporation of the word Liar into the name. Tones is irreverant, but is equivalent to referring to JG as 'Jules' not 'JuLiar'. Closer to equivalent would be calling TA something like "T-OhGodThisGuyIsAFuckwit-ny", although I'll admit that isn't as catchy.

      But will YOU be on Team Australia?? lol

      I actually watched this interview last night and I wanted to smash my head against my marble coffee table....didn't he ask (who my friend calls) "The Vandal of Valcluse" for some knowledge

        Does that kind of fascist neo nationalism even work on Australians? I feel like most Aussies would roll their eyes.

        Last edited 07/08/14 9:30 am

          Are you kidding? Aussies lap that bullshit up.

          LOVE IT OR LEAVE IT

            LOVE IT OR LEAVE IT
            As you say, that reflects a big part of the reason why policy like this can exist.

      What, like TOR?
      http://www.welivesecurity.com/2013/08/05/identity-exposing-malware-on-tor-could-be-work-of-fbi/

      I think the real risk here, is the ability of a single government to use it's resources to stop dissent and/or revolt against tyranny. The government is elected to be led BY the people, not the other way around as it is now.

      And yes, I will pull out the old "Nazi's" metaphor - They had the gestapo checking people on every street corner, to see where they were going, who they consorted with etc...

    I think it's all a plot!
    For targeted advertising at the next election

    I think the metaphor he should use is " The more people know about the internet, the more ridiculous we seem - so let's dumb it down "- Brandis is a good choice , but he shouldn't plagarise others metaphors - I'd like to see him try harder and stuff up his own metaphors

    so the guy who tried to give us the right to be a bigot is now interfering in something else he's clearly the wrong person to deal with

    Last edited 07/08/14 9:32 am

    almost as bad as if we had a communications minister who said something like "Spams and scams coming through the portal"... Almost...

      Anyone seen any photos of our current Communications Minister this morning?

      New bruises on his forehead too maybe? He can't be pleased about how he's being sidelined, and so incompetently too.

    Reminds me of the Birthday cake interview of John Hewson by Mike Willesee before the 1993 Federal Election, except John Hewson actually knew the facts, but just couldn't get the complex topic across simply. Here, I'm afraid George Brandis demonstrates that he really doesn't understand what our security agencies are asking for, but still seems willing to give it to them.

      The infamous "Birthday Cake" Interview which pretty much cost John Hewson to lose the "unlosable" election

    I just hate the way they are calling it an anti-terrorist measure...

    Let's say some random guy called John Smith decides to blow himself up at the G20 summit and spends a heap of time researching bomb making and reading sites from some terrorist group.

    1) Capturing metadata isn't going to prevent that attack.
    2) Having the metadata after the event doesn't accomplish anything because John blew himself up.
    3) Knowing which sites he visited doesn't stop some other anonymous person accessing those sites. Unless of course we also have a clean feed...

    Metadata is only useful to assist with convictions. How many terrorist's have gone free in Australia due to lack of evidence?

      But they are talking about preventing terrorism, which means you need to have monitoring of the metadata prior to the event.

        Apparently meta-data is Pre-Crime... errr... post Crime. Oh wait, what's that? you accidentally clicked a link that popped up some child porn a year and a half ago... you son are going to prison!!!

      Yeah, apparently there has only been one conviction via these means in the last seven years...
      http://www.lifehacker.com.au/2014/08/we-dont-have-enough-data-about-metadata-plans/

      Last edited 07/08/14 10:56 am

      Exactly. "Terrorism" is just a term used to justify any legal or military measures that governments and police want to take. Especially when we don't have a terrorist problem here...
      And funnily enough no amount of secret policing and monitoring people was able to prevent Syria from turning into a puddle of liquid crap. We can pretty much confirm that these policies have zero to do with "terrorism".

    We have to put up with the same scum talking about what's best in terms of the implementation for the NBN?... This conservative trash in office doesnt have a clue...

    HTTPS, bitches!

      HTTPS is great for hiding the specific content you are looking at within a site.

      Unfortunately, HTTPS doesn't actually hide what site you're accessing in most cases because one of the following must be true:
      1. The site must be on its own IP address, and cannot share that IP address with any other HTTPS-supporting site
      2. The server and browser must support Server Name Indication, in which the browser sends through the domain name it is trying to access as part of the SSL handshake. If that is captured, then the domain name being accessed is exposed
      3. The site must share an SSL certificate with all other sites on that same IP address, with all the names being explicitly included in the certificate (i.e. one certificate including the names: site1.com, site2.com, etc). This isn't ideal because every time a new site is added a new certificate needs to be generated including the additional name. As a result, this is basically only used by corporates with their own certificate authority, or CDN providers who have an affiliation with a certificate authority (e.g. EdgeCDN).

      Of these three, only #3 actually prevents parsing out what site is being accessed (although #2 requires collecting data from the SSL handshake, but that could easily be passed off as metadata), and even then it only limits mapping of the IP address to one of specific set of sites, rather than one specific site.

    In related news, the government has released a new browser extension called HTTPS-nowhere.

    Home grown terrorism = not a serious issue**.
    from the mouth of Julie Bishop, 'I must stress that nothing has changed. there is no new threat.'

    so this BS plan to retain metadata is nothing more than a power grab. the govt's admission only hours after the announcement that this collected data could be used to 'investigate other crimes' is worrying. if the use can go from 'anti-terrorism' to 'general crime' then, in the hands of a bored / vindictive cop (or public servant or politician) this retained metadata can go from 'general crime' to 'dirt digging' and 'I'm publishing the porn habits of my political rival in the lead up to an election because fuck you, that's why.'

    besides, this whole 'anti-terrorist' crusade is just spin (as is 'Operation Bring Them Home'). their shambolic management of the message is spin. the govt wants every front page to read 'Brandis fucks up interview' & 'Govt don't understand the internet' rather than have voters remembering how fucking horrible this govt is. old & silly & out of touch with technology is acceptable slagging.

    'horrible, lying, elitist, 50-home-owning, working-class-hating, cruel, stupid, petty, self-fellating, moronic, out-of-touch-with-reality, grandstanding fuckwits' however, is the headline the govt are trying to distract from. its also the far more accurate one.

    Edit: **not trivialising it, terrorism is a big deal. its horrible. just that 'home grown' terrorism in Australia isn't a serious enough threat to justify this $600m spent on spying on citizens

    Last edited 07/08/14 10:04 am

    It's a pity google translate doesn't work for politician speak.

    I think that what he was trying to say is that the Federal Government (that is introducing this legislation) is more interested in when you visit sites that perhaps support terrorism and more so communication, perhaps pear to pear like a message app or via a web site, is more what they're after.

    However it looks like state law enforcement will also have access to meta data for non-terrorism related investigations.

    It looks like the AG has been sent forward to assure us that the pollies want to make a clear distinction about what will be collected as they have no clue at this stage what that distinction is. Quite frankly this move has failed dismally.

    In any case forces such as ASIO are likely to be able to pull the wool over the eyes of the technically inept pollies to get a higher level of surveillance at the expense of the publics privacy.

    They will have to make VPN's illegal for this to work! I for one (as a law abiding citizen) will be getting a VPN so I am dam sure terrorist and criminals will also get VPN's.

    If they understand that criminals and terrorist will simply just get VPN's than what is this all about??? The obvious answer is that this is all about subservience of the general population who are not terrorists or criminals.

      well it does, but it only gives me this: http://i.imgur.com/pI5MIry.jpg

    Brandis may not be interesting in going after illegal downloads, but sure as shit, the copyright lobbyists he had discussions with are interested, and with all this meta data being stored, it will be a piece of cake for the copyright industry to request all this info, all the government would have to do is pas a law allowing them access to the meta data, on suspicion of someone doing something naughty.

      "all the government would have to do is pas a law allowing them access to the meta data, on suspicion of someone doing something naughty."

      I don't think they'd need to do even that. The proposed data retention would allow "law enforcement agencies" (or whatever their exact wording was) to access the data. With their simultaneous anti-piracy crusade, you can bet we'll have our own PIPCU (Police Intellectual Property Crime Unit) dedicated to padding the entertainment industry's wallet. Technically a "law enforcement agency", they'd have free, warrant-less access to the data.

      Hollywood vs 4 million Australians. Wonder if that will be one group court case to save time and money.

        We'd win, but then the government would just repeal the court ruling.

    The Brits did an internet filter - it failed and they are back peddling.
    The USA do an internet data collection on all yet have more than they can monitor and make use of.
    China has locked down the whole world on its citizens with there own net.

    We don't need to try it is shown either a. you go to far like China or b. you do so little that a VPN used be a "terrorist" is all that is needed.
    So in the case of b. The bad people will not get seen due to this easy measure to duck it (a VPN) and therefor all that is collected is pointless data on good people BUT at a cost to business that gets rolled over to the end user making the whole process costly and pointless. Bad people will not be found with meta data regardless of the correct definition or Brandis' definition.

    Good grief, the ignorance from the these govt clowns on this is weapons grade level.

    "Attorney-General George Brandis has pulled out of the Australian Human Rights Commission’s Free Speech 2014 Symposium, where he was due to be the keynote speaker today."

    His skynet interview, the leaks on the copyright discussion papers, the race-hate law being dropped... why do I get the feeling the Libs just threw him into oncoming traffic to distract us from the other government issues.

    Holy crap on a cracker. I had to stop it halfway. When he replied "yes" to "essentially you won't track the links to websites that I access from within a website", that did it for me. This guy doesn't know jack. He's just spouting those keywords "electronic address", "metadata", "not the content".

    So assuming that he was being knowledgeable about not tracking link accesses within a website, there is a huge flaw in this system then. So a would be terrorist could go to google.com. "google.com" would then be recorded and retained. This would be terrorist can then search for stuff like 'how to make puppies and kitties explode" and the government wouldn't know better because like they said, they do not retain metadata that is derived from clicking content in the original website. This obviously is not the case. No one can possibly be this thick or can they?

    What the probably truth is. They will be retaining metadata from each website being accessed. This in turns effectively results in user web browsing surveillance which would be that much more harder to sell to the public.

      I think he was referring more to not tracking individual pages within a website, just the main URL of the site itself ie: www.somesite.com and not www.somesite.com/somedir/somepage.htm

      If this is actually what he meant then it also seems fairly idiotic and likely an incorrect statement by him, how are you going to effectively track what someone is looking at if you don't know the exact page URL.

      Being sent in to discuss a topic like this with only the most basic of knowledge seems an insane move by the govt.

        And this makes a difference because...........

          Because the concept of what constitutes metadata for collection is a central aspect of how intrusive the new rules will be...?

          Remember Geocities or myspace? They had thousands of individual pages under their main website URL each one maintained by an individual (not sure what the modern day equiv of it is). If you are not tracking exactly what page the user is going to and simply monitoring the main URL of the parent site then its fairly useless in my opinion. Im not saying they should be monitoring at all, just that what they propose sounds ineffectual in my opinion at least based on what Brandis was saying in that interview.

    Am I the only one getting sick of the Abbott government confirming new laws before they've actually been voted on. This has got to be one of the most incompetent Australian governments I've ever seen.

    these muppets are destroying australia & sending us back to the 50's.

      That's because the 50s was a wonderful time of sunshine, lollypops, women who knew their place and no darkies.

    VPS is rather simple so is a VPN with a VPS behind a proxy, would actually cost about $25 a month and stop most hackers from accessing your main PC, you can also browser the web safely and anonymously.

    The best VPS is obviously not located in the US or AU or CA or UK ect, actually up around Europe with the deletion of all logs, hence no trace, no meta data no nothing...

    So who exactly are they going to spy on?

    These idiots are stupid, like really really stupid and totally out of touch with the realities of the 21st century.

    Welcome to Australia, run by morons..

Join the discussion!

Trending Stories Right Now