Australian Government's Data Retention Plan: Everything You Need To Know

You may have heard some scary words this afternoon about new laws to fight terrorism. Inside those words is a proposal for something called "data retention". This is what it means, and whether you need to start proverbially flushing your internet history.

(By the way: loljks, flushing your internet history does nothing.)

Wait, What's Happening?

For those who have been left massively out of the loop, data retention is a system that will see telcos and ISPs retain metadata on their customers for a prescribed period of time. The data would then be used by law enforcement agencies to catch bad guys and home-grown terror threats according to the announcement from Prime Minister Tony Abbott today.

The nation, and key members of Parliament, have been divided on the issue, with one politician saying that the system would treat all Australians “like criminals”. Others say that if you've got nothing to hide, you've got nothing to fear. Hmmmmm.

New legislation set to be introduced by the Government will compel industry players to retain the data, meaning that there's no escape.

Privacy groups, telcos and ISPs alike see it as a privacy nightmare, simply because it scoops up everyone's data at once, treating everyone as a suspect when no real crime has been committed by the overwhelming majority of users. Spy agencies see it as a blessing because all the relevant evidence needed to score a conviction against a suspected terrorist is there in black and white and easily accessible.

Where Did This All Come From?

Even though it was Prime Minister Tony Abbott, Foreign Minister Julie Bishop and Attorney-General George Brandis who presented this scheme in a press conference today, this plan wasn't their idea to start with. It originated a long time ago with the former Labor government who wanted a data retention scheme for similar reasons: to help out law enforcement catch bad guys and get the all-important conviction without having to go back in time to get a warranted wire-tap.

We all thought the data retention scheme was dead when the former Joint Select Committee on Security and Intelligence tabled a report to the former Labor government and then-Attorney General Nicola Roxon saying that it would be "up to the government" to decide what happened with data retention. Labor Attorney General Mark Dreyfus later dropped the government's plan for data retention.

When Will It Take Effect?

The Government will need to pass legislation in order to legally compel ISPs and telcos to retain data on their users. That means a lot of negotiation and red tape to get around for the Government. The short answer is that right now, our privacy is safe, but it won't be forever.

Attorney General George Brandis said that he expects data retention legislation to form the "third tranche" of the Government's new counter-terrorist plan. The second is new laws for police and spy agencies and lowering the burden of proof for search warrants (among other policies). The Government plans to enter legislation into the House for the second tranche in the first two weeks of the Spring Sitting Session.

The third tranche, the data retention legislation, would come "later in the year". We have until at least September before we even see a draft of the legislation, according to the AG.

What Will They Store?

Spooks will try and tell you that metadata never contains any identifying information about the contents of calls, emails, messages or traffic sent over web connections. It just stores the info on how long you've been on a particular site, or a particular call, or when you sent a particular message and who to. Privacy advocates believe that metadata actually fingers a user for more than just that.

Philip Branch from Swinburne University writes on the implications of metadata collection and what it means for the privacy of users:

Even before smartphones and the internet, metadata from the mobile phone system was surprisingly rich. Metadata could provide information as to whether the call was forwarded and where it was forwarded to, whether or not it was answered, and so on.
Such information is invaluable in building up a model of relationships. But not only did the phone network provide information about the participants to a call, it could also provide approximate information about where the call was made.
Since mobile phones are connected to the network via nearby base stations usually located only a few kilometres away, metadata reporting which basestation the handset is attached to gives location information accurate to a few kilometres.
Also, since the phone is connected to a basestation whenever it is switched on, the phone can provide continuous location information regardless as to whether or not calls are made.
Mobile internet has been both a blessing and a curse for investigators. Smartphones are used for many more purposes than voice only telephones.
Generally, people use a smartphone much more than they used older types of telephones. Consequently, many new forms of metadata have become available. Email addresses, websites visited, files downloaded all present many new opportunities for investigators to gather metadata.
Not only is material downloaded, but a considerable amount of material is also uploaded.
Pictures, videos, social media updates all provide metadata that could be of use in an investigation. For example, images captured on a smartphone will, unless steps are taken to remove it, contain GPS location information accurate to within a few metres.
Other metadata that might be of interest includes when the image was created, who created it and the device it was created on. Metadata might even be added, perhaps unwittingly, when people tag images with comments.

Who Will Pay For It?

Good question. Right now, we don't really know.

Industry heavyweights like Steve Dalby from iiNet believes that ISPs will be compelled to pay for it themselves, meaning that costs will eventually be passed onto users.

Dalby said at a Senate Hearing that any mandatory data retention scheme would see the ISP saddled with an additional cost of $5 per user per month, which would arguably be passed on and charged to customers.

That number stems from the storage costs of data collected, which would cost $100 million in the first two years and double after that due to the explosion of data on the internet.

Is There A Way I Can Fight Back Against This BS?

Not really, not yet.

The Greens have vowed to fight the legislation which means there's some hope of it being slowed down when it comes to a vote, but that won't hold it off forever. The best thing you can do is make noise to the right people.

It's definitely worth getting in touch with your local MP to tell him or her that you really hate the idea that all your data will be scooped up, despite the fact that you may not have done anything wrong in the first place.

We'll bring you more on the Government's data retention proposal.

Image: New Line Cinema



    Is There A Way I Can Fight Back Against This BS?

    Which VPN Services Take Your Anonymity Seriously? 2014 Edition

      +1 I am disappointed the article didn't mention this.

      My guess is they may have been breaking the law as journalists by doing that. Not sure how that flows through to us down here in the comments box.

      Last edited 06/08/14 11:12 am

        We're not breaking the law by telling you about great VPN services. We're having a discussion internally about what we'd include, actually. We want to get all our ducks in a row by telling you what you can use. In the political context, however, the best thing you can do to fight back against data retention is to call your MP railing against the proposal. Make the government fear its people.

          or you can start a revolution to overthrow the government (whichever is easier).

            I don't think that will be necessary - this is a one term government and unless they are secretly for this proposal, Labour should come to the next election with a "stop the surveillance" campaign to repeal the data retention law.

            I'd hate to think what state governments could do with this and further to that, I am concerned that the IT Security within the federal government just isn't there to keep our data safe.

            If the federal govt were serious about security, then "mygov" in it's current form wouldn't exist.

            I know someone, a staunch liberal supporter, who had huge arguments with me before the last election, even he is anti-liberal now. (although I suspect that might change again before the next election)

          My local is Labor, so they're already opposed to everything the LNP put forward, while the other half of my area is liberal, and he's supporting everything he possibly can the LNP put forward.

      Of course the real criminal will start using VPNs (making the whole scheme a pointless fiasco) and the government will assume that anyone that uses a VPN is a criminal, but seeing by then everyone will be using VPNs it will be nearly impossibly to find the real criminals. And of course once people start using VPNs they will find the advantages of VPN like you can watch streaming TV shows and movies from America (crash goes the Australian streaming services).

      When choosing a VPN, keep in mind that unless you're making encrypted connections out of the VPN, the VPN provider can monitor your traffic.
      For example, logging into Gizmodo, since Giz doesn't use SSL...
      (@lukehopewell Any chance of Giz picking up SSL support?)

    So, if I switch to only using SSL downloads, the next step that big brother would do would be to implement mandatory decryption?

      Not really because technology exists for workplaces, schools, etc to monitor and see through ordinary SSL traffic. It won't be long before these idiots introduce that for the whole country.

      My workplace recently announced they would be removing most of the website blocking in place, in order to make people more productive. In exchange for that however, monitoring would be extended to HTTPS traffic as well.

      A no logs VPN, preferably one using obfuscation (or "Stealth" mode) is best.

        So wait. Https traffic isn't safe anymore?

          HTTPS traffic is safe so long as the certificates are not compromised, you don't load a dodgy certificate authority (CA) onto your machine, and a dodgy CA (but included by default) doesn't issue certs for domains illegitimately.

          A lot of schools, workplaces, and so on will install a trusted CA which is then used to man-in-the-middle HTTPS connections. For example, if I try to connect to then an intermediate server (e.g. a proxy) will connect to the server, perform an SSL connection setup to establish a secure connection to the server, then perform an SSL connection setup with the user's machine using a certificate generated by the intermediate machine for the domain Because the certificate is signed by the trusted CA, the certificate passes as valid and the user happily browses the site on HTTPS while being MITM'd by the intermediate server.

          A nice example of the 'dodgy-CA' is this case where India's National Informatics Center issues SSL certificates for Google domains. That meant that those certificates could be used to MITM connections to Google, and the browser would think the certificates were valid* (because they were signed by a trusted CA).
          * Unless the browser was Chrome, because Google uses Certificate Pinning for their own domains in Chrome.

            Ahhh. I see. So SSL traffic is still safe and possible "unmonitor-able" so long as the SSL certs are not compromised?

              Yes, but 'compromised' doesn't just mean 'stolen'; it can also mean 'forged certificates generated by a trusted certificate authority', and that also means 'forged certificates generated by a subordinate certificate authority using a certificate issued from a trusted certificate authority'. It all gets a bit complex, but ultimately if a government is willing to really lean on companies they can probably get a trusted certificate for a domain illegitimately.

              Basically, any trusted certificate authority out there (and here's the list of trusted authorities for Mozilla) can generate a certificate for any site which appears valid because the certificate authority is trusted. Those trusted authorities can also create intermediate certificate authorities, which allows some other company to create certificates with the trust of the original certificate authority.

              For example, let's imagine I want to start Dodgy Brothers SSL company. I might go to Thawte and get set up as an intermediate certificate authority. Once that's done, I could go and create a certificate for and it would be trusted by browsers. Normally there wouldn't be much point because if I got caught, I'd have by intermediate CA role stripped.
              However, an oppressive government (let's say Iran) might manage to either secretly generate a certificate. Alternatively, they might tell me they'll close me down or kill my family if I don't generate the certificate, and I might thus create it for them. If I didn't, then that government could move onto the next intermediate certificate authority (and no definitive list even exists of all the intermediate certificate authorities out there; there's lots).
              That government could then use that certificate to intercept communications using a MITM attack, and if they limited themselves to a very small number of users then it would probably never even be noticed. (If you do mass interception with such a certificate, someone eventually works it out or it is detected by an automated system)

              Unfortunately, it is all a bit complex. Basically, if a government really wants to intercept your SSL traffic to a specific site, and either it isn't a Google site or you're not using Chrome, they may be able to lean on a certificate authority (or intermediate certificate authority) to generate them a certificate to use for the interception.

    So let me get this straight. Business thinks it's a bad idea, the greens and labour are against and by the looks the majority of Australians. The only once that are for it are the Liberals.

    That's some democracy we live in.

      actually the liberals used to think it was a bad idea as well, back when it was labour's plan

        Labor and liberals will always oppose each other just because.

        I am concerned about not just my own data, but the fact that the government can also watch my friends, and their friends and family. Its like were all being turned into snitches through our internet history. This whole bovine waste about being antiterrorism is just to make this sound better to the right wing liberals who believe the whippersnappers of today need the government to come down hard while masking what the implications of a big brother type government are

        And that eye of Sauron picture is very appropriate

        Last edited 06/08/14 8:20 am

          VPN is like throwing the ring into Mount Doom for this data retention scheme.

            VPNs only go so far. When it comes to tracking the data received on YOUR IP address, and add in the latency when you use that VPN to tunnel to another server, I just don't trust that everything will remain private for long.

        Governments want all the power they can get. They all work to serve 'the government' when in office.

      Its only a Representative Democracy, which means we get to be judges in a popularity contest to decide who screws us over, not that we have any real say in what the morons do to us (unless its an election year then they are usually nice)

    "If you've got nothing to hide you have nothing to fear" Is what every despot, dictator, says prior to using their new found power for their own purpose.

      "It's for your own protection guys, we care for your security!", "Oh this traffic history? It's in safe hands, not to worry." *chugs info to copyright activist to comb for anything they can sue*

      "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

      Eric Schmidt.

      So you'd call him a despot then?

        who are you to judge right and wrong...the right to privacy is whats at stake..basic freedoms once removed gone forever

        Oops, logic error.

        Your argument structure is:
        A does X.
        B does X.
        Therefore B is A.

        A = despots
        B = Eric Schmidt
        X = says 'if you have nothing to hide, you have nothing to fear' or equivalent

        The error is more obvious if we substitute:
        A = me
        B = a dog
        X = eats meat

      Its funny how they can spout that line about this issue, and yet willfully hide their own (wrong) doings in other political arenas

      Its concerning that I upvoted your comment and the government can find out about it. Not that there's anything sinister with what I have done or will do, but just knowing that they have access to that minute level of information is very unsettling. I'm slowly going to become a prisoner in the free world.

    Do overseas proxies or VPNs help?

      Proxies? Not really. Your data is still going through the ISP as-is.
      VPNs? Yes. All data is encrypted between you and the VPN provider, so your ISP will only be able to see encrypted data packets, which are useless to them.

    the reality is this will not work.....they will spend millions, tens of millions.....that we will all pay for, the mums and dads of Australia.

    the bad guys will continue to use VPNs, HTTPS and secure encrypted chat/email. Lets be clear, this system is in NO WAY designed to catch terrorists or bad guys.

    the other sad reality is that the entire system is based on an IP address.......lets say ASIO come knocking on your door and present you with some logs showing that you ave been searching for fertilisers and bomb making equipment, but you have never searched for anything like this,.....but they say it must be is your IP address...the reality is, it's your 14 year old neighbour who is bright enough to crack your WIFI in about 2 minutes with easily downloadable software, then it is your word against is a nightmare and one that DOES NOT WORK....

    whats Brandis going to do when pissed off people start parking near his house and crack into his WIFI and download instructions on how to make a bomb, or use a penis (if he had one).

    this is a system implemented to spy on normal Australians based on what they look at every day on the internet.

    the UK has only in the last month decided NOT to go ahead with this style of draconian personal and not crumbled to demands of the copyright industry. Since they are smart enough to realise you CANNOT charge someone or base informaton on an IP address.

    this is a sad day in Australia and clearly shows who is running this country, big business. Tony Abbott is nothing more than the pimply kid serving you fries as the burger shop, clueless and regurgitating what he has been told to.

      Another interpretation would be people who you give WiFi to, like visiting friends or family. Are we not to have any more mutual trust?

      How about McDonalds and other free Hotspots around the country are how many people park in their car parks at night just to use free WiFi. We used to park in the Car park of the local Harvey Normans and use their WiFi as they forgot to actually add any security at all and there are many other businesses like this around the place. Surely Terrorists are smart enough to use anonymous connections and compromised WiFi Hotspots to do all their criminal stuff. I know I would be and I'm neither a crim nor am I a terrorist... I understand the need to try something but this is probably not the best way. It could be a valuable tool to gather leads but should never be used to categorically say that 'you did this...'

    So... The Bad guys/terrorists/Pirates will all jump on the nearest VPN, and the poor buggers on the street will be left paying more for a service that can't actually track the data it was meant to..? Am I somewhere in the ball park here..?

    Last edited 06/08/14 8:48 am

    So if everyone run web spiders, there will be lots more to store.. anyone wanting to avoid can simply ssl up in this bitch.

    Yes I have stuff to hide, this is why its known as PERSONAL data. While I'll happily talk about my character in skyrim or how I really love sword art online, do you want me to tell everyone that I must be a pedo because on this one date at 1am in the morning I watched cheerleader porn? Clearly I'm going to [redacted]

    This information would be very handy at the next election for targeted messages and advertising
    Just saying
    well someone's got to use it

    I notice that a lot of people here are saying that data retention won't help law enforcement and that the scheme is for 'big business' who apparently control the LNP.

    The law enforcement council on all-things-spooky including ASIO, AFP and State police who all specialize in telecommunications interception have all said that they believe the scheme will help them. Why do commenters here believe that they know more about law enforcement investigations than the experts?

    Shouldn't the debate be whether or not the additional capabilities are worth the apparent loss of privacy for the community?

    Also, if it's for 'big business' why is the Business Council against it?

    As for the cost of the scheme, the current laws allow telecommunications companies to recover 'fair expenses' from the government for costs of complying with interception laws. I dare say that new capabilities will probably be funded in the same manner.

    Last edited 11/10/17 10:23 pm

      I cant argue against law enforcement agencies requiring more modern tools and information management systems for handling modern communications... the days of the old wire taps is ancient history... but I dont like the idea of "data retention", improved tools for them to acquire information on specific targets is fine... everyone in the country is bad. They are talking about rewriting the act that basically says you need a warrant to access any and all telecommunications data, so they can get it first, ask for warrants later (if they remember to ask, see Homeland Security Blank Warrants)

      And of course the law enforcement agencies said Yes. I dont think in the history of the planet when the government in charge says that law enforcement needs more power, a law enforcement agency has said "No"

      As for the cost of the scheme, the current laws allow telecommunications companies to recover 'fair expenses' from the government for costs of complying with interception laws.

      If the ISP recovers the money, then the government (read: taxpayer) will be shelling out for the increased surveillance. You'll pay for it either way.

      After the current NSA bullshit in the US? No, it's not worth the apparent loss of privacy.

      LNP might as well just put forward that we're becoming the 52nd state of the USA, it's pretty much what they want.

    Want to invade every persons privacy... want to push legal rights of due process and right to a fair trail out the window... dont say please, dont say abracadbra, say TERRORISM!!! Seriously, this is not 2002.

    Timing, my first question is timing. Why Now? Why not 13 Years ago... or 10 years ago?
    Why Was this not mentioned earlier? (In the Budget, Before the New senate seating, During the Election) Is there a reason this is now on the agenda?

    Is it practical? How will this compare to American's efforts and their terrorist watch systems ? (recent leak says they have 680,000 people on watch lists). Are foreign governments involved in this plan (namely the Americans) ? If the Americans are watching out for all the terrorists, why does our government have to ? Where is the money coming from (they cant pay for our medicine or our education now according to the last budget) ?

    Why so shortely after the Online Copyright Infringement Discussion Paper leaked ? Is this related ? How does this relate to recent efforts by the authors of this document (namely the Attorney General) to advocate the agenda of certain lobbyists with an interest in music and digital media copyright protection ?

    Do we trust the government to keep our personal data secret ? not to leak ? not to misuse this information ? not to change the laws later ? not to right blank check warrants ? This is the government who failed a basic embassey intelligence operation in Indonesia which resulted in the Indonesian leader going on facebook / twitter and threatening to cut all ties with Australia last year.

      I kind of agree with most of what you're saying but when you ask "Why now? Why not 13 years ago?" you have to remember that a lot has changed since 2001. The Internet is way bigger and has invaded almost every facet of our lives compared to back then.

      The irony of this is that many people probably post a sufficient volume of 'private' information on Facebook to tickle any agent's fancy.

    Now everyone start googling random "red flag" subjects...after about a month there will be so much info they will get sick of it and we can only hope they ditch this stupid idea.


      Lol i love that idea. It would be halerious if it worked

    I have one question...who watches the watchers?

    ...what next:
    - All letters will be opened, prior to delivery.
    - All gatherings of two or more people must be accompanied by a registered govt official.

    What processes and checks and balances will be in place to ensure the integrity, and propriety of individuals information? Every other day I read articles in news media regarding the reckless and illegal dissemination of private data (sometimes extremely private ie. nude photography etc) by 'government officials' and law enforcement agents.

    This legislation will reduce our freedom and liberty FAR more than protect it.

    This indirectly turn the government into communist party. You have no way to hide. If you try to expose corrupted government or even say a word you will vanish into thin air.

      We all still have our own wealth, this is far more fascist than socialist.

    What will happen when it's approved? Everyone will feel being spied every minute. Have they consider about using VPN's, until they can't cope up with the current technology, I think it should not be implemented.

    For me the only thing bad about this is that the government will know I out fast food delivery way too much...........but I'm still annoyed for some reason. We are spending over six hundred million dollars because 180 guys wanted to go fight another peoples war. it would be cheaper to just have a bunch of federal police follow them around when they got home.

    What an asinine argument; "If you've got nothing to hide, you shouldn't have anything to fear" OR "If you don't want people to see what your're doing, then you shouldn't be doing it".

    Really? I don't want people to watch me take a piss therefor I shouldn't be pissing?
    I know the above is Reductio ad absurdum but the argument can be made another way.

    It isn't that for what I do is what I want to hide... It is for that you don't NEED to know.
    Conversely, what is legal today, may not be legal tomorrow.

    The whims of Governments are known well and their complete lack of logic or common sense is quite apparent.
    What I search for today "DIY Power Supply", may be legal, but in the future, is it not possible that through lobbying, the power companies (like the copyright crowd) decide that they should be the only ones to provide power.
    Tomorrow, "DIY Power Supply" is no illegal and they have all the tools in place to see that.
    I am now on a watch list for my previous searches and the moment I search it again (oblivious to this law change), I become a "terrorist" and I get a visit from ASIO or the AFP.

    The argument is/WAS NEVER about what I have to HIDE... It has always been about what WILL become illegal in the eyes of our "Government".

    A quintessential viewpoint the "Government" doesn't like us to have.

    I in tern say... If the "Government" has done nothing wrong, then why do they fear the possibility of "domestic terrorism"?

      "I in tern say... If the "Government" has done nothing wrong, then why do they fear the possibility of "domestic terrorism"?"

      When the government discusses all of these matters behind closed doors (this law, for example), refuses to release their research to the public (eg. recent commotion regarding Hockey's budget papers being kept secret), FOI requests are totally redacted or simply ignored, etc. they are the LAST ones who should be spouting this "nothing to hide" hypocrisy.

        pardon? the government hasn't ever done us wrong? I think you should use the interwebz and research government corruption. it's happened in the past, and unscrupulous individuals within the government can just as easily do things not necessarily legal again

    Imagine you a foreign government who knew that there were Data Centres in Australia that captured and retained every email and telephone conversation of an entire nation.

    Would you not target those centres?

    Do you think that that little things like trade information / export information would be interesting. Yields, price of coal / wheat. Or simply patent business information. When are they buying / selling.

    Hackers could mine for credit card numbers. Organisations can mine for buying habits. Religious beliefs. Refugees communicating back home with loved ones.

    You could data mine an entire nation. And we leave the security of all of this up to ISPs.

    The argument that we have nothing to hide if you do nothing wrong doesn't stand-up. The government can happily access my life online. For the economic safety, the political safety of me and my fellow Australians – I think this strategy needs an incredible overhaul.

    seen articles that Tony says that this will also be used to fight 'general crime'

    this is a very scary prospect for anyone who doesn't fully agree with the government. Will it ever become the case of 'you're either with us, or you're a terrorist'?

      I beleave Tony called it: TEAM AUSTRALIA!!

      Are you on it or are you a terrorist or something??

    I don't want to live here any more...

    What's next? Storing our phone calls? So they would only need a warrant to go back through the history...:P

      If we had a Bill of Rights in Australia - we too could have similar legal protections as our US counterparts...we have no enshrined rights in Australia.

      What I wonder about the US based VPNs is do they offer the same protections for non US citizens? I ask this because the american laws regarding privacy are for American Citizens only and you and I as Australians have no right to expect the same protections. This is a problem that keeps rearing its head in these discussions.

      I would not be surprised if American agencies are freely snooping all the time against non-US citizens and I would not be further surprised if the Australian government has given them free reign to do so as we have no protections and are not US citizens so US agencies don't have to worry about the Bill of Rights or Constitutional Rights.

        I am sure that the NSA is snooping US VPNs to the best of their ability. VPNs are good for protecting yourself from Australian data retention laws simply because it puts the endpoint of communication outside their jurisdiction.

    Let me make this clear, this is not to catch the terrorist, nor will it ever, the simple fact is they do not leave electronic trails anymore, they understand surveillance/intel techniques and if you believe this will stop terrorists you are an idiot period.

    This will however allow the governments both domestic and foreign including any corporation in association to literally map out your entire life electronically and build a file on who you are, what you read, what you watch, what you listen too, what you buy, your friends, what you eat, what you wear, what your beliefs are, how much you earn, where you shop and how long you spend in the shower each day... This is not a free and just society, not only do you have to deal with social decay and values, you will have to deal with government and corporate greed and control, this is just another step . . ...

    Let's hope this thing is killed dead in the senate.
    It seems the Greens are against it. (Not a good track record of protecting freedoms, especially press freedoms) but here's hoping this will be a turning point for them. Sen. Leyonhelm (LDP) will oppose it. Contact your Senators and get them on board.

    Last edited 06/08/14 2:26 pm

Join the discussion!

Trending Stories Right Now