There's been a bit of confusion in the last few days from the government about how metadata will be stored and, more importantly, how it will be used by law enforcement agencies. According to the AFP and the head of ASIO, we have nothing to fear: they can't look at our browsing histories at will.
There has been a concern born from an interview with the Attorney-General, George Brandis, that the government would compel telcos and ISPs to store IP addresses that users connect from and navigate to when browsing the 'net. Under that assumption, it was perceived that the government could easily piece together a picture of what people had been looking at online. We demonstrated just how easy it would be to do this morning, following an interview with Communications Minister Malcolm Turnbull.
David Irvine AO, Director-General of Security with ASIO, called a press conference with the Deputy Commissioner of the Australian Federal Police, Andrew Colvin, to assure Australia's internet users that they're not out to scoop up everyone's web browsing history.
Andrew Colvin specified in the press conference that, while telcos may collect a history of the websites that users connect to, the AFP can't legally view them without obtaining a warrant from a court first.
"IP addresses [that users navigate to] are an indicator of content, not metadata" he said, adding that it rules it out of what is able to be viewed without a warrant.
"It comes back to what is permissible as opposed to what's possible. A destination IP address may show that, but under metadata [legislation], law enforcement agencies cannot access that data [without a warrant]. If [IP address information] was provided by telcos, it would be unauthorised for us to view. We would ask telcos not to provide us that, as it is content material, not metadata," Deputy Commissioner Colvin said.
His ASIO counterpart David Irvine AO, said that metadata gives authorities a clue as to where to look when gathering evidence, adding that with a warrant, ASIO or the AFP could certainly view those IP addresses:
"We can go back and view that IP history with a warrant, but the benchmark for obtaining a warrant is very much higher."
Primarily, what the pair would want in metadata is a record kept of the IP addresses that certain customers may have used at a certain time. Once ASIO or the AFP establish a person of interest, they can ask the telco to provide the metadata relating to the IP address and obtain address details, names, and so on.
David Irvine explains:
"We might receive information that a certain IP address in Australia has been in frequent contact with one of the Al Qaeda websites operating. On the basis of that, if we'd just been given a phone number in the old days, we'd use the phone book. In this case, we'd use the ISP provider and say 'can you give us anything about who, what, when and where had that ip address at that time on that day', and they'd say, 'it's person x, y, and z with this address'. That then forms the basis for us to begin to conduct an investigation. That might lead us down a track that says this person is developing into a serious threat.
On the other hand, it can lead us in the opposite direction: someone may have just come across this website by accident. Metadata is just as important in eliminating people under suspicion as it can ruling people in.
According to the pair, metadata is currently used to solve crimes. This metadata proposal is more about shoring up how the data can be stored and accessed in future by law enforcement agencies:
"What we would like is for there to be a uniform standard, a clear definition of what the data is that should be stored so that law enforcement and national security organisations can have legal access to it," Irvine said.
Do the law enforcement agencies assure you that metadata won't be misused? Let us know what you think in the comments!