Australia's Data Retention D-Day Is Here

Hide yo kids, hide yo Wi-Fi: Australia's data retention laws kick in today.

For those who have been left massively out of the loop, data retention is a system that will see telcos and ISPs retain metadata on their customers for two years. The data would then be used by law enforcement agencies to catch bad guys and home-grown terror threats.

There are a few different positions on metadata retention. You can be all for the police collecting your meaningless metadata if it means they'll catch a few crims, or you're annoyed that your private communication history is being gathered up for little to no benefit.

Politicians have a few different was of looking at it too: either you're on #TeamAustralia and don't mind having your data snooped on by the cops or you should be outraged at the massive breach of privacy being forced upon the Australian people.

Either way, it's happening. Right now.

Spooks will try and tell you that metadata never contains any identifying information about the contents of calls, emails, messages or traffic sent over web connections. It just stores the info on how long you’ve been on a particular site, or a particular call, or when you sent a particular message and who to. Privacy advocates believe that metadata actually fingers a user for more than just that.

Philip Branch from Swinburne University writes on the implications of metadata collection and what it means for the privacy of users:

Even before smartphones and the internet, metadata from the mobile phone system was surprisingly rich. Metadata could provide information as to whether the call was forwarded and where it was forwarded to, whether or not it was answered, and so on.
Such information is invaluable in building up a model of relationships. But not only did the phone network provide information about the participants to a call, it could also provide approximate information about where the call was made.
Since mobile phones are connected to the network via nearby base stations usually located only a few kilometres away, metadata reporting which basestation the handset is attached to gives location information accurate to a few kilometres.
Also, since the phone is connected to a basestation whenever it is switched on, the phone can provide continuous location information regardless as to whether or not calls are made.

Mobile internet has been both a blessing and a curse for investigators. Smartphones are used for many more purposes than voice only telephones.
Generally, people use a smartphone much more than they used older types of telephones. Consequently, many new forms of metadata have become available. Email addresses, websites visited, files downloaded all present many new opportunities for investigators to gather metadata.
Not only is material downloaded, but a considerable amount of material is also uploaded.
Pictures, videos, social media updates all provide metadata that could be of use in an investigation. For example, images captured on a smartphone will, unless steps are taken to remove it, contain GPS location information accurate to within a few metres.
Other metadata that might be of interest includes when the image was created, who created it and the device it was created on. Metadata might even be added, perhaps unwittingly, when people tag images with comments.

If you want to get around metadata retention (because that's totally a thing you can do), get into our guide on VPNs as a starting point.



    Just heard on the news this morning that most of the smaller provider just aren't ready and they don't have the storage capacity to cope either.

    Time for VPN's, EAD Turnbull and Conroy for paving the way.

    And the first time this data gets compromised and peoples identities stolen, who do we sue???

      The same people you would sue 5 years ago when they were collecting the same data

    VPN providers are now laughing all the way to the bank while our politicians are laughing into their offices to cry when it finally comes clear even if VPNs are not used retaining the meta-data tells them nothing!

    Jokes asides, it staggers me how they think taking what business already do (optionally, they only need to retain data up to 3 months) and then making it mandatory will combat terrorism.

    The only change is in the retention period. There is no change in the resources nor technologies to better assess and filter the data coming in.

    But all that pails to one fact; the meta-data can be fudged. To use the governments own analogy, they may look at the envelope and see if is just a little to little old lady when the reality is there is another envelope inside which the little old lady will then forward on because the inner envelope has a check for a less than savoury group.

    All up, this is all just dust kicking to make it look as though both sides are doing something when they are not.

      two things:
      1) data retention will have zero effect on preventing terrorism. because;
      a) the content of the communications is not included
      b) metadata is a historical record of a communication that took place, so while the Govt can determine that a communication has taken place, without the context of the communication, there is no way to prevent any future event based on metadata alone.
      c) however, if the govt see you emailing a known terrorism-related individual, they could get a warrant for the content of the emails. but we're getting into Minority Report shit there. Also, shits all over the implied right of association if you can be investigated based on who you talk to.

      2) I dont think it's a coincidence that the TPP Free Trade agreement has provisions allowing foreign IP rights holders to subpoena Australian ISPs for the details of people who infringe copyright. The collection of which this metadata retention scheme has just made mandatory.

      Last edited 13/10/15 9:55 am

        1) data retention will have zero effect on preventing terrorism

        Sorry, I though I already said that with my mentioning of the hidden letter.

        Like others, I know this will not help terrorism. It won't help with the TPP either. This law is just there no purpose other than to make it seem they are combatting terrorism when in fact it is all show and now substance.

          i was elaborating on your point.

        You're wrong dude, it's immensely useful for terrorism.
        Think about you dead on a street with no ID. I want to find out everyone you're connected to. I start with your mobile contacts and your friends list on social media. It's the same thing, it's connections. It's how they mapped the al Qaeda network post 9/11, after the fact from phone records.

    WiseHacker, sounds like a poor analogy, wouldn't the same group that tracks the first envelope coming in also be able to see where the envelope that was inside the envelope is being sent?

    Then they'd easily be able to see that Group A is sending letters to LOL (Little Old Lady) then LOL is sending letters to Group Bin Laden.... Now I'm no "Security Expert" or "Terrorism Analyst" or anything like that but I'm pretty sure that would be an obvious link....

      Click the "reply" button below somebodies post to reply.

      Last edited 13/10/15 6:58 pm

    should the pirates be concerned? yarrr

      Nope, because the meta-data will only show you guys are communicating among yourselves but give no indication if you are getting the Dallas Buyer's Club or playing StarCraft or even Windows 10 updates as to keep the load off Microsoft, Windows 10 is now able to get updates in the same manner as bit torrent; from multiple places both on your LAN or connected users online.


      Should the people that actually know the ins and outs of the internet be worried.... nope.

        Yeah, no. The money where your mouth is test for that is to follow ISIS targets, direct messaging them on twitter, sending PGP encrypted emails to addresses you can find via SITE institute.
        Do that, then post the lolz, tell us about your future airline boarding experiences.

    WiseHacker, sounds like a poor analogy, wouldn't the same group that tracks the first envelope coming in also be able to see where the envelope that was inside the envelope is being sent?

    It depends. If the whole datagram is scanned, then yes all headers (meta-data) can be seen. But as far as I can tell only (for want of a better term) only the outer most header is examined, not the payload which could be other routable datagrams.

    Without getting too technical, there is a concept in computer networking called encapsulation. Say if I want to send an email.

    Without encapsulation, my email client will have to know not only the sender and the receiver but also the data needed by TCP so the data can be converted to segments and the headers for Ethernet frames for routing between devices and much more.

    But with encapsulation, my email client only has focus on headers that support its own tasks. When handed to TCP, the whole message along with its headers is treated as a data payload and wrapped up with headers for TCP.

    Thing is, it's not just my email client that will use this trick. There is an implementation of encapsulation called tunnelling and the classic example is to allow IPv6 end machines to communicate over IPv4 networks because the headers are completely different.

    The machines don't see the the IPv4 network because of the tunnel and the routers involved don't see the IPv6 traffic because to them its (irrelevant) data; the routers only care about their IPv4 headers.

    Finally, there are VPNs which depending on what you use create such a tunnel and even encrypt the data payload. Thus the only usable meta-data is the outer most header while the payload is encrypted without no easy means of brining it back into clear text and even then a number of collected messages have to be obtained so an encapsulated datagram can be recovered for its headers.

    So overall, in keeping only the meta-data, our Government is not learning anything more but is easily costing the tax payer for this lost cause.

    Thus, the envelope analogy fits. No-one is opening the envelope so even the most basic of of tricks will circumvent the measure.

    EDIT: Reply system seems broken again. This is in response to @ixixly.

    Last edited 13/10/15 10:12 am

    This debacle may well cost Bill Shorten the next election.

Join the discussion!

Trending Stories Right Now