The Government and ALP regime of mass electronic surveillance – mandatory data retention for every man, woman and child, and every device in the country – starts from today. Here’s how to get around it.
Senator Scott Ludlam is a member of the Greens, and has campaigned against mandatory data retention for years. This guide was originally published on his blog. You can also follow him on Twitter.
From today, your phone and internet providers (ISPs) will have to retain huge volumes of your private information for two years.
Protecting Yourself From Mandatory Data Protection
To stop the government spying on your every move, you can take the steps listed below. The alternatives here are just some of the options available, this is by no means a comprehensive list. There are a lot of great resources easily searchable online.
These programs and tools are perfectly legal, and very easy to use, which of course begs the question – what is the point of this $300 million scheme in the first place? Particularly when none other than Prime Minister Malcolm Turnbull, the architect of the scheme, endorses and uses some of these tools himself.
What must be remembered is that whilst these tools will circumvent the data retention scheme – they place any metadata your activity creates out of reach of the legislation or make it too broad to be identifying – most of them do not protect you from more invasive spying like the programs highlighted by Edward Snowden.
For voice calls
If you make a regular mobile call, your mobile provider will record:
the number of the person you spoke to (or missed), the time the call was made or missed, the duration of the call, and your location.
If you instead use Facebook Messenger Voice, Skype, Facetime Audio, or Signal (iPhone) / RedPhone(Android) instead, all that your mobile provider (or your Internet Service Provider if you’re on WiFi) can record is:
a connection to the service*, the duration of that connection, the volume of data sent and received, and your location.
And if you do this when you’re connected to a VPN, all your mobile provider can record is;
a constant connection to a seemingly random internet server, and your location. Your actual activity – the voice call itself – can’t be associated with a location by your mobile provider.
For SMS
If you send a regular mobile SMS your mobile provider will record:
the number of the person you SMSd, the time the call was sent, the size of the message, and your location,
If you use Facebook Messenger, Skype Message, iMessage, or Signal (for iPhones) or TextSecure (for Android phones) instead, all that your mobile provider (or your internet provider if you’re on WiFi) can record is:
a connection to the service*, the duration of that connection, the volume of data sent and received, and your location.
And if you do this when you’re connected to a VPN, all your mobile provider can record is;
a constant connection to a seemingly random internet server, and your location. Your actual activity – the message itself – can’t be associated with a location by your mobile provider.
Additional notes about message apps: your iPhone will default to iMessage for other Apple users. If your text message conversation is blue, it’s secure. If it’s green, it is not.
Signal, RedPhone and TextSecure are fully encrypted. Only the sender and recipient can read the messages or understand the voice communication. These tools also offer protection against more invasive spying, and are suitable for use when travelling in sensitive regions, or for having conversations that must remain strictly confidential. As with Skype, iMessage, Facetime, Facebook and other ‘over-the-top’ services, both parties need to be signed up to the service.
For Email
If you use a @bigpond, @optus, @iinet, or another address supplied by your internet service provider, your ISP will record:
the address you emailed, the size of the message, the file names of attachments, the file sizes of attachments, the time the message was sent, and your location,
If instead you use an email address from a specialist email-only provider like Fastmail, or an overseas email service like Gmail or Hotmail, all your ISP (or mobile provider if you’re emailing from a phone) can record is:
a connection to the service*, the duration of that connection, the volume of data sent and received, and your location.
If you do this when you’re also connected to a VPN, all your ISP can record is:
a constant connection to a seemingly random internet server, and your location. Your actual activity – the email itself – can’t be associated with a location by your ISP.
For Web Browsing
The data retention scheme means that your Internet Service Provider records:
your IP address, your destination addresses*, your location, the time you connected to the web, the duration you connected to the web, and the volume of data exchanged.
If you use the web when you’re connected to a VPN, all your ISP can record is:
a constant connection to a seemingly random internet server, the total amount of data you exchange, and your location. Your actual activity – the web browsing and downloads – can’t be associated with a location by your ISP.
Connecting to a VPN
Virtual Private Networks create a secure avenue to another network, so that only users on either end of that avenue can view information. When you connect your computer (or phone or tablet) to a VPN, the device acts as if it’s on the same local network as the VPN. All of your network data traffic is sent over a secure connection to the VPN.
As well as private work networks, VPNs can also be used to access the Internet. You’ll be able to use the Internet as if you were present at the VPN’s location. When you browse the web while connected to a VPN, your computer contacts the website through the encrypted VPN connection. The VPN forwards the request for you and forwards the response from the website back through the secure connection. This is how people using a USA-based VPN to access Netflix will appear to Netflix as coming from within the USA.
All your ISP will see is an exchange of a volume of data with your VPN. It’s as if your ISP could see you go into the restaurant and come out again an amount of time later looking a bit full, but it won’t know what you ordered, what you ate, what you spilled, where you sat, or who you talked to.
Setting up a VPN is very easy.
Gizmodo Australia has an excellent summary of recommended VPNs. Most of these don’t keep any logs, to ensure your privacy. They are user-friendly and come with simple installers to run on your OS X or Windows computer, and they have very easy to use iOS and Android apps for your mobile devices. Once installed, and your username and password have been entered, you then simply select where you’d like to ‘be’.
Using a VPN may have a small impact on your data speeds, but usually not much.
Signing up for all the services that work for you, including a VPN, should take you no more than 10 minutes.
* The Attorney-General’s Department has said it will not require ISPs to retain destination addresses – the site or service you connect to – but it has been reported that it is likely to be in most retained datasets anyway, because removing it is an extra step and expense for ISPs.
Some Further Reading:
Centre for Investigative Journalism
Information Security for Journalists – protecting your story, your source and yourself online.
Freedom of the Press Foundation
Encryption Works by Micha Lee focuses on protecting privacy online.
Electronic Frontier Foundation
EFF’s Surveillance Self-Defense offers tips, tools and how-tos for safer online communications. It includes overviews, tutorials and briefings.
TOR
TOR – The Onion Router (or TOR) allows you to use the internet anonymously. This is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
File Encryption
File encryption of sensitive data is also really important. Here’s more information.
What is Data Retention?
Read and share Scott’s OpEd on The Drum.
Some of Australia’s leading ISP’s like iiNet have spoken out against the regime and are working to inform their customers about the Government’s scheme. You can read that here.
Data retention requires all Internet Service Providers telcos and social media sites operating in Australia to keep significant amounts of data for all Australians for a period of two years, including telephone and email records detailing who contacted who and from what location, including how long people spoke on the phone, how many messages they sent and their precise geographical location.
Your phone handset is essentially a tracking device that allows you to make calls. Our relationships and social lives are increasingly mediated by digital tools; collectively these devices and apps silently generate billions of records of place, time, contact, data type and volume, all of it aggregated under this loose concept of metadata. Anyone who tells you that these are simple billing records or the innocent envelopes surrounding substantive communications is either technically illiterate or lying to your face.
In 2012/2013, agencies made 340,000 demands for this information of Telstra, Optus and the rest of the telecommunications industry, without the trouble of applying for a single warrant. I don’t have more recent numbers, because the Attorney General’s Department is refusing to publish the report for the last financial year. Telecommunications regulator the ACMA reports 748,000 total warrantless authorisations received by carriers in 2013/14.