Today is the day, people. From now on, the Federal Government's Metadata Retention Scheme is unavoidable for telcos and internet service providers. They will be keeping your metadata - including text messages, location information, and internet connection details - for a full two years, ready to be passed on to Government agencies when requested, without a warrant. Compliance is mandatory.
So, of course, online rights organisations are calling today "National Get a VPN Day".
"Virtual Private Networks provide an important element of privacy protection for users," Electronic Frontiers Association says. "and EFA therefore encourages all Australians to consider using a VPN service when accessing the Internet."
EFA Executive Officer Jon Lawrence said calls VPNs one of the most effective tools for protecting privacy when using the Internet, due to the degree of anonymity they provide when accessing online services - and also the protection against "eavesdropping and government surveillance".
So get a VPN, EFA says. But which one?
"As with any industry, the quality of VPN services varies considerably, particularly in relation to privacy issues and people should therefore be well-informed before selecting a provider," EFA says. Here are the organisation's tips for choosing the right one for you:
- What data does the VPN record? Is the VPN retaining web logs? Does the VPN know your IP address and the times that you connect to their servers? Also, what kind of advertising data does the VPN service store and does it hand that data over to third parties?
- How long does the VPN store data? Nearly all VPNs will store some data in order to troubleshoot network issues. However, the duration of that storage plays a key role in terms of the privacy protection afforded to users. After all, if the data has been deleted, then it cannot be accessed by a third party. Ideally, a VPN should be wiping user data within hours of it being recorded. If a VPN is storing data for anything more than a few days then beware.
- What country are they based in? For example, you may want to avoid services based in Australia, UK, US, New Zealand or Canada (the so-called 'Five Eyes' countries, which have comprehensive intelligence-sharing arrangements in place). You may also want to avoid services based in countries with authoritarian governments.
- What payment methods do they support? Using BitCoin and/or other digital currencies will provide you with an extra layer of anonymity
EFA is also calling for Australians to contact their local MP regarding the dangers of mandatory data retention - communicating to them the main point sof concern:
- All access to this data should require a warrant - not just for journalists' data (the only people currently protected). A majority of European Union countries require some form of independent, judicial authorisation for access to this sort of data, so there's no reason why Australians shouldn't enjoy the same protection.
- It's important that additional agencies aren't added to the list that are allowed access to this data. The one good part of the data retention legislation is that it reduced the number of agencies able to access this data from literally hundreds to less than two dozen (Police and anti-corruption bodies mainly).
- The two year retention period is unjustifiably long and must be reduced to at most six months.
A long-running case on whether you're allowed access to view your own mobile phone metadata — retained by Australia's telecommunications companies for government snooping, including comprehensive call logs and location data — and whether that data is classified as "personal information" has come to an unceremonious end.
Australia's Federal Court has put a stop to a final attempt by Australia's peak privacy advocates to restrict the retention and access of information by Australia's telcos, and the judgment will have wide-ranging implications for what information is considered personal under the terms of the Privacy Act.
Happy VPN day, everyone!