Australia proposed a new data retention law last March which passed in early April and today takes effect officially. ISPs in Australia will now have to retain the data of Internet and phone users by law. The two-year period for data to be kept by these companies poses serious risks for all users. Not only will the government be able to access all this data at any time and without the need for warrants, but the databases that will be filled with this data are going to be shared with third parties and are also just another target for hackers and scammers.
Metadata and Privacy
The Australian data retention law, Telecommunications (Interception and Access) Amendment (Data Retention), requires all phone and Internet Service Providers to collect and keep the metadata of their customers for two years. From today, all the phone calls that people in Australia make and all the websites that they visit will be a matter of record that the government can look into anytime they want. Only metadata is being recorded, but this is enough to show who you talk to and exchange information with, where you spend money, and when it all happened. The exact contents of communications and interactions are not known, but metadata tells enough. Users can be profiled and matched with other users to create detailed descriptions of their behavior and associations.
These profiles that will be created expose users to unwanted scrutiny, which is a violation of privacy. It doesn’t matter whether these people have done anything wrong. Their lives will be tracked and filed from today, and this information will be made available to the government and a number of third parties as well. ISPs routinely share user information with marketing companies, for instance, so that ads can be created based on specific user profiles. So at the same time that users face mass surveillance threats, they are also facing more ads and a bigger privacy threat as more of their data is fed to advertisers. On top of all this, there will soon be databases full of metadata that will become targets for identity thieves and other ne’er-do-wells.
The bottom line is that metadata collection means users are being targeted by governments, corporations and criminals all at the same time.
More Suffering for Users
ISPs like Optus, Telstra and Vodafone are prepared to begin collecting user metadata with the help of the first installment of the $131 million Australian dollar fund for the project. These bigger ISPs will also have to do their part, but they are established and can carry the load. There is no news about how much of the burden will be passed on to users in terms of higher service fees, but it is almost a certainty that users will have to pay more to cover the costs of compliance with the data retention plan. There is also a general feeling that many small providers will be unable to continue doing business because of the high costs. This is of course bad for them but also bad in general because it will disrupt the balance in favor of big companies.
The metadata collected by those ISPs who survive will be put on databases that the government can search any time they feel like it. There is no need for the government to secure any warrants before they can access this user information, which makes it a very scary thing. With warrants, at least the government would need a good reason before they can snoop around in users’ personal lives. As it is, any agency can have a look without giving any reason at all.
If you live in Australia, there is no way to get around this new data retention scheme unless you plan on living your life completely unplugged, with no phone and no Internet. But you can prevent your ISPs from knowing what you are really doing online by using a VPN. They will still be collecting some metadata, but your traffic will be encrypted so that they cannot read it. It will also be sent through a private tunnel where they cannot follow. Whatever profiles they will be able to create based on VPN rerouted traffic will be insufficient and inaccurate. As far as phones go, there are many services that can encrypt your calls as well. Just be careful to make sure that whatever services you choose to use, they are not handing over your data to the government behind your back.
With the proper tools, you can stay in control of what information you choose to keep private despite the huge net that the Australian government has thrown out over the land.