Last week, laws relating to metadata retention that were passed in March officially came into effect. The legislation stipulates that as of October 13, all Australian telecommunications providers are required to record metadata logs of their customers for up to two years. This has been a topic rife with debate, with virtually all Australians impacted. Therefore, on the blog this week we thought we would explain what the legislation involves and how you will be affected.
Firstly, what is metadata? It is generally thought of as being like the name and address on an envelope, rather than the content inside. This idea is contradicted, however, by iiNet’s Chief Regulatory Officer Steve Dalby, who was quoted as saying “if you have the metadata, you have the content”, with the information recorded potentially “revealing more about an individual than the [actual] content” (Reilly, 2014).
As part of the legislation, the logs required to be recorded will include email, internet, mobile and landline use. Specifically, the time, date, size, sender and recipients of emails will be collected, along with your IP address and time and duration of web connections. Your browsing history will not be recorded. For phone calls, metadata includes the phone number of those contacted, the time and date of calls and text messages, as well as the location of the nearest mobile tower when communication occurs (Thomas, 2015).
Although the data captured can potentially be accessed by police and the border force without the need for a warrant, restrictions have been placed on the number and type of agencies that can use stored metadata. Organisations such as the RSPCA, Australia Post and others that aren’t acting with law enforcement will now have to seek approval before viewing individual’s data.
The aim of mandating the collection of metadata is to reduce the irregularity in which it was previously recorded, thereby improving the ability to identify and track criminal behaviour. Legislators have insisted low level piracy isn’t a focus – so Game of Thrones downloaders are safe, for now.
There has been lively debate as to the ethics surrounding the retention laws, with many objecting to unwarranted surveillance, outlining that it is an invasion of privacy. Critics also claim that stored identifiable data could become a target for hackers. This is especially concerning given that mandatory data breach disclosure isn’t required of Australian companies, meaning data could be compromised without knowledge.
Further, many believe the exercise to be a waste of time and taxpayer funds, as there are several (legal) ways to avoid data being recorded, such as encryption through VPN. Tactics such as this are already employed by tech-savvy criminals, so it is argued any impact is likely only to be marginal.
In countering the privacy argument, the government purports that those who have nothing to hide shouldn’t be concerned. Many other points raised by the debate have yet to be refuted.
For those against metadata collection, there are a myriad of resources available to guide individuals on ways of protecting their personal information. One such video features current Prime Minister Malcolm Turnbull in a past Sky News interview discussing the use of apps such as Skype and WhatsApp for the purposes of anonymity.
With a number of telecommunications providers currently lacking the infrastructure and capacity to store the metadata required, it remains to be seen whether the initiative will yield quantifiable results. We will keep you posted as this situation develops, as privacy and security of personal information is likely to remain at the forefront of consumers’ minds.
References
Reilly, C, 2014, ‘If you have the metadata, you have the content’ says iiNet, http://www.cnet.com/au/news/if-you-have-the-metadata-you-have-the-content-iinet/
Thomas, J, 2015, What is metadata, and how can you maintain your privacy?, http://www.sbs.com.au/news/explainer/what-metadata-and-how-do-you-maintain-your-privacy
What do you think of the new metadata retention laws? Will you be taking action to prevent your data being recorded?