AusCERT 2015: Data retention is bad news for citizens

Justin Clacherty is on the leadership team of Future Wise Australia, a “fiercely non-partisan organisation focused on policy advocacy and research in technology, health, and education.

"What’s metadata? Interestingly, it doesn’t even appear in the act. It’s a made up term’” says Clacherty

Clacherty says we’re better off simply using the term data and simply saying what is actually being collected. The data is being collected as a result of the recently passed Telecommunications (Interception and Access) Amendment (Data Retention) Act.

“It’s a social engineer’s dream’” he says. The data can be used to create a map of a person’s movements, connectivity patterns, communications patterns and other personal information. Clacherty noted that despite Attorney General Brandis saying the data would only be used for investigations into serious crime, comments made by the Australian Federal Police and Communications Minister Malcolm Turnbull saying it might be used in other crimes and, potentially, civil matters.

Also, Clacherty says, the ability for the Attorney General to declare something as a “Special Intelligence Operation” means journalist could be caught up and prosecuted even without knowing they were reporting on such a matter, as it was a secret.

In painting a real doom and gloom picture, Clacherty said it’s possible professionals such as penetration testers and even police aren’t protected.

One of the arguments made by the Australian Government, according to Clacherty, is other countries are doing the same thing. But he argued this isn’t true as many countries either have much shorter retention periods or are unwinding their retention laws completely.

“You can not opt out of telephone retention laws,” he says. Even if you use a VPN, cell towers allow users to have their location tracked and home users have service connected through fixed addresses.

Securing this data is also a significant concern with the breadth of access far greater than we are being lead to believe.

"I know only specific agencies have access to that data but those agencies are quite large. And they’re not even storing the data’” says Clacherty.

Future Wise, according to Clacherty, is not against surveillance where it’s appropriate. But they are unhappy with the laws that have been passed without adequate evidence or scrutiny that they will actually solve the problems government claims need solving.

Clacherty says the process prior to the introduction was deeply flawed with “a law enforcement submission that had absolutely nothing to support the fact. In at their report, it said blah, blah, blah, blah, blah, these people said this, this agency says this - we’ll go with the law enforcement agency”.

"A law like this needs to be both necessary and proportionate. They haven’t shown it’s necessary and it’s centennially not proportionate," he says citing reports from the UNHCR and Office of the Australian Information Commissioner.

Despite assurances by the government that all this data is already available, ISPs such as Telstra have said they will need to create the data they will be obligated to retain. This is inconsistent with the government’s position that the data is already available and the legislation simply formalises the process.

Clacherty also raised a view smaller ISPs may be forced out of business as a result of the costs involved with establishing and operating the retention scheme.

There are a number of knock-on effects to the new law. Clacherty says journalists are already seeing sources less forthcoming with in-person meetings greatly preferred to phone or email communications. The relationship between this law and others has some interesting effects such as the conflict between protection for whistleblowers and the previously mentioned declarations of “Special Intelligence Operation” meaning metadata from journalists potentially used to stifle open government and criticism.

The requirement to delete data is not adequately covered in the law and a lack of judicial oversight is of significant concern according to Clacherty.

"The internet has been around for 40 years. There’s no excuse for politicians to not understand this stuff’” he says.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Copyright © 2015 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)