By Kieran Adair and Ugur Nedim
As we all were preparing for the Easter break, the government switched on the full version of its metadata retention system.
Although the legislation enabling the scheme was passed in October 2015 – and data has been stored and accessed since then – last week marked the end of the ‘implementation period’.
This means everyone’s online activities are now being stored by Internet Service Providers – and must be released to a whole host of government agencies upon request, without those agencies having to obtain a warrant.
Journalist Quentin Dempster described the laws as turning “this country’s entire communications industry… into a surveillance and monitoring arm of at least 21 agencies of executive government.”
Why these laws are concerning
While the content of your communications is not meant to be looked at, the legally accessible data can still paint a detailed picture of your online activities – potentially enabling government agents to use selected data to bolster allegations against intended targets, or to track, hunt down and prosecute whistle blowers.
Indeed, government agencies including the Australian Federal Police have already admitted investigating many journalists and even doctors who have been critical of government policies and actions, by accessing their metadata.
The new legislation will make it a lot easier for these agencies to hunt down whistleblowers who expose government misconduct.
Data that can be legally accessed without a warrant includes:
- Telephone records
- The time and length of phone calls
- The internet protocol addresses (IP addresses) of computers from which messages are received or sent
- Location of parties making phone calls
- To and from email addresses on emails
- Logs of visitors to chat rooms online
- Status of chat sites – whether they are active and how many people are participating
- Chat aliases or identifiers (the name a person uses in a chat room online)
- Start and finish times of internet sessions
- The location of an individual involved in communications
- The name of the application someone uses online and when, where and for how long used
Attorney-General George Brandis claimed the purpose of the new scheme was to counter the threat of terrorism and smash organised crime gangs, and would not be misused.
However, the new laws have indeed been used to target people for a range of purposes which were not previously disclosed.
Use of metadata to date
Last year, it was revealed that over 60 Government agencies had applied to the Attorney-General for metadata access. The list includes the Australian Taxation Office, Department of Human Services, and even local councils.
In fact, Bankstown Council applied for metadata access in order to catch illegal rubbish dumpers and those who breach by-laws. That access was granted. And the Queensland Police Service used the scheme to access the metadata of cadets in an attempt to determine whether they were sleeping with one another, or faking sick days.
To many, dumping rubbish, monitoring the sexual activities of cadets or even evading tax is not enough to justify sacrificing the privacy of the entire Australian population – especially when the reason put forth for the implementation of the laws was to fight against terrorism and organised crime.
Protecting your privacy
There are many perfectly legal ways to circumvent the government’s metadata scheme. Here are just a few of them.
Hide your browsing data using a Virtual Private Network (VPN) service:
VPN’s work by creating a secure connection between your computer and another network. While you can still browse the internet freely, VPNs allow you to do this through the other network – disguising your tracks.
Protecting your emails by using online services:
If you use an email address supplied by your ISP (ie. @optus, @bigpond etc) they will be forced to record the address you emailed, attachment names, file sizes and location from which you send.
However, if you use an overseas browser-based email services, like Gmail or Hotmail, all your ISP can record is that your location, and how long you were connected to that service – and if you’re using a VPN they won’t even be able to see that.
Using Facebook Messenger to protect your SMS:
If you send a SMS from your phone, your ISP will record the number you SMSd, the time of the sms, its size and your location. However, this can be easily protected by using an App, such as Facebook Messenger or iMessage, that comes preloaded onto your phone.
Much like using a browser based email service, this will mean that they can only record the time you accessed the service, size of data exchanged, and your location – again, even this will be protected if your using a VPN.
Usings Skype to protect your phone calls:
If you make a call from your mobile phone, your ISP will record the number you called, the time of call, its duration, and your location.
However if you call using a smartphone app, such as Skype, Signal or Facebook Messenger, then they will only be able to record the time of your connection, and the amount of data used, and your location – again, you can protect against this by using a VPN.