Government Lies About Metadata Scheme

By Kieran Adair and Ugur Nedim

As we all were preparing for the Easter break, the government switched on the full version of its metadata retention system.

Although the legislation enabling the scheme was passed in October 2015 – and data has been stored and accessed since then – last week marked the end of the ‘implementation period’.

This means everyone’s online activities are now being stored by Internet Service Providers – and must be released to a whole host of government agencies upon request, without those agencies having to obtain a warrant.

Journalist Quentin Dempster described the laws as turning “this country’s entire communications industry… into a surveillance and monitoring arm of at least 21 agencies of executive government.”

Why these laws are concerning

While the content of your communications is not meant to be looked at, the legally accessible data can still paint a detailed picture of your online activities – potentially enabling government agents to use selected data to bolster allegations against intended targets, or to track, hunt down and prosecute whistle blowers.

Indeed, government agencies including the Australian Federal Police have already admitted investigating many journalists and even doctors who have been critical of government policies and actions, by accessing their metadata.

The new legislation will make it a lot easier for these agencies to hunt down whistleblowers who expose government misconduct.

Data that can be legally accessed without a warrant includes:

  • Telephone records
  • The time and length of phone calls
  • The internet protocol addresses (IP addresses) of computers from which messages are received or sent
  • Location of parties making phone calls
  • To and from email addresses on emails
  • Logs of visitors to chat rooms online
  • Status of chat sites – whether they are active and how many people are participating
  • Chat aliases or identifiers (the name a person uses in a chat room online)
  • Start and finish times of internet sessions
  • The location of an individual involved in communications
  • The name of the application someone uses online and when, where and for how long used

Attorney-General George Brandis claimed the purpose of the new scheme was to counter the threat of terrorism and smash organised crime gangs, and would not be misused.

However, the new laws have indeed been used to target people for a range of purposes which were not previously disclosed.

Use of metadata to date

Last year, it was revealed that over 60 Government agencies had applied to the Attorney-General for metadata access. The list includes the Australian Taxation Office, Department of Human Services, and even local councils.

In fact, Bankstown Council applied for metadata access in order to catch illegal rubbish dumpers and those who breach by-laws. That access was granted. And the Queensland Police Service used the scheme to access the metadata of cadets in an attempt to determine whether they were sleeping with one another, or faking sick days.

To many, dumping rubbish, monitoring the sexual activities of cadets or even evading tax is not enough to justify sacrificing the privacy of the entire Australian population – especially when the reason put forth for the implementation of the laws was to fight against terrorism and organised crime.

Protecting your privacy

There are many perfectly legal ways to circumvent the government’s metadata scheme. Here are just a few of them.

Hide your browsing data using a Virtual Private Network (VPN) service:

VPN’s work by creating a secure connection between your computer and another network. While you can still browse the internet freely, VPNs allow you to do this through the other network – disguising your tracks.

The only metadata that will be recorded is your connection to the other network. Electronic Frontiers Australia and Digital Rights Watch both have good introductions to choosing a VPN.

Protecting your emails by using online services:

If you use an email address supplied by your ISP (ie. @optus, @bigpond etc) they will be forced to record the address you emailed, attachment names, file sizes and location from which you send.

However, if you use an overseas browser-based email services, like Gmail or Hotmail, all your ISP can record is that your location, and how long you were connected to that service – and if you’re using a VPN they won’t even be able to see that.

Using Facebook Messenger to protect your SMS:

If you send a SMS from your phone, your ISP will record the number you SMSd, the time of the sms, its size and your location. However, this can be easily protected by using an App, such as Facebook Messenger or iMessage, that comes preloaded onto your phone.

Much like using a browser based email service, this will mean that they can only record the time you accessed the service, size of data exchanged, and your location – again, even this will be protected if your using a VPN.

Usings Skype to protect your phone calls:

If you make a call from your mobile phone, your ISP will record the number you called, the time of call, its duration, and your location.

However if you call using a smartphone app, such as Skype, Signal or Facebook Messenger, then they will only be able to record the time of your connection, and the amount of data used, and your location – again, you can protect against this by using a VPN.

previous post: Free Speech and Exposing Corruption: An Interview with Wendy Bacon

next post: Dangerous Driving and the Law

Author Image

About Sydney Criminal Lawyers

Sydney Criminal Lawyers® is Sydney's Leading Criminal Defence firm, Delivering Outstanding Results in all Criminal and Driving cases. Going to Court? Call (02) 9261 8881 for a Free Consultation.

One comment

  1. Jezza

    Pardon me, but are you out of your mind? Please, inform your readers well – unless you are paid by the Australian government or unless this is meant as a very bad joke. Recommending ‘services’ like/by Facebook, Skype, Hotmail, Yahoo!, Google and the likes is hardly what people should be doing in order to take control of their privacy. In fact, these are, without exception, surveillance companies and they are therefore to be avoided at all times.
    Sure, users will be kind of safe from their ISPs recording their activities, but it is (or should be) common knowledge that exactly these companies/software examples are guaranteed to, without hesitance or shame, store, share and sell their users’ data; and that those data are certain to go straight back to Australia – an embarrassing member of The Five Eyes.
    Please, educate people properly instead, by offering reasonable alternatives that would actually protect citizens and undo the current violations of human rights by the Australian government and its affiliates:
    VPN? Very good idea, but make sure the company is not based in the USA, UK, Canada, NZ or Oz. Switzerland is a good choice, as it has strict privacy laws.
    Webmail? Use ProtonMail, Tutanota or Posteo.
    Search engine? Never Google. Get that out of your dictionary. DuckDuckGo, Startpage or Searx are great.
    Still on Facebook? Well, read the news and delete your account. In a different order, preferably. Skype? Seriously? A Microsoft company that keeps its source code proprietary and, when asked, has multiple times declined to confirm/deny that its users conversations are shared with governments. For messaging (text, voice and video), use Signal. It is the best app at the moment. Jitsi, Tox and Ring are fine as well.

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>