ISP snooping now on the agenda, but will eroding privacy help reduce crime?
Rodney Gedda
Privacy advocates and a large section of the IT community were roused last month by the federal government’s recent approval of controversial data retention laws. Forcing Internet and telecommunications providers to store the metadata of user activities for up to two years, the laws have been introduced as part of a collection of reforms on national security designed to combat counterterrorism and ensure stricter modes of law enforcement.
Due to be legislated via a bill or amendment later this year, the move towards the two-year data retention scheme comes at a time when public suspicion of governmental invasion is high. Only recently defector Edward Snowden – an American computer professional and former administrator for the Central Intelligence Agency – revealed that agencies like the National Security Agency (NSA) essentially have a “back door” into communications and social network services worldwide.
Australia has a history of attempting to control online content. In 2012, a proposal was made to “filter the Internet” of content that was considered illegal. Though it was eventually dropped by the previous Labour government, it set in motion debate surrounding how much control governmental bodies should have over the public’s private Internet use.
This time around, however, it’s not Internet content at the centre of the plan. Rather, it’s the metadata; or the data that describes content and user activities. But what exactly is metadata, and why is the government’s plan to retain it so controversial?
The difference between metadata and content
Metadata is used to describe the data that is associated with various forms of content – it’s the data that describes the data. If you upload a song to a cloud storage service, information like when you uploaded it (date and time), your computer’s Internet address, the size of the file and the type of web browser you are using are all examples of metadata. The file itself is the actual data or content. ISPs (Internet Service Providers) can capture this, and, if the data retention laws are approved, be compelled to store and hand over metadata for investigative purposes.
Metadata retention not without problems
Since the announcement, opponents of the plan have voiced concerns that the cost, in terms of infrastructure and privacy intrusion, outweigh the perceived benefits of crime prevention and national security.
Firstly, there is the practicality of being able to store the billions of pieces of data that we generate every year. For a large communications provider the cost to manage and store the data could easily run into the tens of millions every year (iiNet estimates $60 million a year).
Assistant Professor for the School of Law at University of Canberra, Bruce Baer Arnold, says the Australian government can learn from the experience in Europe, where courts and data protection agencies have rejected mandatory retention of bulk metadata.
“Access to ‘content’, such as web browsing history, will require a warrant, but it appears that access to metadata will be given without a warrant: a fundamental erosion of accountability but very convenient for law enforcement and national security agencies,” Baer Arnold says.
Arnold is also concerned about the possibility of lax access to the metadata among all government departments, not just agencies tasked with law enforcement.
“We should not all be regarded as suspects of terrorism or a meaninglessly broad category of ‘general crime’,” he says.
Drawing a line between metadata and content is also proving to be a contentious issue in regards to the proposed legislation. Though the government has indicated web browsing history is not metadata, a recent Sky News interview saw Attorney-General George Brandis struggling to clearly articulate whether or not websites fall under the broader metadata umbrella.
Metadata, content and presumption of innocence
Data retention laws were rejected in Europe on the basis they disregarded rights contained in the EU’s Charter of Fundamental Rights. These include the rights to privacy, data protection and freedom of expression.
Despite advocacy on behalf of pro-surveillance groups, Human Rights Commissioners in Australia also agree that metadata retention – and the subsequent access by security agencies – could threaten the presumption of innocence for ordinary Australians.
In an interview with the ABC last month, Human Rights Commissioner Tim Wilson said: “We all want a free society, we all want a safe society [but] there is a risk [metadata retention] may amount to treating people as though they are guilty until they are proven innocent.”
Independent senator Nick Xenophon questions the effectiveness of the plan, which is aimed at thwarting crime and terrorism. Is a distinct lack of limitations to how our personal data is accessed by national agencies necessary in the fight against crime?
Earlier this year a US government advisory panel reported it was unaware of any instance where the National Security Agency (NSA) successfully discovered a previously unknown terrorist plot resulting from phone metadata collection. According to the advisory panel, there was only one instance in the past seven years where the program identified an unknown terrorism suspect.
The new metadata retention bill is scheduled to go before parliament later this year.