AusCERT 2015: Data retention is bad news for citizens

Justin Clacherty is on the leadership team of Future Wise Australia, a “fiercely non-partisan organisation focused on policy advocacy and research in technology, health, and education.

"What’s metadata? Interestingly, it doesn’t even appear in the act. It’s a made up term’” says Clacherty

Clacherty says we’re better off simply using the term data and simply saying what is actually being collected. The data is being collected as a result of the recently passed Telecommunications (Interception and Access) Amendment (Data Retention) Act.

“It’s a social engineer’s dream’” he says. The data can be used to create a map of a person’s movements, connectivity patterns, communications patterns and other personal information. Clacherty noted that despite Attorney General Brandis saying the data would only be used for investigations into serious crime, comments made by the Australian Federal Police and Communications Minister Malcolm Turnbull saying it might be used in other crimes and, potentially, civil matters.

Also, Clacherty says, the ability for the Attorney General to declare something as a “Special Intelligence Operation” means journalist could be caught up and prosecuted even without knowing they were reporting on such a matter, as it was a secret.

In painting a real doom and gloom picture, Clacherty said it’s possible professionals such as penetration testers and even police aren’t protected.

One of the arguments made by the Australian Government, according to Clacherty, is other countries are doing the same thing. But he argued this isn’t true as many countries either have much shorter retention periods or are unwinding their retention laws completely.

“You can not opt out of telephone retention laws,” he says. Even if you use a VPN, cell towers allow users to have their location tracked and home users have service connected through fixed addresses.

Securing this data is also a significant concern with the breadth of access far greater than we are being lead to believe.

"I know only specific agencies have access to that data but those agencies are quite large. And they’re not even storing the data’” says Clacherty.

Future Wise, according to Clacherty, is not against surveillance where it’s appropriate. But they are unhappy with the laws that have been passed without adequate evidence or scrutiny that they will actually solve the problems government claims need solving.

Clacherty says the process prior to the introduction was deeply flawed with “a law enforcement submission that had absolutely nothing to support the fact. In at their report, it said blah, blah, blah, blah, blah, these people said this, this agency says this - we’ll go with the law enforcement agency”.

"A law like this needs to be both necessary and proportionate. They haven’t shown it’s necessary and it’s centennially not proportionate," he says citing reports from the UNHCR and Office of the Australian Information Commissioner.

Despite assurances by the government that all this data is already available, ISPs such as Telstra have said they will need to create the data they will be obligated to retain. This is inconsistent with the government’s position that the data is already available and the legislation simply formalises the process.

Clacherty also raised a view smaller ISPs may be forced out of business as a result of the costs involved with establishing and operating the retention scheme.

There are a number of knock-on effects to the new law. Clacherty says journalists are already seeing sources less forthcoming with in-person meetings greatly preferred to phone or email communications. The relationship between this law and others has some interesting effects such as the conflict between protection for whistleblowers and the previously mentioned declarations of “Special Intelligence Operation” meaning metadata from journalists potentially used to stifle open government and criticism.

The requirement to delete data is not adequately covered in the law and a lack of judicial oversight is of significant concern according to Clacherty.

"The internet has been around for 40 years. There’s no excuse for politicians to not understand this stuff’” he says.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags Justin ClachertyUNHCRAustralian Federal PoliceMatrix#Auscert2015metadatadata retentionAustralian GovernmentTelecommunicationsCSO AustraliaMalcolm TurnbullSpecial Intelligence Operation

More about Australian Federal PoliceCSOEnex TestLabFederal PoliceTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts