Australia’s Federal Parliament has passed it’s controversial data retention laws, with both major political parties voting in the legislation. The new laws will force telcos to keep records of phone and internet use for two years and allow security agencies access the records.
Telcos already retain the data, however at varying durations in an unregulated environment. Australia’s Attorney-General Senator George Brandis says the legislation – which passed through the senate with 43 votes to 16 – will strike the right balance.
The cost of retaining the information is set to be partly covered by the taxpayer in what the Government described as a “significant” contribution. There are concerns telecommunications companies will pass on the rest of the cost to consumers ::::
The Coalition and Labor have argued the laws were necessary to help authorities in counter-terrorism and serious crime investigations. Both major parties knocked back several amendments put forward by the Greens and concerned crossbenchers during Senate deliberations.
Labor announced last week that it would vote with the Coalition after the two parties agreed to several amendments, including specific protections for the phone and internet records of journalists, in a bid to protect anonymous sources and whistleblowers.
The Greens argued strongly against the law, saying it would entrench “passive, mass surveillance”. Independent Senators Nick Xenophon and David Leyonhjelm had also sought to change the legislation to increase privacy protections.
However Attorney-General George Brandis said the legislation, which passed with 43 votes to 16, would strike the right balance.
“It does contain safeguards that were not there before, it is in the Government’s view, shared I’m pleased to say by the Opposition, a measured and proportionate response,” Senator Brandis said.
The cost of retaining the information is set to be partly covered by the taxpayer in what the Government described as a “significant” contribution. There are concerns telecommunications companies will pass on the rest of the cost to consumers.
Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014
Introduced to Parliament on October 30 and redrafted on the advice of the Joint Committee on Intelligence and Security (which tabled its report on February 27). The legislation will:
- Require telecommunications companies to retain customer’s phone and computer metadata for 2 years
- Define which types of data must be retained, such as phone numbers, length of phone calls, email addresses and the time a message was sent, but not the content of phone calls or emails and explicitly exclude internet browsing
- Detail which agencies are able to access the data
- Give security agencies access to the data when they can make a case that it is “reasonably necessary” to an investigation
- Still require security agencies to obtain a warrant before accessing the actual content of messages or conversations
- Introduce an independent oversight mechanism, allowing the Commonwealth Ombudsman access to agency records, in a bid to boost privacy protections
- Give the Parliamentary Joint Committee on Intelligence and Security oversight of the use of metadata by the AFP and ASIO
- The Government is negotiating with telcos about who will pay for the new system
Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015
Cost of Mandatory Data Retention Yet to be Revealed
The Government is yet to reveal the cost of setting up mandatory data retention. Attorney-General George Brandis said the Government had received a wide range of estimates for set-up costs during talks with the telecommunications industry.
“As to which of those within that diverse range the Government will settle upon as a reasonable estimate of the capital cost across industry and as to the percentage contribution the Government will make to that figure, those are matters currently before the Government, they are a matter of deliberation as part of the budget process,” Senator Brandis said.
Greens senator Scott Ludlam said he was shocked the Government had not provided a figure.
“That is remarkable that you would bring forward a bill without knowing how much it is going to cost or how you are going to evaluate the cost,” Senator Ludlam said. “I cannot recall in my experience the Government putting forward a bill with support from the Opposition that it didn’t know how much it would cost.”
Greens leader Christine Milne also called on the Abbott Government to divulge how much it will pay telecommunications companies to keep records for two years.
“What is the cost? Australians deserve to know how much the Government intends to contribute to the mass surveillance of the Australian population,” Senator Milne said. “How much money are we going to put up to have this surveillance on ourselves? Surely the Parliament deserves an answer to that question.”
What is Metadata, How is it Defined Under The New Australian Law?
Metadata is the information that identifies us via the phone calls we make and our active online lives. When put together it can reveal a detailed picture of an individual’s identity and their relationships. Essentially, it is an electronic x-ray of the when, where, how and to whom we communicate with over our phones and via the internet.
According to Privacy International the amount of data that exists in the digital realm today is about ten times that which existed less than a decade ago. As new technologies come online, the scope of what metadata is grows and that is why defining metadata at any particular point in time is fraught.
Nigel Phair, a former AFP police officer and cybercrime specialist, said even he struggled to define what metadata was.
“I’ve tried to define metadata and I couldn’t, so I started to approach the definition by what metadata isn’t.” Mr Phair said. “The cybercrime act in 2001 lists floppy disks and we haven’t used those for aeons, so the more prescriptive we are with metadata definitions the harder it is to apply the legislation in practice. We don’t know what’s down the track in terms of new digital devices and even artificial intelligence.”
Jon Lawrence from Electronic Frontiers Australia disagrees and says it is necessary to define metadata in the legislation. “In this particular circumstance it’s about the indiscriminate invasion of privacy of all Australians and the scope of the metadata should not be allowed to creep without proper parliamentary oversight,” he said.
Inspector Gavan Segrave from Intelligence and Covert Support Command acknowledged to the Parliamentary Joint Committee on Intelligence and Security that Victoria Police would like to have access to web browsing histories.
It is this type of “scope creep” that concerns Mr Lawrence.
“Without a definition, the scope of metadata would likely increase to include web browsing histories, and I’d consider that to be active content surveillance,” Mr Lawrence said.
What’s not included?
- Web browsing history.
- The body or text of SMS messages.
- The body and subject lines of emails.
- Files attached to emails including photos or documents.
- The audio of phone conversations.
- The audio recordings of online or social media chats.
- Continuous location tracking via mobile devices.
What will be kept for a minimum of two years?
- Incoming caller identification.
- Outgoing caller identification.
- The time, date and duration of the phone call.
- The location of the device at the beginning and the end of the phone call.
- The unique identifier number assigned to a particular mobile phone device.
- The status of a mobile device, for example, if it is lost, stolen or on roaming.
- Information about what features were used on any particular call such as call waiting or call forwarding.
Internet (if these services are provided by an Australian operator)
- Email address.
- The time, date, size and recipients of emails.
- The file type and size of any attachments sent or received with emails.
- Online chat time, date and the identity of those on the chat.
- Details about internet usage including how much bandwidth the internet service provides.
- How many uploads/downloads made and the size of each one.
- Details about what technology enabled each communication i.e. ADSL, wifi, cable internet.
- Account details held by the ISP or telco provider; including when the account was activated or suspended.
Privacy Advocates Concerned Over Agencies Sharing Metadata
Alone, metadata is not particularly useful in solving crime, but when combined with the metadata of the entire population and ran though sophisticated pattern-matching computers – the kind used by intelligence agencies and the AFP – the value of metadata and its capacity increases dramatically.
“Metadata is much more valuable to an investigation than content. We learn much more through an individual’s metadata than we would from their conversations,” Mr Phair said.
And that is what concerns privacy advocates, Internet Society of Australia chief executive Laurie Patton said up until now law enforcement agencies have had to find a way to identify their source, but this legislation would make things much easier for law enforcement while posing great risks to all Australians.
“At the moment metadata is stored in literally hundreds of places because there are hundreds of ISPs and telcos. This bill will require the ISPs and telcos to pull together our metadata creating what is known as a honey pot,” Mr Patton said. “So metadata which was spread across a whole range of servers in various locations will be pulled together and it becomes far more powerful when it can be amassed and subjected to highly sophisticated computer algorithms that have been developed and shared by intelligence agencies round the world.”
The legislation has narrowed the number of agencies who are allowed to access metadata, the list includes, among others, the Australian Federal Police, state police forces, Customs, the Australian Securities and Investments Commission (ASIC) and the Australian Competition and Consumer Commission (ACCC).
Now defined, other issues around how those agencies use and manage metadata will be debated, including the safety of the metadata, its vulnerability to criminal hacks, and how effective independent oversight of the scheme will be. What is not indentified in the legislation is information about how metadata will be used and shared by Australian intelligence agencies and their Five Eyes partners – Canada, New Zealand, the United States and the United Kingdom.
Aussie Spy Agency ‘ASIO’ well pleased by new legislation
Australia’s domestic spy agency says it is “pleased” with the passing of the Government’s data retention legislation, which it has described as “critical”.
“Access to historical communications data is vitally important in ASIO’s effort to identify threats to Australia’s security and keep Australians and Australia’s interests safe,” a spokesman said in a statement. “The legislation will ensure that ASIO is able to keep pace with a rapidly changing communications environment.”
The legislation will require telephone and internet companies to retain Australians’ telephone and internet data for a period of two years.
Approved officers in more than 20 government agencies, including ASIO, the AFP, state police forces, ASIC, and consumer watchdog the ACCC, will be able to authorise access to the information.
The data kept will include the identity of subscribers, the source, time, duration and destination of electronic communications as well as the location of mobile equipment.
Warrants Required for Journalists’
To win the Opposition’s support in Parliament for the controversial plan, the Government agreed to a series of extra safeguards, including requiring warrants for agencies wanting access to journalists’ records. Under the legislation, a “journalist information warrant” will be valid for six months.
The Government has also accepted extra oversight, including the appointment of a public interest advocate to argue against the granting of warrants. Asked if those safeguards would hamper the organisation, ASIO said in its statement that its operations were already subject to oversight.
“ASIO’s work is also highly accountable through a range of external and internal processes,” the statement reads, but does not go into further detail. The organisation’s workings are currently monitored by Australia’s Inspector-General of Intelligence and Security (IGIS).
Late last year, Fairfax media reported that IGIS was seeking to hire five new staff to help it investigate the use of intrusive powers by Australia’s intelligence agencies, including telecommunications intercepts.
In information provided to the ABC after the bill passed the Senate last week, the Government confirmed that a working group which included industry stakeholders, had been set up to help implement the legislation, a process which may take up to two years.
Asked if it feared missing vital information during that time, ASIO responded that it recognised the regime “may take time” to implement.
“ASIO continues to work with all parties within the public and private sectors to provide assurance to the Australian Government, and the public, in regard to national security,” the statement concluded.
PM Says Data Retention Could Cost $400 Million a Year
Prime Minister Tony Abbott revealed in mid February that the cost of the Government’s data retention plan could be as much as $400 million a year, and has warned if it is not passed it would be a form of “unilateral disarmament” in the fight against crime.
Mr Abbott says the Government wanted to force phone and internet companies to store data about calls and connections for two years to help authorities monitor suspected criminals and fight terrorism. The legislation was originally introduced to Parliament last October and referred to Parliament’s Joint Committee on Intelligence and Security.
Concerns remain about how much the move will cost companies — and consumers — and how much the Government will contribute.
“There are a range of figures which have been taken to the joint standing committee, but even at the highest estimate it’s less than 1 per cent of this $40 billion a year and growing sector,” Mr Abbott said. “It seems like a small price to pay to give ourselves the kind of safety and the kind of freedom that people in a country like Australia deserve.”
Australia’s biggest telco, Telstra has warned that the upfront costs of building new systems will be “significant” and wants taxpayer compensation.
Communications Alliance spokesman John Stanton said the industry was waiting to find out how much of the cost would be covered by taxpayers.
“It still amounts to a very significant cost and impost that needs to be paid,” Mr Stanton said. “The Government has so far said that it will make a reasonable contribution.. so there’s a great deal of interest to see how much of the total burden the Government proposes to contribute.”
Mr Abbott warned there would be an “explosion in unsolved crimes” unless the legislation was passed.
“If we don’t get it, it will be a form of unilateral disarmament in the face of criminals and the price of that is very, very high indeed,” Mr Abbott said. “There’s been the benefit of the doubt at our borders, the benefit of the doubt for residency, the benefit of the doubt for citizenship and the benefit of the doubt at Centrelink and in the courts.”
From other news sites:
RELATED! Telstra Warns Data Storage Plan Will Attract Hackers
Telstra said an unintended consequence of the plan would be the creation of many highly attractive targets for hackers.
The Federal Government has cited national security as one of the reasons for its plan to force telcos and internet companies to store customer metadata for two years.
A parliamentary committee investigating the bills also heard concerns from Australia’s intelligence agency watchdog that ASIO could keep metadata indefinitely.
Under the metadata retention scheme, Telstra, and all other national telcos and internet companies, would be forced to store customer metadata for two years.
Telstra said the data would be kept in a database, ready to be given to law enforcement on request :: Read the full article »»»»
UNRELATED! Malware Bundled in Popular µTorrent WILL Destroy Your Computer
More than 100 million users of the trusted torrent platform are at serious risk of having their laptops and PCs literally destroyed. T
Bundled with the latest install of the free software is a program called Epic Scale leeching your laptop’s resources in secret.
Epic Scale is a currency miner that generates revenue for its creators, though it publicly sells itself on being a completely philanthropic venture :: Read the full article »»»»
REBLOG! US Charge 3 Men Over Largest Ever Cyber-crime
The incident was the largest known data breach of names and email addresses on record.
Indictments in the case accuse two Vietnamese nationals of hacking into at least eight major email services from February 2009 to June 2012 and stealing the email addresses that were then used for various spam and marketing schemes.
The scheme netted at least $US2 million from the marketing of various products and services, according to the US Justice Department.
Those charged with hacking were Viet Quoc Nguyen, 28, and Giang Hoang Vu, 25, both Vietnamese nationals :: Read the full article »»»»
UNRELATED! Tech Giants Scramble to Fix ‘Freak’
As Google, Apple and Microsoft scramble to patch a long missed security flaw it might be timely to remember how we got here. Way back at the latter end of the last century – the 1990s, when Netscape browser was all the rage and – SSL (Secure Socket Layer) encryption was brand-spanking-new, the U.S. government wanted control over export of “weapons grade” encryption.
Its theory was that domestic communications could benefit from stronger, 128-bit encryption, but ‘backdoors’ should be available to U.S. intelligence and law enforcement when it came to foreign communications, the concept of weaker, “export grade” encryption was born.
Turns out that this theory and it’s legacy backdoor, a vulnerability that we’ve come to know in recent days as ‘FREAK’ still exists in up to 30 percent of U.S. web servers. It’s a sad example of how zombie-security from the era that gave us grunge can come back and bite us on the posterior.
Meanwhile, Apple and Google are saying they’ve developed fixes/patches – though we note Apple has yet to deploy – to mitigate the ‘Freak’ security flaw. Initially thought to be immune, Microsoft released an advisory which warned hundreds of millions of Windows PC users are also vulnerable to the security vulnerability :: Read the full article »»»»
UPDATED! PRISM: Data Mining
The Guardian’s revelations that our privacy is no longer our own has caused huge public outcry, the tinfoil-hat brigade is in a furore, normal folk have become concerned at what governments are peering at, and most importantly the nefarious are sat back gobsmacked. PRISM, if your at all shocked that such government devices exist, your naive; if your angry, then your possibly delusional.
RANT WARNING! Our freedom, our ability to stroll the streets or fly the airways, is almost entirely reliant on a – very real – war on terrorism. As news flashes across our television sets – Syria – and our soldiers return from the fronts of war – Afghanistan – we perhaps need to pause and consider what price that freedom has cost. If we aren’t thankful that we weren’t one of the 3 thousand troops who gave their lives in the name of democracy in Afghanistan then perhaps we’ve become disconnected.
Exagerated outcries like, “Even if your not doing anything wrong, your being watched.” aren’t helpful
The graphic images of war and death beamed to us by television networks isn’t an example of what we face, it’s what we face. And what privacies have we given up – in order that our streets don’t look like a Boston Bombing – someone reading our emails, a government employee checking over our social media posts or an analyst trawling though our text messages, again, what have you lost? Certainly not your life – unlike the 3000 lives lost on September 11 2001, you can surely be thankful that you weren’t one of the 20,0000 patriots who were wounded in the line of duty, defending our freedom to like on Facebook and plus on Google.
No, it seems that the cost of surveillance on the general population is naught! Unless of course you have something to hide, or wear a tinfoil-hat. While I don’t disagree that The Guardian has done a splendid job revealing PRISM, and presenting the world with another anti-espionage proponent –Edward Snowden – what have they truly given us, a safer community, more freedom? This author thinks not. Truth and lies, are very personal, we tend to take a lack of trust – or being lied to – as an infringement on our own integrity. Being deceived isn’t what this is about, it’s much much bigger than our individual integrity, it’s about our safety as a society :: Read the full article »»»»
MORE :: Cyber Crime
The material in this communication is subject to copyright under the Copyright Regulations Act – Commonwealth of Australia – Any copying or communication of this material is subject of copyright protection under the Act.