Surviving data retention: What you need to know
Article written 13th October 2015 by Claire Reilly | CNET
Every Australian with a mobile phone or an Internet connection is now having their digital activity recorded. As the government’s new data retention laws come into effect, we give you the run down on what it means and how you can maintain your privacy.
When data retention laws passed in March 2015, implementation seemed a long way off. But just like that awful leopard-print jacket you bought on eBay, it’s finally here, along with that sinking feeling that it could have been a terrible move.
What is metadata?
Metadata is essentially the information that accompanies the content of a digital message. This might be the timestamp on a text message, or the cell tower that you’re mobile pings when you make a phone call.
What do the laws require?
Essentially ISPs and telcos will be required to retain particular data points for all their subscribers for a minimum of two years. This includes the name and address of a subscriber to a telco service; the source and destination of communications; the date, time and duration of a communication; the type of communication or service used for connection (think SMS or Wi-Fi); and the location of equipment (such as cell towers) used to make the communication.
The laws don’t apply to services provided through internal networks not available to the general public (such as company or university networks) or ‘single place’ services such as Wi-Fi in cafes.
Why does the Government want your data?
The debate began on national security grounds, with politicians saying data retention would help police combat terrorism. The police and Australia’s top security agency ASIO took a similar line, but also argued that data access could be used to target and could be used in civil cases (though the AFP backtracked on saying metadata could be used to find pirates.
They also argued that the laws maintained the status quo, and that police would not get access to new data.
Under the radar, over the top
Get a VPN
A VPN is essentially a way to mask your location online.
While data retention laws and the recent iiNet v Dallas Buyers Club case have seen VPN use spike, using a virtual private network is also a good idea if you use public Wi-Fi frequently or you want to stay secure online.
Factors to consider are device compatibility, the location of the provider’s servers and their policies on logging user activity. There are also free VPN providers, but it’s worth bearing in mind what you might be trading off for free access.
Just before the data retention laws were passed in March, then-Communications Minister Malcolm Turnbull revealed he thought traditional SMS was “insecure” and instead used secure messaging apps such as Wickr.
Communications carried “over the top” of a traditional Internet connection are not subject to the laws, so ISPs and telcos don’t have to store metadata relating to a range of apps. These include over-the-top services like iMessage, WhatsApp and even Snapchat.
Just like messaging apps such as Wickr and WhatsApp, VoIP calls are sent via internet connection, so ISPs aren’t required to log call times, or caller/recipient details. As a result, apps such as FaceTime and Skype will keep you out of the metadata net. This includes TechPatrol’s hosted VoIP solution.
The Australian Pirate Party has also put together a good how-to guide on maintaining your digital privacy, broken down by device type, with step-by-step instructions care of the Electronic Frontier Foundation.