Data retention — what it is and why it’s bad
Wednesday, July 30, 2014/
With the Australian government “actively considering” data retention, and Australian Security Intelligence Organisation chief David Irvine telling a Senate committee that it is crucial to intelligence-gathering and that Australians have nothing to fear from it, it’s time for a clarifier on exactly what data retention is and the concerns it raises.
What is data retention?
The compulsory retention of information about a citizen’s telecommunications and online usage, either by telcos and internet service providers themselves or by a government agency, so that law enforcement and intelligence agencies can use it to investigate crime and national security threats.
What sort of data?
Depends. The European Union scheme (now ruled illegal) was limited to telecommunications metadata — whom you called and when, duration of call, location, and the account linked to a particular IP address. The previous Australian government cited the EU model as what it had in mind when it invited a parliamentary inquiry into the idea in 2012. However, some individual countries (like Denmark) went further than the EU directive and included web browsing history. Most Australian agencies officially only want metadata, not content data (like browsing history and email contents), but some agencies and police forces want the lot. Some things, like email subject lines, could arguably be either metadata or content data. The definition of what data will be subject to a data retention regime is thus crucial.
What would it cost?
In evidence to the Joint Committee on Intelligence and Security that considered the issue in 2012, iiNet said it might cost $5 a month for every customer to store data. That, in effect, is a $60 a year surveillance tax on every household. iiNet has recently significantly increased its estimate of the likely cost to $130 a year. Remember, both companies and government agencies will not merely need to store this data, but ensure it is stored safely — the vast trove of personal data that data retention will produce will be immensely attractive to criminals (and online activists looking to demonstrate how unsafe it is — in 2012, Anonymous hackers released customer data obtained from AAPT to protest the then-government’s data retention proposal).
What happens currently?
Traditionally, telcos have retained phone records because that was how they billed you. But there is decreasing need for specific call-based billing as consumers move to data-based plans. Moreover, companies have no need for metadata beyond the billing cycle, and given there’s a cost to storing such data, they are keeping less of it for the sort of time periods agencies prefer — usually two years. Law enforcement and intelligence agencies call this “going dark” — losing access to phone information of the kind they’ve had for decades.
So what’s the problem — isn’t this just maintaining the status quo?
No. Let’s just focus on phone data. Your mobile phone data includes your location as your phone interacts with nearby phone towers, so in effect it can be used as a tracking device. But more importantly, forget that “it’s just metadata” (or “just billing data”, as the Prime Minister said). A single phone call time and duration won’t tell anyone much about you. But in aggregate, metadata will reveal far more about you than content data.
With automated data-sifting software, agencies can accumulate a record of everyone you have called, everyone they have called, how long you spoke for, the order of the calls, and where you were when you made the call, to build a profile that says far more about you than any solitary overheard phone call or email. It can reveal not just straightforward details such as your friends and acquaintances, but also if you have medical issues, your financial interests, what you’re buying, if you’re having an affair or ended a relationship. Combined with other publicly available information, having a full set of metadata on an individual will tell you far more than much of their content data ever will.
And if you don’t believe us, ask the people who know: the General Counsel for the United States National Security Agency has publicly stated, “metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.” According to the former head of the NSA, Michael Hayden, the US government kills people based on metadata it has accumulated on them. As Edward Snowden says: “You can’t trust what you’re hearing, but you can trust the metadata.”
This article continues on Page 2. Please click below.
Lunchtime singing and awards for failure: The best perks from Australia's most innovative companies Amantha Imber Inventium founder
Your future customers: How to crack the gen Z code Simon Slade Affilorama co-founder
Why you should stand up for your staff (and buy a Porsche 918 Spyder) Ian Whitworth Scene Change co-founder
Why corporate content will send your customers running Luke Buesnel Story League director
How to write the perfect job advertisement Alex Hattingh Employment Hero chief people officer
How to outshine the millions of websites ranking poorly on Google Adam Rowles Inbound Marketing founder