Charles Gutjahr

Melbourne, Australia

This metadata law doesn't cross the line, but beware the one that does

The new metadata law 1 was passed in the Senate today, and there has been an uproar of anger in my group of friends.

That’s the wrong reaction. Not because this is a good law — I think it’s a pretty stupid law, especially because there’s [no evidence that metadata retention counters terrorism or helps law enforcement][0]. No, I think it’s the wrong reaction because there’s much worse to get angry about. The problem is not that phone companies and ISPs will track what we do; the problem is that so many other groups already do that… and they’re beyond the reach of this law.

Private companies already [track us wherever we go on the internet][1] and they [keep more of our data than they should][2]. They even track us when we’re [walking through shopping centres][3]. Spy agencies [deliberately undermine our security][4] and largely ignore the laws we’re all subject to because they have their own laws so broad that they have a “[blank cheque to carry out whatever activities they deem necessary][5]”. Professional criminals [steal our data to commit fraud in our names][6]. Where do they steal that data from? All those repositories of data so many groups have on us.

What we need is not protection from our government, but protection from all of the above. The problem is that so many of those groups operate beyond Australian law, or any law, and so nothing our Parliament does will make much of a difference.

The best way to combat this mass surveillance of our technology is, in fact, better technology. New products and services are harder to spy on than before. A few years ago it was trivially easy for someone to spy on the messages you sent from your phone; now [end-to-end encryption][7] on iPhones makes it very difficult — though that security [could possibly be circumvented][8], my guess is that it’s so difficult that spying on messages between iPhones has probably largely stopped.

What we need to do now is to decide where we will draw the line on future laws.

The technologies being introduced into smartphones and other devices to protect us from a wide range of threats will also make this metadata retention law increasingly irrelevant. Once the law becomes a complete farce it will either need to be dropped, or our right to circumvent it would need to be taken away.

That’s the line which we should not let Australia cross: forcing us to use technologies that cannot be secured against spies and foreign companies who don’t adhere to our laws. I’m not particularly concerned about the current law because it doesn’t increase our risk very much. But if ever the law changes to prevent us doing everything we can to protect ourselves and secure our data, then I’ll be out on the streets protesting it as loudly as anyone else…

  1. Formally known as the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015
    </li> </ol>
    [0]: http://www.crikey.com.au/2015/02/05/officials-admit-we-cant-justify-data-retention/ [1]: http://edition.cnn.com/2013/11/20/opinion/schneier-stalker-economy/index.html [2]: http://www.computerworld.com/article/2474851/android-google-knows-nearly-every-wi-fi-password-in-the-world.html [3]: http://www.abc.net.au/news/2013-08-29/use-of-phone-tracking-tech-in-shopping-centres-set-to-increase/4923298 [4]: https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security [5]: https://www.theguardian.com/us-news/2015/mar/12/uk-surveillance-laws-need-total-overhaul-says-landmark-report-edward-snowden [6]: https://www.schneier.com/blog/archives/2005/04/mitigating_iden.html [7]: https://www.apple.com/au/privacy/privacy-built-in/ [8]: https://daringfireball.net/2013/10/imessage_encryption

Charles Gutjahr

I'm a web application developer, occasional photographer and full-time nerd. This is my blog.