Avoiding data retention will be as easy as eating a burger

Senator Scott Ludlam unpicks the gaps in Oz data retention law

A handy line of questioning by Greens Senator Scott Ludlam has outlined the biggest shortcoming of the Attorney-General's Department's artificial distinction between “metadata” and “content”, while also giving those who wish their online activities to be harder to track handy hints on how to circumvent the planned retention regime.

In short, everything that will be recorded is all data, all the way down.

The distinction that “metadata is just the name and address on the envelope” (and that your content would remain private) was coined to quell discontent about other countries' data retention regimes, and is meaningless in the Internet age.

Getting that point across is important, because if citizens understand that in spite of political reassurance they are being snooped on, it might destroy their sanguine attitudes about being “protected from terrorists and child pornographers”.

Hence the importance of the exchange captured in video at the end of this story.

What Ludlam did was not, as excited the Twitterverse, to demonstrate that the mandarins of Australia's Attorney-General's Department are clueless. They aren't: for a start, the people Tweeted as being clueless have convinced successive governments led by both major parties that “metadata is not content”.

In doing so they've brought four Attorneys-General along for the ride: Robert McClelland, Nicola Roxon and Mark Dreyfuss of the ALP as well as George Brandis of the Liberal party.

Ludlam's accomplishment was to highlight the meaninglessness of the metadata/content distinction with examples everyone can grasp:

  • If you log into your home broadband router and send an e-mail, “metadata” (such as the recipient of an e-mail you send) will be captured;
  • If you log into a friend's broadband router, the same information will be collected (associated with your friend's router's IP address);
  • If you use Gmail from either of those two, the metadata store will reveal your contact with Gmail (HTTPS should hide the rest of the session;
  • If you use a university WiFi network, or a hotspot in a cafe, your metadata won't be stored. That's because in both cases, any obligation ends at the customer (University or cafe) and its relationship with the carrier (AArnet or someone like Telstra).

That last point is important: Ludlam was able to extract admissions that individuals' online activities conducted in a burger chain, internet cafe or on a university campus will be very hard to identify. That's because burger joints, cafes or universities are not, at least in the current retention bill, obliged to record the details of individual users' sessions. The carrier that provides a cafe or university with service is required to record all traffic, but just how one goes through those records to figure out that Joe Bloggs visited a particular McDonalds and did something of interest to investigators is anyone's guess.

Ludlam's point is that there's therefore a hole in the "metadata is so important for security and crime-fighting" argument because the Bill can obviously and easily be circumvented.

Senator Ludlam is to be applauded for highlighting this, and for doing so in such a way that the Department's discomfiture made people willing to share the video.

The problems he's highlighted have existed in the data retention regime since before the current government came to power.

As former opposition leader Kim Beazley is reputed to have said: when you explain something so many times you think “if I have to say this again I'll vomit”, that's when the public is just starting to get it.

Ludlam's populist skill, turning the driest technical detail of the data retention debate into a maybe-viral video, is impressive. ®

Youtube Video

Sponsored: Becoming a Pragmatic Security Leader

Biting the hand that feeds IT © 1998–2019