Australia’s mandatory data retention scheme comes into effect on April 13, 2017, with service providers required to collect and retain their customers’ Internet usage metadata. Although service providers had to begin retaining users’ data on October 13, 2015, those with special implementation plans approved by the Attorney General’s Department (AGD) could take until April 12, 2017.
As the scheme takes effect, privacy advocate group Digital Rights Watch is calling on all Australians to hide the trail they leave behind online by using a VPN.
Former Australian prime minister Tony Abbott once described metadata as the information “on the front of the envelope”, rather than what was inside the envelope. Essentially, that’s correct. Metadata includes names, addresses, phone numbers, sources and destinations of each communications, and so on.
However, metadata contains so many pieces of information that they can tell a complete story if linked together. For instance, tracking the location of a phone every time it connects to the internet is enough to establish where the owner of the phone lives, works and likes to have lunch.
The project has been highly criticized by service providers, who call it an expensive liability, and by privacy groups, who say it is an unjustified interference with the lives of citizens. While the law mandates that the security of the retained data must be ensured, it leaves the choice of encryption method, as well as the storage location, up to the individual service providers. As a result, personal data of millions of Australian citizens will be kept in vast, not necessarily well encrypted databases, posing a major security and privacy threat.
Furthermore, the Australian government recently launched a review into whether to allow the retained data to be used in civil cases, rather than just investigations related to terrorism. This could potentially mean the data could be used in divorce cases, which again caused sharp criticism–this time from law experts.
That’s why the privacy advocate group started the initiative of the National Get a VPN Day, claiming that they were “calling upon Australian citizens to educate themselves about the scale of this surveillance and take precautions accordingly.”
In fact, many Australians have already done it. NordVPN saw a staggering 300% increase in users from Australia when the controversial law was passed, and with good reason. Connecting to a VPN server makes user’s IP address and any data they transfer online invisible to any third party, including their own internet service provider. It reroutes user’s Internet traffic through an encrypted tunnel, making it impossible to intercept or decipher.
Besides, NordVPN keeps no logs of its customers’ activities, which means it cannot supply any data to the authorities, even if required.