An Overview: Data Retention Practices in Australia
[Update: New NordVPN Servers added in Perth #AU16-18]
In 2015, Australia joined the ranks of mass surveillance states by introducing a mandatory data retention law . The law requires telecommunication providers and ISPs to record and store telephony, Internet and email metadata for two years.
Although metadata does not include the actual communication contents, it still provides an alarming amount of information about the communicating parties. According to the Australian law, service providers must retain the following data:
- Name, address and billing information
- Source of the communication (phone number, IP address, email address etc.)
- Destination of the communication
- Date, time and duration of the communication
- Type of the communication and relevant service (SMS, Wi Fi, etc.)
- Location of equipment used in connection with the communication
- Download and upload volumes
In fact, metadata contains so many bits of information that, when linked together, they can tell a complete story. Tracking the location of a phone every time it connects to the internet is enough to establish where the owner of the phone lives, works and likes to have lunch. Family members and coworkers, gym memberships, trips out of town – everything can be traced back to a single phone call, before we even consider the wealth of information provided by emails and browsing history (which is not mandatory, but some ISPs still retain it).
According to the law, the Attorney-General has broad discretion on which agencies are allowed to access metadata. The current list comprises 21 organizations, including the state police forces, the Australian Security Intelligence Organisation, the Australian Crime Commission and even a number of private agencies.
Even more worryingly, no warrant is required to access the retained data, except for the data of journalists. As a matter of fact, many other countries with data retention regimes have safeguarded the communications of journalists, but Australia failed to do that and seems to be using this clause for cracking down on whistleblowers .
Unsurprisingly, the law has faced opposition from various groups, including the Australian Human Rights Commission, Australian Lawyers for Human Rights, the Law Council of Australia, the Australian Privacy Foundation and more. The concerns they have raised are related both to privacy rights and to the practicalities of implementing the scheme.
Preparation for compliance with the legislation will cost AUD$128.4 million and will have to be funded by taxpayers in the form of government grants to service providers. Other points of dispute include the breeches of privacy and free expression, the unusually long duration of retention and unspecified minimum requirements for security of the data.
It must be noted that it is not illegal for Australians to avoid metadata being collected, and there are ways to do that. People concerned about their internet use being recorded have an effective protection – virtual private networks (VPN). A VPN service, such as NordVPN , will reroute all internet traffic through an encrypted tunnel, hiding it from prying eyes. Besides, NordVPN keeps no logs of its customers’ activities, which means it cannot supply any data to the authorities.