Data Retention in Australia

What is Metadata and what is the Data Retention Law?

Australian residents will no longer be able to exercise their right to privacy online starting Tuesday, October 13. The data retention bill, which was passed in March, 2015 will now be enforced. All the metadata recorded when you use your mobile or landline phone, send or receive text messages, download or upload anything, send emails or browse the web will be retained by different Australian phone and internet providers for two years. The data will be monitored and could be accessed by 2500 appointed offices across 21 Australian agencies – warrant free.

UPDATED (10/16/2015)  : NordVPN has Seven (7) Servers in Australia to help avoid Metadata

The main issue with the new law is that in two years the data compiled can reveal so much that it becomes a security threat itself. The content of your online activities is not as important as your online habits, preference patterns in combination with your personal details. That type of information if very valuable. If any of the companies (ISPS + Telcos) or government agencies (20+) mishandle internet user information – the cybersecurity breach could become a huge and costly fiasco.  With so many stakeholders involved – the likelihood of mishandled data is quite high.

Even if people try to petition their ISPs to boycott this legislation, it is highly unlikely that their ISPs and Telcos would put up a fight, as the government will be imposing a hefty fine of $2 million on any ISP or Telco that does not comply with the new regulations. The only recourse for those who believe they might be targeted will be after the fact, by contacting the office of the Ombundsman – however the proof might be hard to come by.

UPDATED (10/18/2015) Reports show 8 out of 10 telcos and ISPs not prepared for new law. Reports of confusion and uncertainty of what is required of the new guardians of your data is worrisome.  

 More Worrying Points of Legislation, that are are cause for concern:

• The legislature does not provision for all your web activity to be monitored all the time. However, ISPs can initiate storage of ‘additional elements’ at their own discretion.
• Internet carriers that service free hotspots will too have to report metadata activity.
• You are not given notice and consent options for the use of your metadata. The uses of metadata (other than national security threat monitoring) are not spelled out.
• If your ‘digital footprint’ raises suspicion after examination, the collected evidence may be grounds for a digital surveillance or phone tap warrant to be issued.

Ways to avoid Metadata Retention:

Get a VPN

A VPN encrypts your data through a secure tunnel before accessing the internet – this protects any sensitive information about your location by hiding your IP address. Virtual Private Networks connects you to the internet through an alternative path than your ISP. The only information visible to them is that you are connected to a VPN server and nothing more. All other information is encrypted by the VPN’s protocol. This is handy when you don’t want your real IP traced back to you.

Connect via Proxy

All packets exchanged between the internet and your device go through a remote machine used to connect to the host server. The IP address of the proxy server appears to be that of a remote machine, which enables the user to hide their true IP address. However, web proxy does not encrypted your traffic.

SOCKS5 Proxy for Torrenting and P2P

SOCKS5 is an internet protocol which routes packets between a server and a client using a proxy server.  To put it simply – your data is routed through proxy server that generates an arbitrary IP address before you reach your destination. It is a good option for torrenting or P2P, but not web-browsing.

Use Skype for communication

Skype is a communication service with servers located in Estonia, which means they do not have to comply with Australian Data Retention Laws. If you connect to use is while using a proxy or a VPN – your conversation data will stay anonymous.

Use offshore Email Account

There a number of email services that are not based in Australia. Even Gmail is an option to avoid the Australia’s Data Retention Laws. However, be mindful of other online data retention and sharing programs out there – pay attention to their privacy policy and the country they are based in.

Tor Network

Tor Network is a privacy network is designed to hide information of which computer actually requested the traffic. Routing traffic through different nodes, it makes it difficult to say whether your computer initiated the connection or it may just be acting as a relay, relaying that encrypted traffic to another Tor node.