By now, the chorus of indignation in response to the government’s proposed rules around the collection of metadata is well established. But is this reaction warranted? On balance, it is not. While we must always be vigilant about our personal freedoms and potential government encroachment, this latest episode of Big Brother hand-wringing has been overblown and heedless of some basic realities of the digital lives most of us live.
The fact is that metadata is everywhere. We shed it like digital dander containing our personal DNA as we go online, use our smartphones, and send and receive emails. Every digital step we take — and for most people that is countless steps every day — creates it.
This digital dander is hoovered up by telecommunications companies, internet service providers and large offshore multinationals. After the multinationals ship it offshore, unidentified, unregulated marketers and engineers use it in unfettered ways for who-knows-what purposes (usually to market goods to us). There is no audit trail, no accountability and absolutely no oversight by any government.
For the most part, this hoovering gets only minimal attention. There was some press when it became publicly known that Apple iPhones were tracking every step users made and a bit more muted commentary when Google changed its privacy policy to allow the tech giant to aggregate data across its 40+ “free” services. An Android smartphone user who accesses Gmail has his data cross-referenced with Google maps, Google searches and so on and so forth. The creation of an ever more detailed data file on each individual user — arguably the most comprehensive data set held by a private company about private citizens in history — elicited scarcely a whimper from civil liberties groups.
“It is the sheer breadth and audacity of the private sector’s collection of data that should give us pause before we rush to the barricades in protest of the federal government’s proposal.”
Still, it can be argued that there is a difference between a private company taking your data and a government doing so, as the government has the power to charge, compel and prosecute. Fair enough. In the current case, is the government justified in wanting this data? The answer hinges on law enforcement. Just as our lives have moved online, so has crime and a range of illegal activity. Solving many serious and heinous crimes now revolve around digital evidence, often located based on the patchwork quilt of metadata.
It is the sheer breadth and audacity of the private sector’s collection of data that should give us pause before we rush to the barricades in protest of the federal government’s far more modest proposal. According to what we’ve learned, the federal government plans to compel Australian telecommunications companies and ISPs to retain a small subset of metadata for a period of two years so that police agencies and ASIO, if the need arises, can apply for those records in order to investigate serious criminal offences and attacks on Australian society.
But what is this metadata? Is it the sort of personal material gobbled up by private sector players? Hardly. Communications Minister Malcolm Turnbull has given the most clarity to this debate we’ve seen in the past four years from either side of government (remember, it was Labor that first proposed this, so it’s bi-partisan): the government is seeking phone call records be retained (telcos generate these for billing purposes anyway), as well as our dynamically allocated IP numbers when we go online. These numbers are assigned to us each time to use the internet and are required to track back to a user at the time. On any day several people may be allocated the same number, so it is critical, to protect the rights of innocent people, that the right subscriber is tied to a possible offence. It is, in essence, a living white pages phone book, retained for two years, in case a piece of our technology is implicated in a crime. Just to emphasise the point: metadata need not be only incriminatory, it can be exculpatory as well, meaning that having a system in place that can properly collect and assess this data serves all our interests.
That said, we must ensure that the system won’t be abused. First, the number of agencies who can access this type of data must drop. Second, the offences for which this kind of data can be sought needs to be narrow. And lastly, while the government has good grounds for demanding the retention of such information for two years, it should also mandate its destruction at that time unless there is a genuinely sound reason for keeping it.
The future is likely to produce a lot more digital dander, and only considered and prudent planning will make that future one in which the right to privacy and the public good are balanced.
Alastair McGibbon does not cite any evidence, let alone rigorous evidence, to show that counter-terrorism and law enforcement efforts would be significantly improved by the proposed data retention scheme. Bernard Keane reports that in the EU a similar data retention scheme has had a negligible impact on crime clearance rates. In a recent White House panel review the national security agencies of the United States could not even point to a single case of metadata thwarting a terrorist attack. I’d like to see solid evidence of a major upside to the proposed metadata retention before we agree to the major downside of twenty-three millions Australians having complete metadatasets compiled about them.
I am unconvinced by the argument that since the private sector is cavalier about people’s privacy, the people should be cavalier about ceding privacy to the government as well. People voluntarily use the services of Facebook and Google and Apple. The proposed scheme would not be voluntary.
It is wrong to assert that the proposed scheme is not significantly different from the metadata currently collected. Telcos and ISPs generate metadata for billing purposes but this means they hold it for a brief period, not two whole years. Nor is it true that all ISPs retain IP addresses. The proposed scheme would be a very big deal and a major change from the current practice of ISPs.
McGibbon ignores the financial cost of the additional burdens that would be imposed by data retention. He doesn’t explain why consumers should pay an extra ten dollars a week to their telco or ISP for the privilege of having their privacy infringed, all for the sake of a government determined to reduce by a tiny degree the already tiny risk of Australians being killed by terrorism.
McGibbon doesn’t address the risk of the metadata being abused. In the history of humankind, has there even been an occasion when a powerful tool, once acquired, wasn’t extended to areas beyond its original remit? Bernard Keane points out how valuable a two year trove of metadata would be to employers in both the public and private sectors who wish to track down and punish whistleblowers. And how valuable such a dataset would be to litigants who would like to embarrass or intimidate their critics. I don’t share McGibbon’s trust in the virtuous restraint of the powerful. I’d like to hear the basis for his faith.
What has changed in our constitutional arrangements to prevent a repeat of the injustices endured by Mamdouh Habib and Mohammad Haneef? Has our government’s approach to terrorism become less hysterical, less dishonest, and less politically self-serving since those episodes?
That’s the ‘everyone’s doing it so why can’t we’ argument, which is weak. No where did you address the apparent lack evidence supporting the notion that collecting meta data prevents any terrorist attacks, which is why they want these laws in the first place. I don’t want private companies nor government collecting any data about me unless I actively consent to it, or there is evidence I’ve committed a crime. Anything less is an unnecessary invasion of my right to privacy. It seems as though Tony Abbott’s ‘small government’ only applies to economics, while ‘big government’ seems very much the go in imposing their conservative and draconian social agenda upon us. No thanks!
Have I accidentally stumbled onto a News Corp Australia website? No. Then what is this bullshit doing on Crikey? A flat-earther tomorrow?
Oh FFS Crikey.
When the first comment (thank you Nicholas) leaves the original writer looking as clueful as a post turtle, you’re not doing the “balance” thing very well.
What’s up next? Meryl Dorney on the dangers of vaccination?
Can we have an article tomorrow titled “Don’t listen to Alastair MacGibbon”.