There are two clear winners from Labor’s decision to cave in to Tony Abbott’s terrorism and child porn hysteria and wave through Australia’s biggest-ever mass surveillance scheme: criminals and overseas communications providers.
The copyright cartel might count itself a winner as well, although the extent to which that is true now rests with the Attorney-General’s Department and the government’s legislative drafters.
As Crikey has explained ad nauseam, data retention won’t work to improve crime clearance rates. We know that because in several countries overseas both data retention and more far-reaching surveillance schemes have been demonstrated not to help the cause of fighting crime and terrorism. But why will crooks and terrorists benefit from data retention? Data retention will generate tens of petabytes of data. The problem with more data available to authorities is that, inevitably, it will lead to more “false positives” — potential leads for investigators and counter-terrorism agencies that require investigation, but which turn out to be dead ends (although, in one case, not before an academic spent three weeks behind bars after his family was held at gunpoint). For a resource-constrained agency, investigations that lead nowhere are a misallocation of precious time, money and staff that could be better directed at pursuing real perpetrators. Just ask the Danish police, who complained of being overwhelmed with information from the Danish data retention scheme.
The other big winners will be foreign companies that offer encryption, anonymisation and ephemeral message services. VPN companies in particular must be delighted with the imposition of data retention, since it will encourage further mass market interest in Australia in their services as Australians decide it’s time they went dark (not to mention enabling them to access US-only media services). But services providers who offer encryption will also benefit — Google, for example, is moving to offer end-to-end encryption on Gmail. Ephemeral message apps are also growing rapidly in popularity (politicians have started using Wickr to message each other, while imposing data retention on the rest of us — and if Luddite politicians are using it, you think criminals aren’t?).
How do we know this shift to more encryption will happen? Because it already has, according to the Public Service’s scopophiliacs, the AGD, who told JCIS that the problem of “[losing] reliable access to the content of communications” has worsened since “the Snowden disclosures”.
Data retention will simply encourage more people to hide their personal data from — literally and figuratively — unwarranted surveillance, thereby making the problem data retention is intended to address worse not better. Of course, that’s not a problem for security agencies, because as per AGD’s invocation of the growing use of encryption as justification for data retention, that will merely provide the basis for further demands for surveillance powers. Data retention will not be the last attempt to expand mass surveillance in Australia; agencies will demand, and get, more and more power to monitor us.
As for the copyright cartel, data retention should prove a winner for them, because it will provide a trove of data that they can access using discovery and subpoena powers in civil litigation to pursue file-sharers foolish enough not to use a VPN. It will also be used by the Australian Federal Police, which lately has been at pains to insist it would not be used to go after file-sharers, but which can’t undo the damage caused by the honesty of AFP Commissioner Andrew Colvin himself, who admitted in October “illegal downloads, piracy, cybercrimes, cybersecurity. All of these matters, our ability to investigate them is absolutely pinned on our ability to retrieve and use metadata.”
There’s a fly in that particular ointment. The committee recommended that data retained solely for the purposes of the data retention scheme not be accessible to civil litigants, such as the copyright cartel. However, it suggested the Attorney-General be given a regulation-making power to provide for exceptions to that prohibition. Given his track record in bending over backwards for the copyright cartel, no one seriously expects that George Brandis would refuse a request from his good friends at News Corp or Sony to enable access to the vast trove of data.
As for consumers — well, we’re the big losers. We’ll have to pay a surveillance tax for the privilege of being spied on by our own government, through both taxes and higher ISP costs to fund this vast scheme. And when — when is the correct word, not if — our data is stolen by hackers, there’s not even a guarantee we’ll even be told about it — there’s no mandatory data breach notification system in Australia, though JCIS wants one legislated sometime this year.
Welcome to the world of mass surveillance — a world where those with nothing to hide have plenty to fear, and criminals and terrorists can feel more secure than ever.
The most disappointing aspect of the data retention debate is how little serious attention it has received in the mainstream media. Apart from Crikey and some of them more high profile tech journos there has been virtually no detailed analysis of the “deep flaws” in the Bill. Flaws which the Internet Society, obviously well placed to comment, has had trouble getting anyone to write about. This is surprising when you consider that journalists will be the first to experience collateral damage from the legislation. It will be back to meeting confidential sources in playgrounds and car parks late at night.
Is government really so stupid or this a cover to obscure another reason for knowing what everybody says and thinks?
Not just hackers, but also tempting info for the thousands of ISP employees. Will they see what a bank is about to announce and buy shares before the public know. You can bank on it – staff access for their own purposes is common in the US government.
If I decide to send bad info to a friend, I’ll mail him/her a letter. They don’t open these…. yet.
By the way, there are plenty of free VPNs, run by academic bodies,around the world.
You can email your ‘content’ as well as your metadata to Brandis here:
http://www.beyondgreen.net.au/curious_george