In a ridiculous start to the Joint Committee on Intelligence and Security’s hearings into Attorney-General George Brandis’ mass surveillance proposal, the government has refused to even say whether the definition of data to be retained under its data retention system, or the cost of the scheme, will be finalised before the committee reports.
The committee thus faces the prospect that the single most critical issue that it will have to deal with in relation to data retention won’t even be resolved by the time it finishes its inquiry, currently due to report at the end of February.
The first hearings into a data retention regime were held this morning in Canberra, involving officers from the Attorney-General’s Department, the Australian Federal Police, the Australian Crime Commission and ASIO. It rapidly became clear that the hearing was, by and large, a waste of time. Missing from the hearing were the two heavy-hitters of the committee, Labor’s John Faulkner and Anthony Byrne (Faulkner remains on the committee until he formally resigns from the Senate in January); Faulkner was addressing a graduation ceremony and Byrne had a longstanding electorate commitment. But Labor shadow Attorney-General Mark Dreyfus, recently added to the committee for this inquiry, repeatedly pressed bureaucrats on when a full definition of the data to be retained under the regime would be finalised.
This has been a long-running problem for the Attorney-General’s Department, which has been pushing data retention for at least seven years and yet, despite repeated consultation with the industry and the involvement of consultant PWC, has been unable to determine what internet metadata it wants to retain in addition to telephone data, partly because of its own lack of competence in the area of online communications. The lack of definition proved a major source of frustration when the committee previously looked at data retention in 2012-13, when it specifically criticised AGD for its failure to explain what data it wanted retain. Yet Brandis was unable to include a workable definition in the bill he introduced earlier this year and which the committee is now considering. That left the issue to be settled by regulation, with a technical working group, headed by the Secretary of AGD Chris Moraitis, trying to finalise what AGD has been unable to finalise for years.
The working group provided the committee with a draft definition this week, but it remains unfinalised and Dreyfus was unable to extract a commitment from bureaucrats that it would be finalised before February.
The constant failure of AGD to address the issue of exactly what data it wants kept — many suspect it is because it wants as extensive a set of data, including content data, as possible — will undermine the capacity of JCIS to appropriately assess the proposal, and suggests the government is seeking to sneak through an expansive definition via regulation in the same way it tried to sneak its repeal of Future of Financial Advice reforms via regulation. The capacity of JCIS to properly vet the proposal is already in doubt after the committee chair, Liberal backbencher Dan Tehan, spoke in favour of data retention and linked it to the Sydney siege this morning, suggesting “every tool” is needed to prevent such attacks.
AGD officials were also unable to advise the committee of what the data retention scheme would cost, a staggering admission given the bill is currently before Parliament. The technical working group is said to be working through costings. As Dreyfus pointed out, the working group had noted that costings couldn’t be finalised until they had the definition of data to be retained — meaning there was no guarantee that the committee would be told what the scheme would cost. However, officials did yet again contradict both the Attorney-General and the Prime Minister by noting that some ISPs would have to create data, rather than merely, as the government has insisted, store existing data.
The AFP did, however, provide one fact of great interest: a warrant regime for oversight of access to metadata, against which the AFP and ASIO have long railed, would cost just $25 million, a tiny amount compared to the budgets of both organisations and a fraction of the $630 million the government handed to them earlier this year.
Otherwise, the hearing was a colossal waste of time: we still don’t know what data will be retained or how much it will cost, and neither does the committee charged with considering the scheme. The only sensible conclusion is that the hearing was purely for show, and the government has no interest in a credible inquiry.
Bernard, surely Crikey has someone with an appropriate background who could be sent to sit in on this Enquiry?
The experts quizzed pointed out that Australian Intelligence Circles have been doing what’s needed to protect our citizens.
Abbott hasn’t been critical of Australian Intelligence, merely pointing out the obvious, that with less interference from some of the Political Class bleeding hearts which prevented more being achieved, the fact that like other threats recently stopped by our Intelligence Sources, Monday’s incident mightn’t have occurred.
So after John Key’s back-bencher’s crass opportunism in NZ [see stuff.co.nz article], it now spreads back over the ditch here. Tehan should be condemned accordingly.
Obviously the definition of ‘metadata’ is imperative. I wish to comment on ‘metadata’ from the computer science perspective, and its vagueness. I will keep it colloquial.
We could take such a definition simply as “everything but the content” (in which case Australian society is in deep deep trouble.)
Anyway, everyone having heard the letter-in-envelope analogy should think more about the files they keep on their own computer. Your collection of MP3s has metadata including title, album, track time, lyrics, album cover. Similarly with those video files. Photos – time taken, camera model, lens, geographic location/heading, and picture location of detected faces, etc. Forget about the envelope. If that wasnt serious enough then things can get so much worse.
To understand how serious things could get from the analysis of data that _may_ be required to be kept by ISPs, let us continue. Every file on a computer (not to mention tablet/phone) is maintained along with ‘metadata’ — time stamps, access permissions, etc. Moreover modern computer file systems, and, especially of large systems as would be employed by ISPs, make extensive use of ‘metadata’ for searching and more important functions (eg journaling, file consistency). There is nothing inherently sinister or clandestine about the design of these file systems. However, are ISPs being asked to hold _this_ file system ‘metadata’? If so it would be an ENORMOUS burden by any description. Not only that, given that ISPs will be keeping caches of webpages to reduce page access time to users and reduce their own upstream data usage, would these file system journals be expected to be kept?
The concept of ‘metadata’ is vague and storage of any such data is frightening. We must take this topic very seriously. Do not accept the “nothing to hide” portent. Keane and Crikey have previously outlined sensible arguements — read and understand them!
The government show a complete lack of awareness of how the internet works. Not only that but they refuse to listen to the actual experts in the field who can tell them about it. They do it with the NBN and they do it here.
“Metadata” is what exactly? Not a single representative of the government can explain it. Do they want ISPs to store every TCP connection, HTTP header and SMTP header that pass through their networks? How do they expect to find the actual meaningful data out of that?
Are they mandating that ISPs store this in a standard format (which currently does not exist) so that agencies can make meaningful queries on it? What the agencies will get is petabytes of haystack and a few kilobytes of needle.
How do they expect to deal with TLS and SSL connections that encrypt everything? How do they get metadata that is meaningful when anyone can use VPNs, Tor or other routing schemes?
The internet was not designed as a telephone network, it is not strings and tin cans and the government don’t seem to be able to understand anything more technically complex than that.
No wonder they can’t answer a single question in a meaningful way. They ignore scientists, economists and engineers any time they have something truthful but inconvenient to say.
For the safety of Australia and Australians, certain government agencies must have access to certain data.
But a major concern for many Australians is that people, other than the appropriate people, may gain access to this info for purposes other than the protection of Australia.
Will the access stop at “metadata” or will it go deeper??
AND, what exactly is “metadata?? This cartoon gives an understanding of metadata . . . . .
https://cartoonmick.wordpress.com/editorial-political/#jp-carousel-900
Cheers
Mick