A (short) guide to the Data Retention Act


Or how to avoid the secret police reading your mail

Yaay! Our glorious government of Oceania has just passed the Data Retention Act 2015 with the support of the oh so loyal opposition. The dynamics of this is that both parties believe that ‘security’ is what’s called here in Oceania a ‘wedge’ issue so they strive to outdo each other in pandering to the demands of our erstwhile secret secret police, lest the other side gain political capital from taking a tougher position. It’s the political example of an evolutionary arms race with each cycle of legislation becoming more and more extreme.

As a result telco’s here are required to keep your metadata for three years so that the secret police can paw through the electronic equivalent of your rubbish bin any time they choose. For those who go ‘metadata huh?’ metadata is all the add on information that goes with your communications via the interwebz, like where your email went, and where you were when you made a call at 1.33 am in the morning to your mother, so just like your rubbish bin it can tell the secret police an awful lot about you, especially when you knit it up with other information. 

Is this a problem? Well in 2012-2013, agencies made around 340,000 demands for this information from Telstra, Optus and the rest of the teleco’s, without having to apply for a single warrant, we don’t have more recent numbers than that simply because the Attorney-General’s Department is refusing to publish the report for the last financial year. Telecommunications regulator the ACMA does report 748,000 warrantless authorisations were received by carriers in 2013-14. Now remember that we also need to consider the likelihood of malign misuse of these powers (e.g selling your data) as well as the usual propensity for accdental disclosure and purposeful leakage to the friends, families or other work colleagues of the investigating officers.

So no use crying over spilt milk, water under the bridge etc etc, ‘what comrade’ I hear you ask ‘can I do to prevent the OzFSB strip searching and truncheon interrogating my online avatar?’. Well (as it turns out) quite a lot. The act is really technically very weak, so if you don’t want Bill and Ben the Australian Flower Pot men going through your online dustbins all you have to do is use service providers whom the act can’t reach, like Skype, Gmail. Wickr, Tor etc etc. None of which is illegal, yet.

Bruce Schneier pointed out a while ago that the Dick Cheney thesis that you must sacrifice freedom (or privacy) for security is an inherently false one. In a weird mirror logic way the Data Retention Act actually proves Bruce’s point.  We (well the government) has sacrificed our privacy for absolutely no security return whatsoever. Ben Franklin put it best when he said, “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety”.