This story is over 5 years old.

Internet Hygiene

'Metadata Retention' Sounds Boring But Is Terrifying

Why being wary of Australia's metadata laws doesn't make you a conspiracy theorist.
Art by Ashley Goodall

Metadata! Data…about data. It's confusing, it's boring, and yet—like many things that are confusing and boring—it matters.

Back in 2015, Australia's Federal Parliament passed legislation requiring all internet service providers and telecommunications companies to store the metadata of customers like you. Metadata refers not to the content of your phone and internet communications, but to everything else about them. If you make a call, the government can know when you made it, and who you dialled. If you send an email, same principle. Essentially, metadata can be matched together to form an extremely precise picture of what someone is doing, where, and with whom.


Metadata retention was initially framed by the Abbott government as an anti-terrorism measure, and probably does make life easier for law enforcers who want to keep tabs on criminal activity.

For everyday citizens though, the implications aren't so clear.

Metadata Is Personal

The Australian Government would have you believe that metadata is a bunch of meaningless ones and zeroes that can't be traced back to any individual person. Metadata, in the Attorney General's Department's own words, is simply "information about a communication, rather than the content or substance of a communication." Sounds harmless enough.

Yet privacy advocates see things a bit differently. "The government says metadata is anonymous and it won't have an individual impact, but it will," Tim Singleton Norton, Chair of Digital Rights Watch, told VICE back in April when the new laws came into effect. "It could have been anonymised and it could have had protections in place, and that's what we lobbied for. Instead, the government has said they will collect 'metadata' instead of 'data' and implied this means they won't look at what private citizens are doing, but instead where they are doing it and who with. But actually, it's easy to figure out more from that information." Metadata is literally intended to triangulate an individual's identity, in spite of what George Brandis says. "You would know for example where I am by knowing which phone towers I connect to, and all of that can easily pinpoint the identity of an individual, let alone the things that they do. From now on, people should be very aware that all their interactions are being recorded in some form," Norton explained.


There's a reason that Snowden made international headlines in 2013 when he revealed to journalists that the NSA was collecting the phone records of citizens both in the US and overseas. Literally everything you do comes back to your phone or internet connection—even if you're living a fairly pedestrian life, the principle of your every communication being monitored is more than a little scary.

Everyone Has Something to Hide

It's easy enough to be outraged about metadata retention for philosophical reasons. Hey, the government is watching its citizens all the time, in spite of the fact the vast majority of them are doing nothing wrong. Seems kind of bad! But actually metadata retention could feasibly have real life implications for many ordinary people.

Your metadata can be subpoenaed for any criminal court case—including, but not limited to, drug and alcohol offences, insurance claims and contract breaches. There's also potential for it to be used in civil trials, according to legal academics. President of the Law Council of Australia Fiona McLeod told the ABC back in January that it could foreseeably even be dragged into divorce cases. You can imagine how phone records might change some outcomes there.

Metadata retention is also bad news for whistleblowers and journalists. Say a politician or public servant wanted to leak news of government corruption to a journalist—since metadata retention came into effect, there's essentially no way they can guarantee confidentiality in doing this. All police would need to do is cross match the whistleblower's phone records with those of the journalist, and boom.


The Telstra IT Guys Aren't Necessarily Good at Their Jobs

It's a huge strain on the resources of telecommunications companies to keep your metadata safe from hackers. Can we trust them to be competent? Let's hope so. Given how many inferences about someone's personal life can be drawn from their communications metadata, you'd hope it was being kept safe away from prying eyes. Recent IT security breaches on a national scale ask pertinent questions about whether or not this is the case. The recent Medicare breach proved that hackers are ready and able to access and sell personal information from ordinary citizens with ease. And the disastrous 2016 Census proved the same thing. Plus, hackers aside, we've already seen law enforcers go to town with the easy accessibility of metadata—in April, it was revealed that an Australian Federal Police investigator was able to recover metadata from a journalist without a warrant.

You Can't Always Trust Numbers

Another reason to be worried about the government accessing your metadata is that it can be easily manipulated. There's no better example of this than Centrelink's ongoing automated debt recovery crisis, which showed that relying on simplistic methods to crunch extremely complex sets of data leads to high failure rates.

To a computer algorithm, your personal circumstances—why you were calling which person at what time—mean absolutely nothing. The numbers are all that matter. Unfortunately, especially when devoid of context, numbers can be wrong. In the case of Centrelink, incorrect application of citizen data meant thousands of people were hit with enormous debts that they could not pay.


We Probably Need More Data Protection, Not Less

Humans use devices filled with personal information on an hourly basis. Thanks to the internet—provided by the ISPs who now have to hand over compulsory metadata to the government—we're constantly participating in transactions and communications that reveal personal information about us. Often, we reveal this information accidentally—but up until this year, everything was kept secret between a user and their respective service provider. Now, it's open season.

As time goes on, the threat of privacy breaches is only set to grow. According to organisations like Digital Rights Watch and the Australian Privacy Foundation, this is a solid argument for why citizens require data protection laws, not data retention laws.

Get a VPN!

It's not an all-encompassing solution, but it's the best one you've got. A Virtual Private Network (VPN) will encrypt your activities so they're unreadable by an ISP. Privacy advocates urge all citizens to get one and Digital Rights Watch has put together a handy guide to securing yourself. The organisation also urges all concerned citizens to tell their elected MPS what they think about mandatory data retention by calling or emailing their offices.

The metadata retention scheme will be reviewed by parliament in 2019, so there's still a chance to change some minds before then.

Animation by Jacob Watts. Follow him on Instagram

Follow Kat on Twitter