Daily BulletinDaily Bulletin

The Conversation

  • Written by Damien Manuel, Director, Centre for Cyber Security Research & Innovation (CSRI), Deakin University

It was bound to happen, and it did. Poorly crafted legislation – designed to allow national security agencies to collect information with the aim of protecting Australians from terrorists – is now reportedly being exploited by a range of different government agencies for other purposes.

It has been widely reported that the Veterinary Surgeons Board of WA, Victorian Fisheries, Liverpool City Council, and the Australian Sports Anti-Doping Authority are among the entities that have requested access to metadata.

Read more: Benign and powerful: the contradictory language of metadata retention

Under the Telecommunications (Interception and Access) Act 1979, only agencies tasked with enforcing criminal law are entitled to access metadata from telecommunications companies.

Metadata is the information recorded by the telco when you make a call or use the internet. It can include information such as where you are, whom you called or texted, how long you talked for, how frequently you called or texted someone, what services you used, what websites you visited and when, and much more besides.

Under the legislation there are 22 criminal law enforcement agencies that can legally access these metadata. They include the federal police, state police forces, the Australian Criminal Intelligence Commission, federal and state police integrity commissions, state anti-corruption bodies, and parts of the Australian Border Force.

The federal home affairs minister also has the power to declare other agencies as “enforcement agencies” under the law.

Why is data being accessed?

Generally, enforcement agencies are entitled to access metadata if it is either given to them voluntarily, or if they issue a formal request for information they believe is required to perform their duty.

The definition of an enforcement agency was narrowed in 2015, at the same time the federal government introduced the controversial mandatory data retention framework, which requires telcos to retain customers’ metadata for at least two years.

Before the definition was tightened, an estimated 80 different agencies were covered by the previous laws. They included not just criminal and national security investigators, but also a wide range of agencies pursuing financial matters such as unpaid fines or taxes.

Since 2015, however, most of those agencies found themselves excluded by the new definition of an enforcement agency, but could use a range of laws that still grant powers to request metadata directly. One example is Section 20 of the New South Wales Fair Trading Act 1987. According to the submission made by the Australian Communications Alliance to the Parliamentary Joint Committee on Intelligence and Security, 60 federal and state agencies have sought access to metadata via this mechanism.

What is metadata anyway?

The information contained in metadata was infamously described by former Attorney-General George Brandis as the “material on the front of the envelope” (rather than the contents of the letter itself). But in reality it is much, much more.

Of course, metadata can be useful to help telcos improve their services, by revealing peak calling times or popular locations on the network. But you can also think of metadata as a digital breadcrumb trail that each of us leaves in our wake as we go about our lives.

It can provide enough information to establish a detailed picture of someone’s life: their daily routine, relationships, interests, preferences, and behaviour. It can even reveal someone’s location, to whom they have spoken, and for how long.

It seems excessive that two years’ worth of someone’s metadata can be kept on file and then obtained without a warrant. Although the low access threshold was called out in submissions before the law was passed, there was no public discussion of the implications for privacy and liberty.

If properly understood, the metadata access regime would not pass the pub test.

How is metadata really being used?

The federal home affairs department’s 2017-18 annual report lists a range of offences for which metadata has been sought by various agencies.

The report says that information was sought in relation to a total of 23,586 criminal offences including homicides, abductions, sexual assaults, fraud, robbery and drug offences.

Think your metadata is only visible to national security agencies? Think again Offences against which authorisations were made for access to specified information or documents that come into existence during the period for which an authorisation is in force (part 1). Telecommunications (Interception and Access) Act 1979 Annual Report 2017-18 Think your metadata is only visible to national security agencies? Think again Offences against which authorisations were made for access to specified information or documents that come into existence during the period for which an authorisation is in force (part 2). Telecommunications (Interception and Access) Act 1979 Annual Report 2017-18

The report also reveals that 300,781 items of metadata were disclosed during the reporting period in total across all categories.

Think your metadata is only visible to national security agencies? Think again Telecommunications (Interception and Access) Act 1979 Annual Report 2017-18. Law enforcement agencies have claimed that metadata helps to eliminate suspects by revealing their networks and contacts. But there is no information regarding the use of metadata by government bodies that are not officially enforcement agencies within the meaning of the data retention laws. In simple terms, there is no central public report that outlines how all state and federal agencies are accessing and using this information. Metadata stored is available to any enforcement body with the power (under state or federal law) to request or require the information. By tightening its definition of “enforcement agencies” in 2015, the federal government denied many smaller agencies the right to access metadata directly, but did not prevent them from getting it via other means. As a consequence they were also excluded from supervision by the Commonwealth Ombudsman. Read more: Is it possible to circumvent metadata retention and retain your privacy? One interesting exception is that civil courts are prevented from obtaining metadata as evidence in civil proceedings, unless the metadata was collected and held by the telco for some purpose other than the mandatory data retention regime. Given the huge range of other authorities that can access it, this seems rather arbitrary and unfair. So where to from here? Besides amending the law, it is also time for a wider public debate over the correct balance between our privacy and civil liberty on one hand, and our protection and national security on the other. This is especially important as we become more and more reliant on digital technology to live and work. Just imagine the privacy implications with 5G, when more personal devices are connected to the internet like your smart meter, light bulbs and toaster. This article was coauthored by Patrick Fair, Chairman of the Communications Reference Panel, Communications Alliance.

Authors: Damien Manuel, Director, Centre for Cyber Security Research & Innovation (CSRI), Deakin University

Read more http://theconversation.com/think-your-metadata-is-only-visible-to-national-security-agencies-think-again-121253

As 'lockdown fatigue' sets in, the toll on mental health will require an urgent response


That'll do, pig, that'll do: Babe at 25, a trailblazing cinematic classic


The Interesting History Of The Stethoscope


The Conversation


Scott Morrison: the right man at the right time

Australia is not at war with another nation or ideology in August 2020 but the nation is in conflict. There are serious threats from China and there are many challenges flowing from the pandemic tha...

Greg Rogers - avatar Greg Rogers

Prime Minister National Cabinet Statement

The National Cabinet met today to discuss Australia’s COVID-19 response, the Victoria outbreak, easing restrictions, helping Australians prepare to go back to work in a COVID-safe environment an...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Tracy Grimshaw

TRACY GRIMSHAW: Prime Minister, thank you for your time.    PRIME MINISTER: Great to be here. Thank you for the opportunity.    GRIMSHAW: A month or so ago, you probably thought that today's...

Scott Morrison - avatar Scott Morrison

Business News

Kaspersky and Ferrari partnership: tailoring cybersecurity for an iconic brand

Kaspersky is commemorating the 10 year anniversary of its strategic partnership with iconic, global brand - Ferrari. The cybersecurity company is a sponsor of the brand’s Formula One racing team...

News Company - avatar News Company

Instant Steel Solutions Review

Are you keen on having the right guidance, knowledge and information about the right kind of steel purchases for your industries? If yes, then you are in the right place. There is no doubt that ...

a Guest Writer - avatar a Guest Writer

Everything You Need To Know About Waste Removal Services 

Waste is capable of posing threats to the environment and general public health. So, if you want to live a healthy life, you need to take care of your waste products. Proper collection and dispo...

News Company - avatar News Company

News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion