Australia Passes Mandatory Data Retention Law

Bismillah writes Opposition from the Green Party and independent members of parliament wasn't enough to stop the ruling conservative Liberal-National coalition from passing Australia's new law that will force telcos and ISPs to store customer metadata for at least two years. Journalists' metadata is not exempted from the retention law, but requires a warrant to access. The metadata of everyone else can be accessed by unspecified government agencies without a warrant however.

Don't blame me.

[ChunderDownunder]

I voted Greens.

Re:

[thesupraman]

Well, I guess your data will be of interest then..

The 'solution' to this is of course organised poisoning of these databases through both randomised access and proxy/encryption use, which if used enough makes the data useless. Unfortunately that takes a lot of people to make it work.. and most people just dont understand the ramifications.

I wonder what it takes to be classified as a 'journalist' (but then I doubt it makes any difference, because how would they know if such rules are followed..)

Re:

[Anonymous Coward]

The 'solution' to this is of course organised poisoning of these databases through both randomised access and proxy/encryption use, which if used enough makes the data useless. Unfortunately that takes a lot of people to make it work.. and most people just dont understand the ramifications.

Ok, so we start up a malware/trojan project that uses a number of commonly unpatched exploits to self propagate and then slowly trickle poisoned information into the metadata coffers. And we use Vevo's youtube geoblocking (or equivalent) to verify IP's are located in Aus to make sure we only pick up appropriate PCs.

It'll work because the types people that don't patch are unlikely to notice the small trickle of poisoned metadata. They also won't know/understand the ramifications of the metadata tracking (a

Re:

[Em Adespoton]

You did hear the news that Australia is attempting to ban proxies/VPN use, right? So your 'solution' may soon be illegal in Australia.

Re:

[mars-nl]

Better download Tor [torproject.org] while you still can/may.

Re:

[Krojack]

Sounds like Australia is taking tips from China on how to manage Internet users.

Re:

[war4peace]

Yeah, let's transform "metadata" into "data" - because it's scarier that way!
I mean... who in their right mind would NOT blow this out of proportion?

Re:Don't blame me.

[currently_awake]

If an undercover cop follows you around the city without a warrant it's stalking, but if they use the cellphone system (without a warrant) to do the same thing it's not?

Re:

[war4peace]

It is not the same thing because the undercover cop stalking you gathers data, not metadata. It's the difference between counting how many envelopes you're getting in your mailbox and how thick they are versus reading their contents.

Re:

[war4peace]

AFAIK that's already recorded as far as snail mail is concerned.

Re:

[drsmithy]

The real-world equivalent of this would be a little drone following you around recording where you went, who you talked to, where you went shopping, when you did it, etc, etc.

I wouldn't be comfortable with that. Would you ?

Re:

[war4peace]

I wouldn't care but I'm also aware I'm part of a tiny minority.

Re:

[Wootery]

I take it then that you personally are undertaking serious tax-evasion, right? Otherwise you'd just be an armchair critic who doesn't put his money where his mouth is.

Re:

[drsmithy]

Hilarious. The only mainstream party opposed to the right-wing neoliberal authoritarianism that's been destroying the western world for decades, and they're "scumbags".

Hope you don't have any allergies shovelling that much straw around.

Re:

[bloodhawk]

They are all pretty much scumbags. Not even most environmentalists vote for the greens anymore as they are little more than an extension of the labor party, focused on short term thinking and power plays.

Re:

[drsmithy]

They are all pretty much scumbags. Not even most environmentalists vote for the greens anymore as they are little more than an extension of the labor party, focused on short term thinking and power plays.

Greens an extension of Labor ? Now there's a chuckle.

Sounds like you get most of your political information from your local Rupertarian.

I'm sure a few hardcore greenies have abandoned the Greens as they slowly morph into a generalist centre-left social-democracy party, but their share of the primary vote h

Re:

[drsmithy]

They have however maintained a farely solid voter base through recruitment of a younger generation who sadly don't seemed informed enough to see greens for what they really are.

The only remotely mainstream party in Australia politics with a progressive, centre-left, social democratic policy base ?

Pretty sure that's why they're getting the youth vote - because they're the only party that give a shit about demographics after baby boomers and have policies with a view past the next election.

Greens really are p

Re:

[drsmithy]

I think you are thinking of the greens from more than a decade ago. The Greens haven't stood for that for a long time. They are basically part of labor and push for policies for short term rather than taking consideration of the long term effects or goals.

Here [greens.org.au] is the Greens policy platform.

Tell us about which parts bother you.

The greens having power would probably do more damage to human decency and DEFINITELY more damage to the environment and the prospects of a sustainable future (if you destroy business

Re: Don't blame me.

[Anonymous Coward]

You do know the greens today are pretty much labor a couple decades ago? And labor is what liberals were, with liberals now being conservatives and having nothing to do with liberalism.

If you didn't just vote for your favourite colour but actually voted based on your beliefs you would either vote for different and new parties over the years or rapidly change your beliefs and values to keep up with the decline of the two major parties.

Also I've been busy, set up 3 new VPNs last night. Going to be a busy 6-

Re:

[bloodhawk]

You do know the greens today are pretty much labor a couple decades ago?

yep and I think even that is a polite way of saying how bad the greens are today. I think the biggest indictment of them is the fact even my highly pro environmental friends refuse to vote for them as they see them as only a destructive force towards environmental sustainability and see either coalition or labor as a better choice for the environment.

Re:

[drsmithy]

I think the biggest indictment of them is the fact even my highly pro environmental friends refuse to vote for them as they see them as only a destructive force towards environmental sustainability and see either coalition or labor as a better choice for the environment.

I'd love to hear the rationale behind their thinking.

Because I'm at a loss how two parties promoting growth at all costs, overconsumption, exploitation of the environment (stripe-mining Coal, CSG, dumping of spoil on the reef, etc) could po

Re:Why not?

[ChunderDownunder]

Both the Government (Liberal/National) and main opposition party (Labor) voted for the legislation.

That's about 90% of the parliament wanting to throw us under a bus, so I'm not sure how voting for a non-niche party would have helped.

Re:

[rtb61]

Because the more people who vote for the non-colluding parties the sooner change will occur. Doing nothing, surprise, surprise, surprise achieves exactly fucking nothing. Want change then start working towards, don't have to win, you just have to try and who knows you might have some fun annoying the crap out of them.

A bit more for US etc readers

[dbIII]

The ALP want to appear to offer a "united front" on anything related to security or terrorism because of the "if you are not with us you are with the enemy" approach the government has pushed on occasion. Also the individuals in the ALP don't know enough about the issue to think it's important enough to pick a fight over. That's a bit of an artifact of many Australian politicians starting their career from student politics and having little exposure to anything else outside politics, so metadata to them is just "computer shit" and nothing of importance.
Very disappointing but not unexpected since Conroy of the ALP was pushing for similar things when he had the power to do so.

Re:

[dbIII]

Who said I was making excuses? I'm describing the problem.
There's some articles on the metadata bill at http://crikey.com.au/ [crikey.com.au] that describe it far better.

Re:

[Anonymous Coward]

Because it makes sense once you get the ignorance and emotion out of the debate.
Up until now the Telcos kept the metadata anyway; for billing, research, performance testing etc. How long they kept it and what they did with it was pretty much their business.
There were no regulations covering how the data was used or who had access, privacy aside. The police could just ask and, if the Telco felt like it, the data was handed over.
Journalists had no special status. The Telco probably had no idea which phone num

Re:

[GrahamJ]

Democracy - the system whereby you vote for people to represent you and and up with no representation.

Re:

[Krojack]

Want to bet there will be cron jobs running every few minutes that purge any politicians meta data.

Re:

[Anonymous Coward]

Please see current government definition:

Journalist : Some one who write pro-government articles and will willingly share the sources with said government

Non-Journalist : Everyone else.

Re:Hugh Pickens and Bennett Haselton: journalists?

[youngone]

Australia has a couple of big media companies that dominate the media landscape, just as most Western economies do. Those media companies and the two big political parties make use of each, once again just like most western countries. ChunderDownunder has the right idea, but Rupert and the rest won't let the Greens, (or any other disrupters) get any power.

Re:

[Macfox]

It's irrelevant. Journo's can't protect their sources as the sources can be spied on directly. The warrants will be green lighted. Under the current system, no warrants have ever been denied.

Not new

[sectokia]

I like bias... they don't mention that the labor party all voted it through as well. Greens only opposed it after they learned labor wouldn't, so they would get to claim moral high ground, while it sailed through with bi partisan support. The two year data retension has been in place since the first ISPs started as an industry code of practice decades ago. This law is just formalising and making it clearly mandatory. The meta data has been available and used for decades.

Re:

[sg_oneill]

Yeah Shorten is proving to be somewhat of a ... loyal... opposition. Its a messed up situation and shorten is going to get punished in the polls for this. He's already taken a big hit to his polling.

Re:

[bug1]

The two year data retension has been in place since the first ISPs started as an industry code of practice decades ago.

I call bullshit, what do you base that on ?

When Jacob Applebaum was at LCA he mentioned key IT people at one of the Major ISPs say they didnt snoop.

If it has always been done by industry arguing about passing on the cost to customer ?
(this government is so tight they wouldnt compoensate anyone if they had any choice)

Re:

[MrKaos]

This law is just formalising and making it clearly mandatory. The meta data has been available and used for decades.

As someone who has read the Bill and the requirements under Section 187AA and as someone who is familiar with the billing systems that ISP use I can tell you that this is not true. The items under the section also record the duration and other parts of the communications that weren't previously recorded.

ISP's billing systems were only concerned if your account was financial, not the specifics of what the account was doing.

Amusing fictional anecdote?

[DougPaulson]

sectokia: "I like bias... they don't mention that the labor party all voted it through as well. Greens only opposed it after they learned labor wouldn't, so they would get to claim moral high ground, while it sailed through with bi partisan support. The two year data retension has been in place since the first ISPs started as an industry code of practice decades ago. This law is just formalising and making it clearly mandatory. The meta data has been available and used for decades."

Do you have any verifi

Re:

[aiht]

Your suggestion that the Greens only opposed it after they found Labor wouldn't is rubbish. As AC said below (for anyone who can't see ACs), Scott Ludlam (Greens, Western Australia) has been vocally campaigning against it, and educating people about it, since before he was elected. Being technologically literate has always been a big part of his appeal (at least amongst /. types).

Re:

[drsmithy]

I like bias... they don't mention that the labor party all voted it through as well.

Of course they did. There's barely been daylight between Labor and the Coalition for 10+ years.

Greens only opposed it after they learned labor wouldn't [...]

Huh ? The Greens have opposed this from the get-go.

Re:

[Anonymous Coward]

There is another bill to block websites: http://www.itwire.com/governme... [itwire.com]
As the metadata law just got passed, and with UK already blocking websites, the word is that VPNs can ALSO be blocked.
I just hope that this law has no hope in being passed.
The only alternative I can see to bypass the VPN blocks is to lease a server elsewhere and VPN through that. They are cheap enough.

That's handy

[LessThanObvious]

Good thing they have all that metadata to parse so it's easy to know who the journalist are, you know, so they can get a warrant before accessing their data.

What difference does it make

[GrahamJ]

if the Five Eyes slurp it all up anyway? They already have access to these data, why bother making ISPs keep it too?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[rtb61]

To stupidly force the creation of apps that will run on people's computers randomly accessing all kinds of sites all over the internet to flood the databases with hundreds of thousands of bogus entries. Nothing does more to destroy databases than bogus entries that poison it to death. When 90% of your browser data requests are fake and cancelled prior to retrieving the data, what are they left with, apart from a massive bill ten times bigger than they expected. Let's just flood the crap out of meta-data, t

Re:

[dbIII]

Good point Mr Buttle, or is that Tuttle?
When the objective is to catch someone and hold them responsible it's gone beyond the point where it matters if you've got the right person.

Re:

[rtb61]

Where the point in reality is to readily selectively destroy people's lives if they don't vote right. So, the government can readily check you political allegiances and if you didn't vote right, prevent you from ever gaining government employment. Now, seriously, you don't think all right wing governments will be trolling through meta data to exclude left wing employees to ensure all government departments are stacked with ring wing employee, so even when the left wins their policies purposefully fail. Tha

Re:

[MrKaos]

Exactly, if I wasn't participating in this discussion I would mod you up.

Re:What difference does it make

[GumphMaster]

Making the ISP keep it too:

1. Makes it reliably available for litigation by big media over copyright infringement and removes the ability of ISP to defend customer privacy with inconvenient legal actions or by simply not holding the information. Hosting privacy protecting proxy/VPN services has essentially be outlawed on Australian soil... or will be as the holes in this legislation become evident and the scope creep continues.
2. Makes it reliably available for abuse by political parties: want to know who leaked the embarrassing x? Simple warrantless search with no oversight.

Re:

[GrahamJ]

I naively intended that as a rhetorical question but yours definitely sounds like the right answer. What a blatant abuse of power, it's sickening.

5-eyes have become 5 fascist states

[Anonymous Coward]

Sad to see how quickly 5 eyes states have descended into fascism. This mass surveillance has only been going for a few years now. 2010 was GCHQ's full take, NSA only gained basic access in 2007.

And yet there is a clear and distinct swing to oppressive almost fascists states by each one of the 5 eyes countries.

Re:

[dbIII]

To catch whistleblowers without owing the NSA anything. There's apparently (ten year old info) a lot of foreign collected data that becomes "US eyes only" and getting something reclassified is not trivial.
Also there has been noise about using it to track down copyright violations, also not worth the NSA's time.
Plus we don't really know how much is collected with carnivore or whatever the current Five Eyes system is. It may not actually be slurping up everything.

Re:

[MrKaos]

if the Five Eyes slurp it all up anyway? They already have access to these data, why bother making ISPs keep it too?

As a cache. If an analyst decides to pay attention to you the Xkeyscore can query the cache on the ISP and then slurp any future data. It's must be a spooks wet dream - get the target to pay for their own surveillance.

Re:

[drsmithy]

if the Five Eyes slurp it all up anyway? They already have access to these data, why bother making ISPs keep it too?

So it can be used domestically and legally.

This is about intimidating political opponents, whistleblowers and copyright infringers.

'Conservative' is a misnomer

[Anonymous Coward]

If these people were actually conservatives, then they'd try to maintain the status quo, not introduce new controls, etc.

They are not conservatives, but rather progressives, as they seek progressively more authoritarian ends.

Re:

[dbIII]

The word is "reactionary" and they want to go back to the ways of the "good old days" of England that inspired America to revolt. The sort of stuff Dickens complained about is their template.

Re:

[drsmithy]

If these people were actually conservatives, then they'd try to maintain the status quo, not introduce new controls, etc.

They are conservatives. They want to go back to the good old days of Feudalism.

Progressivism is how we escaped that history and created democracies, free speech, equal rights, and the like.

Hack for a shitty law

[facetube]

Time for literally everyone to become a journalist.

Re:

[jimmux]

Time to dust off the old blog, or does new media not count? I'd like to see where they draw the line on that one.

Re:Hack for a shitty law

[GumphMaster]

The law tightens the definition of "Journalist" over that in the existing Evidence Act so that this is impractical.

Evidence Act

Journalist means a person who is engaged and active in the publication of news and who may be given information by an informant in the expectation that the information may be published in a news medium.

This law:

(i) a person who is working in a professional capacity as a journalist; or (ii) an employer of such a person;

If you are not being paid to be a journalist or paying someone to be a journalist then you are not a journalist, and warrants are not required, under this law. A subtle and deliberate difference.

Re:

[vux984]

If you are not being paid to be a journalist or paying someone to be a journalist then you are not a journalist, and warrants are not required, under this law. A subtle and deliberate difference.

If you are collecting ad revenue from your blog, that's good enough to make a hobbyiest a "commercial drone operator" subject to FAA regulations in the USA. Maybe that'll work for "journalists" in Australia.

Re:

[facetube]

Okay, that's pretty awful.

Re:

[currently_awake]

So if you publish on a blog (with adds) then it's journalism. The copywrite cartels have set the legal presedent on the matter.

Re:

[Imazalil]

Could this be a way to 'save' newspapers?

Find a journalist you like and set up a system that you pay them a buck a month? If they are nice they could offer you access to their stories ad-free as a bonus.

Or just use the existing subscription model, just change it from "subscribing" to "financing" and you are employing your favorite organization or reporter.

Huh?

[Anonymous Coward]

So journalistic meta data requires a warrant but everyone else doesn't? Or am I just reading that wrong? If I am reading that correctly why are journalists marked as special snowflakes when it should require a warrant for anyone's data?

Re:

[GumphMaster]

No you are not reading that wrong. Journalists sources have (had) protection in courts under the Evidence Act for a long time, and the definition of journalist was quite broad. The early versions of this bill subverted that protection completely, but a watered down protection of journalists sources was added to secure the major opposition party's support. They deliberately narrowed the scope of "Journalist" to limit the number of warrants that might need to be sought.

Thanks for the reminder

[blackpaw]

I activated my VPN after seeing the headline, I keep forgetting to do that.

I should trial configuring it on my router.

Oops the drive failed

[WillAffleckUW]

My bad.

A bit more worrisome...

[Letophoro]

is that it also makes warrant canaries illegal. [arstechnica.com]

Re:

[Anonymous Coward]

So much for free speech in Australia. Do they have any tech companies? Or even large companies that they can't afford to lose. Maybe if those businesses decide to pick up any leave due to the harsh nature of this, things will change.

I think 6 month retention might be reasonable. But in any situation, warrantless is not okay.

By the way, American in the U.S. here.

Re:

[aiht]

Do they have any tech companies?

Yeah... probably not for long.

Re:

[thegarbz]

So much for free speech in Australia

What made you think we have such a thing? The US constitution does not apply globally.

Re:

[AmiMoJo]

Australia is a common law country, right? Is it even possible for them to put you in a position where discontinuing an action is illegal, effectively forcing you to do it? Obviously they passed the law, but would it stand up in court?

I'm trying to think of some legal basis to challenge it. What if the canary required signing with two PGP keys to be considered valid, and one of those keys was held by someone outside Australia? The victim in Australia wouldn't be able to force them to sign the canary, but mig

We are a small ISP

[Anonymous Coward]

The cost of implementing this is probably going to send us to the wall. I am so glad that the Liberal government is looking after small business!

Re:

[aiht]

The cost of implementing this is probably going to send us to the wall. I am so glad that the Liberal government is looking after small business!

I'm so sorry. I wish you the best of luck.

Not sure if this is worse

[SuperKendall]

Isn't it better for people in Australia to know their network data will be retained for two years, than for the people in the U.S. to be unaware data is being retained, but then in actuality have it retained forever by the NSA?

Re:

[agendi]

This is so that ISP's have to retain it for 2 years. The Govt. can gather it and keep it indefinitely. Though terrorism was the bogey man used to get this through, this law is more about discouraging whistle-blowers.

Re:

[wjcofkc]

Or they simply transfer the data to the NSA for safe keeping after the two years are up. Perhaps a bit pessimistic, but at the same time it would not be a surprise.

Re:

[SuperKendall]

No, I think the ISP's will only keep it for two years - but that is gauranteed.

Right now in the U.S. everyone blindly assumes the data is kept for NO years, and we aren't even given an imaginary date when it might be deleted.

The Australians are at least all aware for sure the data is being kept, in the U.S. it's still possible to imagine it is not... That's my point.

I tried

[MrKaos]

stroy to /. [slashdot.org]

and I wrote to the politicians as well, bad day for Australia.

Re:

[MrKaos]

It's ok to protect ordinary people from organised crime, right? I've been writing letters to senators to try and let them know why it was such a bad idea all week. Why is it all the really fucked bills have to be 'rushed through'. I reckon the game for politicians is how well they can deceive the population, en masse to pass these really nasty laws whilst the media serves to keep everyone in the dark. They must be high fiving each other now.

I analysed the bill and whilst I won't include the letters I wrot

Re:

[SigmaTao]

Thank you for this.

Re:

[MrKaos]

Thank you for this.

I really appreciate that you say so.

Re:

[SigmaTao]

My honour to say it out loud for you, I'm very sure a lot of other people appreciate this too.

More details

[WaffleMonster]

From a quick check of text ISP side retention appears similar to previous failed US attempts. Basically ISP connection "session" level detail.

ISP assigned IP, aggregate data and packet counts, physical connection point..etc. with a uniform minimum retention period... Frankly shit most ISPs keep anyway.

On the Information provider side (websites, email providers) retention appears to be per mail or transaction... an access log or email log file... This is on the hosting side only not ISP side unless of cou

It's not the slurp, it's the cost to the consumer

[Dan B.]

So while I have nothing to hide, the data retention bit makes little to no difference to 99% of the population, not that I agree with it in the slightest.
What stinks most about this bill is that 100% of the cost of this surveillance measure is to be borne by the consumer.

The government reckons the cost is $4 per person, per annum, so $80,000,000 per year (give or take) while the Telco industry say it will be closer to 10x that amount, meaning everyone's internet/phone bills will increase by around $5-10 per

make it a surcharge

[Imazalil]

ISP's should make this an explicit surcharge on people's bill. Something like "fee to store your personal browsing info for eternity, for more info contact your government representative". It's probably the only way to get the general public to pay attention to this

This wasn't liberal/national coallition...

[Anonymous Coward]

.. this was power elite flunkies doing their owners bidding.

VPN?

[elmer at web-axis]

Anyone know a decent VPN service that doesn't require some silly non-standards client to be installed on the desktop for it to function?

Re:

[Phreakiture]

You could do what I have done. I am in the US, and this costs me about USD 8-9 per month on average, and I don't know what hoops you may have to jump through, but this should work in theory:

Sigh up for Amazon Web Services (AWS) and get yourself an EC2 instance. Use the AMI for OpenVPN-AS. Configure it to use TCP/443, which will make your traffic look like any other HTTPS traffic.

On the billing details, (again, this is USD, not AUD), I spent about $100 to get a three-year reservation on a t1.micro instanc

[POLL] Only 12% of voters support warrantless spyi

[bug1]

There was a poll done by essential media, who do regular party polling (not the best), but often ask interesting questions.

Question + Result here http://essentialvision.com.au/... [essentialvision.com.au]

The voters of both major parties dont want this legislation, but both parties negotiated so there is "bipartisan support on national security".

No effective opposition mean no effective democracy.

Next up is the censorship bill, or three strikes or whatever which will likely go the same way.

And this will be totally ineffective ..

[DougPaulson]

Under the pretext of protecting us from the Islamo-Fascist bogyman and other such phantasms, the Aussie gov legalized warrentless spying on its own citizens. And this will be totally ineffective against organized crime, arms dealers, drug smugglers and state sponcered versions of all three.
__

"A watched population is a compliant one"

"Passes" sounds right

[wonkey_monkey]

Australia Passes Mandatory Data Retention Law

Passes like a bowel movement?