​Data-retention legislation sending Australians into the arms of VPN providers

NordVPN has reported a doubling of customers thanks to Australia's data-retention laws.
Written by Asha Barbaschow, Contributor

NordVPN has reported a 100 percent increase in users since April 13, 2017, thanking the federal government's mandatory data-retention laws for sending those concerned about their privacy straight to the arms of the virtual private network (VPN) provider.

"It's common for people to turn to VPNs when anti-privacy laws are passed," said Marty P Kamden, CMO of NordVPN. "Collecting metadata undermines Australians' privacy -- and the benefits of data collection are still not clear. Additionally, any kind of data retention is known to attract hackers, lured by huge amounts of personal data stored in one place."

The data-retention legislation, the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, passed by the Australian government in March 2015, came into effect in October 2015 and sees customers' call records, location information, IP addresses, billing information, and other data stored for two years by telecommunications carriers, accessible without a warrant by law-enforcement agencies.

"When faced with surveillance by government, internet service providers (ISP), large companies, and advertisers, people still have some power in their own hands to protect their privacy," NordVPN claims, urging people to regularly delete cookies, use privacy-oriented browser plugins, install anti-virus and anti-tracking software, and make sure not to enter personal passcodes and credit card information when using open Wi-Fi networks.

A VPN encrypts user data and routes it through a secure tunnel to the VPN provider before accessing the internet. It protects information about a user's location by essentially hiding an IP address, with the only information visible to an ISP being that the user is connected to a VPN server. The VPN provider may still be able to see all traffic or none, depending on its setup.

While a VPN protects people's privacy, it only goes so far, and will not save users from all government surveillance.

On April 13, 2017, the day flagged by NordVPN, the Australian government announced the decision to prevent civil litigants from using telecommunications data being stored under data-retention legislation in court proceedings, saying its review into the matter found there was "insufficient reason" for allowing exceptions.

The government had conducted a review into whether it should prohibit access by parties to data retained by telecommunications providers or whether retained telco data could be used in civil proceedings following a recommendation from the Parliamentary Joint Committee of Intelligence and Security (PJCIS) on the matter.

"Personal data of millions of Australians is kept in vast, not necessarily well-encrypted databases, posing a major security and privacy threat in case of a data breach," NordVPN added. "Similar laws have been adopted in multiple countries -- however, based on their experience, metadata cannot effectively help in fighting crime."

It isn't just the government that NordVPN is warning users against, naming Google, Facebook, Amazon, Microsoft, and Apple as tech giants it wants people to be wary of.

"Data has recently become the most valuable commodity in the world, and it stays in the hands of a few giants," the company explained.

"Facebook knows who are user's friends, which interactions they did, which sites they visited, what they bought, and much more. Google collects a user's name, email address, telephone number and credit card -- if entered. It also uses different types of cookies to track one's interaction with other websites, device used, search queries, and so on."

It's a sentiment echoed by Tim Berners-Lee, the inventor of the world wide web.

"As our data is then held in proprietary silos, out of sight to us, we lose out on the benefits we could realise if we had direct control over this data, and chose when and with whom to share it," he said previously.

Berners-Lee proposes the idea of personal "data pods" to strike a balance that puts a fair level of data control back in the hands of people.

"I imagined the web as an open platform that would allow everyone, everywhere to share information, access opportunities, and collaborate across geographic and cultural boundaries," Berners-Lee said. "In many ways, the web has lived up to this vision, though it has been a recurring battle to keep it open."

Editorial standards