Stop monkeying around with our metadata laws, prime minister

If mandatory data-retention legislation is truly vital for the safety and security of Australians, then why isn't the government taking the time to get it right?
Written by Stilgherrian , Contributor

There's something rather endearing, sweet even, about watching Prime Minister Tony Abbott explain Australia's "urgent" need for mandatory telecommunications data-retention laws.

Evidence continues to mount against the idea of capturing and storing this so-called "metadata" for two years -- at least in the proposed law's current form -- and I'll get to that. But Abbott just keeps banging away with the same old discredited spin. He's like one of those wind-up toy monkeys clashing his cymbals. All noise, all repetition, no information, no clue.

There's also something rather endearing, sweet even, about Abbott's simplistic, binary world view.

"The cost of losing this data is an explosion in unsolved crime... If we want to combat crime, we need this legislation, and if we don't get it, it will be a form of unilateral disarmament in the face of criminals, and the price of that is very, very high indeed," Abbott told a press conference on Wednesday.

Yes, in the criminal-infested cartoon land of Abbott's political mind, telecommunications data is the only tool in the investigative toolbox. With it, crime can be solved. Without it, the very fabric of society will dissolve under a tsunami of crooks.

Metadata is magic, too, in Abbottland. It reveals everything about criminal activity, but nothing about our private lives.

"We're talking here about metadata; we're not talking here about the content of communications, so your web-browsing history, what you actually say on phone calls, that's not covered by this. It's just the data that the system generates," he said, before rolling out that stupid and misleading trope, "It's only the envelope."

Abbott seems to have missed the fact, backed up by copious peer-reviewed research, that telecommunications data can be far more revealing of your private life than content. As I've written again and again and again, anyone still pushing the idea that metadata is just some harmless by-product of conducting a communication is either a fool or a liar.

Abbott also seems to have missed the fact, uncovered by Greens Senator Scott Ludlam, that the Attorney-General's Department has no evidence that telecommunications data retention actually works. This week, the Dutch Data Protection Authority wrote that after 4.5 years of data retention in the Netherlands, there is no substantiation for its use. European courts have ruled that blanket surveillance of this kind is a breach of human rights.

Perhaps we'd better go back through those early paragraphs and cross out the words "endearing" and "sweet", and replace them with "appalling" and "scary" -- because some people who actually know how telecommunications data is used for law enforcement are worried by the government's intention to push the legislation through parliament in just a few weeks.

People like adjunct professor Nigel Phair, director of the Centre for Internet Safety at the University of Canberra, whose 21-year career with the Australian Federal Police included four years heading up investigations at the Australian High Tech Crime Centre.

"It needs more thinking... We shouldn't be rushing it through," Phair told ZDNet on Wednesday.

Metadata is "so valuable" for investigations that in many cases, as an investigator, he'd prefer it over the content of communications. But the internet age is giving investigators access to an ocean of digital data without a matching increase in accountability.

"It is richer than rich to look at geolocation and all this other stuff on the proverbial Internet of Things... Big data, and there's a ton of it out there," Phair said.

"We need oversight. We need a more stringent authority to get the information, and then we need oversight from the relevant ombudsman-type role," he said. "I don't think we have a problem [today], but there is a problem that's coming down the pipeline."

Law-enforcement officers still use an "antiquated" process to access individuals' metadata: They just say they want it for their investigation, get the signature of a commissioned police officer, fax the requests to the telco, pay 30-odd dollars for each one, and back comes an Excel spreadsheet.

"That was great back in the day when it was a fixed-line telephone, and it said, 'Oh, that's been subscribed to by Mrs Smith since this date'... It was really valuable for background information for a search warrant. It proved that Mrs Smith lives there, and a whole bunch of other things," Phair said.

"To get content was really frickin' difficult. Content to this day is still really frickin' difficult with, I would argue, limited benefit," he said.

Under current laws, Australian law-enforcement agencies have made over 500,000 warrantless requests for telecommunications data in the last financial year. Making them apply for a warrant for each and every one of those requests would be an enormous burden.

Phair's thoughts echo my own: To access metadata, there needs to be a new process that's more than a simple sign-off by a police superintendent, but something less than what's needed to access content.

"For content, you go to an AAT [Administrative Appeals Tribunal] member, who's the equivalent of a Federal Court judge. That's a senior judicial officer. To get a search warrant for me to bowl through your home, I go to magistrate," Phair said. "Somewhere in the middle is an appropriate level."

Phair dismissed the idea that metadata is the be-all and end-all of criminal investigations.

"Metadata is a great corroboration tool. If your whole brief is hanging on metadata, you've got problems," he told ZDNet. "I've not been privy ... to any investigation that's fallen over because there wasn't metadata," he said, pointing out that he hasn't been privy to every investigation, of course.

Phair also dismissed linking the need for data retention to national security. "You can talk about national security all you like; it's law enforcement that's going to use it. That's the reality."

So how will Tony Abbott respond to all of this? He will, of course, front the process personally. Australia's favourite Attorney-General, Senator George Brandis QC, whose portfolio it falls under, has proved unfit for purpose. Communications Minister Malcolm Turnbull, the only Cabinet member who can explain this stuff, is seen as a potential rival for the leadership. No, Abbott it must be.

Will Abbott grant parliament the time to give this important issue the attention it deserves? Or will he continue to rush this deeply flawed legislation so that he can score a strong-leader national-security win in an increasing desperate attempt to prop up his crumbling popular and party support? The answer, to use the old legal phrase, goes to character.

Editorial standards