Skip to content

Dear Internet Explorer user: Your browser is no longer supported

Please switch to a modern browser such as Microsoft Edge, Mozilla Firefox or Google Chrome to view this website's content.


Should Internet Service Providers be required to collect and store metadata from all Australian internet and phone users?

The Australian Senate Standing Committee on Legal and Constitutional Affairs is currently meeting to review the Telecommunications (Interception and Access) Act 1979As part of that review, consideration is being made into whether internet service providers (ISPs) should be compelled to retain digital ‘metadata’ of their customers’ internet activities for a period of two years.

The nation’s second-largest ISP, iiNet, has made a submission to the Senate Committee that criticises the Northern Territorian, Victorian, Western Australian and Australian Federal Police forces’ support for the establishment of such a scheme. In their submission, iiNet argue that the mandatory collection of metadata provides:

…an increased risk to the privacy of Australians and provide an incentive to hackers and criminals (and) data retention is at odds with the prevailing policy to maximise and protect privacy and minimise the data held by organisations. Industry believes it is generally preferable for consumers that telecommunications service providers retain the least amount of data necessary to provision, maintain and bill for services.

iiNet estimates that in order to comply with such a scheme, the company would need to establish a 20-terabyte data centre at a cost of $60 million. They argue that such a cost would need to be passed-on to customers as the Commonwealth Government appears unwilling to pay for the infrastructure, despite there being a suggested willingness to co-opt private companies into conducting surveillance work on behalf of the state.

Discussion about the collection of metadata by government agencies and privacy implications are most timely, given the revelations about the illegal collection of such data from users in the United States.

In Australia, there seems to have been an ongoing campaign by the Commonwealth Government to obtain greater access to (or control of) the online activities of citizens. In a country with no constitutional right to free speech (except an implied right to political speech), this is not too difficult to achieve in a legal sense. Former Minister for Communications Senator Stephen Conroy was subjected to ongoing criticism when the Labor Party decided to introduce a mandatory internet filter in Australia. The policy was abandoned in 2012.

Nevertheless, the experience of the failed internet filter (and the implied limitation such a filter could place on free speech) has not prevented further attempts by law enforcement agencies to obtain additional powers in this area.

The most recent debate has surrounded the potential collection of ‘metadata’ by Australian law-enforcement agencies. Prime Minister Tony Abbott was quoted in December as saying:

The material that I understand was referred to in the Guardian story related to, essentially, the billing data. Now that has been available, but there is a big difference between billing data and the actual content of calls.

The Guardian story that Mr. Abbott refers-to is this one which describes how Australia’s surveillance agency offered to share information collected about ordinary citizens with its major intelligence partners. The source of the information was a secret 2008 document leaked by the US whistleblower Edward Snowden. It is quite clear that the Prime Minister and indeed the Liberal Party don’t seem too concerned about the privacy implications of collecting and sharing such information about ordinary citizens.

Perhaps if our Prime Minister valued personal liberties, he should be. A recent study conducted at Standford University revealed that the collection of metadata provided much more information about phone users than the phrase “billing data” would imply. The Stanford University study encouraged volunteers to install a tracking application called MetaPhone onto their phones. Researchers collected information about MetaPhone users for several months and say that they were able to predict people’s medical conditions, hobbies and relationships by only looking at the metadata.

Graduate student Jonathan Mayer told the ABC that:

One of the things which is most concerning about the privacy properties we’ve uncovered is how easy it is to make inferences about the metadata on a large scale. We had a participant who… had calls with a lumber yard and a locksmith and a hydroponics dealer and a bong shop. [You] don’t need a PhD in computer science to have some sense of what could be going on there.

One very obvious counter-argument to such concerns is that one needs not be worried if they are doing no wrong.  Surely, an innocent person has nothing to hide? Indeed, raising concerns about data-snooping by government agencies leaves one liable to that “what have you got to hide?” argument. Don’t paedophiles and terrorists flourish in dark places where law-enforcement agencies struggle to shine a light?

To some extent, these are valid arguments. Our police forces and surveillance organisations do require access to phone records and metadata if they are going to be able to detect terrorist acts in the planning or break paedophilia rings and drug importation syndicates. This is important work and Australian society as a whole is considerably better off by having these activities stymied. We all want people involved in such activities gaoled. The question is really about whether law-enforcement agencies should be able to access the data of every citizen or just ‘persons of interest’ (as is currently the case). I’d suggest the latter.

For those looking for some political comfort from the Liberal Party’s enthusiasm for telcos to collect metadata, they won’t find it with the ALP (despite their record in government). Tanya Plibersek told Sky News last week that:

We have disrupted some very serious terrorist plots in Australia. We’ve done it because we’ve got a strong intelligence community here. They do a good job. There continue to be threats. Those threats may increase for reasons that you’ve described and I want to give those agencies the maximum ability to do their job well within the bounds that people would expect (…) I think we always need to balance the expectations people have of living in a democratic and open society. But I certainly want to make it as easy for security agencies to do their job of protecting Australians from threat as we can.

So there you have it. On the face of it, the collection of metadata will be a fait accompli in Australia with in a few years, subject to legislative changes. I’d be most surprised if Australian data weren’t then shared with our Western allies too, in due course.

My particular concern is less that the government will have access to everyone’s metadata for a period of two years (although the concept doesn’t make me comfortable either). I would hope that those engaging in dangerous illegal activities would be caught, preferably before they cause too much harm.

My concern is more that such information could be abused in time and used for purposes beyond what is currently stated. Could metadata be used to target people for political reasons? I’d certainly hope not.

I accept iiNet’s argument that the retention of  metadata for two years would pose a massive cost imposition on a telecommunications industry that would effectively be co-opted into working for the state. There are also some very serious concerns about the storage of that data in terms of its security. We have seen some very high-profile leaks of personal data from some very large and capable organisations in recent years (eg Sony et al). Should this information leak, it would remain on the public record forever. If such data did leak, it would not take too long to piece together the private details of some people’s lives. At some point, someone would recognise someone’s phone number and the picture would be complete.

The release of metadata and the issues surrounding it are complicated, but I’d urge caution in this area. I really do think that the status quo is an acceptable balance between crime prevention and personal liberties.



No comments have yet been submitted. Be the first!

Have Your Say

The following HTML is permitted:
<a href="" title=""> <b> <blockquote cite=""> <code> <em> <i> <q cite=""> <strike> <strong>

Comments will be published subject to the Editorial Policy.