It’s been reported in the mainstream media that the Australian Data Retention Scheme has been referred to another committee, effectively delaying it to after the next election. The Scheme was part of a broad review of the various security agencies powers and how to streamline them. The initial paper originally stated that retention would be for up to 2 years for parts of the data set, without really specifying what the data was.
There has been various ideas of what this data is, depending who you ask and when. Some documents state it is only the accounting data; that user X used IP address Y at time Z, while others state it is email logs and a third have been the previous two plus web logs.
There are many problems with a scheme such as this. 2 years of everyones web-browsing history is a desirable target for both legitimate and illegitimate access to that data. Leaving aside would the access to the agencies get the right level of access; who else would want this data? I’m sure that AFACT (Australia’s MPAA effectively) would like this data to go trawling. The recent exposure of AAPT‘s data by Anonymous shows that there may be some other means of obtaining this data.
I actually wonder, if the scheme was in, what they would find? Take email for example; my email leaves my computer and directly communicates with the destination mail server. If someone pulled my email records they’d show very little information. If it is too hard to run your own mailserver, I’m sure the enterprising no-gooders that they are so interested in finding can work out how to buy a remote mailserver somewhere.
If that’s too hard, there’s always gmail with https, or VPNs, or TOR, or.. well there are plenty of options. It probably comes down to how resourceful (if thats the word) people are. By the way, mentioning https reminded me of the great little plug-in called HTTPS Everywhere by EFF.
I’m glad to see that this legislation is stalled. To me the paperwork I saw appeared to be saying that they got some bad guys with what powers they have so they will catch more with more powers; therefore more powers are good, OK? It’s a rather simplistic view of the world. My only worry is its not stopped, just stalled so it might be re-animated in future.
- Anonymous begins dump of stolen ISP data (zdnet.com)
- AAPT confirms data breach as Anonymous claims attack (zdnet.com)
- Roxon stalls web surveillance plans (theage.com.au)
- Anonymous may help, not hinder, data retention laws (zdnet.com)
- Anonymous Dumps Australian Telco Data Online (it.slashdot.org)
- The asymmetry implicit in Internet data retention (go.theregister.com)
- Australian Government Moves to Expand Surveillance Powers (eff.org)