Australia Data Retention Scheme Stalled

It’s been reported in the mainstream media that the Australian Data Retention Scheme has been referred to another committee, effectively delaying it to after the next election.  The Scheme was part of a broad review of the various security agencies powers and how to streamline them.  The initial paper originally stated that retention would be for up to 2 years for parts of the data set, without really specifying what the data was.

There has been various ideas of what this data is, depending who you ask and when.  Some documents state it is only the accounting data; that user X used IP address Y at time Z, while others state it is email logs and a third have been the previous two plus web logs.

There are many problems with a scheme such as this.  2 years of everyones web-browsing history is a desirable target for both legitimate and illegitimate access to that data.  Leaving aside would the access to the agencies get the right level of access; who else would want this data?  I’m sure that AFACT (Australia’s MPAA effectively) would like this data to go trawling.  The recent exposure of AAPT‘s data by Anonymous shows that there may be some other means of obtaining this data.

I actually wonder, if the scheme was in, what they would find?  Take email for example; my email leaves my computer and directly communicates with the destination mail server. If someone pulled my email records they’d show very little information.  If it is too hard to run your own mailserver, I’m sure the enterprising no-gooders that they are so interested in finding can work out how to buy a remote mailserver somewhere.

If that’s too hard, there’s always gmail with https, or VPNs, or TOR, or.. well there are plenty of options.  It probably comes down to how resourceful (if thats the word) people are.  By the way, mentioning https reminded me of the great little plug-in called HTTPS Everywhere by EFF.

I’m glad to see that this legislation is stalled. To me the paperwork I saw appeared to be saying that they got some bad guys with what powers they have so they will catch more with more powers; therefore more powers are good, OK?  It’s a rather simplistic view of the world.  My only worry is its not stopped, just stalled so it might be re-animated in future.

 

Enhanced by Zemanta

Australian Internet Censorship and Data Retention

Just going on how they treat matters regarding the internet, it seems that the current Australian government is trying to beat the previous government’s poor record.  Where the previous government seemed to think the internet a scary and unimportant thing that they didn’t really understand and therefore ignored it, the current government seems to be trying to do something, but like a lot of other things they do, do something badly.

Internet Filtering
One of their bright ideas is to censor the internet, by putting some rather large filters right in the middle of all the ISPs.  Supposedly this is going to protect the children, though other than some mad ranting by Senator Conroy he hasn’t said which children or how.

The clearest information is that it will block Refused Content or RC rated information.  The problem with this is there is no clear definition what this is.  With no clear boundary you can get what is “scope creep”.  Bit by bit, each group with their own agenda will try to get whatever they don’t like banned.  Some will fail, but others will get their little set of demons onto the list.

From “children overboard” to the strange siezure of the wikileaks founder’s passport when he returned to Australia, you can never trust the government fully. As the filter list will be a closed list, who is to say if it is right a particular webpage or website should be banned?  Books or films that are banned are known, you can find out what they are and why.  A proper discussion and review can then be undertaken.  By contrast, you won’t even know something is banned unless you try to visit it.

I’ve personally seen the “great firewall of china“.  What is filtered is often arbitary, though anything that is embarassing to the government is filtered.  It slows a lot of sites down and makes others look strange.  Do you really what to live in a country where the government decides what ideas should be seen?  Or even a country that places like China can point to and say they are doing the same thing, so its all ok?

Data Retention
The next bright idea by the government is to make ISPs keep 10 years of internet browsing history of all their users.  This would be like tapping everyone’s phone, just in case you did something wrong in the next 10 years.

There hasn’t been much detail about this proposal but let’s assume for a moment that it keeps URLs.  Now of course most people’s internet addresses move around, so you will also need to keep some sort of log of which account used what address for the same time.

The URLs will tell the government which websites you have visited, but URLs also tell them which pages you visited.  You can also often assume which pages you read and which you didn’t because of the time between this viewed page and the next.

Search engine queries are also encoded into a url. Google searches usually have something at the end of the url which is what you were searching for.  There is also a chain of visited pages, so someone looking at a log could see your search, you go to a site, perhaps you then visit a banking or paypal site (have you bought something now?)

Even if you think you have nothing to worry about what the government might do with this information, including future governments, this information has to sit somewhere.  Data sitting around for 10 years has 10 years time of being stolen or copied.  Perhaps some activists obtain this log and publish a list of names of people who visited a particular website.

There is current laws for lawful interception.  This is where the police or another security agency goes to the court and says a particular person has done certain bad things and asks if they can intercept their internet traffic.  It’s the same rules if they want to tap your phone.  Except for “fishing trips” where police just randomly look at information from anyone hoping to trip up on something, what is this system going to be used for?

What can you do?
If you’re not happy about either, or both, of these new proposals, it is time to do something about it. Visit the website Open Internet Website for what you can do.  One of the things is to

tell you mum about internet censorship which has a funny message from comedian Akmahl Saleh that also has an important side.

Most of important of all, don’t let these proposals become law because of apathy!

The Great Australian Internet Firewall

Some what belatedly (hey I’m travelling!)  I’ve changed the layout of my main website http://www.enc.com.au/ so it now has black panels and a little pop-up.  It’s all in the name of T he Great Australian Internet Blackout which is a protest about the upcoming Australian Governments Internet Filtering.

As per usual with this sort of thing, the proposed solution will not even meet its rather vague goals, unless you count filtering a 1000 or so websites a “goal”.  While the numbers vary, the best estimates is its way over 100 to 200 million websites. So that 1000 is 0.0005, or 1 in 200,000.

The filter is alternatively going to filter reported refused classification material or perhaps “other stuff”; they’ll get back to you on the second one. For the first it works that somone finds a website of sufficient level of classification, reports it to the government and it gets filtered.  And how many times have you come across RC websites, just by wandering around? That’s not R rated websites, its not porn, its not even reasonably exotic porn, but stuff that’s downright nasty.

The government, as per usual, has come out with the tired old protect the children rant. The filter doesn’t stop spam, it doesn’t stop weirdos on facebook or MSN chatting up your teenage daughter or son, it filters websites that, unless you or your child is REAL unlucky you will never see; ever.

So why am I against it? Surely filtering RC level websites is great right? And to be honest if that is all this ever was going to be, it’s still a complete waste of my (and if you are an Australian Internet user) your money, but once the filtering is in, there is going to be a line outside the relevant ministers door to filter anything else anyone wants to filter, for example:

  • Games that are available outside Australia, if they have not been classified here then they shouldn’t be available here
  • Torrent trackers, because the industry would no doubt tell the government that the only thing they’re good for is illegal download of movies or music
  • Websites about certain topics that some people would rather not be seen, there is a large mountain of stuff that fits in here depending which crank has their own barrow to push

This sort of filtering while initially seeming ok, will get worse, much much worse.  There is not a real strong push from the general public about filtering RC websites, most people see and hate spam much more.  If you are an Australian citizen I ask you to visit the The Great Australian Internet Firewall  website and write to your local member of parliament.