Why metadata is an expensive erosion of privacy


By Leith van Onselen

The Abbott Government’s metadata legislation to require telecommunications companies to store detailed information about the calls and internet use of its customers for two years has met stiff resistance from a number of quarters.

The Guardian’s Geordie Guy has labelled the legislation as “desperate, confused and contradictory” while significantly impeding civil liberties:

Retention poses enormous concerns for anyone who’d prefer their Internet provider didn’t store everything about them. Of course giving the authorities the right to peruse your data without judicial oversight, or even good reason, makes people uncomfortable. In recognition of that discomfort, Brandis, Turnbull, Colvin and Lewis tried to explain completely different concerns that nobody really has, and don’t make sense.

First we were told that the authorities aren’t seeking new powers – which is true enough, unless you count the power to make companies store and provide massive amounts of data they currently dispose of as useless. Then we were assured that these new powers are critical to national security and crime investigations – with examples given of previous successful investigations that jailed several dangerous people for many years, but didn’t actually use these yet-to-be-granted powers.

Colvin tried to score confidence points by saying the laws could help authorities target those who “illegally” download content. Surely now the terrorists are on notice! More likely it’s a warning to anyone ripping off Peppa Pig or Game of Thrones: not only is data retention likely to expose them, criminalising those who download movies and TV looks to be back on the legislative agenda.

Turnbull looked particularly uncomfortable at that revelation – or perhaps he was suddenly concerned he hadn’t removed his 2012 Alfred Deakin lecture from his website, in which he lambasted data retention. That’s a bit like when you think you might have left the iron on – but you accidentally left your own sensible feelings about your parliamentary colleagues’ agenda on your blog.

The Greens’ Scott Ludlam, who is one of the few federal members to see sense on this issue, is similarly scathing of the metadata legislation, claiming that it will impose a “surveillance tax on the entire Australian population” and that it is “mindblowing” that “the Government has introduced a mandatory data retention bill… without a definition of metadata”:

“The case [for metadata] hasn’t been made, in the jurisdictions where it’s been tried have made no difference and it’s being dismantled in Europe because it’s been found to be a violation of human rights…

The government would never admit this, but I think the very fact that they want service providers to track and store data volumes, tells me that maybe part of what’s driving this is that whole copyright or anti-piracy agenda, where they want to know who’s hitting BitTorrent sites and how much they’re bringing down, so that they can force service providers to choke the internet or potentially knock them offline. I think there’s a number of different agendas, including that one, that are kind of piggybacking along under this cloak of national security. But actually it’s got nothing to do with it.

…you’ve got George Brandis and Tony Abbott prosecuting really steep and expensive regulation of technology that they barely understand. I think that’s partly just a desire to stand up and look as though they’re doing something tough. It’s just a desire to look as though they’re strong and tough on national security, but actually they’re quite illiterate as to the basic technology itself”.

Ludlam’s concerns are also echoed by iiNet chief regulatory officer Steve Dalby, who believes there is no urgency for the bill to be passed:

“Given the contradictions in the Government’s messaging and the inept explanations of what is proposed, we need to take a deep breath, step back and have a good look at this bill. There is still no explanation of why there is any need for urgency or why the existing law is insufficient”…

“I’d call on Labor step up to the mark and make sure the bill is not allowed to be rushed through the House without careful consideration.”

Regular readers will know that I strongly oppose the Government’s data retention plan, which I believe would unnecessarily impede upon users’ freedom, would be overly expensive to set-up and administer, and would be largely ineffective.

Regarding cost, the Communications Alliance has previously estimated that data retention could cost up to $700 million to design and build the systems to support the scheme, plus a further $100m a year to run. iiNet has previously claimed that the policy could lead to customers paying an additional “internet tax” of $5 to $10 extra per month for their services.

By contrast, in yesterday’s announcement, Communications Minister Malcolm Turnbull said the government would pay a substantial share of the costs of the scheme but that he could not estimate its total cost.

So consumers will pay one way or another, either through higher internet costs or via their taxes.

The plan is also likely to be ineffective, unfairly targeting the 99% of law abiding citizens while the so-called real targets – terrorists and crooks – slip past the net.

I mean seriously, how hard is it for terrorists or criminals to use a public Wi-Fi hotspot to coordinate their activities? More importantly, anyone with even a basic understanding of the internet can set-up a “virtual private network” (VPN) in about 20 minutes, thereby evading the metadata net. As noted in Business Spectator in August:

Talk of internet filtering and metadata retention has civil libertarians concerned, but you can easily bypass government mandated Australia-wide internet monitoring by connecting to a VPN server in another country. With the click of a button you can tunnel to the other side of the world, emerging in the US or UK to avoid Australian restrictions and surveillance. There’s nothing the government can do to stop Australians using VPNs this way, unless they attempt to block all VPN traffic – which would be a major disruption to legitimate business users.

So why bother with metadata, when all the Government’s data retention policy will do is force-up everyone’s internet costs or taxes and reduce civil liberties, while the intended perpetrators continue on their merry way?

[email protected]

Latest posts by Leith van Onselen (see all)


  1. An erosion of spelling at MB.

    The statement by the AFP chief yesterday summed it up – he had no idea of what he was talking about and Turnbull has reinforced that sense of chaos.

    This is like the ban the burqa in Parliament rule; based on rumour and headless chicken planning.

    • What we need here is a three word slogan…….


      ….not my slogan ….was it Tony Abbott?….but apt for our times……….

    • They wouldn’t be doing this if not for terrorists, Commies and illegal downloads. Blame the crooks for once people.

  2. [sarc]Didn’t the Aussie polis discover someone bad with a plastic sword recently? I think that justifies keeping thousands of gigs of data for years, don’t you?[/sarc]

    Where is the justification for these draconian measures? Please tell me, ’cause I can’t see it.

      • No doubt MT already knows about the circumvention methods (VPNs, Seedboxes, I2P, etc.), he mentioned several of them in his Deakin lecture. He also seems to understand the bittorrent protocol readily enough. Brandis is just a relic, demonstrated aptly by his spending tens of thousands of dollars on book cases and books for his new AG office. Anyone who spends that much on books in this day and age is a luddite of epic proportions.

        I honestly don’t know what MT’s game is though. Is he so obsessed with power and maintaining his spot on the front bench that he’s willing to jettison his entire ‘moderate Liberal’ ideology? How does he look at himself in the mirror?

        I notice he’s lost a lot of hair over the last year or two, so maybe it is exacting an emotional toll on him.

      • That picture is gold. 😆

        I guess they think there are enough stupid terrorists out there to make this worthwhile.

        I seem to remember the 9-11 terrorists used hotmail without encryption. So they could be counting on catching terrorists that are even stupider than Brandis!

        You also occasionally hear about paedos who keep their porn unencrypted on their PCs. Not everyone understands how to maintain privacy.

      • You’re right Jason, he’s aged heaps trying to run with the psychopaths. The most unflattering shot of him I’ve seen.

        Time to get to your true self Malcolm before your soul’s totally eaten up by the wolves!

      • “Time to get to your true self Malcolm before your soul’s totally eaten up by the wolves!”

        He can look to Phillip Ruddock to see what happens to your soul when you completely sell out your principles in the pursuit of power.

    • Mining BoganMEMBER

      Yep, that sword that was supposed to do the beheading in Martin Place was plastic. The Daily Terror called it the ‘Sword of Death’ or some such nonsense. Very responsible of them.

      Apparently the writing on it was something to do with the Shia…who apparently are fighting ISIL…or something. Who knows, it’s all very confusing.

      • migtronixMEMBER

        Faaarrrrkkkk its halloween!!!!!

        Sh#t! F#ck you all I’m getting in my bunker!

        BTW Its The Daily Troller get it right

      • M-Bog, not sure who the bigger terrorists are; the plastic sword carrying Mussies or the MSM terrorising the bogans clear out of their ugg boots.

  3. Anybody who thinks the dunderheads in the Liberal party have any idea of why they are implementing their policy agenda is a fool.

    It was absolutely clear when Brandis couldn’t explain his own policy that it was simply handed to him from the shadows.

    • They know very well what they’re doing, Darth Brandis is nothing more than a sock puppet and a very bad one at that.

  4. Leith, your sentiments while noble go dangerously beyond naive.

    What web access information is it that you believe is not being stored today? Do you honestly believe the URL’s you clicked on are not stored forever, or that the gmails you send receive are not retained forever, sure it may not be in today’s active mounted database but trust me its stored be it off line or as tape/disk backup or just as some sort of long forgotten restore point. Point is it’s there, and this leads us to the real significance of metadata which is that it provides the keys with which one can unlock the past and reconstruct it.

    For instance: If 10 years from now yourself or David or even just one of the commenters here joins some ultra violent group with an agenda to hold politicians personally accountable for their miss-deeds wrt to say Real estate. then the responses of individuals agreeing with or even just sympathetic too these views will become a fundamental part of that future police investigation.

    It’s the metadata associated with those responses that enables the investigators to unravel even the most intricate of obfuscations and personally identify all individuals involved in these discussions. Once you have the metadata you have the keys to the mountain of stored but meaningless data, the metadata tells you the when and where that are essential to recover the who and what .

    So trust me whatever you do online is discoverable with or without this legislation (five eyes), if anything this legislation just give the plebs something irrelevant to complain about AND more importantly a believable cover story for how your name got linked to some organization (without your rights to privacy having been trampled)

    • Actually CB it allows them to walk into one of their own courts to use it — sorta like FISA where you are….

    • Whether or not it’s already being done is immaterial. These laws legitimise its use and approve the ongoing application of it.

      • @Jason this capability already exists in a form that is 10 times more invasive then anything that’s even suggested in the legislation. Its in use today, so all this does is to create the believable cover story period AND maybe legitimize the furtherance of this sort of surveillance by local police enforcement agencies.

        If I want to know ANYTHING that you are doing online I’ve got a neat little set of viruses that will provide me the keys to anything that you encrypt and a real time copy of all your online activities this is real and happening today. The trick is to therefore never show up as a target for more intense surveillance…which is the reason that I’m not going to say any more on this issue.

        Unfortunately this is an area where all those that know what’s really happening have been warned not to reveal their knowledge and btw its not just the five eyes that you need to worry about, the club is much larger than that and there’s more then just the one club.

      • “so all this does is to…… legitimize the furtherance of this sort of surveillance by local police enforcement agencies.”

        That is the point Bob. (plus compulsory retention and the cost)

      • “If they are already able to do it Bob, why do they need the law?”

        Leaving aside the question of whether they can or cannot already to it (and I disagree with CB on many of his points), this legislation will drastically reduce the level of alleged infringement required to access the data.

        e.g. If the Five Eyes are already collecting this data in secret, it’s not going to be accessible to the RSPCA to investigate animal cruelty allegations or to the council to investigate alleged littering or any other such trivial charges. It’s certainly not going to be available to copyright holders for civil cases as it will be once the data is officially and legally being stored.

      • “If I want to know ANYTHING that you are doing online I’ve got a neat little set of viruses that will provide me the keys to anything that you encrypt and a real time copy of all your online activities this is real and happening today.”

        How are you going to infect my computer that’s running from a read-only Tails DVD and hence intercept my TOR browsing session?

      • @AB How are you going to infect my computer that’s running from a read-only Tails DVD and hence intercept my TOR browsing session?

        Are you sure you really want to know?
        If so you need to familiarize yourself with embedded firmware viruses and understand the standard load sequences for embedded device drivers and why these drivers must be loaded ahead of any OS boot.

      • What privacy

        ‘First thing is even if there was no data retention proposal, the existing authorisation regime for metadata is pretty broken. There were more than 580,000 requests reported to the ACMA last year. So it’s really open season on warrantless metadata snooping on Australians. Not for financial security purposes but by hundreds of different agencies all the way down to local government’


        A little Ludlam lite for the fans.

      • @Mig
        Do have any idea how difficult (impossible) it is to design an online product that meets Tempest Opsec,emsec and comsec requirements?

        Look no further than the concepts of “data at rest” which is the necessary requirement for all Tempest approved devices. If you understand this concept ask yourself what vulnerability is created when the data is not at rest?

  5. So we are cutting CSIRO and the ABS budgets to pay ISPs $700m to hold web browsing histories so Lord Brandis can peruse them at his whim.

    Malcolm how did it come to this?

  6. this is so big attack on our human rights that cost should not be even matter of the discussion

    it’s so unsettling to see people complaining more about $10 a month than about being pushed into nightmares of 1984.

    The saddest part is that Abbott can easily push this through if he promises to refunds that extra cost to struggling families (i.e. everyone born after 1965)

    Because of this, I’m ashamed to be an Australian.

    • it’s so unsettling to see people complaining more about $10 a month than about being pushed into nightmares of 1984.

      The difference is that $10/month is an immediate and tangible impact.

      A loss of rights happens over a much larger timeframe and for most of that time only directly impacts a tiny percentage of people.

      • everyone will lose privacy and it will happen instantly

        people are greedy bastards that care only about money

      • everyone will lose privacy and it will happen instantly

        Not from their perspective. The average individual impact across the entire population will be near zero. Which is to say it will be quite severe for a handful of people, and nothing for nearly everyone.

        Unless, of course, the copyright cartel starts a lawsuit party based on the metadata they have access to and sues everyone who has ever downloaded something.

        Our one hope here is that corporate greed will shock normal people into action.

  7. Although in the Westminster tradition, Australia is not a liberal and tolerant democracy it has to be said.

    For a country with such a substantial portfolio of rules and regulation for every aspect of peoples lives; the insane tyranny of Iraq and Syria is a godsend to the spruikers of the great Australian anti privacy tradition.

    In the tradition of Orwell (but not attributable to him – or me – perhaps it was the great Barefaced himself?):


  8. That contrived ABC program Q and A has George (Stasi) Brandis at Bankstown on Monday night. See how many soft ball questions Tony Jones allows at Stasi, and how much the lily livered Tony Jones allows Stasi to get away with.

  9. Yes if this goes ahead I will downscale my ISP data allowance (as I never use it anyway) and use the money for VPN.

    Net loss to Australian ISP
    Net gain to a VPN Provider in a non 5 eyes country. Iceland maybe?

    Good one Tony.