The Abbott Government’s metadata legislation, which would require telecommunications companies to store detailed information about the calls and internet use of its customers for two years, has come under fire from Telstra’s chief information security officer, Michael Burgess, who claims that a central data storage system would be an attractive target for hackers, including foreign spy agencies. From The ABC:
“The issue here is now we’re advertising that for a customer of Telstra, there’s a whole range of data, depending on what services they have, that we made available, or [which] can be made available upon lawful request for two years,” Mike Burgess said.
“If [you were] that way inclined as a hacker, you would go for that system because it would give you the pot of gold, as opposed to working your way through our multitude of systems today to try and extract some data.”
These security concerns are on top of fears the Government’s metadata legislation could create a honeypot for lawyers and other industry players seeking frivolous law suites on behalf of digital rights holders. As noted by Fairfax’s Ben Grubb in November:
…once rights holders know metadata will be stored by internet service providers for two years under the proposed data retention laws, the likelihood of them successfully being able to go after those who have breached their copyright will increase.
…evidence suggests that instead of pursuing the infringers in court, the rights holders [will] intimidate the individuals into making small settlements by way of demand letters and threats of litigation.
Called “speculative invoicing”, this generally involves the rights holder asserting what they think the breach of their copyright is worth — generally several thousand dollars — and saying that they will drop all legal action against the infringer if the user pays the amount listed…
Rod McKemmish, national head of PPB Advisory’s IT forensics practice, said that if rights holders knew the data required to identify pirates was stored longer than they hold it now, they would be “more inclined” to pursue action…
Marque lawyers, representing Dallas Buyers Club, recently said as much in a note to its clients titled “Metadata and the law of unintended consequences”.
“There is nothing in the draft legislation preventing or restricting this use of your data,” it said. “Rest assured that lawyers will be all over it. We will; it’s a treasure trove. Why hasn’t this aspect of the metadata law been discussed? Because the government didn’t think of it. Impressive, aren’t they.”
Regular readers will know that I strongly oppose the Government’s data retention plan, which I believe would unnecessarily impede upon users’ freedom, would be overly expensive to set-up and administer, and would be largely ineffective.
Regarding cost, the Communications Alliance has previously estimated that data retention could cost up to $700 million to design and build the systems to support the scheme, plus a further $100m a year to run. iiNet has previously claimed that the policy could lead to customers paying an additional “internet tax” of $5 to $10 extra per month for their services.
Communications Minister Malcolm Turnbull has countered these claims, arguing that the government would pay a substantial share of its costs.
Nevertheless, it is clear that consumers would end up paying one way or another, either through higher direct internet costs or via their taxes.
The Government’s data retention plan is also likely to be ineffective, unfairly targeting the 99% of law abiding citizens while the so-called real targets – terrorists and crooks – slip past the net.
Anyone with even a basic knowledge of the internet knows that you can set-up a “virtual private network” (VPN) in about 20 minutes, thereby evading the metadata net. As noted in Business Spectator in August:
Talk of internet filtering and metadata retention has civil libertarians concerned, but you can easily bypass government mandated Australia-wide internet monitoring by connecting to a VPN server in another country. With the click of a button you can tunnel to the other side of the world, emerging in the US or UK to avoid Australian restrictions and surveillance. There’s nothing the government can do to stop Australians using VPNs this way, unless they attempt to block all VPN traffic – which would be a major disruption to legitimate business users.
Further, terrorists could easily use public Wi-Fi hotspots to coordinate their activities, thus slipping past the metadata net.
Seriously, why bother with metadata, when all the Government’s data retention policy will do is force-up everyone’s internet costs or taxes, reduce civil liberties and privacy, and encourage all kinds of frivolous activities from hackers and lawyers, while the intended perpetrators continue on their merry way?
