Now that Australia’s mandatory metadata retention regime is officially started, many are wondering how we got to this point and what we can do to stay private now that every piece of Australian origin metadata is being stored for two years. While companies and customers alike have known this day would come since 2015, both consumers and companies have reacted strongly. Australians even declared 4/13/17 to be National Get a VPN day across the continent as education about VPNs vs metadata retention spread like wildfire.
Australian Metadata Retention requirements are “basically a huge Big Brother policy”
According to Junkee, an industry figure said:
“We’re going to end up with this regime of laws that allow the government to access a huge amount of data on its citizens. They are retaining what devices you sent something from, where you were located, what time you sent it and who you sent it to. It’s not too long before you can use that to make the most amazing profile of everything you do. It’s basically a huge Big Brother policy that Australia has walked into.”
By forcing the financial burden of compliance onto the private telecommunication and ISP companies, the government has created a perverse incentive structure. What is undoubtedly going to end up happening in Australia is that lobbyists will push for laws and regulation permitting, like they did in America, spying on their customers. Telecom and ISP lobbies have already tried to argue that web browsing history and app data usage stats are not sensitive information. Now that all of these Australian companies are holding all of this data, at their own cost, they’re going to need to think of ways to make more money from that data – hopefully without following the American example.
Angus Fotheringham of Inabox Group, an Australian telco, said:
“It was so obvious to me that there was very little thought on the part of the regulator on the complexity of this issue on the wholesale side,”
Also, the regulations requiring the storage of two years of metadata does not require proper, encrypted storage techniques – and experts fear that Australian metadata troves will be a high value target for hackers. The Australian government even set aside $130 million to help Australian telcos and ISPs to comply with the new law. Given the burden compliance, it’s entirely possible that some service providers might not even comply. John Stanton, the CEO of Australian association group the Communication Alliance, said:
“There are 250 providers competing for 1 percent of the market. They’re mum and dad operators servicing their local community. Have they really got the smarts to do everything the law requires? In many cases they’ll either exit the industry or they’ll stay and hope they’re never asked for metadata by the government. The focus for the government will be on the top five-ten providers. That’s who they see as the main game. Frankly, I don’t see the regulator having the resources to chase all the other providers.”
On their part, the Australian government downplayed the task at hand; a spokesperson for the Attorney General’s office said:
“The Government’s data retention legislation simply standardised the type of data telecommunications service providers are required to retain and the length of time they need to keep it.”
A stark reminder that they always had access to your metadata, your metadata can definitely reveal private things about your life, and now it’s just more easily query-able.